Privacy Shield Notice

Effective: November 26, 2019

Shop Express, LLC, dba BikeShop360, (“Company”, “we” or “our”) has certified with the EU-U.S. Privacy Shield with respect to the Personal Data (defined below) we receive and process  from our Customers (defined below).  

Company complies with the principles of the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred to the United States.  Company has certified to the Department of Commerce that it adheres to the Privacy Shield Principles and our Privacy Shield certification will be available here. 

If there is any conflict between the terms in this notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

1.              DEFINITIONS.

Customer” means a prospective, current, or former customer, or client of Company.

Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.              SCOPE.

Company’s participation in the Privacy Shield applies to Personal Data subject to EU data protection law that Company collects and/or processes directly from Customers. Company acts as a processor of the Personal Data we process on behalf of our Customers.

3.              PURPOSES OF DATA PROCESSING.

Company provides its Customers with a cloud-based point of sale system for bike shops, and is made available to its Customers on a software as a service (SaaS) basis (the “Service”).

Company will only process Personal Data we receive from our Customers for the purpose of providing the Service to the respective Customer. In order to fulfill this purpose, we may also process Personal Data to correct and address technical or service problems, to follow instructions of our Customers who submitted the Personal Data, or in response to contractual requirements, to comply with applicable laws, regulations and orders from public authorities or courts, to exercise or defense of legal claims (whether in court proceedings or in an administrative or out-of-court procedures) or to respond to contractual requirements.

4.              ONWARD TRANSFERS OF PERSONAL DATA.

Subject to Section 6 below, we will not transfer Personal Data originating in the EU to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of protection to the Personal Data as required by the Principles of the EU-U.S. Privacy Shield Framework. We may transfer Personal Data to: (i) cloud service providers; and (ii) integrated merchant services providers; and (iii) service providers integrated with our cloud based POS system via an API,  who need the information in order to provide services to, or perform activities on our behalf. In cases of onward transfer to third parties of Personal Data of EU individuals received pursuant to the EU-U.S. Privacy Shield, Company is potentially liable. Furthermore, Company undertakes to fully cooperate with any EU data protection authorities, including compliance with any advice given by such authorities, in connection with any unresolved Privacy Shield complaints concerning Personal Data transferred from the EU by Company.  

5.              RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA.

Data subjects have the right to access Personal Data about them, and in some cases to limit use and disclosure of their Personal Data. If you would like to request access to the Personal Data we have processed on behalf of one of the Customers, please contact This email address is being protected from spambots. You need JavaScript enabled to view it. and provide your name and contact information, and observe the required formalities under applicable law.

6.              REQUIREMENT TO DISCLOSE.

Company may be required in certain circumstances to disclose Personal Data in response to lawful requests by courts public authorities, including to meet national security or law enforcement requirement.

7.              PRIVACY SHIELD INDEPENDENT RECOURSE MECHANISM.

In compliance with the Privacy Shield Principles, Company commits to resolve complaints about our collection or use of your Personal Data.  EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Company at: This email address is being protected from spambots. You need JavaScript enabled to view it. or by postal mail sent to:

          Shop Express, LLC

Attn: Privacy Shield Inquiry

2425 Golden Hill Road, Suite 106-222

Paso Robles,

CA 93446

Company has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to an alternative dispute resolution provider the United States Council for International Business (USCIB) . If you do not receive timely acknowledgment of your privacy related complaint, or if your privacy complaint is not satisfactorily addressed, or if your compliant concerns human resource data transferred from the EU in the context of the employment relationship,  you can contact the USCIB for further information. please visit https://www.uscib.org/dispute-resolution-ud-835/ for more information and to file a complaint.

8.              U.S. FEDERAL TRADE COMMISSION ENFORCEMENT.

Company is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) to ensure compliance with the EU-US Privacy Shield Principles outlined in this notice.

 

9.              ARBITRATION.

Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may also be able to invoke binding arbitration when other dispute resolution procedures have been exhausted.