Shopes Logo

Privacy Policy

Last updated: 4 July 2025UK GDPReBay PartnerGoogle Services

Contents

1. Introduction2. Data Controller3. Data We Collect4. How We Use Data5. Third-Party Services6. eBay Integration7. Google Services8. Data Sharing9. Data Security10. Your Rights11. Data Retention12. Contact Information

1. Introduction

Shopes Limited ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our visual shopping discovery platform at Shopes.co.uk.

UK GDPR Compliance

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines your rights and how we handle your personal data in accordance with UK law.

2. Data Controller

Shopes Limited is the data controller for personal data processed through our platform. We are responsible for ensuring your data is processed lawfully, fairly, and transparently.

Contact Details:

Email: [email protected]

Website: https://shopes.co.uk

Registered in England and Wales

3. Data We Collect

We collect different types of information to provide and improve our services:

3.1 Information You Provide

  • Account Information: Name, email address, and password (if you create an account)
  • Search Queries: Product searches and filtering preferences
  • Communication Data: Messages sent through our contact forms or support channels

3.2 Information Automatically Collected

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Data: Pages visited, time spent on site, click patterns, search history
  • Cookies and Tracking: Session cookies, preference cookies, and analytics cookies

3.3 Image Data

  • Uploaded Images: Images you upload for product matching and visual search
  • OCR Data: Text extracted from images using Google OCR services
  • Image Analysis: Visual features and metadata extracted for product matching

4. How We Use Your Data

We process your personal data for the following purposes, based on legitimate legal grounds:

Service Provision

  • • Product search and discovery
  • • Visual product matching
  • • Price comparison services
  • • Account management

Service Improvement

  • • Analytics and usage patterns
  • • Performance optimization
  • • Feature development
  • • User experience enhancement

4.1 Legal Basis for Processing

  • Legitimate Interest: Providing and improving our shopping discovery services
  • Contract Performance: Fulfilling our terms of service and user agreements
  • Legal Compliance: Meeting eBay API requirements and UK data protection laws
  • Consent: Where explicitly provided for specific features or communications

5. Third-Party Services

Our platform integrates with several third-party services to provide comprehensive functionality. All services are used strictly in accordance with their respective terms of service and privacy policies.

Strict Compliance Notice

All third-party services are used strictly in accordance with their terms of service, privacy policies, and usage requirements. We maintain full compliance with all service provider policies.

6. eBay Integration

eBay Developers Program Partner

We are enrolled in the eBay Developers Program and integrated with eBay APIs to provide marketplace search and discovery services.

6.1 eBay Data Processing

Through our eBay API integration, we process the following data:

  • Product Information: Listings, prices, descriptions, and images from eBay marketplace
  • Search Results: Product matches based on your search queries and preferences
  • Category Data: Product categorisation and filtering information
  • Seller Information: Public seller ratings and feedback (where applicable)

6.2 eBay Account Deletion Compliance

As developers integrated with eBay APIs via the eBay Developers Program, we are required to:

  • Subscribe to eBay marketplace account deletion/closure notifications
  • Maintain secure HTTPS endpoints to receive account deletion notifications
  • Promptly remove user data associated with deleted eBay accounts from our systems
  • Comply with all eBay data retention and deletion requirements

Note: We do not store eBay user credentials or personal account information. All eBay interactions are conducted through official eBay APIs with appropriate permissions.

7. Google Services

Google Services Integration

We use Google services to enhance our visual search and product analysis capabilities, all in strict compliance with Google's terms of service and privacy policies.

7.1 Google OCR (Optical Character Recognition)

We use Google's OCR services to extract text from uploaded images for enhanced product matching:

  • Image Processing: Text extraction from product images you upload
  • Search Enhancement: Using extracted text to improve product search accuracy
  • Data Handling: Images are processed securely and not stored permanently by Google
  • Privacy Protection: All processing complies with Google Cloud Privacy policies

7.2 Google AI Services

We utilise Google AI services for advanced product analysis and insights:

  • Product Analysis: AI-powered insights and recommendations
  • Visual Recognition: Enhanced image matching and categorisation
  • Market Intelligence: Trend analysis and product insights
  • Quality Assurance: Content moderation and spam detection

8. Data Sharing

We do not sell, rent, or trade your personal data. We only share data in the following limited circumstances:

We DO NOT Share

  • • Personal contact information
  • • Individual search histories
  • • Account credentials
  • • Private communications

Limited Sharing For

  • • Service provision (eBay, Google APIs)
  • • Legal compliance requirements
  • • Security and fraud prevention
  • • Aggregated, anonymised analytics

9. Data Security & Hosting

GDPR-Compliant Hosting

All data is hosted on GDPR-compliant infrastructure that meets UK and EU data protection requirements, with appropriate technical and organisational measures in place.

9.1 Security Measures

  • Encryption: Data encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Strict access controls and authentication mechanisms
  • Regular Audits: Security assessments and vulnerability testing
  • Incident Response: Comprehensive data breach response procedures
  • Staff Training: Regular privacy and security training for all personnel

10. Your Data Protection Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

Access & Portability

  • • Right to access your personal data
  • • Right to data portability
  • • Right to receive a copy of your data

Control & Correction

  • • Right to rectify inaccurate data
  • • Right to erasure ("right to be forgotten")
  • • Right to restrict processing

Objection & Consent

  • • Right to object to processing
  • • Right to withdraw consent
  • • Right to object to automated decisions

Complaints

  • • Right to lodge a complaint
  • • Contact the ICO (UK regulator)
  • • Seek judicial remedy

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month of receipt.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

11. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account Data: Retained while your account is active, plus 12 months after closure
  • Search History: Retained for 24 months for service improvement purposes
  • Technical Logs: Retained for 12 months for security and performance monitoring
  • Communication Records: Retained for 3 years for customer service purposes
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

12. International Users & Cross-Border Data Processing

Global Privacy Notice

We welcome international users and are committed to protecting your privacy regardless of your location. This section outlines how we handle data for users outside the UK.

12.1 Cross-Border Data Transfers

When you use our service from outside the UK, your data may be processed across borders:

  • Data Location: Your data is primarily processed and stored on GDPR-compliant infrastructure
  • Third-Party Services: eBay and Google services may process data in various jurisdictions with appropriate safeguards
  • Transfer Mechanisms: We use standard contractual clauses and adequacy decisions where applicable
  • Data Protection: All transfers maintain equivalent levels of protection as required by UK GDPR

12.2 Regional Data Protection Rights

EU/EEA Users

  • • Full GDPR rights apply
  • • Right to data portability
  • • Right to be forgotten
  • • Right to object to processing
  • • Right to lodge complaints with local DPAs

Other International Users

  • • Local data protection laws may apply
  • • We respect equivalent privacy rights
  • • Contact us for specific regional requirements
  • • Transparency in data processing
  • • Right to request data deletion

12.3 International Compliance Framework

We maintain compliance with various international data protection frameworks:

  • GDPR (EU): Full compliance for EU/EEA users with local supervisory authority oversight
  • UK GDPR: Primary framework governing our data processing activities
  • CCPA (California): Respect for California consumer privacy rights where applicable
  • PIPEDA (Canada): Compliance with Canadian privacy principles
  • Other Jurisdictions: We adapt our practices to meet local requirements where feasible

12.4 International User Rights

Your Rights as an International User

Data Access: Request copies of your personal data

Data Correction: Request correction of inaccurate data

Data Deletion: Request deletion of your personal data

Processing Objection: Object to certain data processing

Data Portability: Receive your data in a portable format

Local Complaints: Lodge complaints with local authorities

12.5 Language and Communication

For international users:

  • Primary Language: Our service and communications are provided in English
  • Translation: You may use translation services to understand our policies
  • Support: Customer support is provided in English during UK business hours
  • Legal Documents: All legal documents are governed by their English language versions

Important Notice for International Users

While we strive to comply with international data protection standards, our primary legal framework is UK GDPR and Data Protection Act 2018. If you have specific regional privacy requirements, please contact us at [email protected].

13. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Contact Person

Name: Tomas Sadzevicius

Position: Director

Company: Shopes Limited

Support & Enquiries

Email: [email protected]

Subject: Privacy Policy Enquiry

Response Time: Within 1-2 business days

Company Information

Company: Shopes Limited

Website: https://shopes.co.uk

Jurisdiction: England and Wales

Regulatory Authority: Information Commissioner's Office (ICO)

Policy Updates: This Privacy Policy may be updated from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this page.