Privacy policy

INTRODUCTION

Marshaal operates as a marketplace platform connecting independent vendors with customers across Europe, the Gulf region, and the Middle East. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use our Services, make a purchase, or communicate with us.

Important Distinctions:

  • Marshaal acts as the platform operator and is responsible for data collected through the marketplace platform
  • Independent Vendors are separate data controllers responsible for data collected through their individual stores on our platform
  • Shopify powers our platform and processes certain data as described below

This Privacy Policy applies to data collected by Marshaal. Each vendor has their own privacy policy governing data they collect directly from you.

By using our Services, you acknowledge and agree to this Privacy Policy.

2. DATA CONTROLLER INFORMATION

For Marshaal Platform Services:

  • Data Controller: Marshaal
  • Address: Blekerijvesting 7, Menen, 8930, Belgium
  • Email: info@marshaal.com

For Vendor Transactions:

  • Each vendor is an independent data controller for purchases made through their store
  • Vendors are responsible for their own data practices
  • Review each vendor's privacy policy before making a purchase

For Shopify Services:

3. PERSONAL INFORMATION WE COLLECT

We collect the following categories of personal information:

A. Information You Provide Directly:

  • Contact Details: Name, email address, phone number, billing address, shipping address
  • Account Information: Username, password, security questions, preferences, settings
  • Payment Information: Credit/debit card details, payment method, transaction details (processed securely by payment processors)
  • Communications: Messages, inquiries, support requests, reviews, feedback
  • Profile Information: Preferences, wishlist, saved items, purchase history

B. Information Collected Automatically:

  • Device Information: IP address, browser type, device type, operating system, unique device identifiers
  • Usage Data: Pages viewed, products browsed, search queries, time spent on site, click patterns, referral sources
  • Transaction Data: Items viewed, added to cart, purchased, returned, or exchanged
  • Cookies and Tracking Technologies: See Section 8 for details

C. Information from Third Parties:

  • Vendors: Order details, fulfillment status, customer service interactions
  • Service Providers: Payment processors, shipping companies, analytics providers
  • Social Media: If you connect social media accounts or use social login
  • Marketing Partners: Advertising and analytics data

4. LEGAL BASIS FOR PROCESSING (GDPR - EU/EEA/UK)

We process your personal data based on the following legal grounds:

A. Contractual Necessity: To fulfill our contract with you (process orders, provide services, manage your account)

B. Legitimate Interests:

  • Improve and personalize the Services
  • Prevent fraud and ensure security
  • Conduct analytics and research
  • Marketing (where consent is not required)

C. Legal Obligation: Comply with laws, regulations, court orders, tax requirements

D. Consent: Where required by law (e.g., marketing emails, cookies, sensitive data)

E. Vital Interests: To protect your life or that of another person in emergency situations

You have the right to object to processing based on legitimate interests (see Section 12).

5. HOW WE USE YOUR PERSONAL INFORMATION

A. Provide and Manage Services:

  • Process and fulfill orders
  • Create and manage your account
  • Process payments and refunds
  • Arrange shipping and delivery
  • Handle returns and exchanges
  • Provide customer support
  • Send transactional emails (order confirmations, shipping updates)

B. Improve and Personalize:

  • Customize your shopping experience
  • Recommend products based on your interests
  • Remember your preferences and settings
  • Conduct research and analytics
  • Test and improve platform features

C. Marketing and Advertising:

  • Send promotional emails and newsletters (with your consent where required)
  • Display personalized advertisements on our platform and third-party sites
  • Conduct marketing campaigns and promotions
  • Measure advertising effectiveness

D. Security and Fraud Prevention:

  • Authenticate your identity
  • Detect and prevent fraud, abuse, and illegal activity
  • Protect platform security and integrity
  • Investigate violations of our Terms of Service

E. Legal and Compliance:

  • Comply with legal obligations
  • Respond to legal requests and court orders
  • Enforce our terms and policies
  • Resolve disputes

6. HOW WE SHARE YOUR PERSONAL INFORMATION

A. With Vendors: When you purchase from a vendor, we share necessary information (name, shipping address, order details) to fulfill your order. Vendors are independent data controllers and have their own privacy policies.

B. With Service Providers:

  • Shopify: Platform hosting and infrastructure
  • Payment Processors: Stripe, PayPal, and other payment gateways
  • Shipping Companies: DHL, FedEx, local carriers
  • Email Services: Marketing and transactional email providers
  • Analytics: Google Analytics, Facebook Pixel, advertising platforms
  • Customer Support: Help desk and chat services
  • Cloud Storage: Data hosting and backup services

C. With Marketing Partners:

  • Advertising networks (Google Ads, Facebook Ads, etc.)
  • Analytics providers
  • Social media platforms

D. Business Transfers: In connection with mergers, acquisitions, bankruptcy, or sale of assets

E. Legal Requirements:

  • To comply with laws, regulations, or legal processes
  • To respond to government requests
  • To protect our rights, property, or safety
  • To enforce our Terms of Service

F. With Your Consent: When you direct us to share information with third parties

7. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in countries outside your country of residence, including:

  • Canada and United States (Shopify servers)
  • European Union (EU-based service providers)
  • Other countries where our vendors and service providers operate

For EU/EEA/UK Transfers: We rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy Decisions for countries deemed to provide adequate protection
  • Your explicit consent where required

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to:

  • Remember your preferences and settings
  • Authenticate your account
  • Analyze site usage and performance
  • Deliver personalized advertising
  • Prevent fraud and improve security

Types of Cookies:

  • Essential Cookies: Required for platform functionality (cannot be disabled)
  • Performance Cookies: Analytics and site improvement
  • Functional Cookies: Remember preferences and settings
  • Advertising Cookies: Personalized ads and marketing

Your Choices:

  • Manage cookie preferences through your browser settings
  • Opt out of personalized advertising (see Section 12)
  • EU/EEA users: Manage consent through our cookie banner

Third-Party Cookies: Google Analytics, Facebook Pixel, advertising networks may set their own cookies. Review their privacy policies for details.

9. DATA RETENTION

We retain your personal information for as long as necessary to:

  • Maintain your account (until you request deletion)
  • Fulfill orders and provide services
  • Comply with legal obligations (tax records: 7 years in Belgium/EU)
  • Resolve disputes and enforce agreements
  • Prevent fraud and abuse

Retention Periods:

  • Account Data: Until account deletion + 30 days
  • Transaction Records: 7 years (legal requirement)
  • Marketing Data: Until you unsubscribe + 2 years
  • Support Inquiries: 3 years
  • Analytics Data: Aggregated/anonymized indefinitely

10. RELATIONSHIP WITH SHOPIFY

Shopify powers our marketplace platform and processes certain data on our behalf and for its own purposes.

Shopify as Data Processor: Shopify processes data to provide platform services (hosting, payments, analytics)

Shopify as Data Controller: Shopify collects and uses data for its own purposes, including:

  • Improving Shopify services
  • Fraud prevention across the Shopify network
  • Personalized advertising through Shopify Audiences

Your Rights with Shopify:

11. VENDOR DATA PRACTICES

Independent vendors on Marshaal are separate data controllers.

When you purchase from a vendor:

  • The vendor collects and processes your data according to their own privacy policy
  • Review the vendor's privacy policy before purchasing
  • Contact the vendor directly for data requests related to their processing
  • Marshaal is not responsible for vendor data practices

Marshaal's Role: We facilitate the connection between you and vendors but do not control how vendors use your data beyond order fulfillment.

12. YOUR RIGHTS AND CHOICES

A. Rights for All Users:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete data
  • Deletion: Request deletion of your data (subject to legal obligations)
  • Portability: Receive your data in a structured, machine-readable format
  • Opt-Out of Marketing: Unsubscribe from promotional emails
  • Cookie Management: Control cookies through browser settings

B. Additional Rights for EU/EEA/UK Users (GDPR):

  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Restrict Processing: Limit how we use your data in certain circumstances
  • Right to Withdraw Consent: Withdraw consent at any time (does not affect prior processing)
  • Right to Lodge a Complaint: File a complaint with your data protection authority
  • Automated Decision-Making: Right not to be subject to solely automated decisions with legal effects

C. How to Exercise Your Rights:

  • Email: info@marshaal.com
  • Account Settings: Manage preferences in your account dashboard
  • Unsubscribe: Click unsubscribe link in marketing emails
  • Shopify Data: Use Shopify Privacy Portal for Shopify-processed data

Response Time: We will respond within 30 days (EU/EEA/UK) or as required by local law.

Verification: We may need to verify your identity before processing requests.

No Discrimination: We will not discriminate against you for exercising your rights.

13. CHILDREN'S PRIVACY

Our Services are not intended for individuals under 16 years of age (or the age of majority in your jurisdiction).

We do not knowingly collect personal information from children. If you believe we have collected data from a child, contact us immediately at info@marshaal.com and we will delete it.

14. SECURITY

We implement appropriate technical and organizational measures to protect your data:

  • Encryption (SSL/TLS) for data transmission
  • Secure payment processing (PCI-DSS compliant)
  • Access controls and authentication
  • Regular security audits and monitoring
  • Employee training on data protection

However, no system is 100% secure. We cannot guarantee absolute security. Use strong passwords and do not share your account credentials.

15. THIRD-PARTY LINKS

Our platform may contain links to third-party websites, apps, or services. We are not responsible for their privacy practices. Review their privacy policies before providing personal information.

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

Material changes: We will notify you by email or prominent notice on our platform as required by law.

Continued use of our Services after changes constitutes acceptance of the updated Privacy Policy.

17. DATA PROTECTION AUTHORITIES (EU/EEA/UK)

If you are in the EU/EEA, you have the right to lodge a complaint with your local data protection authority:

Belgium (Marshaal's location):

Find your local authority: https://edpb.europa.eu/about-edpb/board/members_en

18. CONTACT US

For questions, concerns, or to exercise your rights:

Marshaal

  • Email: info@marshaal.com
  • Address: Blekerijvesting 7, Menen, 8930, Belgium

For Shopify-related data requests: