Last Updated: 27/09/2022
- Fairness and transparency;
- Purpose limitation;
- Data minimization;
- Storage limitation;
- Integrity and confidentiality (security);
We only collect the personal data we actually need for our specified purposes.
We periodically review the data we hold and delete anything we don’t need.
a) Personal Data
Personal Data is any information relating to an identified or identifiable individual; An identifiable person is one who can be identified, directly or indirectly, by reference to an identification number or one or more factors specific to his physical, physiological, mental, economic, cultural, social identity or in any other manner.
b) Data Processing
Data processing involves any action performed on a piece of data, automated or otherwise. Data processing includes collecting, compiling, storing, organizing, or sharing data.
c) Data Collector
Data Controller is natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
d) Data Processor
Data Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Pseudonymization means replacing any information which could be used to identify an individual with a pseudonym, or, in other words, a value which does not allow the individual to be directly identified.
Consent of the data subject means any freely given, specific informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
g) Personal Data Breach
A breach of security that caused accidental or intentional loss, destruction, disclosure or access to processed or transmitted personal data.
h) Third Party
A natural or legal person that is not the controller or the processor, but who is authorized by them to process personal data.
Any automated processing that uses personal data to evaluate personal aspects and predict future actions and aspects.
- Collection of your Personal Information
When you register, we collect the following information:
a) First Name and Family Name
b) Email address
c) Phone number
d) Geographic Location/Country and Zip Code
e) Customer ID for Stripe/Payment processing Purposes
f) Last four digits of Credit Card
We may collect additional information in reference to your use of the Site and/or App.
For Service Fee (“Fee”) purposes, you provide your Payment Card information directly to the Payment Processor “Stripe”, which processes payments on our behalf.
We recommend and encourage you to consider carefully the data you disclose.
Please don’t share sensitive information (such as national identity numbers, religious denomination, health details, etc.) and/or when shared, please consider disclosing such an information carefully.
- Information Use and Processing
We use personally identifiable information (the “Personal Information”) so as to confirm that our Users receive quality services.
We collect Personal Information via the Site and/or App only to the extent that such information is provided by Users who voluntarily make a submission, subscribe and use our Services and/or Goods.
We may use your Information to:
a) Contact you;
b) Offer our services, products and new features;
c) Conduct research, develop or fix Site and/or App for the User experience enhancement purposes;
d) Personalize the Site and/or App for you;
e) Protect our legal rights and enforce our policies.
f) Respond to your inquiries and communicate with you.
g) Confirm your eligibility to use our Site and/or App;
h) Provide technical support to Users and make sure that the Site and/or App is secure for the users;
i) Verify Users’ identity to restrict unauthorized and fraudulent use of our Services and/or Goods.
j) Accept and administer payments/fees from users or to send you transaction receipts for your use of the Site and/or App.
k) Prevent breaches of our terms and policies or to restrict harmful or illegal activity;
We may additionally use your Personal Information in other ways naturally related to the circumstances during which you provided the information.
We require users to verify their accounts and might request additional data. We collect and use such data on the basis of our legitimate interests to identify you as a person at least 18 years old and to ensure that your account details are kept up to date.
We will only process your personal information where we have legitimate legal grounds for doing so i.e. your prior consent.
We might process data based on your consent/permission (for instance, where you provide us with marketing consents), which can be withdrawn at any time by contacting us at the email address: email@example.com
We work hard to enhance the Site and/or App and add functionality, which we think will make it safer and more useful. New features may involve similar uses of your data to those determined above.
We regularly review data processing practices and will keep you updated if we decide to change anything.
We may send you information we think you may find useful including newsletters or instructional content related to the services we provide to you.
You can opt-out of receiving further notifications or emails if you wish and please contact us regarding this matter at the following email: firstname.lastname@example.org
- Information Collected Automatically
When you visit our Site and/or App, our servers may automatically record information that your device sends whenever you visit the Site and/or App (“Log Data”). This Log Data may include information such as computer’s/device’s Internet Protocol (the “IP”) address, browser type, access times and dates, and other statistics. We may use this information to monitor and analyze the Site and/or App and to increase our Site’s and/or App’s functionality and user-friendliness, hence to better tailor them to our users’ needs.
We do not treat Log Data as Personal Information or use it in association with it, though we may aggregate, analyze and evaluate such Information.
Each time you open the Site and/or App, we collect information about how and when you use it (such as the time and dates, searches, features and results you select, pages visited, Site and/or App crashes, length of visit, buttons and links you click on and other system activity). We use this information to improve the Site and/or App.
- Who Controls Your Personal Information?
- How We Share Information
We may engage third party companies and individuals to perform services on our behalf, including without limitation, to facilitate our Site and/or App and perform Site-related services (e.g., without limitation, maintenance services, database management, analytics and improvement of the features) or to assist us in analyzing how our Site and/or App is used. These third parties may have access to your Personal Information. We do not authorize these third parties to use your information for any purpose other than to provide the above services.
We may also disclose information about you that we have collected to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Suppama or any third parties, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being illegal or unethical.
Where there is an investigation into alleged criminal behavior or to protect the vital interests of a person, we will cooperate with law enforcement enquiries. This may include preserving or disclosing any of your information, if we believe in good faith that it is necessary to comply with laws or regulations, or when we believe that disclosure is necessary to comply with a judicial proceeding, court order, request, etc.
- Third Parties
From time to time, we may share information with third parties to improve the Site and/or App and enhance user experience.
To the extent possible, we pseudonymize (remove information that identifies you) and minimize the data we send to them.
- Children’s Information
We do not knowingly collect Personal Information from children under age 18. If a parent or guardian becomes aware that his or her child has provided us with such information without their consent, he or she should contact us at email@example.com and upon receiving such an email we will remove data and terminate the child’s account.
We do not specifically market to children under 13.
- Information Security
We maintain administrative, technical, and physical safeguards for the Site and/or App designed to protect against loss, misuse, or unauthorized access, disclosure, alteration or destruction of the Personal Information we collect through the Site and/or App. However, we cannot guarantee that any information collected is perfectly secure. While we perform reasonable due diligence in selecting third party providers associated to processing and data handling.
Regardless of where you are located, Suppama collects information, and processes and stores that information in databases stored on servers located in the European Economic Area.
We place great importance on the security of all information associated with our users and store such information securely with SSL Security mechanism.
Keep in mind that submission of information over the internet and mobile networks is never entirely secure. We cannot guarantee the security of information you submit via the Site and/or App whilst it is in transit over the internet or mobile networks and any such submission is at your own risk. But we recommend the following:
a) Don’t share credit card details, social media passwords or any other details with anyone else.
b) Make sure you log out of the Site and/or App when you stop using it.
c) If you ever think someone has had access to your account, please report it to us and change password immediately.
- How Long We Keep Your Information
By providing you with products or services, we create records that contain your information, such as customer account records, payment and activity records. We manage our records to help us to serve our users in an efficient way and to comply with legal and regulatory requirements.
How long we keep records depends on the type of record, the nature of the activity, product or service and the applicable legal and regulatory requirements. How long we retain your information may change based on business or legal and regulatory requirements. If you are our Site and/or App User, we keep most of your data as long as you’re using the Site and/or App and for six years after that to comply with the law and/or if we face a legal challenge. In some circumstances, we may keep data longer if we need to due to our legitimate interests and/or if the law requires.
Unless a longer retention period is required or permitted by law, we will only hold your Personal Information on our systems for the period necessary to fulfill the purposes outlined in this Policy, or until you request that the information be deleted in accordance with your right of erasure.
Even if we delete your Personal Information, we reserve the right to maintain a copy for legal, tax or regulatory purposes, but in such an event, we will do so only as long as necessary to fulfil those purposes. Please contact us via firstname.lastname@example.org for more information.
Information that you submit via the Site and/or App is sent to and stored on secure servers located in the European Economic Area (EEA). Information submitted by you may be transferred by us to the third parties in the circumstances, which may be situated outside the EEA (for instance United Kingdom, United States, etc.) for Site maintenance purposes.
We keep your personal information as long as we need it for legitimate purposes and as permitted by applicable law. We delete or pseudonymize (remove information that identifies you) your information upon deletion of your account (following the safety retention window), unless:
a) We must keep it to comply with applicable law (for instance: “traffic data” retention period is 1 year)
c) There is an issue, claim or dispute requiring us to keep the relevant information until it is resolved.
- Legal Rights
Legal basis of processing Personally Identifiable Information is the Consent of the User.
When you are using our Site and/or App you have the following rights:
Access: You have a legal right to request access to a copy of the personal information we have collected. In order to do this, contact us at email@example.com
Deletion: We store your personal information for as long as necessary to provide our services and products. You have the right to request deletion of your Personal Information if you believe we no longer need it for the purposes for which it was provided. Note that we might keep a record of your request in order to ensure compliance with legal obligations. In order to request deletion of your account, contact us at firstname.lastname@example.org
Right of rectification: if the data held is inaccurate, you have the right to have it corrected. For such requests, contact us at email@example.com
Marketing opt-out: You have the right at any time to prevent the use of your Personal Information for direct marketing purposes. If you no longer want to receive marketing messages, please let us know by writing to us at firstname.lastname@example.org
Right to object to us processing information: You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing. If you make a request to exercise your right to object, if we have legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data. For such requests, contact us at email@example.com
Right to data portability: you can request a copy of your data in a machine-readable form that can be transferred to another service provider. For such requests, contact us at firstname.lastname@example.org
Rights related to automated decision-making including profiling: there are several rights in this area where processing carried out on a solely automated basis results in a decision which has legal or significant effects for the individual. In these circumstances your rights include the right to ensure that there is human intervention in the decision-making process. For such requests, contact us at email@example.com
California Online Privacy Protection Act
According to CalOPPA we agree to the following:
a) Users can visit our site anonymously.
e) Users are able to change their personal information by emailing us and/or by logging into their account.
How does our site handle do-not-track signals? We honor do-not-track signals and do not track, plant cookies, or use advertising when a Do-Not-Track (DNT) browser mechanism is in place.
Fair Information Practices
The Principles of Fair Information Practices form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Principles of Fair Information Practices and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
f) We will notify the users via email within seven (7) business days.
g) We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law.
h) This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
1) Send information, respond to inquiries, and/or other requests or questions.
2) Process payment related data and to send information and updates pertaining to it.
3) We may also send you additional information related to your product and/or service.
4) Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CAN-SPAM we agree to the following:
5) Not to use false, or misleading subjects or email addresses.
6) Identify the message as an advertisement in some reasonable way.
7) Monitor third-party email marketing services for compliance, if one is used.
8) Honor opt-out/unsubscribe requests quickly and allow users to unsubscribe by using the link at the bottom of each email. If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email, and we will promptly remove you from all correspondence.
- Updating Your Information
If you would like to update your Personally Identifiable Information, please contact us by emailing at firstname.lastname@example.org
Also, you can request at any time to permanently delete your account. Upon receiving your request, we will deactivate your account and we will take reasonable efforts to make sure it is no longer viewable on the Site and/or App. For up to 30 days, it is still possible to restore your account if it was accidentally or wrongfully deactivated. After 30 days, we begin the process of deleting your account from our systems.
We work hard to handle your information responsibly. If you are unhappy about the way we do this, please contact us at the following address email@example.com
Through cookies We provide more user-friendly services that would not be possible without them and hence it helps us to identify users of our Site and/or App.
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal computer or mobile device when you go offline, while Session Cookies are deleted as soon as you close your browser.
By using our Site, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on our Site for analytics and for marketing purposes.
Before Cookies are placed on your computer or device, you will be shown a banner requesting your consent to accept or reject those Cookies.
Where required, we enable you to reject the use of certain cookies for purposes such as advertising and analytics and research, by visiting your cookie settings, without affecting the lawfulness of processing based on your consent before its withdrawal.
- How to Get in Touch with Us