Vendors & Sub-Processors

MyOwnSomm.com Last updated:

This page lists third-party services we use to run MyOwnSomm.com, the categories of personal data we share with them, the purpose of the processing, where data may be processed, and the relevant safeguards (e.g., Standard Contractual Clauses). It forms part of our Privacy & GDPR Policy.

Sellers are separate controllers: Individual licensed retailers/sommeliers (“Sellers”) who fulfil alcohol orders are independent controllers for those orders and will provide their own privacy notices. This page only covers vendors we use to provide the MyOwnSomm platform.

Summary

Vendor Role Data we share Purpose Primary locations Safeguards / DPA
Stripe
Stripe Payments Europe, Ltd.
Independent Controller (card data) Processor (billing metadata)
Name, email, subscription plan/status, billing amounts/attempt results. No card numbers stored by us. Process subscription payments, manage charges, prevent fraud, receipts. EU/EEA & globally (support operations may involve non-EEA transfers) SCCs + Stripe DPA
stripe.com/legal/dpa
Shopify
Shopify International Ltd.		 Processor Name, email, phone, delivery address, order line items when we create/manage orders with participating shops. Order orchestration for participating shops integrated with Shopify. EU/EEA, Canada & globally (per Shopify’s infrastructure) SCCs + Shopify DPA
shopify.com/legal/dpa
WooCommerce
Automattic, Inc.		 Processor Name, email, phone, delivery address, order line items for shops using WooCommerce. Order orchestration for participating shops integrated with WooCommerce. EU/EEA & US (per Automattic services used) SCCs + Automattic DPA
automattic.com/dpa/

Details

Stripe

Address: Stripe Payments Europe, Ltd., The One Building, 1 Grand Canal Street Lower, Dublin 2, Ireland.

Role: Independent controller for card data; processor for certain billing/subscription metadata.

Data shared: Name, email, plan, subscription status, charge outcomes, partial billing identifiers. We never store card numbers; Stripe collects and stores those directly.

Purpose: Subscription billing, fraud prevention, receipts.

Legal basis: Contract; legitimate interests (fraud prevention); legal obligation (financial records).

Locations & safeguards: EU/EEA and, where necessary, global support with SCCs. See Stripe DPA.

Shopify

Address: Shopify International Ltd., c/o Intertrust Ireland, 2nd Floor, 1-2 Victoria Buildings, Haddington Road, Dublin 4, Ireland.

Role: Processor (for order creation/management on behalf of participating shops).

Data shared: Name, email, phone, delivery address, order items needed to create/manage orders.

Purpose: Order orchestration for integrated shops using Shopify.

Legal basis: Contract (providing the service to you); legitimate interests (fulfilling user orders).

Locations & safeguards: EU/EEA, Canada & global per Shopify’s infrastructure, protected by SCCs. See Shopify DPA.

WooCommerce (Automattic)

Address: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA (with EU affiliates where applicable).

Role: Processor (for order creation/management on behalf of participating shops).

Data shared: Name, email, phone, delivery address, order items needed to create/manage orders.

Purpose: Order orchestration for integrated shops using WooCommerce.

Legal basis: Contract; legitimate interests (fulfilling user orders).

Locations & safeguards: EU/EEA & US with SCCs. See Automattic DPA.

Notes & updates