Privacy Policy For Apps

The protection of your personal data during the use of our APP is an important concern for us. Before using the Shopchums App, please read this Privacy Policy carefully.

This Privacy Policy conforms with our Privacy Policy and GDPR Compliance Statement posted on the Shopchums website at Please direct any questions, comments or concerns about privacy, and how we handle your personal data directly to us, using our contact form or via email to

Who We Are

The responsible entity within the meaning of the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the General Data Protection Regulation 2016/679 (“GDPR”) is:
5800 Ambler Drive, Suite 210, Mississauga, Ontario,
Canada L4W 4J4

Collection and Processing of Data

Personal data is only collected if you provide this information voluntarily, for example as part of a registration, login, or enquiry. Only data that is required to fulfill the functionality of the Shopchums App will be collected. The data is only collected and processed for a specific purpose.


Please refer to our Cookie Policy for more information on how we use cookies.

PIPEDA Privacy Rights

You have the ability to exercise the following rights:

  • Right to withdraw consent - You have the right to withdraw your consent herein at any time, subject to legal and contractual restrictions. Note that your withdrawal of such consent may limit your ability to obtain certain products and services.
  • Right of access, correction, deactivation or deletion of accounts - You have the right to request access to and obtain a copy of any of your personal information that we may hold, to request correction of any inaccurate information relating to you, and to request the deactivation or deletion of your accounts under certain circumstances.
  • Right to submit a privacy complaint - You have the right to submit a complaint with the Privacy Commissioner in the jurisdiction of your residence if you consider that Shopchums’ management of your personal information infringes applicable laws.
  • GDPR Rights

    You have the following rights with regard to personal data concerning you:

  • Right to information (Art. 15 GDPR),
  • Right to rectification or erasure (Art. 16 and Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to object to processing (Art. 6(1)(e) or (f) GDPR),
  • Right to data portability (Art. 20 GDPR).
  • How Do I Make a Privacy Right Request?

    If you have a question about our personal information practices, please contact us.

    If you make a request, we will confirm that we have received your request and inform you accordingly if we need further information from you. We will typically respond to your request within one month unless the request is particularly complex, or we receive multiple requests from you. In these cases, we may extend the time period, but we will keep you informed about the status of your request.

    For your protection, we only respond to requests for the personal information associated with the email address and/or handle name or name that you identify in your request, and we may need to take other steps to verify your identity before taking any action. When permitted by law, we may charge an appropriate fee to cover the costs of responding to your request.

    The Supervisory Authority

    The Office of the Privacy Commissioner of Canada (OPC) is the Shopchums relevant authority in matters of data protection. You have the right to make a complaint at any time to the OPC ( We would, however, appreciate the opportunity to deal with your concerns before you approach the OPC; if possible, please contact us in the first instance.

    Relevant Legal Basis

    In accordance with Article 13 of the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated, the following applies:

  • the legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR,
  • the legal basis for processing in order to fulfill our services and carry out contractual measures and respond to enquiries is Art. 6(1)(b) GDPR,
  • the legal basis for processing in order to fulfill our legal obligations is Art. 6(1)(c) GDPR, and
  • the legal basis for processing in order to protect our legitimate interests is Art. 6(1)(f) GDPR.
  • In the event that the vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Art. 6 (1) (d) GDPR.
  • Installation of Our App

    Our App can be downloaded from the "Google Play Store" and "Apple App Store". Downloading our App may require prior registration with the respective App store and installation of the Shopchums App store software.

    App installation via the Google Play Store

    To install our App: you can use the Google service "Google Play Store" of Google Inc. (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, US, if you are resident outside the EU; If you are a resident within the EU, you can use “Google Play” of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

    As far as we are aware, Google collects and processes the following data;

  • License check,
  • network access,
  • network connection,
  • WLAN connections,
  • location information,
  • It cannot be ruled out that Google also transmits the information to a server in a third country. We cannot influence which personal data Google processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Google, as the operator of the Google Play Store. You can find more detailed information in Google's privacy policy, which you can access here:

    App installation via the Apple App Store
    To install our App: you can use the Apple App service "App Store" a service of Apple Inc. (“Apple”), 1 Infinite Loop, Cupertino, CA 95014, US; if you are resident outside the EU. If you are a resident in the EU, use the Apple App from Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill Ln, Knocknaheeney, Cork, Ireland.

    As far as we are aware, Apple collects and processes the following data;

  • device identifiers,
  • IP addresses,
  • location information,

  • It cannot be excluded that Apple also transmits the information to a server in a third country. This could in particular be Apple Inc., One Apple Park Way, Cupertino, California, USA, 95014. We cannot influence which personal data Apple processes with your registration and the provision of downloads in the respective App store and App store software. The responsible party in this respect is solely Apple as the operator of the Apple App Store. You can find more detailed information in Apple's privacy policy, which you can access here:

    Device Information

    We collect information from and about the device(s) you use to access our App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, information about your wireless and mobile network connection, such as your service provider and signal strength; information about device sensors, such as accelerometer, gyroscope and compass.

    Registration Data

    When you install the Shopchums App and create an account, we collect some or all of the following information about you, including your email address, name, and login details. You will also be asked to create a password in connection with registering your account. Once you have registered, you can review and change this information at any time. It is your responsibility to ensure that your account details are kept up to date. The information we collect helps us improve the App and verify our users.

    When You Contact Us

    If you contact us, we will store your email address and may store your IP address and the information you give us so that we can process your request. We store correspondence with you for 6 years after your account is deleted.

    Information We Generate When You Use the Shopchums App and Our Services

  • details about services from us;
  • details about others on the Shopchums Platform;
  • details about how you use our App.

  • Communication and Sharing with Other Users

    We store our users' communications or sharing of details, offers, deals and products that take place via the Shopchums App, as well as communications with other users. When you voluntarily share information on our Services, you disclose that information to other users. Please be careful with your information and make sure that you only share content that you truly agree to publish, as neither you nor we can control what others do with your information once you share it.

    Usage Information

    We collect information about your activity on our services, for instance how and when you use them (e.g., date and time you logged in, features you’ve been using, searches, clicks and pages which have been shown to you, referring webpage address, etc.), and how you interact with other users (e.g., users you connect and interact with, time and date of your exchanges, number of referrals you send and receive, etc.).

    How We Share Information

    We use third party service providers to help us operate and improve our services. These third parties assist us with various tasks, including data hosting and maintenance, analytics, customer support, marketing, data storage, and security measures. We also share user information with legal authorities as may be required from time to time.

    We follow a rigorous vetting process before engaging a service provider or working with a partner. All our service providers and partners must commit to strict confidentiality.

    We may transfer your information if we are involved in whole or in part in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.

    We may disclose your information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government/legal investigation or other legal requirement; (ii) to assist in the prevention or detection of crime (in each case, subject to applicable law); or (iii) to protect the safety of any person.

    We may also disclose information: (i) if disclosure would reduce our liability in actual or threatened litigation; (ii) if necessary to protect our legal rights and the legal rights of our users or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activities, including suspected fraud or other misconduct.

    We may ask for your consent to share your information with third parties. In any such case, we will make clear why we want to share the information.

    Sharing of Non-Personal Information

    We may use and share non-personal information such as device information, general demographic information, general behavioral information, geographic location in de-identified form, and personal information in hashed, non-human readable form in the above circumstances. We may combine this data with additional non-personal data or personal data in hashed, non-human readable form collected from other sources.


    You can stop the collection of information by the Shopchums App by uninstalling it using the standard uninstall procedure for your device. When you uninstall the Shopchums App from your mobile device, the unique identifier associated with your device will continue to be stored. If you reinstall the Shopchums App on the same mobile device, we may again associate that identifier with your previous transactions and activities.

    Storage Period

    Unless a more specific retention period is stated within this privacy policy, we will retain your personal data until the purpose for processing it no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in either case, the data will be deleted once these reasons no longer apply.

    Data Breaches/Notification

    Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

    Authorizations and Access

    We may request permission to have access to your internet connection from your mobile device. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can change your permissions at any time via Settings (iOS) or Settings Menu (Android).

    Security Measures

    We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art of technology at the time, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk therein.

    The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we take the protection of personal data into account in the development and selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.

    For security reasons and to protect the transmission of confidential content that you provide to us, this platform uses TLS encryption (Transport Layer Security), or better known as SSL (Secure Sockets Layer). You can recognize the secure, encrypted connection to this platform by the identifier https:// of the entry in the URL line (address line) of the browser used and/or the green lock symbol. HTTPS stands for Hypertext Transfer Protocol Secure.

    We would like to point out that data transmission on the Internet (e.g., when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

    Cooperation With Processors, Joint Controllers and Third Parties

    If, in the course of our processing, we disclose data to other persons and companies (processors, jointly responsible persons or other third parties), transfer it to them, or otherwise grant them access to the data, we will only do so on the basis of legal permission to which users have consented, if required due to a legal obligation, or on the basis of our legitimate interests.

    If we disclose or transfer data to other companies or otherwise grant them access, this is done for administrative and operational purposes (our legitimate interest) and, in addition, will only be done on a basis that complies with legal requirements.

    When You Send a Data Subject Access Request

    If You make a data subject access request, it is our legal obligation to respond to such request, and this is the purpose for the processing of your personal data at the time of the request, and it is in our legitimate interest as well as the legal basis for the subsequent documentation of the data subject access request.

    Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, a data subject access request will be deleted three years after the data request is made.

    You may, at any future time, object to the processing of your personal data pursuant to a data subject access request. However, if you make such objection, we would not, in such circumstances, be able to process such future data subject access requests, as it is mandatory that the processing of a respective data subject access request be documented. This should be kept in mind at the time of any such objection to data processing.

    Disclosure within service supplier companies pursuant to Art. 6 (1) lit. b GDPR

    We may or will share your personal data with contract software service providers, who may or will process it as part of their work performance for us. If you contact us with questions and/or complaints, they may or will accordingly have access to your data in order to process your request.

    Revocation of Your Consent to Data Processing

    Many data processing operations are only possible with your express consent. You can revoke consent you may have already given at any time. The legality of any data processing carried out prior to the revocation will remain unaffected by the revocation.

    Push Messages

    The legal basis for push messages is our legitimate interest. A push service is used to provide you with useful tips and information directly to your mobile or similar devices. When we send a push message, we send the message with a corresponding ID or token to the Push Notification Service. This ensures that the push message is sent to the device where you wish to receive such notification. Our legitimate interest is to allow us to present current information to you directly. This personal data will only be processed as long as necessary for the provision of the function. You have the right to terminate the push service, by deactivating the push service in the respective system settings of the operating system of your device.

    Automated Decision-Making

    We do not use automated decision-making or profiling.

    Do Not Sell My Personal Information

    We do not sell information that directly identifies you.

    Updating Your Information

    If you believe that the information, we hold about you is inaccurate, or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please contact us. For your protection and the protection of all other users, we may require you to provide proof of your identity prior to responding to your request.

    Requests may be rejected for certain reasons, if complying with the request would cause us to commit an illegal act, or complying would cause us to infringe on the trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests in which you object to the processing of your personal information, when or if such requests would not allow us to provide our service to you.


    Our commitment to protecting the privacy of your personal data may result in future changes to this policy. Please regularly review this policy to stay current with any changes.

    Queries and Complaints

    Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy, or not acted in accordance with data protection law, then you should notify us using our contact form or via email to