MY SHOP PRIVACY POLICY

Last Updated: August 26, 2025

MY-SHOP USA, INC  (together with its subsidiaries, affiliates, or related companies, the “Company”, “My Shop”, “our”, “we” or “us”) with EIN 93-4058869 and address in 1590 NE 162nd St, Suite 500, North Miami Beach, Florida, ZIP 33162, provides its Users, customers and potential customers visiting its website (“Customer“, “you” or “your” and “Website”) with an online platform for creation and management of their own websites and applications and ancillary services (as defined under the Terms, “User Apps”, “Platform”, and “Service/s”).

This Privacy Policy (“Privacy Policy“) forms an integral part of our Master Service Agreement https://myshop-media-files-us.myshoptechnologies.com/documents/Master_Services_Agreement.pdf (the “Agreement”).

As we are committed to protecting your rights to privacy, this Privacy Policy further explains how we safeguard your information we collect or to which we may have access, through your use of our Website and the Services, how such information may be used or shared with others, and how you may exercise your rights related to your Personal Information, as required under applicable laws.

California Residents: the general details included in this Privacy Policy apply to California residents as well. However, please refer to the at the bottom of this Privacy Policy that contains additional and specific data relevant for you.

Please note that this Privacy Policy pertains to the personal information collected by us, as the legal entity that owns data, through the Website, Platform and our Services. This Privacy Policy does not pertain to the data collected and managed independently by our Users as the legal owners of such data through their User Apps (i.e., personal information of customers and end-users of our Users). Such data is managed and processed by our Users in accordance with their privacy policies as disclosed in their User Apps.

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE ACCESSING AND USING OUR WEBSITE OR SERVICES. BY ACCESSING OR USING OUR WEBSITE OR SERVICES YOU ARE ACCEPTING THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY. IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS OR USE THE SERVICES.

1. POLICY AMENDMENTS:

   We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the Website or App and the update date will be reflected in the “Last Updated” heading. We will provide notice if these changes are material, and, where required by applicable law, we will obtain your consent for such changes. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We will update this Privacy Policy at least every 12 months.

2. CATEGORIES OF INFORMATION COLLECTED AND THE PURPOSE OF PROCESSING:

   You are not required to provide us with any Personal Information. However, depending on the Services used or your use of our Website, certain features will require processing of Personal Information.

   “Personal Information”: is individually identifiable information, namely information that identifies an individual or may, with reasonable efforts or together with additional information we have access to, enable the identification of an individual, where identification of an individual also includes the association of such individual with a persistent identifier such as a name, an identification number, persistent cookie identifier, etc.

   “Non-Personal Information”: is information that does not personally identify an individual and includes technical information such as the type of device, time stamp, or any Personal Information that has been anonymized or aggregated, provided that such information can no longer be used to identify a specific natural person. For the avoidance of doubt, any Non-Personal Information connected or linked to Personal Information shall be deemed as Personal Information as long as such connection or linkage exists and identifies a natural person.

   We may also use or disclose to third parties, aggregated, or de-identified information (“De-identified Data”) and we do not limit our third-party providers from using, selling, licensing, distributing, or disclosing de- identified data.

   The table below details the types of information we collect, access, share or use, and the purpose for processing such information:

   INFORMATION WE COLLECT	WHY DO WE COLLECT THIS INFORMATION
   Contact Communications: Where you contact us with any inquiries, through any means of communications we make available (e.g., an online form available on the Website, email correspondence, social media chats, toll free number, customer support, help center, etc.), you will be requested to provide us with your contact information such as your name, email address telephone number, and any other information needed to trace your order, or any information you choose to share with us through your correspondence or other communications with us.	We use such contact communications for the purpose of responding to your inquiries and providing you with the support or information you have requested. Our correspondence with you, and its content, may be further processed and stored in order to improve our customer services as well as in the event we reasonably determine it is needed in order to comply with any regulatory requirement, or for handling and defending against any dispute you might have with us. Further, calls may be recorded for the purpose of improving our customer support services or sales.
   Platform Account Data: In order to become a User of the Platform and enjoy our Services, you may decide to create an Account as further detailed in the agreement. During the	We use this information to provide our Services and information related to it, access to the Platform, create, manage, personalize and customize your User Apps, and improve the Services.

   registration process, we process your full name, age, date of birth, language preference, email address, purchase history, address, phone number and any information required with the activation of your Account, as requested during the registration process. Additionally, you will be required to define your username and password. This information will be processed when you login as well, please keep your credentials secure and confidential. If you choose to sign in through your social accounts (e.g., Google or Facebook account), certain Personal Information about you will be shared with us. You have the ability to control the Personal Information to which you allow access through the privacy settings on the applicable social platforms and the permissions you give us. By associating an account managed by a social platform with your account and authorizing us to have access to this information, you agree that we may collect, use and retain the information provided by these social platforms in accordance with this Privacy Policy. Furthermore, we may keep and process certain data regarding User’s usage of the Platform, as part of such User Account data. That data may include date and times of use, actions performed during such use and other data pertaining to the User usage of the Platform as part of our Services. Please note that data materially pertaining to your User Apps, such as your business information, reservations, logos and pictures and information pertaining to your end0users, is not processed under this Privacy Policy as we are not the Controller nor the legal owner of such data.

   We use such information to create and designate your account, authentication and validate access, enable log- in, access and use of your account as well as to send you needed information related to our engagement (e.g., send you a welcome message, notify you regarding any updates to your orders, send applicable invoices, etc.). By registering to or providing us with your e-mail address or any other contact information, you hereby agree that we may contact you for the purpose of informing you regarding our Services which may interest you, and in order to send to you other marketing material. You may opt-out by sending an email to the following address: service@myshoptechnologies.com or by pressing the “Unsubscribe” button contained in the promotional communications you receive. Please note that we may also contact you with essential information regarding your use and interaction with our Services, you will not be able to opt-out of receiving such service messages. We use your Account usage data to manage your account, record keeping of your activities with us and improving our services. We may use your phone number to send you different SMS messages relevant for your use of the Platform and Services.

   Payment Information: When you purchase any of our Services, we will process your payments by third party vendors. We do not collect your payment information, we may however, keep the last credentials of your credit card in case of recurring payments.

   We use any of this information to provide you with the Services and process the payments of the eye-products you have purchased.

   Usage Data: We perform such automatic collection through use of cookies, web beacons, unique identifiers, and similar technologies which allow us to collect information about the pages and screens you view, the links you click, and other actions you take when using the Website.

   We use this information, as further detailed below, for analytic and marketing purposes, as well as enhancing our Services, improving them, internal research, etc. We process your information for our legitimate interests while applying appropriate safeguards that protect your privacy. Our legitimate interests may span things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality or technical issues with our services, protecting against harm to the rights, property or safety of our Website, users, or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; o comply and/or fulfil our obligations under applicable laws, regulations, guidelines, industry standards and contractual requirements, legal process, subpoena or governmental request; and in accordance with our Terms of Service (“Legitimate Interest”).

   Advertising and Marketing: Information about your impressions of, and reactions to, advertisements that appear on the Website as well as ad-campaigns which are displayed online. This information may include the following: Device ID or unique identifier, device type, ID for advertising, unique device token, operating system, information regarding your clicks, views and engagement with our advertisement and Services, information concerning your traffic to and from the Platform, your referral URL, ad data, your IP address, your web log information, and your location information, including location information from your mobile device or as can be derived from your IP address. We further know whether the ad was clicked, viewed and when, if the emails sent were opened or not. We use third party tools that enrich the data we have and add profiling data, insights, including demographic data, contact information, and information made available to the public, such as information from credit bureaus to the extent permitted by applicable law.

   We perform such automatic collection through use of tools that measure the advertisement, the content viewed, the emails (if you opened it or not), in order to obtain insights on how or campaigns optimize and convert, measure the performance of our Services and ad campaigns, features, measure the performance of our marketing efforts, etc. Further, we use your online behavioral information in order to market our Website and Services – send you an email to remined you that you have not completed your order of items you have added to your cart, build a profile on you in order to present you offers which are tailor made to your preference, provide you with offers which we believe you might be interested according to an offer you have redeemed previously, etc. To the extent we’re permitted to do so under applicable law, to display or send to you marketing and advertising material and general and personalized content and to track and analyze the effectiveness and relevance of such material. We may ask for your consent to send you our marketing offers and communications.

   Analytic Information and Tracking: Our analytics tools use cookies and similar technologies to collect and analyze information related to user behavioral metrics on the Website and Platform, such as mouse movements, clicks, user inputs, scrolling, access time, visit duration, pages viewed, IP address (including approximate location), operating system, and page reloading. These tools provide insights into what works and what does not work for our Customers and Users. We use a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback campaigns, and similar features and functionality. This session replay tools may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type, screen resolution, visitor type (first time/returning), language, and similar metadata. This tool does not collect information on pages where it is not installed, nor does it track or collect information outside your web browser. In addition, Pixel tags (also known as web beacons and clear GIFs and cookies) may be used to, among other things, track the actions of users of the Website.

   We use web analytics tools to enhance the experience by optimizing the efficiency, design, and quality of the Website and Platform. We use it to fix errors and ensure security and for our Legitimate Interest. We use the information and the tools to, for example, identify and repair technical errors, such as broken links that hamper the Website and Platform functionality, and help us reconstruct the user experience to better understand, for example, where users may be encountering frustration or impediments. Further, we may use this web-based analytics tools to compile statistics about usage of the Services.

   Newsletter Registration: If you register to receive our newsletter, updates, and other marketing materials and offers (i.e., discounts, coupons, etc.), you will be requested to provide us your email address.

   We use this information in order to send you the content or offer you have signed up to receive. We will further store this information in order to include you in our marketing lists, as well as the “opt-out” list (the necessary information for such purpose), and to ensure we respect your choice and comply with applicable laws in this regard.

   Please note that the actual processing operation per each purpose of use detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction.

   In addition, we may use certain Personal Information to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of our services and to enforce our terms of use and other policies, as well as to protect the security or integrity of our databases and Website, and to take precautions against legal liability.

3. HOW WE COLLECT YOUR INFORMATION:

   Depending on the nature of your interaction with us and our Website, we may collect Personal Information as follows:

   • Automatically – we may use cookies and similar tracking technologies to gather some information automatically when you interact with our Website.

   • Provided by you voluntarily – we will collect information if and when you choose to provide us with the information, such as where you create an Account, use the Platform, purchase a Service, contact us, etc.

   • From publicly available sources – such as through social media platforms where you open an Account through such platforms, credit bureaus, all to the extent permitted under applicable law.

4. COOKIES AND TRACKING TECHNOLOGIES:

   We use “cookies” and similar tracking technologies when you access to, interact with, or use the Website. The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, enabling automatic activation of certain features (e.g., shopping cart), for statistical purposes, as well as for advertising purposes. You can find more information about cookies here: www.allaboutcookies.org.

   You can find more information regarding the Cookie usage on the Website through the designated Cookie Toolbar available at the footer of the Website.

5. SHARING PERSONAL INFORMATION WITH THIRD PARTIES, AND THE CATEGORIES OF SUCH THIRD PARTIES:

   We may disclose your Personal Information to a contractor or service provider for our business purposes. When we do so, we enter a contract that describes the relevant purposes, and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract. We further restrict the recipient from selling or sharing your Personal Information.

6. Text messaging originator opt-in data and consent will not be shared with any third parties, excluding aggregators and providers of the Text Message services.

7. In the preceding twelve (12) months, the Company has disclosed the following categories of Personal Information for a business purpose:

   Category of Recipient	Shared Information (in accordance with the table above)	Purpose of Sharing
   General Service providers.	All types of Personal Information.	We employ other companies and individuals to perform functions on our behalf. Examples include sending communications, analyzing data, providing marketing and sales assistance (including advertising and event management), cloud hosting and computing, identifying errors and crashes, conducting

   		customer relationship, payment suppliers, etc.
   Security and Fraud Detection Providers.	Internet or other similar network activity. Geolocation data.	We may disclose personal information to entities that detect, protect against, and respond to security incidents or other malicious, deceptive, illegal or fraudulent activity or actual or potential threats to the safety or well-being of any person.
   Our Lawyers, Consultants and any other party related to Enforcement of our rights.	All types of Personal Information.	We may disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us, you, or other users to legal liability, and solely to the extent required.
   Parties related to any Merger and Acquisition Activity.	All types of Personal Information.	We may disclose your personal information to third parties in connection with the proposed or actual financing, insuring, sale, securitization, assignment, or other disposal of all or part of our business or assets (including accounts) for the purposes of evaluating and performing the proposed transaction.
   Law Enforcement and Authorities.	As per such law enforcement authority request.	In certain cases, laws and regulations may require us to disclose personal information with these entities.
   Our affiliated companies.	All types of Personal Information.	We may share Personal Information internally within our affiliates for the same purposes described in this Privacy Policy.

   Disclosures for Cross-Context Behavioral and Targeted Advertising Purposes

   This section describes the categories of personal information we may disclose for “cross-context behavioral

   advertising” (“CCBA”) or “Targeted Advertising” as such terms are defined under the Data Protection Laws —

   i.e. delivering targeted advertising to consumers based on personal information we may obtain from their activity across businesses, distinctly-branded websites, applications, or services, other than those with which they intentionally interact. We do not “sell” information as most people would commonly understand that term, meaning we do not, and will not, disclose your Personal Information in direct exchange for money or some other form of payment. We may “share” Personal Information for “interest-based advertising” or “cross-context behavioral advertising” on the Website. In other words, we may share your Personal Information with a third party to help serve personalized content or ads that may be more relevant to your interests, and to perform other advertising-related services such as enabling our partners to serve such personalized content.

   In the preceding twelve (12) months, we “sell” or “share” the following categories of Personal Information for

   a business purpose:

   Category of Recipient	Shared Information	Purpose of Sharing
   Marketing and Advertising Firms and Networks.	All types of Personal Information. For the avoidance of doubt, we never share any sensitive information for such purposes.	We may disclose personal information to entities that perform marketing, advertising or market research on our behalf or help us determine the effectiveness of our marketing.

8. DATA RETENTION:

   Except as specifically detailed above, we retain the Personal Information we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until the individual expresses a preference to opt-out.

   In certain circumstances, we will retain your Personal Information for longer periods of time and mainly:

   • Where we are required to retain Personal Information in accordance with legal, regulatory, tax, or accounting requirements;

   • If such personal information is part of our internal business record keeping and pertains to an actual customer. In such cases, since the data is also part of our internal business records, we may keep it for long periods and even indefinitely;

   • Where we deem retention is necessary to obtain an accurate record of your dealings with us in the event of any complaints or challenges (e.g., adverse event); or

   • If we reasonably believe there is a prospect of litigation relating to your Personal Information.

9. INFORMATION SECURITY:

   Securing your Personal Information is of high priority. We design our systems with your security and privacy in mind. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards, such as encryption, access restrictions and permissions, etc.

   However, as detailed in the Agreement, we cannot guarantee 100% security. The nature of internet-based services inherently involves risks, and as such, we cannot ensure or warrant the absolute security of any information transmitted to or from our services. We implement various security measures to protect against unauthorized access, alteration, disclosure, or destruction of data. However, please be aware that no method of electronic transmission or storage is completely secure.

10. WHERE DO WE STORE YOUR INFORMATION:

    We maintain Personal Information that we collect from you in secured cloud storage environments provisioned by third party cloud providers in the United States. Nevertheless, any such information will be maintained and processed by us and our authorized affiliates and service providers which are located in various locations around the world, including, without limitation, the United States and in our facilities in Israel.

11. YOUR RIGHTS:

    We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your Personal Information. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to you, you have the right to control and request certain limitations or rights to be executed.

    In the table below, you can review how Consumers can exercise their rights, and appeal such decision, or if and when My Shop sells or shared the personal data, and how to opt-out.

    Privacy Right	Details
    Right to Know.	You may have right to know what Personal Information we have collected about you as a visitor of our website, including the categories of personal information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information we have collected about you. That right is being provided to you through our Privacy Policy and that Privacy Policy.
    Right to Access Personal Information.	You may have the right to obtain access to the personal data we have collected about you and, where required by law, the right to obtain a copy of the personal data in a portable and.
    The Right to Correct Personal Information.	You may have the right to request that we correct inaccurate personal information that we maintain about you.
    Right to delete personal information.	You may have the right to request that we delete the personal information we have collected about you.
    Non-Discrimination Right.	You may have the right not to receive discriminatory treatment for the exercise of privacy rights, including (where relevant) an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of

    	goods or services, etc. We may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to us by your Personal Information.
    Data Portability Right	You may have the right, where feasible, to obtain a copy of the Personal Information you provided to us in a portable format.
    Opt-Out of Sharing for Cross-Contextual Behavioral Advertising or from selling, where applicable.	You have the right to opt-out of the “sharing” of your personal information for “cross-contextual behavioral advertising,” often referred to as “interest-based advertising” or “targeted advertising.”, you may opt out through the “do not sell or share my personal information” button available within the Websites’ footer. You may opt out through device settings (opt-out from tracking AAID, ADID, please see the following for information applicable to all devices: https://thenai.org/opt-out/mobile-opt- out/). Further, you can opt-out from interest-based advertising, CCBA, by using Self-Regulatory Program for Online Behavioral Advertising such as: Digital Advertising Alliance’s (“DAA”): https://www.aboutads.info/choices and https://www.aboutads.info/appchoices, and the Network Advertising Initiative (“NAI”): https://www.networkadvertising.org/choices. Last, you can join Global Privacy Control (“GCP”) for opting out generally through your browser: https://globalprivacycontrol.org/. Our Consent Management Platform (“CMP”) will know to read all of these signals and ensure compliance with your request. In any event, please keep in mind: because they work off your browser ID and device ID. If you’re not signed-in to your customer account or don’t have a customer account, you will need to opt-out on each browser and device you use. or enable specific functionality.

    • Opt-out tools are limited to the browser or device you use

    • Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again.

    • If you opt-out, you will still see ads online, but these ads will not be based on your inferred interests.

    • Some automated means may still be used to collect information about your interactions with our online services for the other purposes such as to remember user preferences

    	– We use necessary cookies to make our properties work. Necessary cookies enable core functionality such as security, network management, and accessibility. You cannot disable those.
    Right to opt out from Profiling	We do not profile you, thus we do not provide an opt-out mechanism in this regard.

    If you want to exercise your rights, please fill in this form to and sending it to us by mail:

    privacy@myshoptechnologies.com

    Before processing your request, we will need to verify your identity and confirm you are a resident of a state that offers the requested right(s).

    In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. In order to verify your identity, we may require you to provide additional personal information, including, but not limited to, your name, email address, mailing address, date of your last interaction with us, and the general nature of your interactions with us. If we are able to verify your identity, we will respond to your request or provide an explanation as to why we are unable to comply with your request.

    We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require additional time (up to an additional forty-five (45) days), we will inform you of the reason and extension period in writing by mail or electronically, at your option. If we determine that the request warrants a fee, we will tell you why we made such a decision and provide you with a cost estimate before completing your request. For specific obligations and timeline which apply in specific US states, please refer to the part below adding additional information regarding specific state laws.

    As for opting out from any share or sell of your data, you can easily use the designated Cookie Toolbar on the Website.

    Authorized Agents

    “Authorized Agents” may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you were an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer. Usually, we will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:

    • When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer do the following:

      • Provide the authorized agent signed permission to do so or power of attorney.

      • Verify their own identity directly with the business.

      • Directly confirm with the business that they provided the authorized agent permission to submit the request.

    • A business may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.

12. PROTECTING CHILDREN:

    As detailed in the agreement, in order to access to, interact with or use our Services, you must be over the age of eighteen (18). Therefore, we do not knowingly collect Personal Information from minors under the age of sixteen (16) and do not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that age restriction. If we learn that we have collected personal information from a child under sixteen

    (16) years, we will delete that information as quickly as possible. If you believe that we might have any such information, please contact us at service@myshoptechnologies.com

13. ‌CALIFORNIA NOTICE

The general disclosure required under the CCPA is outlined in this Privacy Policy, including the types of data we collect, how we use it, disclosures and sharing of data with third parties, etc. Specifically, the following disclosures only apply to residents of the State of California:

1. Categories of collected Personal Information under the CCPA

   • Category A – Identifiers – Basic contact info including full name, email and in certain cases phone number.

   • Category B – Additional Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – Name, Payment information, etc.

   • Category F – Internet or other similar network activity – Information on a consumer’s interaction with a website, application, or advertisement.

   • Category G – Geolocation data – approximate, derived from IP.

2. Disclosures of Personal Data to third parties

   In the preceding 12 months, we have disclosed for a business purpose and “Sold” or “Shared” the categories of personal data about California residents as detailed above under section 5 – the use of our analytics and advertising partners in our website (to the extent such activities deem as “Disclosures for Cross-Context Behavioral and Targeted Advertising Purposes”).

3. California Residents Rights under the CCPA

   California residents have the following rights regarding their collected Personal Information as further elaborated under section 9 above:

   • Right to Know or Access;

   • Right to Deletion;

   • Right to Data Portability;

   • Right to Non-Discrimination;

   • Right to Rectification;

   • Right to Limit the Use and Disclosure of Sensitive Personal Information ;

   • Opt-Out of the Use of Automated Decision Making.

   You can learn more about the specific California residents’ privacy right through the following link:

   https://oag.ca.gov/privacy/ccpa. You can always exercise your rights as explained above.

4. Notice Of Financial Incentive

   We do not offer financial incentives to consumers for providing Personal Information.

5. Do Not Track Settings and Shine the Light Law for California Residents

   Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, we do not respond to the Do Not Track settings. Do Not Track is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. For more details, including how to turn on Do Not Track, visit: www.donottrack.us.

6. COLORADO NOTICE

   This section applies to Colorado residents acting only as an individual or household context (and not in a commercial or employment context, as a job applicant or as a beneficiary of someone acting in an employment context). Pursuant to the Colorado Privacy Act (“CPA”) please see below the disclosure of the categories of personal data that are collected or processed, the purposes, how consumers can exercise their rights, and appeal such decision, categories of third-parties the controller shares or sells the personal data, or sells the personal data for advertising and how to opt-out.

   “Personal Data” as defined in the CPA means information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CPA scope, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or 42 CFR Part 2- “Confidentiality Of Substance Use Disorder Patient Records”, Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, national Security Exchange Act of 1934, higher education data and employment data.

   “Sensitive Data” includes (i) racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life or sexual orientation; (ii) Genetic or biometric data that can be processed to uniquely identify an individual; or (iii) child data.

   Under Section 2 above, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, in Section 5 you can find details about the categories of third-parties we share for business purposes. Section 9 discloses your rights and Personal Data shared or sold for targeted advertising.

   Only you, or someone legally authorized to act on your behalf, may make a request to know or delete your Personal Data. If the request is submitted by someone other than you, proof of authorization (such as power of attorney or probate documents) will be required.

   We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows: Colorado AG at https://coag.gov/file-complaint/

   If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account to submit a request.

   Any disclosures we provide will only cover the 12-month period preceding receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

7. CONNECTICUT NOTICE

   Under the Connecticut Data Privacy Act, Public Act. No. 22-14 (the “CDPA”) if you are a resident of Connecticut, acting in an individual or household context (and not in a commercial or employment context or as a representative of business, non-profit or governmental entity), your rights with respect to your personal data are described below.

   “Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable individual and does not include publicly available information that is lawfully made available from government records, or that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; or information excluded from the CDPA scope, such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

   “Sensitive Data” under the CDPA means data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis, sex life, sexual orientation, citizenship, or immigration status; The processing of genetic or biometric data for the purpose of uniquely identifying an individual; Personal data collected from a known child; Precise geolocation data. In certain cases, we will process precise geolocations data if you explicitly enable the GPS permission within our App.

   Under CDPA, My Shop is required to provide you with a clear and accessible privacy notice that includes: categories of personal data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of personal data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.

   Under Section 2 above, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, in Section 5 you can find details about the categories of third-parties we share for business purposes. Section 9 discloses your rights and Personal Data shared or sold for targeted advertising.

   We shall respond to your request within 45 days of receipt. The response period may be extended once by 45 additional days when reasonably necessary, taking into account the complexity and number of requests and we inform you of such extension within the initial 45-day response period, together with the reason for the extension.

   If we decline to take action on your request, we shall inform you without undue delay, within 45 days of receipt of your request. The notification will include a justification for declining to take action and instructions on how you may appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint/ or (860) 808-5318.

   We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive, or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

8. VIRGINIA NOTICE

   Under the Virginia Consumer Data Protection Act, as amended (“VCDPA”) if you are a resident of Virginia acting in an individual or household context (and not in an employment or commercial context), you have the following rights with respect to your Personal Data.

   “Personal Data” means any information that is linked or reasonably linkable to an identified or identifiable natural person, and does not include publicly available information that is lawfully made available from government records, that a consumer has otherwise made available to the public; de-identified or aggregated consumer information; Information excluded from the VCDPA scope, such as: HIPAA, GBPA, non-profit entities, higher education, employment data and FCRA, Driver’s Privacy Protection Act of 1994, Family Educational Rights and Privacy Act, Farm Credit Act.

   The VCDPA requires My Shop discloses the categories of personal data processed, purpose of processing, how you can exercise your rights, including how you may appeal our decision with regard to the consumer request, the categories of personal data shared with third parties and with whom, and My Shop sells personal data to third parties or processes personal data for targeted advertising.

   Under Section 2 above, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially

   different, unrelated, or incompatible purposes without obtaining your consent. Additionally, in Section 5 you can find details about the categories of third-parties we share for business purposes. Section 9 discloses your rights and Personal Data shared or sold for targeted advertising.

   We will respond to your request within 45 days after receipt of a verifiable Consumer Request (no more than twice in a twelve-month period). We reserve the right to extend the response time by an additional 45 days when reasonably necessary and provided consumer notification of the extension is made within the first 45 days. If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint to the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.

   If you have an account with us, we may deliver our written response to that account or via email at our sole discretion. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. You do not need to create an account to submit a request.

   Any disclosures we provide will only cover the 12-month period preceding receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

   We shall provide information in response to your request free of charge, up to twice annually, unless requests are manifestly unfounded, excessive, or repetitive. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information reasonably necessary to authenticate you and your request. If we cannot authenticate you and your request, we will not be able to grant your request.

9. UTAH NOTICE (effective January 2024)

   Under the Utah Consumer Privacy Act (“UCPA”) if you are a resident of Utah, acting in an individual or household context (and not in a commercial or employment context) your rights with respect to your personal data are described below. “Personal Data” refers that is linked or reasonably linkable to an identifiable individual and does not include de-identified data and publicly available data or data that is processed not within the scope of UCPA.

   Under Section 2 above, we describe our collection and processing of Personal Data, the categories of Personal Data that are collected or processed, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without obtaining your consent. Additionally, in Section 5 you can find details about the categories of third-parties we share for business purposes. Section 9 discloses your rights and Personal Data shared or sold for targeted advertising. Note, under UCPA, our sharing practices with third-party analytic and advertising tools are not considered a “sale”.

10. NOTICE TO NEVADA RESIDENTS

    Nevada law allows Nevada residents to opt out of the sale of certain types of personal information. Subject to several exceptions, Nevada law defines “sale” to mean the exchange of certain types of personal information for monetary consideration to another person. We currently do not sell personal information as defined in the Nevada law. However, if you are a Nevada resident, you still may submit a verified request to opt out of sales and will record your instructions and incorporate them in the future if our policy changes. You may send opt- out requests to service@myshoptechnologies.com

11. GENERAL INFORMATION

This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the State of Israel. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court situated in Israel.

The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

 

For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Information, you may contact our privacy team at service@myshoptechnologies.com

CONTACT US:

My Shop Technologies Ltd.

Email: service@myshoptechnologies.com

Post address: 361 E. Hillsboro Blvd, Deerfield Beach, FL 33441 USA

Phone: +1 (442) 249-7454

Toll Free Number: +1 833 593 1395