GDPR Policy

General Data Protection Regulation (GDPR)

On May 25th, the General Data Protection Regulation (GDPR) will take effect. The GDPR is the European Union’s new data privacy law which impacts how all companies (big and small) collect and handle personal data about their European customers.

We support the GDPR and will ensure all our products (Themes/ Templates/ Modules) and services comply with its provisions by May 25, 2018. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security, and compliance in the industry.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a new European privacy law that goes into effect on May 25, 2018. The GDPR will replace the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU.

Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.

We have taken steps to ensure that we will be compliant with the GDPR by May 25, 2018.

Who does the GDPR apply to?

The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals. The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).

What has Halothemes already done to prepare for the GDPR?

We’ve been hard at work preparing for the GDPR for a while. So far, we have:

  • Trained our managers and employees for our Privacy Policy, Terms of Service, Code of Conduct and GDPR
  • Reviewed the collected data of Themes/ Templates/ Modules) and Services and produced the document of Personal Data Assessment
  • Developed Data Breach Policy and Action Plan
  • Reviewed our product permissions and workflow to comply with the GDPR requirements from Shopify or BigCommerce
  • Updated our Privacy Policy to make sure we provide information around the rights individuals have under the GDPR and more details around our processing of personal data. See our Privacy Policy at here
  • Updated our Cookie Policy to include specific information about the cookies that we place through your storefront.

What are the permissions we need for Themes/Templates/Modules and our Service at Halothemes?

Depending on each of task will request specific permissions to complete. Our Customer Service Dept. will let Store owner know what permissions store owner need to provide us to finish task. All permissions will belong to Shopify system at here

What are the personal data we collect and how we make sure they comply with GDPR?

Based on the definitions in Art. 4 GDPR, we consider the following collected data are personal data that our Themes/Templates/ Modules with:

Store’s Owner Information.

We store this data to communicate with the store’s owner regarding Halotheme’s Theme/Template/Modules and services. Our products minimize the personal data of store’s owner as we only store Email Address.

This information is kept as long as the store owner continues using our products/ service and are under permission of store owner. When the store owner uninstalls/ don’t use our products/service, the data is deleted.

Final Words

What we went through together should give you an idea of GDPR and what have we done to prepare for GDPR.

As for, we are ready with our updated terms and training even, to assist you with questions at any time. For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by sending the request to at: 

Or sending an email to: