Autotrader RSA Vehicle Sync Privacy Policy

1. Introduction: This Privacy Policy explains how AutoTrader RSA Vehicle Sync ("we", "us" or "the App") processes information when you install and use the App with your Shopify store. We aim to comply with applicable South African data protection and consumer laws, including the Protection of Personal Information Act, 2013 (Act 4 of 2013) ("POPIA").

2. Definitions and roles under POPIA: For purposes of POPIA, your dealership/business (the Shopify merchant) is generally the Responsible Party (similar to a “controller”) for personal information in your Shopify store, because you determine why and how it is processed. We generally act as an Operator (similar to a “processor”) when we process personal information on your instructions to provide the App’s services. In some limited cases (for example, when we run our own support, billing, and security operations), we may act as a Responsible Party for that specific processing.

3. Information we process: The App is designed to sync vehicle inventory data from AutoTrader RSA into your Shopify catalogue. Depending on your configuration and how Shopify and AutoTrader are set up, we may process the following categories of information:

  • Merchant and store information (Shopify): your Shopify store domain, store identifier(s), and information required to authenticate the App with Shopify (for example, access tokens), so we can connect to and update your product catalogue and relevant metafields.
  • AutoTrader RSA proxy credentials you provide: the username and password (or similar credential) you enter in the App to access your AutoTrader RSA inventory feed. We use these credentials only to retrieve your vehicle listings on your behalf. We store credentials in encrypted form and restrict access to them.
  • Vehicle listing data (inventory data): information about vehicles in your AutoTrader RSA feed (for example Make, Model, Year, Mileage, specifications, pricing, descriptions, stock numbers/identifiers, and availability/sold status) that you choose to sync into Shopify as products and metafields.
  • Images and media: high-resolution vehicle image galleries associated with your AutoTrader RSA listings, which the App syncs to Shopify product media (where supported by Shopify).
  • Technical and usage data: logs and diagnostic information about how the App is accessed and performs (for example timestamps, sync status, error logs, IP address, and device/browser information) to maintain security, troubleshoot issues, and improve reliability.

4. Information we do not intentionally collect: The App is intended to sync dealership inventory into Shopify. We do not intentionally request or need your customers’ payment card information. Depending on the Shopify permissions you approve, the App should not require access to customer order details to function. If you believe the App is processing customer personal information unnecessarily, please contact us and we will investigate.

5. Purposes for processing (and lawful basis): We process information to provide and operate the App, including to:
Where POPIA applies, we generally rely on processing that is necessary to perform our contract with you (to provide the App), and our legitimate interests in operating a secure and reliable service. Where we process information based on your instructions as an Operator, you remain responsible for ensuring you have a lawful basis to process any personal information you place in Shopify and to provide any notices required to data subjects.

  • Connect to Shopify and AutoTrader RSA (using the credentials and authorisations you provide) to retrieve your active listings.
  • Create, update, and delete Shopify products so your Shopify catalogue matches your AutoTrader RSA feed (including removing vehicles that are sold/removed).
  • Sync vehicle images and map vehicle details (for example Make, Model, Year, and Mileage) into Shopify metafields; provide support, troubleshoot issues, prevent fraud/abuse, and comply with applicable legal obligations.

6. Data accuracy and your responsibilities: You are responsible for ensuring the accuracy, completeness, and lawfulness of the vehicle and other information you choose to sync to Shopify (including ensuring you have the right to use and publish images and descriptions). You should review synced product data in Shopify, correct any errors, and ensure your own customer-facing privacy notices cover your use of Shopify and any personal information you collect or publish.

7. Security safeguards: We implement appropriate technical and organisational measures to protect information against loss, unauthorised access, disclosure, alteration, or destruction. These measures may include encryption of sensitive credentials, access controls, least-privilege practices, and monitoring. No system is perfectly secure; you use the App at your own risk.

8. Sharing with third parties: We share information only as needed to provide the App and operate our business, including with:

  • Shopify: to create and manage products, images/media, and metafields in your store as instructed by you.
  • Hosting, infrastructure, and analytics providers: to host the App and maintain performance and security.
  • Support and communication tools: to handle support requests and service communications.

9. Cross-border transfers: Some of our service providers (including Shopify and cloud hosting providers) may process information outside South Africa. Where personal information is transferred cross-border, we take steps intended to ensure the transfer is consistent with POPIA requirements (for example, using reputable providers and appropriate contractual and security safeguards).

10. Automated decision-making: The App is an inventory synchronisation tool. We do not use personal information to make automated decisions about individuals (including profiling) that produce legal or similarly significant effects.

11. Terms of service (summary) and limitation of liability: The App is provided on an “as is” and “as available” basis. To the maximum extent permitted by applicable law, we are not liable for indirect or consequential losses (such as loss of profits, loss of data, or business interruption) arising from your use of the App. Nothing in this policy or the App terms is intended to exclude or limit liability where doing so is unlawful.

12. Third-party services and trademark notice: This App is an independent, third-party integration built to connect your AutoTrader RSA feed to Shopify. We are not affiliated with, associated with, endorsed by, or in any way officially connected to AutoTrader RSA. Shopify and AutoTrader RSA and their respective logos and trademarks are the property of their respective owners. We are not responsible for changes made by third parties (including Shopify or AutoTrader RSA) that may affect the App’s functionality.

13. Changes to this Privacy Policy: We may update this Privacy Policy from time to time to reflect changes to the App, legal requirements, or our practices. If we make material changes, we will take reasonable steps to notify you (for example, via the Shopify App listing, the App interface, or email where appropriate).

14. Retention and deletion: We retain App-related information only for as long as necessary to provide the App, meet our legal obligations, resolve disputes, and enforce agreements. If you uninstall the App, we will delete or de-identify (where feasible) the AutoTrader credentials and App configuration we hold within a reasonable period, subject to any lawful retention requirements. Uninstalling the App does not automatically delete products already created in Shopify; you can manage or delete those within Shopify.

15. Your rights (POPIA) and how to make requests: Where we act as a Responsible Party, you may have rights under POPIA (subject to applicable limitations), including to request access to or correction/deletion of personal information we hold, to withdraw consent where processing is based on consent, and to object to certain processing. Where we act as an Operator, we will assist the relevant Responsible Party (you, the merchant) to respond to data-subject requests where required. To submit a request, contact us using the details in section 18 below. You also have the right to lodge a complaint with the Information Regulator (South Africa).

16. Security incidents: If we become aware of a security compromise that affects personal information we hold, we will take steps to contain and investigate it and, where required by POPIA, notify affected parties and/or the Information Regulator as appropriate.

17. Direct marketing: We do not use Shopify customer information for our own direct marketing. If we send you service-related messages (for example, important notices about syncing or security), these are operational communications, not marketing. Where we conduct any marketing to businesses, you may opt out at any time by contacting us.

18. Contact us: If you have any questions about this Privacy Policy or how information is handled, or if you would like to make a POPIA-related request, please contact our Information Officer at: support@super1host.co.za