SupaDupa Privacy Policy

Your privacy is important to SupaDupa. So we've developed a Privacy Policy that covers how we collect, use, disclose, transfer, and store your information.
It also tells you about your privacy rights and how the law protects you. It is important that you read this privacy policy, together with any other privacy policies we may provide, so that you are fully aware of how and why we are using your data.

If you have any questions, or would like to exercise your privacy rights, please follow the instructions in this privacy policy.
This privacy policy was last updated on 23rd of May 2018.

Introduction

SupaDupa is committed to protecting the privacy of all individuals who:

  • Visit any website or mobile site offered by SupaDupa, without limitation supadupa.me or mysupadupa.com and including all subdomains, present and future (the “Website”)
  • Use the services including SupaDupa Store & Website builder and other SupaDupa products and services (the “platforms”)

To make this policy easier to read, we call the Website and the Platforms together the "Services". When we talk about “Personal Information”, we mean information relating to you or other identifiable individuals.

It is SupaDupa’s policy to respect your privacy and the privacy of all users of the Services. This Privacy Policy has been established to help you understand our commitment to protecting your privacy and personal data, and the steps we take to ensure it. By visiting and/or using any of the Services, you agree to be bound by the terms of the present Privacy Policy (the “Privacy Policy”). Where the present Privacy Policy refers to “SupaDupa”, it may refer to the Services or to SupaDupa, depending on the context.

SupaDupa reserves the right, at any time, to modify or replace the Privacy Policy. The most recent version of the Privacy Policy is available on our Website at info.supadupa.me/privacy. Please check the Privacy Policy periodically for changes, though we will also notify you via email or other direct electronic communication method of any changes that, in our sole discretion, materially impact your use of the Services or the treatment of your Personal Information. Your use of the Services following the posting of any changes to the Privacy Policy constitutes acceptance of those changes.

SupaDupa Data and Customer Content

We collect Personal Information (such as registration and account information) from our customers and users of the Services for our own purposes, such as to provide and administer the Services (“SupaDupa Data”). We’re the data controller in respect of this information.

We also process Personal Information on behalf of our customers as their data processor, such as content generated, requested or published via the Platforms in accordance with the instructions our customers give us through the Services (including, for example, the information our customers monitor or collect from social media sites like Instagram through the Services) (“Customer Content”). Our customers control how their Customer Content is collected and used by them. In legal terms this means that our customers are the data controller of their Customer Content. Accordingly, we only use Customer Content to provide the Services to our customers in accordance with the lawful instructions they give us through the Services.

About this Privacy Policy

This Privacy Policy describes how and when SupaDupa collects, uses and shares SupaDupa Data when you use the Services. SupaDupa receives your information through our Website and sign up form.

Whilst most of this Privacy Policy relates to SupaDupa Data, we also provide some information about how our customers choose to collect and use Customer Content through the Services.

The Services by their nature allow our customers to build their website and online store and connect with various payment processing solutions (such as PayPal, SagePay and Stripe) through their APIs, social platform (such as Facebook or Instagram) and any applications developed by third parties that SupaDupa does not own or control (“Third-Party Apps”) that our customers choose to access. This Privacy Policy does not cover any information or other content you can view via the Services on Supported Platforms (but which was not posted there using the Services) or information you provide to Third-Party Apps accessed via the Services. While we attempt to facilitate access only to those Supported Platforms and Third-Party Apps that share our respect for your privacy, we cannot take responsibility for the content or privacy policies of any Supported Platforms or Third-Party Apps. We encourage you to carefully review the privacy policies of any Supported Platforms or Third-Party Apps you access via the Services.

SupaDupa Data we receive or collect

When you first register for a SupaDupa account, and when you use the Services, we collect some Personal Information about you such as:

  • Store name
  • Fullname
  • Email address and other contact details
  • the geographic area where you use your computer and mobile devices
  • a unique SupaDupa store ID (an alphanumeric string) which is assigned to you upon registration
  • other optional information as part of your account profile
  • your IP Address and, when applicable, timestamp related to your consent and confirmation of consent
  • other information submitted by you or your organisational representatives via various methods (phone, email, online forms, surveys, in-person meetings, etc)
  • your billing address and any necessary other information to complete any financial transaction, and when making purchases through the Services, we may also collect your credit card or PayPal information
  • Product information including variants, images, description, weights, price and shipping information
  • information we may receive relating to communications you send us, such as queries or comments concerning our Services
  • information relating to an individual’s real time location
  • SupaDupa also automatically collects and receives certain information from your computer or mobile device, including the activities you perform on our Website, the Platforms, and the Applications, the type of hardware and software you are using (for example, your operating system or browser), and information obtained from cookies (see “Cookies and related Technologies” below). For example, each time you visit the Website or otherwise use the Services, we automatically collect your IP address, browser and device type, access times, the web page from which you came, the regions from which you navigate the web page, and the web page(s) you access (as applicable).

How we use SupaDupa Data

SupaDupa uses SupaDupa Data for the following general purposes:

  • to identify you when you login to your account
  • to enable us to operate the Services and provide them to you
  • to verify your transactions and for purchase confirmation, billing, security, and authentication (including security tokens for communication with installed Third-Party Apps)
  • to analyse the Website or the other Services and information about our visitors and users, including research into our user demographics and user behaviour in order to improve our content and Services
  • to contact you about your account and provide customer service support, including responding to your comments and questions
  • to share aggregate (non-identifiable) statistics about users of the Services to prospective advertisers and partners
  • to keep you informed about the Services, features, surveys, newsletters, offers, contests and events we think you may find useful or which you have requested from us
  • to sell or market SupaDupa products and services to you
  • to better understand your needs and the needs of users in the aggregate, diagnose problems, analyse trends, improve the features and usability of the Services, and better understand and market to our customers and users
  • to keep the Services safe and secure

We also use non-identifiable information gathered for statistical purposes to keep track of the number of visits to the Services with a view to introducing improvements and improving usability of the Services. We may share this type of statistical data so that our partners also understand how often people use the Services, so that they, too, may provide you with an optimal experience.

Customer Content we process for our customers

SupaDupa is a store and website building tool. SupaDupa Services enable our customers to build and manage their own online presence by making it possible for them to host their website and sell products and services to their customers

Services help our customers manage their product inventories, webpages, customer flow, manage and fulfil orders and analyse their results.

In particular, the various Services allow our customers to instantly connect to other third party services, including “Supported Platforms” such as PayPal or SagePay, etc.

When our customers link a Supported Platform or a third party service (such as PayPal) to their SupaDupa account or when they register with a Supported Platform through their SupaDupa account, our customers can choose to instantly collect, process, share and access such third party services and Supported Platform via their SupaDupa account (subject to the terms of the license agreements with the Supported Platforms and other third party services).

In this way, our customers can obtain, use and analyse Personal information from supported Platforms and third party services of their choosing, and also view, display or share Personal Information through the functionality in the Services. Such information can include Personal Information of all types, including but not limited to the following category - user names, billing address, shipping address, goods purchased and payment methods.

Consent

By using any of the Services, or submitting or collecting any Personal Information via the Services, you consent to the collection, transfer, storage disclosure, and use of your Personal Information in the manner set out in this Privacy Policy. If you do not consent to the use of your Personal Information in these ways, please stop using the Services.

Cookies and related technologies

SupaDupa uses tracking technology (“cookies”) on the Website, in the Applications, and in the Platforms, including mobile application identifiers and a unique SupaDupa user ID to help us recognise you across different Services, to monitor usage and web traffic routing for the Services, and to customise and improve the Services. By visiting the Website or using the Services you agree to the use of cookies in your browser and HTML-based emails. Cookies are small text files placed on your device when you visit a website, in order to track use of the site and to improve your user experience.

Session Cookies

The Services use “session cookies”, which improve your user experience by storing certain information from your current visit on your device, such as log-in information. These enable us to remember your log-in session so you can move easily within the Website or the other Services. Without these session cookies, we wouldn’t be able to provide the Services to you. These session cookies have limited functionalities and expirations, and you will be required to re-enter your SupaDupa log-in information after a certain period of time has elapsed to protect you against others accidentally accessing your account contents and related Personal Information. Other examples of our use of session cookies include to track the number of visits by a particular visitor to a page and to store items in an online shopping cart for the Shop.

Performance and Remarketing Cookies

Partners who help us serve advertising on and off the Website and analytics companies may also put cookies on your device. We use several third-party vendors to help deliver ads for relevant SupaDupa products and services to you when you visit certain pages on our Website and then visit certain third-party sites. We may share with third-party ad partners a cryptographic hash of a common account identifier (such as an email address), to help us measure and tailor ads and services provided to you. Below is information about one such vendor. Please note that this Privacy Policy covers only our use of cookies and does not include use of cookies by any third parties.

  1. Google Analytics

    SupaDupa uses a specific cookie in order to facilitate the use of Google Universal Analytics for users logged-in to the Applications or the Platforms (“Logged-In User). If you are a Logged-In User, SupaDupa may use your SupaDupa user ID in combination with Google Universal Analytics and Google Analytics to track and analyse the pages of the Services you visit. We do this only to better understand how you use the Website, Platform and the other Services, with a view to offering improvements for all SupaDupa users; and to tailor our business and marketing activities accordingly, both generally and specifically to you. Google Analytics cookies do not provide SupaDupa with any Personal Information.

    Learn more about privacy at Google and to opt-out of this feature by installing the Google Analytics Opt-out Browser Add-on.

  2. Google Display Advertising

    Additionally, SupaDupa uses Google Analytics code that allows for certain forms of display advertising and other advanced features. Subject to change, the Google Display Advertising features SupaDupa currently uses are Remarketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting.

    These features are used to advertise online; to allow third-party vendors, including Google, to show you advertising across the Internet; to allow SupaDupa and third-party vendors, including Google, to use first-party cookies (such as the Google Analytics cookie) and third-party cookies together to inform, optimise, and serve ads based on your past visits to the Website and to report how ad impressions, uses of ad services, and interactions with these ad impressions and ad services are related to visits to the Website. Data from Google's interest-based advertising or third-party audience data (such as age, gender, and interests) is also combined with Google Analytics to better understand the needs of SupaDupa users and to improve the Services.

    You may opt out of such display advertising at any time by visiting your Google Ads Settings page or by installing and running the Google Analytics Opt-out Browser Add-on.

From time to time, SupaDupa uses other third-party performance and remarketing cookies, and further information on those third-party cookies can be obtained by contacting us.

SupaDupa may also use related technologies including web beacons, bugs, pixels, and software tokens in order to facilitate your use of the Services. Most notably, the Services use software tokens (stored securely on SupaDupa servers) in order to facilitate the logging in to and the functioning of both the Supported Platforms and Third-Party Apps.

Most computer and some mobile web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. The Network Advertising Initiative has also developed a tool that may help you understand which third parties have currently enabled cookies for your browser and opt-out of those cookies. Further information can be found at http://www.networkadvertising.org/managing/opt_out.asp. Please note however that, by blocking or deleting cookies, you may not be able to take full advantage of the Website, Applications, Platforms, and/or Shop. If you do not want to receive tracking pixels, you will need to disable HTML images in your email client, and that may affect your ability to view images in other emails that you receive.

When we may share Personal Information

Except as provided in this Privacy Policy, SupaDupa does not divulge any Personal Information gathered via the Services (including Customer Content) to third parties.

Notwithstanding anything in the Privacy Policy to the contrary, we may share any information we have collected about you or Customer Content:

  1. when you consent to the disclosure of such information to a third party when connecting to a third-party service that asks you if you consent to such sharing;
  2. where we are legally required to do so, such as in response to court orders or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands;
  3. if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person;
  4. if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Services infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of the Website infrastructure or the Services generally);
  5. to a parent company, subsidiaries, joint ventures, or other companies under common control with SupaDupa;
  6. if we are acquired by or merged with another entity (in which case we will require such entity to assume our obligations under this Privacy Policy or inform you that you are covered by a new privacy policy); and
  7. if this information is not private, is aggregated or is otherwise non-Personal Information, such as your public user profile information and related public data (such as Tweets, likes, etc.) or the number of users who clicked on a particular link (even if only one did so).

Subject to obligations consistent with this Privacy Policy, we may also disclose information to our affiliates, agents, contractors, and service providers in order to facilitate the functioning of the Services or to perform tasks that are integral to the Services, such as processing transactions, fulfilling requests for information, or providing support services or other tasks, from time to time. Information may also be transferred from SupaDupa to the third parties in control of the Supported Platforms, but only to the extent required in order for the Services to function properly.

Children

Protecting the safety of children when they use the Internet is very important to us. Our Services should only be accessed by individuals of Minimum Age. “Minimum Age” may mean different ages in different countries, depending on where the individual accesses the services. For reference, “Minimum Age” shall mean (a) 14 years old for the United States, Canada, Germany, Spain, Australia, and South Korea; and (b) 13 years old for all other countries. However, if applicable law requires that you must be older than such ages in order for SupaDupa to lawfully provide the Services to you (including the collection, storage, and use of your information in accordance with this Privacy Policy), then the Minimum Age would be such older age. The Services are not designed nor intended for use by children or anyone else under the age of 13.

Security

We use industry best practices to keep any information collected and/or transmitted to the Supported Platforms or Third-Party Apps secure. This includes the use of HTTPS with TLS (Transport Layer Security), which encrypts all transmitted data, and OAuth 2.0 protocols for authentication and data transfer to Supported Platforms and Third-Party Apps.

Certain Personal Information, most notably SupaDupa log-in details, is encrypted during transmission using TLS. Once validated within our system, passwords are deleted from our system. In addition, SupaDupa uses third-party vendors and hosting partners such as Amazon Web Services to provide the necessary hardware, software, networking, storage, and related technology required to run the Services. These vendors have been selected for their high standards of both physical and technological security, including ISO and SSAE16 certifications.

When payments are processed via credit card, SupaDupa uses third-party vendors that are PCI-DSS Compliant. At no point does SupaDupa have access to your credit card information.

You should bear in mind that submission of information over the Internet is never entirely secure. We cannot guarantee the security of information you submit via the Services whilst it is in transit over the Internet and any such submission is at your own risk, and this risk is specifically disclaimed in our Terms.

If you are a Logged-in User, it is advisable that you log out of your account at the end of every session and not leave a logged-in account unattended for any period of time, particularly if you use a shared computer or device.

Our Companywide Commitment to Your Privacy

To make sure your personal information is secure, we communicate our privacy and security guidelines to SupaDupa employees and strictly enforce privacy safeguards within the company.

Information storage and international transfers

SupaDupa, the entity which provides the Services, is a British company with its head-office located in London, United Kingdom. For the purposes of EU data protection law, the United Kingdom is considered a country which provides adequate protections for Personal Information, as confirmed by the European Commission in Commission Decision 2002/2/EC.

The Services are mainly provided from our offices in London. However, by the very nature of the Services, the data that is viewed, collected, stored or posted on or through the Services also needs to flow from wherever you are located in the world, to where our Supported Platforms are storing the same data (i.e. in most cases, in the United States). In addition, SupaDupa uses third-party service providers (such as managed hosting providers, card processors, CRM systems, sub-processors of Customer Content and technology partners) to provide the necessary hardware, software, networking, storage and other services that we use to operate the Services. These third party providers may process, or store, the same Customer Content on servers outside of the EEA, including in Canada or the US.

By using any of the Services, or submitting or collecting any Personal Information via the Services, you authorise SupaDupa and its authorised service partners to use and process Customer Content and SupaDupa Data (including any Personal Information) in these countries. Please be aware that the privacy protections and the rights of authorities and Government agencies to access your Personal Information in some of these countries may not be equivalent to those in your country.

For our customers with a principal location in the EU

As a Service operated from within the EEA, we process Customer Content (which may include Personal Information) as a data processor on your behalf. Under EU law, you are considered to be the data controller of the Customer Content, and as such you are responsible for complying with applicable data protection laws in respect of the processing of Customer Content and the lawful instructions you give us.

To facilitate the lawful transfer by you of your Customer Content (as a data controller) through the Services to outside the EEA, SupaDupa offers its customers a data processing agreement as an addendum to their existing SupaDupa agreement (“Data Processing Addendum”). This incorporates the European Commission’s Standard Contractual Clauses (processors) of 2010 (also known as “model processor clauses” or "SCC 2010”).

Please note that the Data Processing Addendum (DPA) only applies to the extent there is not another legal basis in place to validate the transfer of Personal Information to outside the EEA.

The most recent version of the Data Processing Addendum is available on SupaDupa's website at info.supadupa.me/dpa.

If you have any questions, please feel free to contact us.

Email preferences

You may opt out of marketing communications sent by SupaDupa by managing your email preferences on our Account Management page, or by following the unsubscribe instructions included in each marketing email.

Your rights

You can contact us to obtain a copy of the Personal Information held about you by us. This may be subject to a fee not exceeding any prescribed fee permitted by applicable law. You can also ask us to correct and, where relevant, erase that information. Please note that certain Personal Information may need to be retained by SupaDupa for a period of time following cancellation of your account where this is necessary for our legitimate business purposes or required or authorised by applicable law. As mentioned above you have a right to change your email preferences or unsubscribe at any time.

You should be aware that SupaDupa acts as a conduit between our users and the various Supported Platforms and Third-Party Apps. In several instances, the content published via SupaDupa will not be in SupaDupa’s custody or control, and any content that has been shared by you through any Supported Platform or Third-Party Apps via the Services may continue to be available to third parties and the public at large, as this content is now under the control of the operators of the Supported Platforms and/or the Third-Party Apps.

Privacy Questions

If you have questions or concerns about SupaDupa's privacy policy or data processing, please contact us at privacy@supadupa.me

Last revised: May 23rd, 2018