Last updated: 15 April 2021
1.1 The operator of ProQuo is PROQUO AI Limited, registered in England
and Wales with company registration number 09569094, with our London
offices at 5a Bear Lane, Southwark, London, SE1 0UH ("ProQuo"/"we"/”us”).
We are committed to protecting and respecting your privacy.
our website at www.proquoai.com (the “Site”) and any other documents
referred to in it) sets out the basis on which any personal data we collect from
you, or that you provide to us, or that we receive from third parties will be
processed by us. This Privacy Notice applies to all data that we may gather
due to your use of the Site and/or a ProQuo mobile and web application
software (our “App”) (our Site and our App and all back-end functions which
are provided through the same shall together be referred to as our
Please read the following carefully to understand our views and practices
regarding your personal data and how we will treat it. This Privacy Notice is
applicable to all those who access the Platform including visitors of the Site,
our Clients (as defined below) and their employees, agents, independent
contractors and other third parties authorised to use the Platform
(“Authorised Users”) which access the Platform.
1.2 Capitalised terms used in this Privacy Notice carry the meanings given
1.3 For the purposes of this Privacy Notice and in accordance with the
United Kingdom General Data Protection Regulation, (“UK GDPR”), the
European Union General Data Protection Regulation (“EU GDPR”) and the
Data Protection Act 2018, the categories of data we collect, use or process
and our role in relation to such data is as follows:
1.3.1 Data we collect:
We act as a controller for all processing of personal data relating to:
(a) visitors of our Site; and
(b) subscribers to Premium Services (“Clients”) and their Authorised Users in
the course of providing our services to Clients.
1.3.2 Data we receive from other controllers:
We also receive data from:
(a) Individual respondents matching our demographic requirements,
sourced by our third party panel providers, which access the survey
application on our Site to respond to surveys. Our Platform enables panel
providers to generate surveys and send links to their own network of private
contacts to invite them to participate in those surveys. In these circumstances
the third party panel provider controls who the link is sent to and holds their
contact data. We have no direct relationship with the individual respondents
as they sign up to complete surveys directly with the panel provider. The
information they submit via the survey is received by us. The only types of
information we capture about individual respondents is generic information
such as their shopping habits, age, gender, occupation type and location
(country/state). Such data is not considered personal data in law as this data
will not directly or indirectly reveal an individual’s identity. We analyse the data
received and deliver brand management guidance to our Clients.
We do not collect any personal data from individual respondents and the
relevant third party panel provider is the controller of the individual
respondent’s personal data. The third party survey provider is responsible for
ensuring compliance with all aspects of data privacy relating to the sending
out of the survey.
(b) Commercial data from our Clients such as sales, volumes and
media spend data. None of this data will contain any personal data.
1.3.3 Data uploaded to our Platform by our Clients (where we act as a
Our services enable Clients to upload and store commercial data, images,
videos and other information relating to the Client’s brand to the Platform.
Some of this information, such as the images and videos and any associated
data (such as names or job titles), may identify specific individuals and will
therefore be considered personal data. The individuals featured in such
images and videos will be the Client’s own customers and/or paid actors. In
Our Clients will be the sole controller of any Subscriber Personal Data
uploaded or stored on the Platform. They will be responsible for ensuring:
(a) the Subscriber Personal Data is lawfully shared with ProQuo; and
(b) providing all valid notices and consents to the individuals to which any
personal data contained within the Subscriber Personal Data relates to.
If your personal data is contained within the images or videos (or associated
data) uploaded to the Platform by the Client, it will be collected and processed
in accordance with the Client’s privacy notice. This clause is not designed to
replace that notice, but to give you additional information relating to our
activities as a processor.
ProQuo’s role is limited to that of a processor of any Subscriber Personal
Data. We will only use such data strictly in accordance with our Clients’
instructions and our Terms of Service in order to provide brand guidance on
how to better optimise and utilise such data within our Clients’ marketing
campaigns. ProQuo will comply with its processor obligations under the GDPR
when processing Subscriber Personal Data, including in relation to the
security and deletion of such data. ProQuo’s processing of any Subscriber
Personal Data as part of its service on behalf of its Clients is not covered by
this Privacy Notice.
The Privacy Notice applies to the data we collect as controller as set out in
clause 1.3.1 however does not apply to the data we collect as set out in
clauses 1.3.2 and 1.3.3 where we are not the controller of the personal data or
no personal data is included in the data provided to us.
2. INFORMATION WE MAY COLLECT FROM YOU
2.1 We may collect and process data about you in the manner set out
below. We will only use your personal data where we have a valid lawful basis
to do so. Where we mention “legitimate interests”, this is the lawful basis we
rely on when we feel that it is necessary to use your personal data for a
reason which is in our and/or your interests and which does not unfairly affect
your rights over your personal data.
2.2 You may give us information about you by visiting our Site, filling in
forms on our Platform or by corresponding with us by phone, e-mail, support
chat function or otherwise. This includes information you provide when you
visit our Site, enquire about our services, register to use our Platform,
subscribe to any of our services, enter a competition or promotion, when you
report a problem with our Platform or when you upload information or data on
our Platform (we will only use any Subscriber Personal Data uploaded to the
Platform on behalf of our Clients). The information you give us may include
your name, address, e-mail address, phone number, password and other
2.3 With regard to each of your visits to or use of our Platform we
may automatically collect the following information about you or your
• technical information, including the type of device(s) you use, a unique
device identifier, the Internet protocol (IP) address used to connect your
device(s) to the Internet, network information, browser type and version,
time zone setting, browser plug-in types and versions and operating
system and platform; and
• information and details about your use of our Platform (including but not
limited to traffic data; location data; weblogs and other communication
data; the full Uniform Resource Locators (URL) clickstream to, through
and from our Platform (including date and time); what you viewed or
searched for; page response times, download errors; length of visits to
certain pages; page interaction information (such as scrolling, clicks,
and mouse-overs); and methods used to browse away from the page)).
2.4 We may receive information about you from sub-contractors and
service providers in technical and payment services (please see part 7 of this
Privacy Notice below for more information on this), and may receive
information about you from them.
3. USES MADE OF THE INFORMATION AND RELEVANT LAWFUL BASES
3.1 We will use the information you give to us as follows:
3.1.1 We will use personal data relating to Clients and those of their
Authorised Users that are users of our Platform in order to provide services to
those Clients pursuant to the contract between us and the Client, in order to
perform the contract with our Clients, and if necessary, enforce any legal
obligations Clients may owe to us, in respect of that contract. We will only use
any Subscriber Personal Data uploaded by Clients to the Platform, as a
processor, on behalf of and strictly in accordance with the instructions of those
3.1.2 We will use personal data relating to prospective business clients and
those of their business contact representatives in order to provide the
information that they have requested about our services, in order to take
necessary steps prior to entering into a contract with them and for our
legitimate interests in supplying information about our business and services.
3.1.3 We may use personal data to send marketing materials to Clients or
prospective business clients, in relation to our goods and services. We will
obtain the express consent of the individual (where legally required to do so)
or rely on the legitimate interests of our business (when sending marketing
materials to business contacts). Individuals can withdraw their consent at any
time by clicking on the “unsubscribe” link at the bottom of each email or by
emailing firstname.lastname@example.org. If an individual withdraws their consent to
receiving marketing emails, we will still be able to send them essential service
communications that are necessary for the performance of our services.
3.1.4 We will use aggregated and anonymised data in order to improve the
operation of our analytical, prediction and brand management guidance#
generating technology, in accordance with our legitimate interests in doing so.
3.1.5 We will use the usage data and technical data about visitors to our
Platform for the purpose of using data analytics to improve our Platform,
products and services, marketing, user and customer relationships and
experiences in accordance with our legitimate interests in understanding our
customers better and providing a better service to them.
3.1.6 We will use usage data and technical data and any other necessary
data in order to monitor operations, user activity and networks for fraud
prevention and crime detection in accordance with our legitimate interests in
detecting and preventing fraud and illegal conduct or complying with a legal
obligation to which we are subject.
3.1.7 We will share personal data with our third-party service providers
which facilitate the provision of our services and the fulfilment of essential
service functions, such as web hosting, cloud storage, analytics, marketing,
accounting and security tools in order to perform our contractual obligations
and in accordance with our legitimate interests in ensuring the proper
operation of our services.
3.1.8 We may use personal data that we hold for the purpose of our
business in accordance with our legitimate interest (and the legitimate interest
of any counterpart), in facilitating such sale or purchase, as part of, or as
reasonably necessary for the purpose of, any sale or purchase of any of our
business or assets.
3.1.9 We may use personal data where we are required to comply with
certain legal and regulatory requirements, to which we or regulators or law
enforcement agencies are subject and to establish, exercise or defend legal
3.2 In the course of any of the uses listed above, we may send push
notifications to your computer or mobile device(s). You can manage push
notifications in your browser’s settings and/or in your preference section within
3.3 We will only use your personal data for the reasons we have set out
above. If we need to use your personal data for any other reason, we will let
you know and tell you the reason along with the relevant lawful basis, unless
the law prevents us from doing so.
4. DISCLOSURE OF YOUR INFORMATION
4.1 We may share your personal information with any member of our
4.2 We may share your information with selected third parties including:
4.2.1 Business partners, suppliers and sub-contractors for the performance
of any contracts we enter into with them or you including payment processing,
web-hosting, customer relationship management and marketing mailing
4.2.2 Suppliers of IT systems and services for the purpose of ensuring the
correct operation, or enhancing the operation of our IT systems or to ensure
the safety and security of personal data.
4.3 We may disclose your personal information to third parties:
4.3.1 in the event that we sell or buy any business or assets, in which case
we may disclose your personal data to the prospective seller or buyer of such
business or assets;
4.3.2 if all of our assets are acquired by a third party, in which case personal
data held by us about our customers will be one of the transferred assets.
4.3.3 if we are under a duty to disclose or share your personal data in order
to comply with any legal obligation, and other agreement; or to protect our
rights, property, or safety of our customers, or others. This includes
exchanging information with other companies and organisations for the
purposes of fraud protection and credit risk reduction.
4.4 Data shall be shared with third parties only to the extent compatible
with the uses set out in part 3 of this Privacy Notice.
5. WHERE WE STORE YOUR PERSONAL DATA
5.1 Once we have received your information, we will use strict procedures
and security features to try to prevent unauthorised access. For example, we
use secure servers to store all information you provide to us. The security of
your data is of the highest importance to us and we implement appropriate
industry standard measures available. However, the transmission of
information via the internet is not completely secure and, like any online
service, we cannot completely guarantee the security of your data transmitted
to our Platform. Any payment transactions will be processed in accordance
with part 7 of this Privacy Notice.
5.2 We transfer personal data to other companies in our corporate group
established outside of the EEA (such as in the United States and South Africa)
for the purpose of carrying out all functions described in this Privacy Notice.
We have put agreements in place to facilitate such data transfers, conforming
to the EU Commission approved terms for such transfers. Please contact us if
you require further details of such measures.
5.3 We transfer personal data to third parties who process the data on our
behalf , such as providers of cloud data storage, our cloud-based customer
relationship management (CRM) system and our electronic mailing provider.
Wherever possible, such as in the case of our cloud servers, we ensure that
data is stored at rest within the EU. If we do transfer or store your personal
data outside of the EEA, we will ensure we have put adequate measures in
place in order to protect your personal data to an equivalent data protection
standard as in the UK and the EEA.
5.4 We will only share your personal data with countries and organisations
• The European Commission has deemed as having equivalent data
protection laws as in the EEA;
• We have entered into a contract with which include certain requirements
to make sure your personal data is protected to equivalent standards as
in the EEA and the UK – please click here for a link to the standard
contractual/data protection clauses; or
• Have in place Standard Contractual Clauses (SCCs) as a mechanism
for transfers of personal data between the United States and the EEA –
please click here for more information about Standard Contractual
5.5 If there are any other circumstances which would require us to transfer
your personal data outside of the EEA or the UK, we will seek your consent to
transfer your personal data outside of the EEA or UK. You can ask us for
more information about where we may transfer or store your personal data
and how we will take steps to ensure your personal data is protected by using
the contact details in section 10 of this Privacy Notice.
5.6 Where you have chosen a password that enables you to access
certain parts of our Platform, you are responsible for keeping this password
confidential. We ask you not to share a password with anyone.
6. HOW LONG WE STORE YOUR PERSONAL DATA
6.1 We will store your data for as long as necessary to fulfil the purposes
for which it is originally collected, as explained in this Privacy Notice, or any
other lawful purpose subsequently communicated to you, and for other
essential purposes such as complying with legal obligations and enforcing our
rights, such as those arising under any agreement with you. The retention
period may therefore vary for different types of data, and depending on how
and why it was gathered. Criteria relevant to determine retention periods
6.2 If the data is necessary for the performance of a contract, we will retain
it while performance under that contract remains active, and for a period
thereafter in which that data may still be relevant to dispute resolution and/or
enforcement of rights under the contract.
6.3 If the data is processed pursuant to consent only, and consent is
withdrawn, we will delete the data immediately, or we will cease processing
and retain the data for a period only if we have a need to keep it for dispute
resolution or enforcement of rights.
6.4 In certain cases we may be legally obliged to hold data for a certain
period of time, or to delete the data at a certain time, including in accordance
with the exercise of your rights as data subject as explained in this Privacy
7. PAYMENT PROCESSING
7.1 We do not store any credit card data associated with any purchases
processed on the Platform. Instead, we use Stripe or GoCardless to manage
7.2 You acknowledge that your use of the payment service provided by
Stripe Payments Europe Ltd or GoCardless Ltd will require them to process
your personal data. We may receive information about you in accordance with
part 2 above from Stripe Payments Europe Ltd or GoCardless Ltd and we may
disclose information about you in accordance with part 4 above to Stripe
Payments Europe Ltd or GoCardless Ltd.
7.3 You acknowledge that your personal data may be processed and
stored by Stripe Payments Europe Ltd or GoCardless Ltd outside of the EEA.
Whilst we have been assured by Stripe Payments Europe Ltd or GoCardless
Ltd that they comply with relevant data protection legislation, where Stripe
Payments Europe Ltd or GoCardless Ltd are independent controllers of your
personal data, we cannot guarantee the security of your personal data and
any payments made through Stripe Payments Europe Ltd or GoCardless Ltd
are undertaken at your own risk. To the extent that, Stripe Payments Europe
Ltd or GoCardless Ltd are processors of your personal data, we will ensure
that your personal data is processed in accordance with our instructions.
7.4 You should review Stripe Payments Europe Ltd Privacy Notice
at https://stripe.com/gb/privacy or GoCardless Ltd Privacy Notice
at https://gocardless.com/privacy/ for more details about how your
information is collected, stored and maintained by Stripe Payments Europe
Ltd or GoCardless Ltd.
8. YOUR RIGHTS
8.1 We will use your personal data for direct marketing purposes only
where you have provided your consent to us. You have the right to ask us not
to process your personal data for these purposes by clicking on the
“unsubscribe” link at the bottom of each email or by
emailing email@example.com. If you withdraw your consent to receiving
marketing emails, we will still be able to send you essential communications
that are necessary for the performance of our contract with you.
8.2 If you are an individual within the EEA or the UK, the GDPR provides
you with rights to:
8.2.1 request from us confirmation of whether or not your personal data is
being processed and where that is the case, confirmation of the information
set out in this Privacy Notice;
8.2.2 request from us a copy of your data that is undergoing processing,
including, in relation to data provided to us by you, and a right to request that
data in a structured, commonly used and machine readable format;
8.2.3 request that we rectify or complete your personal data, where it is
inaccurate or incomplete for the purposes of our processing of the data;
8.2.4 request that we erase your personal data in the following
• the personal data is no longer necessary in relation to the purposes for
which it is processed;
• you withdraw your consent and there is no other legal ground for the
• you successfully object to the processing pursuant to your right of
objection explained below;
• the personal data has been unlawfully processed; or
• the erasure is necessary for compliance with a relevant legal obligation
that applies to us;
8.2.5 request that we restrict the processing of your personal data in the
• you contest the accuracy of the personal data, for a period enabling us
to verify the same;
• the processing is unlawful, but you request restriction rather than
• we no longer need the data, but it is required by you in respect of legal
• you have objected to the processing, until such that that we verify that
there are legitimate purposes that justify such processing;
8.2.6 object to any processing that is based on our, or a third party’s
legitimate interests, upon which event we shall suspend processing until we
demonstrate legitimate purposes that justify that processing. We may at all
times continue to use data for the purpose of establishment, exercise or
defence of legal claims;
8.2.7 withdraw your consent for future processing (where the processing is
based on that consent);
8.2.8 lodge a complaint with the Information Commissioner’s Office, which is
the data protection supervisory authority in the UK, or the national courts to
seek a remedy if you think that your rights in relation to your personal data
have been breached.
8.3 We will comply with any valid request for information under the rights
explained above within one month, though we may tell you that this period is
to be extended by a further two months where necessary, taking into account
the complexity and number of the requests. This will normally be provided free
of charge. If the request is manifestly unfounded, excessive or repetitive we
may charge a reasonable fee or refuse to action the request.
8.4 The provision of personal data to us is not a statutory requirement.
Where the provision of data is a contractual requirement, or a requirement
necessary to enter into a contract, we will make that clear as part of the
process by which the contract is concluded, which may include by way of
terms of the contract. These provisions will also make clear the consequences
of failure to provide such data.
8.5 Where the data is not a contractual requirement, you are not obliged to
provide the data, but if you do not do so, we may be unable to offer certain
benefits and functionality to you. For example, you may not be able to access
parts of the Platform.
8.6 Our Platform may, from time to time, contain links to and from the
websites of our partner networks, advertisers and affiliates (including, but not
limited to, websites on which our Platform is advertised). If you follow a link to
any of these websites, please note that these websites and any services that
may be accessible through them have their own privacy notices and that we
do not accept any responsibility or liability for these notices or for any personal
data that may be collected through these websites or services. Please check
these notices before you submit any personal data to these websites or use
9. CHANGES TO OUR PRIVACY NOTICE
Any changes we may make to our Privacy Notice in the future will be posted
on this page and, where appropriate, notified to you by e-mail or when you
next use our Platform. The new Privacy Notice may be displayed on-screen
and you may be required to read them to continue your use of our Platform.
Alternatively, please check back frequently to see any updates or changes to
our Privacy Notice.
10. CONTACT US
Questions, comments and requests regarding this Privacy Notice are
welcomed and should be addressed to firstname.lastname@example.org.