Popupular Privacy
Policy updated October 18, 2020

‍Popupular respects your privacy and is committed to protecting your personal data. This privacy policy outlines how we look after your personal data when you use our services and tell you about your privacy rights and how the law protects you.

Please read this privacy policy, as well as any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements any other notices and is not intended to override them.
This website is not intended for minors and we do not knowingly collect data relating to minors.

User consent
Users can access our services (the “Service”) via our website, companion Chrome extension, customer domains, applications on Devices, APIs, and third-parties. By using
our Service you are consenting to the collection, transfer, processing, storage, disclosure and other uses described in this Privacy Policy.

The use of information collected through our services shall be limited to the purpose of providing the service for which our customers (“Customer”) have engaged Popupular.

Information we collect and store
Login information

When your account is created, we securely collect some personal information, such as your email address, credit card or other billing information.


Log data

When you use our Service, we automatically collect certain information from your Device, its software, and your activity using the Services. This may include, for example (but without limitation), the Device's Internet Protocol (“IP”) address, browser type, the web page visited before you came to our website, domains where you use our services, information you search for on our website and inside our products, locale preferences, identification numbers associated with your Devices, date and time stamps associated with transactions, system configuration information, metadata, and interactions with the Services and products.


Cookies

We also use “cookies” to collect information, provide and improve our Services to you. A cookie is a small file that we transfer to your Device. We may use “persistent cookies” to save your registration ID and login password for future logins to the Service.

We may use “session ID cookies” to enable certain features of the Service, to better understand how you interact with the Service, to monitor aggregate usage and web traffic routing on the Service, and to enable third-party vendors, including Google, to serve ads based on someone's past visits to our website. This also enables third-party vendors, including Google, to show our ads on sites across the internet. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all aspects of the Service.

Our affiliates use cookies to make it easier for us to gather analytics about product usage and to help us provide interactive support for our users. The use of cookies by our affiliates is not covered by our Privacy policy. We do not have access or control over these cookies.


Information about your users

As part of our Services you may install our products on your domains. In this case we also use “cookies” and other means to collect information about your users, but only to the extent necessary for us to provide our services to you. This information typically includes, but is not limited to, your users' location (based on their device IP address), device language preferences and previous activity with our Service.

We never deliberately collect personally identifiable information about your users. All data is aggregated and impersonalized, and is discarded once it's no longer needed to provide our Service.

How we use personal informationPersonal information

In the course of using the Service, we may collect or otherwise obtain information that can be used to contact or identify you (“Personal Information”).

Personal Information is or may be used: (i) to provide and improve our Service, (ii) to administer your use of the Service, (iii) to recommend follow-up reminders, assign tasks, or personalize the service, and (iv) to provide or offer software updates and product announcements.


Analytics

We also collect some information (ourselves or using third party services) that requires using logging and cookies, such as IP address, which can sometimes be correlated with Personal Information.

We use this information for the above purposes and to monitor and analyze use of the Service, for the Service's technical administration, to increase our Service's functionality and user-friendliness, to verify users have the authorization needed for the Service to process their requests, and for advertising purposes.

As of the date this policy went into effect, we use Google Analytics. Visitors can opt out of Google's use of cookies for advertising purposes by visiting Google's Ads Settings.

Learn more about the privacy policy of Google Analytics and how to opt out.Data securityWe have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information. All transactions are processed through a gateway provider and are not stored or processed on our servers.
Data retention and DisclosureData Retention

Our intention is to retain your information for as long as your account is active or as needed to provide you with our Services. If you wish to cancel your account or request that we no longer use your information to provide you Services, you may delete your account.

We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights, or if it is not technically reasonably feasible to remove it.

Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that there might be latency in deleting information from our servers and backed-up versions might exist after deletion. In addition, we do not delete information from our servers files if you have that information in common with other users.


NO SALE of Personal Information

We do NOT sell Personal Information to third parties.


Service Providers, Business Partner and Other parties

We may use certain trusted third-party companies and individuals to help us provide, analyze, and improve the Service (including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service's features).

These third parties may have access to your information for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy. As of the date this policy went into effect, we use Amazon's storage service to store some of your information (for example, your files).

More information on Amazon data security


Third-Party Products or Services

As of the date this policy went into effect, Popupular has never in the past and does not intend to share your information with a third-party product or service.

In the future, with your consent, we may share your information with a third-party product or service (for example when you choose to access our Services through such a product or service).

We are not responsible for what those parties do with your information, so you should make sure you trust the application and that it has a privacy policy that is acceptable to you.


Compliance with Laws and Law Enforcement Agencies Requests

We may disclose to third parties data stored in your account and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation, or compulsory legal request, such as to comply with a subpoena; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Popupular or its users; or (d) to protect Popupular's rights.

If we provide any data stored in your account to a law enforcement agency, we will remove Popupular's encryption from the information before providing it to law enforcement.


Business Transfers

If Popupular is involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will strive to preserve the same level of protection during the transition. We will notify you if your information becomes subject to a different privacy policy in lieu of this one. We will also notify you of choices you may have regarding your information.
Data Processing AgreementData Controller Status

With respect to personal data which you submit to us directly through our website or companion Chrome extension, Popupular is the Data Controller and is responsible for your personal data.


Data Processor Status

We are not responsible for any third parties’ personal data which is collected, stored or used in any way by you or by your using of our software, applications, products and services. By using our products or services you acknowledge that you will be the controller and responsible for any third parties’ personal data which is collected or received by you or by your using of our products and services, whether automatically or manually.

We note that you should receive legitimate consent of any persons whose personal data is collected, processed, stored, use such personal data only for your legitimate purposes and you should develop adequate technical measure to keep such personal data safe and secured.

In some limited circumstances, Popupular may act as the processor of third parties’ personal data received though our products and services and, in this case, you will be the controller and responsible for any third parties’ personal data.


Data Processing Agreement

By using Popupular Service Customer recognizes Popupular as a Data Process and hereby contracts Popupular services in said capacity, in compliance with the requirements of the current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).


Processing of Customer Data

Customer hereby instructs Popupular to process Customer Data. Popupular will comply with all applicable data protection laws in the processing of Customer Data; and not process Company Data other than on the relevant Company’s documented instructions, apart from the scope of Popupular's Services to Customer.


Data Processor Personnel

Popupular Personnel shall take reasonable steps to ensure the reliability of any employee, agent or contractor of any other Contracted Processor who may have access to the Customer Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant Customer Data, as strictly necessary for the purposes of providing Popupular Service to Customer, and to comply with applicable laws in the context of that individual's duties to Popupular, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.


Data Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of data processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Popupular shall in relation to the Customer Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

In assessing the appropriate level of security, Popupular shall take into account in particular, the risks that are presented by data processing, specifically a personal data breach.


Subprocessing

Popupular shall not appoint (or disclose any Customer Data to any Subprocessor unless required or authorized by the Customer.


Data Subject Rights

Taking into account the nature of data processing, Popupular shall assist the Customer by implementing appropriate technical and organisational measures,insofar as this is possible, for the fulfillment of the Customer obligations, as reasonably understood by Customer, to respond to requests to exercise Data Subject rights under the data protection laws.

Popupular shall:

- promptly notify Customer if it receives a request from a Data Subject under any data protection law in respect to Customer Data; and

- ensure that it does not respond to that request except on the documented instructions of Customer or as required by applicable laws to which Popupular is subject, in which case Popupular shall to the extent permitted by applicable laws inform Customer of that legal requirement before Popupular responds to the request.


Personal Data Breach

Popupular shall notify Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer Data, providing Customer with sufficient information to allow the Customer to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the data protection laws.

Popupular shall co-operate with the Customer and take reasonable commercial steps as are directed by Customer to assist in the investigation, mitigation and remediation of each such Personal Data Breach.


Data Protection Impact Assessment and Prior Consultation

Popupular shall provide reasonable assistance to the Customer with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Customer reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other data protection law, in each case solely in relation to processing of Customer Data by, and taking into account the nature of the data processing and information available to Popupular as Data Processor.


Deletion or Return of Customer Data

Subject to this Service Agreement, Popupular shall promptly and in any event within 30 days of the date of termination of any Services involving the processing of Customer Data, delete and procure the deletion of all copies of said Customer Data.


Audit

Popupular shall make available to the Customer on request all reasonable information available to demonstrate compliance with this Agreement, and shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the processing of the Customer Data.

Information and Audit rights of the Customer only arise to the extent that the Agreement does not otherwise give them information and audit rights meeting the relevant requirements of data protection law.
Changing or Deleting Personal InformationIf you are a registered user, you may review, update, correct, or delete certain Personal Information provided in your registration or account profile by changing your account settings.


Your rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us.


Data Protection Officer

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise, please contact the DPO at privacy@popupular.io
Changes to Privacy PolicyIf we make a change to this Privacy policy, we will provide you with a notice (for example, by email, a sign-in notification, or some other means) prior to the change becoming effective.

By continuing to use the Service after those changes become effective, you are agreeing to be bound by the revised Privacy Policy.