Last updated: 18 June 2020
1.1 The operator of proquo is PROQUO AI Limited, registered in England and Wales with company registration number 09569094, with our London offices at 5a Bear Lane, Southwark, London, SE1 0UH ("proquo"/"we"/”us”). We are committed to protecting and respecting your privacy.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. This Privacy Notice is applicable to all those who access the Platform including visitors of the Site, our Clients (as defined below) and their employees, agents, independent contractors and other third parties authorised to use the Platform (“Authorised Users”) which access the Platform.
1.3 For the purposes of the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018:
1.3.1 Data we collect:
We act as data controller for all processing of personal data relating to:
(a) visitors of our Site; and
(b) subscribers to Premium Services (“Clients”) and their Authorised Users in the course of providing our services to Clients.
1.3.2 Data we receive from other controllers:
We also receive data from:
(a) Individual respondents matching our demographic requirements, sourced by our third party panel providers, which access the survey application on our Site to respond to surveys. Our Platform enables panel providers to generate surveys and send links to their own network of private contacts to invite them to participate in those surveys. In these circumstances the third party panel provider controls who the link is sent to and holds their contact data. We have no direct relationship with the individual respondents as they sign up to complete surveys directly with the panel provider. The information they submit via the survey is received by us. The only types of information we capture about individual respondents is generic information such as their shopping habits, age, gender, occupation type and location (country/state). Such data is not considered personal data in law as this data will not directly or indirectly reveal an individual’s identity. We analyse the data received and deliver brand management guidance to our Clients.
We do not collect any personal data from individual respondents and the relevant third party panel provider is the controller of the individual respondent’s personal data. The third party survey provider is responsible for ensuring compliance with all aspects of data privacy relating to the sending out of the survey.
(b) Commercial data from our Clients such as sales, volumes and media spend data. None of this data will contain any personal data.
The Privacy Notice applies to the data we collect as controller as set out in clause 1.3.1 however does not apply to the data we collect as set out in clause 1.3.2 where we are not the controller of the personal data or no personal data is included in the data provided to us.
1.3.3 We do not act as a data processor in any circumstances.
2. INFORMATION WE MAY COLLECT FROM YOU
2.1 We may collect and process data about you in the manner set out below. We will only use your personal data where we have a valid lawful basis to do so. Where we mention “legitimate interests”, this is the lawful basis we rely on when we feel that it is necessary to use your personal data for a reason which is in our and/or your interests and which does not unfairly affect your rights over your personal data.
2.2 You may give us information about you by visiting our Site, filling in forms on our Platform or by corresponding with us by phone, e-mail, support chat function or otherwise. This includes information you provide when you visit our Site, enquire about our services, register to use our Platform, subscribe to any of our services, enter a competition or promotion, when you report a problem with our Platform or when you upload information or data on our Platform. The information you give us may include your name, address, e-mail address, phone number, password and other registration information.
2.3 With regard to each of your visits to or use of our Platform we may automatically collect the following information about you or your devices:
• technical information, including the type of device(s) you use, a unique device identifier, the Internet protocol (IP) address used to connect your device(s) to the Internet, network information, browser type and version, time zone setting, browser plug-in types and versions and operating system and platform; and
• information and details about your use of our Platform (including but not limited to traffic data; location data; weblogs and other communication data; the full Uniform Resource Locators (URL) clickstream to, through and from our Platform (including date and time); what you viewed or searched for; page response times, download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks, and mouse-overs); and methods used to browse away from the page)).
2.4 We may receive information about you from sub-contractors and service providers in technical and payment services (please see part 7 of this Privacy Notice below for more information on this), and may receive information about you from them.
3. USES MADE OF THE INFORMATION AND RELEVANT LAWFUL BASES
3.1 We will use the information you give to us as follows:
3.1.1 We will use personal data relating to Clients and those of their Authorised Users that are users of our Platform in order to provide services to those Clients pursuant to the contract between us and the Client, in order to perform the contract with our Clients, and if necessary, enforce any legal obligations Clients may owe to us, in respect of that contract.
3.1.2 We will use personal data relating to prospective business clients and those of their business contact representatives in order to provide the information that they have requested about our services, in order to take necessary steps prior to entering into a contract with them and for our legitimate interests in supplying information about our business and services.
3.1.3 We may use personal data to send marketing materials to Clients or prospective business clients, in relation to our goods and services. We will obtain the express consent of the individual (where legally required to do so) or rely on the legitimate interests of our business (when sending marketing materials to business contacts). Individuals can withdraw their consent at any time by clicking on the “unsubscribe” link at the bottom of each email or by emailing firstname.lastname@example.org. If an individual withdraws their consent to receiving marketing emails, we will still be able to send them essential service communications that are necessary for the performance of our services.
3.1.4 We will use aggregated and anonymised data in order to improve the operation of our analytical, prediction and brand management guidance-generating technology, in accordance with our legitimate interests in doing so.
3.1.5 We will use the usage data and technical data about visitors to our Platform for the purpose of using data analytics to improve our Platform, products and services, marketing, user and customer relationships and experiences in accordance with our legitimate interests in understanding our customers better and providing a better service to them.
3.1.6 We will use usage data and technical data and any other necessary data in order to monitor operations, user activity and networks for fraud prevention and crime detection in accordance with our legitimate interests in detecting and preventing fraud and illegal conduct or complying with a legal obligation to which we are subject.
3.1.7 We will share personal data with our third-party service providers which facilitate the provision of our services and the fulfilment of essential service functions, such as web hosting, cloud storage, analytics, marketing, accounting and security tools in order to perform our contractual obligations and in accordance with our legitimate interests in ensuring the proper operation of our services.
3.1.8 We may use personal data that we hold for the purpose of our business in accordance with our legitimate interest (and the legitimate interest of any counterpart), in facilitating such sale or purchase, as part of, or as reasonably necessary for the purpose of, any sale or purchase of any of our business or assets.
3.1.9 We may use personal data where we are required to comply with certain legal and regulatory requirements, to which we or regulators or law enforcement agencies are subject and to establish, exercise or defend legal claims.
3.2 In the course of any of the uses listed above, we may send push notifications to your computer or mobile device(s). You can manage push notifications in your browser’s settings and/or in your preference section within our App.
3.3 We will only use your personal data for the reasons we have set out above. If we need to use your personal data for any other reason, we will let you know and tell you the reason along with the relevant lawful basis, unless the law prevents us from doing so.
4. DISCLOSURE OF YOUR INFORMATION
4.1 We may share your personal information with any member of our group.
4.2 We may share your information with selected third parties including:
4.2.1 Business partners, suppliers and sub-contractors for the performance of any contracts we enter into with them or you including payment processing, web-hosting, customer relationship management and marketing mailing services; and
4.2.2 Suppliers of IT systems and services for the purpose of ensuring the correct operation, or enhancing the operation of our IT systems or to ensure the safety and security of personal data.
4.3 We may disclose your personal information to third parties:
4.3.1 in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
4.3.2 if all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
4.3.3 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, and other agreement; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
4.4 Data shall be shared with third parties only to the extent compatible with the uses set out in part 3 of this Privacy Notice.
5 WHERE WE STORE YOUR PERSONAL DATA
5.1 Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. For example, we use secure servers to store all information you provide to us. The security of your data is of the highest importance to us and we implement appropriate industry standard measures available. However, the transmission of information via the internet is not completely secure and, like any online service, we cannot completely guarantee the security of your data transmitted to our Platform. Any payment transactions will be processed in accordance with part 7 of this Privacy Notice.
5.2 We transfer personal data to other companies in our corporate group established outside of the EEA (such as in the United States and South Africa) for the purpose of carrying out all functions described in this Privacy Notice. We have put agreements in place to facilitate such data transfers, conforming to the EU Commission approved terms for such transfers. Please contact us if you require further details of such measures.
5.3 We transfer personal data to third parties who process the data on our behalf, such as providers of cloud data storage, our cloud-based customer relationship management (CRM) system and our electronic mailing provider. Wherever possible, such as in the case of our cloud servers, we ensure that data is stored at rest within the EU. If we do transfer or store your personal data outside of the EEA, we will ensure we have put adequate measures in place in order to protect your personal data to an equivalent data protection standard as in the UK and the EEA.
5.4 We will only share your personal data with countries and organisations that:
• The European Commission has deemed as having equivalent data protection laws as in the EEA;
• We have entered into a contract with which include certain requirements to make sure your personal data is protected to equivalent standards as in the EEA and the UK – please click here for a link to the standard contractual/data protection clauses; or
• Have chosen to comply with a set of rules called the Privacy Shield framework which includes data protection standards for transfers of personal data between the United States and the EEA – please click here for more information about the Privacy Shield for US companies.
5.5 If there are any other circumstances which would require us to transfer your personal data outside of the EEA (or the UK to the extent the UK is no longer part of the EU), we will seek your consent to transfer your personal data outside of the EEA. You can ask us for more information about where we may transfer or store your personal data and how we will take steps to ensure your personal data is protected by using the contact details in section 10 of this Privacy Notice.
5.6 Where you have chosen a password that enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
6 HOW LONG WE STORE YOUR PERSONAL DATA
6.1 We will store your data for as long as necessary to fulfil the purposes for which it is originally collected, as explained in this Privacy Notice, or any other lawful purpose subsequently communicated to you, and for other essential purposes such as complying with legal obligations and enforcing our rights, such as those arising under any agreement with you. The retention period may therefore vary for different types of data, and depending on how and why it was gathered. Criteria relevant to determine retention periods include:
6.2 If the data is necessary for the performance of a contract, we will retain it while performance under that contract remains active, and for a period thereafter in which that data may still be relevant to dispute resolution and/or enforcement of rights under the contract.
6.3 If the data is processed pursuant to consent only, and consent is withdrawn, we will delete the data immediately, or we will cease processing and retain the data for a period only if we have a need to keep it for dispute resolution or enforcement of rights.
6.4 In certain cases we may be legally obliged to hold data for a certain period of time, or to delete the data at a certain time, including in accordance with the exercise of your rights as data subject as explained in this Privacy Notice.
7 PAYMENT PROCESSING
7.1 We do not store any credit card data associated with any purchases processed on the Platform. Instead, we use Stripe or GoCardless to manage payments.
7.2 You acknowledge that your use of the payment service provided by Stripe Payments Europe Ltd or GoCardless Ltd will require them to process your personal data. We may receive information about you in accordance with part 2 above from Stripe Payments Europe Ltd or GoCardless Ltd and we may disclose information about you in accordance with part 4 above to Stripe Payments Europe Ltd or GoCardless Ltd.
7.3 You acknowledge that your personal data may be processed and stored by Stripe Payments Europe Ltd or GoCardless Ltd outside of the EEA. Whilst we have been assured by Stripe Payments Europe Ltd or GoCardless Ltd that they comply with relevant data protection legislation, where Stripe Payments Europe Ltd or Go Cardless Ltd are independent controllers of your personal data, we cannot guarantee the security of your personal data and any payments made through Stripe Payments Europe Ltd or GoCardless Ltd are undertaken at your own risk. To the extent that, Stripe Payments Europe Ltd or Go Cardless Ltd are processors of your personal data, we will ensure that your personal data is processed in accordance with our instructions.
7.4 You should review Stripe Payments Europe Ltd Privacy Notice at https://stripe.com/gb/privacy or GoCardless Ltd Privacy Notice at https://gocardless.com/privacy/ for more details about how your information is collected, stored and maintained by Stripe Payments Europe Ltd or GoCardless Ltd.
8 YOUR RIGHTS
8.1 We will use your personal data for direct marketing purposes only where you have provided your consent to us. You have the right to ask us not to process your personal data for these purposes by clicking on the “unsubscribe” link at the bottom of each email or by emailing email@example.com. If you withdraw your consent to receiving marketing emails, we will still be able to send you essential communications that are necessary for the performance of our contract with you.
8.2 If you are an individual within the EEA or the UK, the GDPR provides you with rights to:
8.2.1 request from us confirmation of whether or not your personal data is being processed and where that is the case, confirmation of the information set out in this Privacy Notice;
8.2.2 request from us a copy of your data that is undergoing processing, including, in relation to data provided to us by you, and a right to request that data in a structured, commonly used and machine readable format;
8.2.3 request that we rectify or complete your personal data, where it is inaccurate or incomplete for the purposes of our processing of the data;
8.2.4 request that we erase your personal data in the following circumstances:
• the personal data is no longer necessary in relation to the purposes for which it is processed;
• you withdraw your consent and there is no other legal ground for the processing;
• you successfully object to the processing pursuant to your right of objection explained below;
• the personal data has been unlawfully processed; or
• the erasure is necessary for compliance with a relevant legal obligation that applies to us;
8.2.5 request that we restrict the processing of your personal data in the following circumstances:
• you contest the accuracy of the personal data, for a period enabling us to verify the same;
• the processing is unlawful, but you request restriction rather than erasure;
• we no longer need the data, but it is required by you in respect of legal claims; or
• you have objected to the processing, until such that that we verify that there are legitimate purposes that justify such processing;
8.2.6 object to any processing that is based on our, or a third party’s legitimate interests, upon which event we shall suspend processing until we demonstrate legitimate purposes that justify that processing. We may at all times continue to use data for the purpose of establishment, exercise or defence of legal claims;
8.2.7 withdraw your consent for future processing (where the processing is based on that consent);
8.2.8 lodge a complaint with the Information Commissioner’s Office, which is the data protection supervisory authority in the UK, or the national courts to seek a remedy if you think that your rights in relation to your personal data have been breached.
8.3 We will comply with any valid request for information under the rights explained above within one month, though we may tell you that this period is to be extended by a further two months where necessary, taking into account the complexity and number of the requests. This will normally be provided free of charge. If the request is manifestly unfounded, excessive or repetitive we may charge a reasonable fee or refuse to action the request.
8.4 The provision of personal data to us is not a statutory requirement. Where the provision of data is a contractual requirement, or a requirement necessary to enter into a contract, we will make that clear as part of the process by which the contract is concluded, which may include by way of terms of the contract. These provisions will also make clear the consequences of failure to provide such data.
8.5 Where the data is not a contractual requirement, you are not obliged to provide the data, but if you do not do so, we may be unable to offer certain benefits and functionality to you. For example, you may not be able to access parts of the Platform.
8.6 Our Platform may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (including, but not limited to, websites on which our Platform is advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy notices and that we do not accept any responsibility or liability for these notices or for any personal data that may be collected through these websites or services. Please check these notices before you submit any personal data to these websites or use these services.
9. CHANGES TO OUR PRIVACY NOTICE
Any changes we may make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or when you next use our Platform. The new Privacy Notice may be displayed on-screen and you may be required to read them to continue your use of our Platform. Alternatively, please check back frequently to see any updates or changes to our Privacy Notice.
10. CALIFORNIA CONSUMER PRIVACY ACT (“CCPA”)
For California residents, please click here to view our Privacy Notice – California Addendum.
11. CONTACT US
Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to firstname.lastname@example.org.