ProQuo AI Privacy Notice

Last updated: 15 April 2021

1. INTRODUCTION

1.1 The operator of ProQuo is PROQUO AI Limited, registered in England

and Wales with company registration number 09569094, with our London

offices at 5a Bear Lane, Southwark, London, SE1 0UH ("ProQuo"/"we"/”us”).

We are committed to protecting and respecting your privacy.

This notice (“Privacy Notice”) (together with our Terms of Use, available on

our website at www.proquoai.com (the “Site”) and any other documents

referred to in it) sets out the basis on which any personal data we collect from

you, or that you provide to us, or that we receive from third parties will be

processed by us. This Privacy Notice applies to all data that we may gather

due to your use of the Site and/or a ProQuo mobile and web application

software (our “App”) (our Site and our App and all back-end functions which

are provided through the same shall together be referred to as our

“Platform”).

Please read the following carefully to understand our views and practices

regarding your personal data and how we will treat it. This Privacy Notice is

applicable to all those who access the Platform including visitors of the Site,

our Clients (as defined below) and their employees, agents, independent

contractors and other third parties authorised to use the Platform

(“Authorised Users”) which access the Platform.

1.2 Capitalised terms used in this Privacy Notice carry the meanings given

to them in our Terms of Use, unless otherwise stated in this notice.

1.3 For the purposes of this Privacy Notice and in accordance with the

United Kingdom General Data Protection Regulation, (“UK GDPR”), the

European Union General Data Protection Regulation (“EU GDPR”) and the

Data Protection Act 2018, the categories of data we collect, use or process

and our role in relation to such data is as follows:

1.3.1 Data we collect:

We act as a controller for all processing of personal data relating to:

(a) visitors of our Site; and

(b) subscribers to Premium Services (“Clients”) and their Authorised Users in

the course of providing our services to Clients.

1.3.2 Data we receive from other controllers:

We also receive data from:

(a) Individual respondents matching our demographic requirements,

sourced by our third party panel providers, which access the survey

application on our Site to respond to surveys. Our Platform enables panel

providers to generate surveys and send links to their own network of private

contacts to invite them to participate in those surveys. In these circumstances

the third party panel provider controls who the link is sent to and holds their

contact data. We have no direct relationship with the individual respondents

as they sign up to complete surveys directly with the panel provider. The

information they submit via the survey is received by us. The only types of

information we capture about individual respondents is generic information

such as their shopping habits, age, gender, occupation type and location

(country/state). Such data is not considered personal data in law as this data

will not directly or indirectly reveal an individual’s identity. We analyse the data

received and deliver brand management guidance to our Clients.

We do not collect any personal data from individual respondents and the

relevant third party panel provider is the controller of the individual

respondent’s personal data. The third party survey provider is responsible for

ensuring compliance with all aspects of data privacy relating to the sending

out of the survey.

(b) Commercial data from our Clients such as sales, volumes and

media spend data. None of this data will contain any personal data.

1.3.3 Data uploaded to our Platform by our Clients (where we act as a

processor):

Our services enable Clients to upload and store commercial data, images,

videos and other information relating to the Client’s brand to the Platform.

Some of this information, such as the images and videos and any associated

data (such as names or job titles), may identify specific individuals and will

therefore be considered personal data. The individuals featured in such

images and videos will be the Client’s own customers and/or paid actors. In

our Terms of Use and this Privacy Notice, we refer to this data as “Subscriber

Personal Data”.

Our Clients will be the sole controller of any Subscriber Personal Data

uploaded or stored on the Platform. They will be responsible for ensuring:

(a) the Subscriber Personal Data is lawfully shared with ProQuo; and

(b) providing all valid notices and consents to the individuals to which any

personal data contained within the Subscriber Personal Data relates to.

If your personal data is contained within the images or videos (or associated

data) uploaded to the Platform by the Client, it will be collected and processed

in accordance with the Client’s privacy notice. This clause is not designed to

replace that notice, but to give you additional information relating to our

activities as a processor.

ProQuo’s role is limited to that of a processor of any Subscriber Personal

Data. We will only use such data strictly in accordance with our Clients’

instructions and our Terms of Service in order to provide brand guidance on

how to better optimise and utilise such data within our Clients’ marketing

campaigns. ProQuo will comply with its processor obligations under the GDPR

when processing Subscriber Personal Data, including in relation to the

security and deletion of such data. ProQuo’s processing of any Subscriber

Personal Data as part of its service on behalf of its Clients is not covered by

this Privacy Notice.

The Privacy Notice applies to the data we collect as controller as set out in

clause 1.3.1 however does not apply to the data we collect as set out in

clauses 1.3.2 and 1.3.3 where we are not the controller of the personal data or

no personal data is included in the data provided to us.

2. INFORMATION WE MAY COLLECT FROM YOU

2.1 We may collect and process data about you in the manner set out

below. We will only use your personal data where we have a valid lawful basis

to do so. Where we mention “legitimate interests”, this is the lawful basis we

rely on when we feel that it is necessary to use your personal data for a

reason which is in our and/or your interests and which does not unfairly affect

your rights over your personal data.

2.2 You may give us information about you by visiting our Site, filling in

forms on our Platform or by corresponding with us by phone, e-mail, support

chat function or otherwise. This includes information you provide when you

visit our Site, enquire about our services, register to use our Platform,

subscribe to any of our services, enter a competition or promotion, when you

report a problem with our Platform or when you upload information or data on

our Platform (we will only use any Subscriber Personal Data uploaded to the

Platform on behalf of our Clients). The information you give us may include

your name, address, e-mail address, phone number, password and other

registration information.

2.3 With regard to each of your visits to or use of our Platform we

may automatically collect the following information about you or your

devices:

technical information, including the type of device(s) you use, a unique

device identifier, the Internet protocol (IP) address used to connect your

device(s) to the Internet, network information, browser type and version,

time zone setting, browser plug-in types and versions and operating

system and platform; and

information and details about your use of our Platform (including but not

limited to traffic data; location data; weblogs and other communication

data; the full Uniform Resource Locators (URL) clickstream to, through

and from our Platform (including date and time); what you viewed or

searched for; page response times, download errors; length of visits to

certain pages; page interaction information (such as scrolling, clicks,

and mouse-overs); and methods used to browse away from the page)).

2.4 We may receive information about you from sub-contractors and

service providers in technical and payment services (please see part 7 of this

Privacy Notice below for more information on this), and may receive

information about you from them.

3. USES MADE OF THE INFORMATION AND RELEVANT LAWFUL BASES

3.1 We will use the information you give to us as follows:

3.1.1 We will use personal data relating to Clients and those of their

Authorised Users that are users of our Platform in order to provide services to

those Clients pursuant to the contract between us and the Client, in order to

perform the contract with our Clients, and if necessary, enforce any legal

obligations Clients may owe to us, in respect of that contract. We will only use

any Subscriber Personal Data uploaded by Clients to the Platform, as a

processor, on behalf of and strictly in accordance with the instructions of those

Clients.

3.1.2 We will use personal data relating to prospective business clients and

those of their business contact representatives in order to provide the

information that they have requested about our services, in order to take

necessary steps prior to entering into a contract with them and for our

legitimate interests in supplying information about our business and services.

3.1.3 We may use personal data to send marketing materials to Clients or

prospective business clients, in relation to our goods and services. We will

obtain the express consent of the individual (where legally required to do so)

or rely on the legitimate interests of our business (when sending marketing

materials to business contacts). Individuals can withdraw their consent at any

time by clicking on the “unsubscribe” link at the bottom of each email or by

emailing support@proquoai.com. If an individual withdraws their consent to

receiving marketing emails, we will still be able to send them essential service

communications that are necessary for the performance of our services.

3.1.4 We will use aggregated and anonymised data in order to improve the

operation of our analytical, prediction and brand management guidance#

generating technology, in accordance with our legitimate interests in doing so.

3.1.5 We will use the usage data and technical data about visitors to our

Platform for the purpose of using data analytics to improve our Platform,

products and services, marketing, user and customer relationships and

experiences in accordance with our legitimate interests in understanding our

customers better and providing a better service to them.

3.1.6 We will use usage data and technical data and any other necessary

data in order to monitor operations, user activity and networks for fraud

prevention and crime detection in accordance with our legitimate interests in

detecting and preventing fraud and illegal conduct or complying with a legal

obligation to which we are subject.

3.1.7 We will share personal data with our third-party service providers

which facilitate the provision of our services and the fulfilment of essential

service functions, such as web hosting, cloud storage, analytics, marketing,

accounting and security tools in order to perform our contractual obligations

and in accordance with our legitimate interests in ensuring the proper

operation of our services.

3.1.8 We may use personal data that we hold for the purpose of our

business in accordance with our legitimate interest (and the legitimate interest

of any counterpart), in facilitating such sale or purchase, as part of, or as

reasonably necessary for the purpose of, any sale or purchase of any of our

business or assets.

3.1.9 We may use personal data where we are required to comply with

certain legal and regulatory requirements, to which we or regulators or law

enforcement agencies are subject and to establish, exercise or defend legal

claims.

3.2 In the course of any of the uses listed above, we may send push

notifications to your computer or mobile device(s). You can manage push

notifications in your browser’s settings and/or in your preference section within

our App.

3.3 We will only use your personal data for the reasons we have set out

above. If we need to use your personal data for any other reason, we will let

you know and tell you the reason along with the relevant lawful basis, unless

the law prevents us from doing so.

4. DISCLOSURE OF YOUR INFORMATION

4.1 We may share your personal information with any member of our

group.

4.2 We may share your information with selected third parties including:

4.2.1 Business partners, suppliers and sub-contractors for the performance

of any contracts we enter into with them or you including payment processing,

web-hosting, customer relationship management and marketing mailing

services; and

4.2.2 Suppliers of IT systems and services for the purpose of ensuring the

correct operation, or enhancing the operation of our IT systems or to ensure

the safety and security of personal data.

4.3 We may disclose your personal information to third parties:

4.3.1 in the event that we sell or buy any business or assets, in which case

we may disclose your personal data to the prospective seller or buyer of such

business or assets;

4.3.2 if all of our assets are acquired by a third party, in which case personal

data held by us about our customers will be one of the transferred assets.

4.3.3 if we are under a duty to disclose or share your personal data in order

to comply with any legal obligation, and other agreement; or to protect our

rights, property, or safety of our customers, or others. This includes

exchanging information with other companies and organisations for the

purposes of fraud protection and credit risk reduction.

4.4 Data shall be shared with third parties only to the extent compatible

with the uses set out in part 3 of this Privacy Notice.

5. WHERE WE STORE YOUR PERSONAL DATA

5.1 Once we have received your information, we will use strict procedures

and security features to try to prevent unauthorised access. For example, we

use secure servers to store all information you provide to us. The security of

your data is of the highest importance to us and we implement appropriate

industry standard measures available. However, the transmission of

information via the internet is not completely secure and, like any online

service, we cannot completely guarantee the security of your data transmitted

to our Platform. Any payment transactions will be processed in accordance

with part 7 of this Privacy Notice.

5.2 We transfer personal data to other companies in our corporate group

established outside of the EEA (such as in the United States and South Africa)

for the purpose of carrying out all functions described in this Privacy Notice.

We have put agreements in place to facilitate such data transfers, conforming

to the EU Commission approved terms for such transfers. Please contact us if

you require further details of such measures.

5.3 We transfer personal data to third parties who process the data on our

behalf , such as providers of cloud data storage, our cloud-based customer

relationship management (CRM) system and our electronic mailing provider.

Wherever possible, such as in the case of our cloud servers, we ensure that

data is stored at rest within the EU. If we do transfer or store your personal

data outside of the EEA, we will ensure we have put adequate measures in

place in order to protect your personal data to an equivalent data protection

standard as in the UK and the EEA.

5.4 We will only share your personal data with countries and organisations

that:

The European Commission has deemed as having equivalent data

protection laws as in the EEA;

We have entered into a contract with which include certain requirements

to make sure your personal data is protected to equivalent standards as

in the EEA and the UK – please click here for a link to the standard

contractual/data protection clauses; or

Have in place Standard Contractual Clauses (SCCs) as a mechanism

for transfers of personal data between the United States and the EEA –

please click here for more information about Standard Contractual

Clauses.

5.5 If there are any other circumstances which would require us to transfer

your personal data outside of the EEA or the UK, we will seek your consent to

transfer your personal data outside of the EEA or UK. You can ask us for

more information about where we may transfer or store your personal data

and how we will take steps to ensure your personal data is protected by using

the contact details in section 10 of this Privacy Notice.

5.6 Where you have chosen a password that enables you to access

certain parts of our Platform, you are responsible for keeping this password

confidential. We ask you not to share a password with anyone.

6. HOW LONG WE STORE YOUR PERSONAL DATA

6.1 We will store your data for as long as necessary to fulfil the purposes

for which it is originally collected, as explained in this Privacy Notice, or any

other lawful purpose subsequently communicated to you, and for other

essential purposes such as complying with legal obligations and enforcing our

rights, such as those arising under any agreement with you. The retention

period may therefore vary for different types of data, and depending on how

and why it was gathered. Criteria relevant to determine retention periods

include:

6.2 If the data is necessary for the performance of a contract, we will retain

it while performance under that contract remains active, and for a period

thereafter in which that data may still be relevant to dispute resolution and/or

enforcement of rights under the contract.

6.3 If the data is processed pursuant to consent only, and consent is

withdrawn, we will delete the data immediately, or we will cease processing

and retain the data for a period only if we have a need to keep it for dispute

resolution or enforcement of rights.

6.4 In certain cases we may be legally obliged to hold data for a certain

period of time, or to delete the data at a certain time, including in accordance

with the exercise of your rights as data subject as explained in this Privacy

Notice.

7. PAYMENT PROCESSING

7.1 We do not store any credit card data associated with any purchases

processed on the Platform. Instead, we use Stripe or GoCardless to manage

payments.

7.2 You acknowledge that your use of the payment service provided by

Stripe Payments Europe Ltd or GoCardless Ltd will require them to process

your personal data. We may receive information about you in accordance with

part 2 above from Stripe Payments Europe Ltd or GoCardless Ltd and we may

disclose information about you in accordance with part 4 above to Stripe

Payments Europe Ltd or GoCardless Ltd.

7.3 You acknowledge that your personal data may be processed and

stored by Stripe Payments Europe Ltd or GoCardless Ltd outside of the EEA.

Whilst we have been assured by Stripe Payments Europe Ltd or GoCardless

Ltd that they comply with relevant data protection legislation, where Stripe

Payments Europe Ltd or GoCardless Ltd are independent controllers of your

personal data, we cannot guarantee the security of your personal data and

any payments made through Stripe Payments Europe Ltd or GoCardless Ltd

are undertaken at your own risk. To the extent that, Stripe Payments Europe

Ltd or GoCardless Ltd are processors of your personal data, we will ensure

that your personal data is processed in accordance with our instructions.

7.4 You should review Stripe Payments Europe Ltd Privacy Notice

at https://stripe.com/gb/privacy or GoCardless Ltd Privacy Notice

at https://gocardless.com/privacy/ for more details about how your

information is collected, stored and maintained by Stripe Payments Europe

Ltd or GoCardless Ltd.

8. YOUR RIGHTS

8.1 We will use your personal data for direct marketing purposes only

where you have provided your consent to us. You have the right to ask us not

to process your personal data for these purposes by clicking on the

“unsubscribe” link at the bottom of each email or by

emailing support@proquoai.com. If you withdraw your consent to receiving

marketing emails, we will still be able to send you essential communications

that are necessary for the performance of our contract with you.

8.2 If you are an individual within the EEA or the UK, the GDPR provides

you with rights to:

8.2.1 request from us confirmation of whether or not your personal data is

being processed and where that is the case, confirmation of the information

set out in this Privacy Notice;

8.2.2 request from us a copy of your data that is undergoing processing,

including, in relation to data provided to us by you, and a right to request that

data in a structured, commonly used and machine readable format;

8.2.3 request that we rectify or complete your personal data, where it is

inaccurate or incomplete for the purposes of our processing of the data;

8.2.4 request that we erase your personal data in the following

circumstances:

the personal data is no longer necessary in relation to the purposes for

which it is processed;

you withdraw your consent and there is no other legal ground for the

processing;

you successfully object to the processing pursuant to your right of

objection explained below;

the personal data has been unlawfully processed; or

the erasure is necessary for compliance with a relevant legal obligation

that applies to us;

8.2.5 request that we restrict the processing of your personal data in the

following circumstances:

you contest the accuracy of the personal data, for a period enabling us

to verify the same;

the processing is unlawful, but you request restriction rather than

erasure;

we no longer need the data, but it is required by you in respect of legal

claims; or

you have objected to the processing, until such that that we verify that

there are legitimate purposes that justify such processing;

8.2.6 object to any processing that is based on our, or a third party’s

legitimate interests, upon which event we shall suspend processing until we

demonstrate legitimate purposes that justify that processing. We may at all

times continue to use data for the purpose of establishment, exercise or

defence of legal claims;

8.2.7 withdraw your consent for future processing (where the processing is

based on that consent);

8.2.8 lodge a complaint with the Information Commissioner’s Office, which is

the data protection supervisory authority in the UK, or the national courts to

seek a remedy if you think that your rights in relation to your personal data

have been breached.

8.3 We will comply with any valid request for information under the rights

explained above within one month, though we may tell you that this period is

to be extended by a further two months where necessary, taking into account

the complexity and number of the requests. This will normally be provided free

of charge. If the request is manifestly unfounded, excessive or repetitive we

may charge a reasonable fee or refuse to action the request.

8.4 The provision of personal data to us is not a statutory requirement.

Where the provision of data is a contractual requirement, or a requirement

necessary to enter into a contract, we will make that clear as part of the

process by which the contract is concluded, which may include by way of

terms of the contract. These provisions will also make clear the consequences

of failure to provide such data.

8.5 Where the data is not a contractual requirement, you are not obliged to

provide the data, but if you do not do so, we may be unable to offer certain

benefits and functionality to you. For example, you may not be able to access

parts of the Platform.

8.6 Our Platform may, from time to time, contain links to and from the

websites of our partner networks, advertisers and affiliates (including, but not

limited to, websites on which our Platform is advertised). If you follow a link to

any of these websites, please note that these websites and any services that

may be accessible through them have their own privacy notices and that we

do not accept any responsibility or liability for these notices or for any personal

data that may be collected through these websites or services. Please check

these notices before you submit any personal data to these websites or use

these services.

9. CHANGES TO OUR PRIVACY NOTICE

Any changes we may make to our Privacy Notice in the future will be posted

on this page and, where appropriate, notified to you by e-mail or when you

next use our Platform. The new Privacy Notice may be displayed on-screen

and you may be required to read them to continue your use of our Platform.

Alternatively, please check back frequently to see any updates or changes to

our Privacy Notice.

10. CONTACT US

Questions, comments and requests regarding this Privacy Notice are

welcomed and should be addressed to support@proquoai.com.