π
Last updated: June 2025 | Effective date: June 2025
BizoFlight is operated by ITS β Intelligent Tech Solutions, a company registered in Sweden, EU. As a Swedish company, we are fully subject to and compliant with the General Data Protection Regulation (GDPR) β Regulation (EU) 2016/679.
1. Who We Are
Data Controller: ITS β Intelligent Tech Solutions
Country: Sweden, European Union
Website: its-technology-solutions.com
Platform: BizoFlight β bizoshop.online
Contact: privacy@bizoshop.online
2. What Data We Collect
2.1 Data you provide directly
- Search queries β The text you type in the search box (language, product description)
- Merchant registration data β Company name, email, phone, website, country (only for registered merchants)
- Contact form data β Name, email, message (only when you contact us)
- Payment data β Processed exclusively by Stripe (we never store card details)
2.2 Data collected automatically
- IP address β Used only to detect your country for localizing search results and payment methods. Not stored permanently.
- Country code β Derived from IP, used for currency and payment method selection
- Search analytics β Anonymous aggregated data (query language, country, number of results) β no personal identifiers
2.3 Data we do NOT collect
- β We do not use tracking cookies for advertising
- β We do not sell your data to third parties
- β We do not build behavioral profiles
- β We do not store credit card information
- β We do not use Google Analytics or Facebook Pixel
3. Legal Basis for Processing (GDPR Article 6)
- Article 6(1)(b) β Contract: Processing necessary to provide the search service and merchant subscription
- Article 6(1)(c) β Legal obligation: Tax and financial record-keeping requirements
- Article 6(1)(f) β Legitimate interests: Anonymous analytics to improve the service
- Article 6(1)(a) β Consent: Contact form submission (you consent by submitting)
4. Your Rights Under GDPR
π Right of Access
Request a copy of all personal data we hold about you (Article 15)
βοΈ Right to Rectification
Request correction of inaccurate personal data (Article 16)
ποΈ Right to Erasure
Request deletion of your personal data β "right to be forgotten" (Article 17)
βΈοΈ Right to Restriction
Request restriction of processing your data (Article 18)
π¦ Right to Portability
Receive your data in a machine-readable format (Article 20)
π« Right to Object
Object to processing based on legitimate interests (Article 21)
To exercise any of these rights, contact us at: privacy@bizoshop.online. We will respond within 30 days as required by GDPR.
5. Data Storage & Security
Your data is stored in Supabase (PostgreSQL database) hosted within the European Union. We implement industry-standard security measures including:
- HTTPS encryption for all data in transit
- Password hashing using PBKDF2 with salt (never stored in plaintext)
- Row-level security in the database
- No unnecessary data retention β search queries are anonymized after 90 days
6. Third-Party Services
- Payment Processor β Secure payment processing via an EU/US certified provider. We never store card details. Data Transfer: Standard Contractual Clauses (SCCs)
- Search Technology β Product search powered by our proprietary technology. Only search terms are processed, no personal data is shared.
- Cloud Hosting (EU-compliant) β Our platform is hosted on GDPR-compliant infrastructure with a Data Processing Agreement (DPA) in place.
- Database (EU) β User and merchant data stored securely within EU infrastructure.
7. International Data Transfers
Some of our third-party service providers are located outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including Standard Contractual Clauses (SCCs) approved by the European Commission.
8. Data Retention
- Search queries: Anonymized after 90 days, deleted after 1 year
- Merchant account data: Retained while account is active + 3 years for legal/tax purposes
- Contact form messages: Deleted after 2 years
- Payment records: 7 years (Swedish accounting law requirement)
9. Cookies
BizoFlight uses minimal cookies:
- Essential only: Session token for merchant login (expires in 30 days)
- No advertising cookies
- No third-party tracking cookies
10. Children's Privacy
BizoFlight is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately at privacy@bizoshop.online.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered merchants of significant changes via email. The date at the top of this page indicates when it was last updated.
12. Supervisory Authority
As a Swedish company, our lead supervisory authority is:
Integritetsskyddsmyndigheten (IMY)
Swedish Authority for Privacy Protection
Website:
www.imy.se
You have the right to lodge a complaint with IMY if you believe we have violated your GDPR rights.