1. Information Collection
1.1 Personal Information We Collect
When you join our Affiliate Program, we collect personal information necessary for program operation, including:
Identity Information
- Full name (as it appears on your government ID)
- Date of birth (for age verification)
- Tax identification number (for payment processing)
Contact Information
- Email address (primary and secondary)
- Phone number (optional, for urgent communications)
- Mailing address (for tax documents if required)
Financial Information
- PayPal email address or payment details
- Bank account information (if applicable)
- Tax classification information
Technical Information
- IP address and location data
- Device information
- Browser type and version
- Affiliate tracking IDs
2. How We Use Your Information
2.1 Primary Uses
Your personal information is used for the following purposes:
- Program Registration & Management: To create and maintain your affiliate account
- Referral Tracking: To accurately track and attribute referrals for commission calculation
- Payment Processing: To process commission payments and tax documentation
- Communication: To send program updates, newsletters, and important notices
- Performance Analytics: To provide you with performance reports and insights
2.2 Legal Bases for Processing
We process your information based on:
- Contractual Necessity: To fulfill our affiliate agreement with you
- Legal Obligations: To comply with tax and financial regulations
- Legitimate Interests: To improve our affiliate program and prevent fraud
- Consent: For marketing communications where required by law
3. Data Security Measures
3.1 Security Protocols
We implement comprehensive security measures to protect your personal information:
- Encryption: All sensitive data is encrypted in transit (SSL/TLS) and at rest
- Access Controls: Strict role-based access controls for our staff
- Regular Audits: Security audits and vulnerability assessments
- Secure Storage: Data stored in secure, access-controlled environments
- Payment Security: PCI DSS compliance for payment processing
3.2 Incident Response
In the event of a data breach, we will:
- Notify affected affiliates within 72 hours of discovery
- Provide details about the nature of the breach
- Offer guidance on protective measures you should take
- Report to relevant authorities as required by law
4. Third-Party Sharing & Disclosure
4.1 Our Commitment
We do not sell or share your personal data with third parties for marketing purposes.
4.2 Necessary Service Providers
We may share your information with trusted service providers for:
- Payment Processing: PayPal, Stripe, or other payment gateways
- Analytics: Google Analytics (anonymized data only)
- Communication: Email service providers for program communications
- Legal Compliance: Tax authorities and regulatory bodies
4.3 Data Processing Agreements
All third-party service providers:
- Are bound by strict data processing agreements
- May only process data for specified purposes
- Must implement appropriate security measures
- Are prohibited from using data for their own purposes
5. Cookies & Tracking Technologies
5.1 How We Use Cookies
Cookies are used to track referrals and ensure proper commission attribution:
- Tracking Cookies: 30-day duration for affiliate link attribution
- Session Cookies: To maintain your login session
- Preference Cookies: To remember your display preferences
- Analytics Cookies: To improve our affiliate platform
5.2 Cookie Management
You can control cookies through:
- Browser settings (block or delete cookies)
- Opt-out mechanisms for analytics cookies
- Note: Disabling cookies may affect referral tracking accuracy
6. Your Data Rights
6.1 Access & Control Rights
You have the following rights regarding your personal data:
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request account deletion (subject to contractual obligations)
- Right to Restriction: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to certain processing activities
6.2 Account Deletion Requests
You may request account deletion at any time, subject to:
- Pending commission payments (will be processed before deletion)
- Legal retention requirements (tax records: 7 years)
- Fraud investigation requirements (if applicable)
Deletion Process:
Account deletion requests are processed within 30 days. You will receive confirmation via email. Note that some data may be retained for legal compliance purposes even after account deletion.
7. Policy Updates & Communication
7.1 Policy Updates
We may update this policy periodically to reflect:
- Changes in our data practices
- New legal requirements
- Improvements to our affiliate program
7.2 Notification of Changes
When we update this policy:
- We will notify you via email at least 30 days before changes take effect
- The updated policy will be posted on our website with a new "Last Updated" date
- Continued participation in the affiliate program constitutes acceptance of updates
8. Contact & Support
8.1 Data Protection Officer
For data access or deletion requests, contact our support team:
- Email: privacy@ifshop.store
- Subject Line: "Data Request - Affiliate Program"
- Response Time: Within 30 days as required by law
- Verification: We will verify your identity before processing requests
8.2 Support Hours
- Monday-Friday: 9 AM - 6 PM EST
- Emergency Support: Available for urgent data security matters
- Response Time: Initial response within 48 business hours
9. Data Retention Period
9.1 Retention Schedule
We retain your personal data for the following periods:
- Active Accounts: For the duration of your participation
- Inactive Accounts: 2 years after last activity
- Financial Records: 7 years for tax compliance
- Deleted Accounts: 30 days in backup systems
9.2 Data Destruction
When data is no longer needed:
- Electronic data is securely erased
- Paper records are shredded
- Backup data is purged according to schedule
10. International Data Transfers
10.1 Cross-Border Data Flows
If you are located outside our operating country:
- Data may be transferred to our servers in the United States
- We use Standard Contractual Clauses for EU/UK transfers
- We comply with international data protection frameworks
EU/UK Residents:
If you are located in the European Union or United Kingdom, you have additional rights under GDPR/UK GDPR. Contact us for more information about these specific rights.
This Privacy Policy is effective as of the "Last Updated" date shown above.
By participating in our Affiliate Program, you acknowledge that you have read,
understood, and agree to this Privacy Policy.