SupaDupa is committed to protecting the privacy of all individuals who:
To make this policy easier to read, we call the Website and the Platforms together the "Services". When we talk about “Personal Information”, we mean information relating to you or other identifiable individuals.
We collect Personal Information (such as registration and account information) from our customers and users of the Services for our own purposes, such as to provide and administer the Services (“SupaDupa Data”). We’re the data controller in respect of this information.
We also process Personal Information on behalf of our customers as their data processor, such as content generated, requested or published via the Platforms in accordance with the instructions our customers give us through the Services (including, for example, the information our customers monitor or collect from social media sites like Instagram through the Services) (“Customer Content”). Our customers control how their Customer Content is collected and used by them. In legal terms this means that our customers are the data controller of their Customer Content. Accordingly, we only use Customer Content to provide the Services to our customers in accordance with the lawful instructions they give us through the Services.
When you first register for a SupaDupa account, and when you use the Services, we collect some Personal Information about you such as:
SupaDupa uses SupaDupa Data for the following general purposes:
We also use non-identifiable information gathered for statistical purposes to keep track of the number of visits to the Services with a view to introducing improvements and improving usability of the Services. We may share this type of statistical data so that our partners also understand how often people use the Services, so that they, too, may provide you with an optimal experience.
SupaDupa is a store and website building tool. SupaDupa Services enable our customers to build and manage their own online presence by making it possible for them to host their website and sell products and services to their customers
Services help our customers manage their product inventories, webpages, customer flow, manage and fulfil orders and analyse their results.
In particular, the various Services allow our customers to instantly connect to other third party services, including “Supported Platforms” such as PayPal or SagePay, etc.
When our customers link a Supported Platform or a third party service (such as PayPal) to their SupaDupa account or when they register with a Supported Platform through their SupaDupa account, our customers can choose to instantly collect, process, share and access such third party services and Supported Platform via their SupaDupa account (subject to the terms of the license agreements with the Supported Platforms and other third party services).
In this way, our customers can obtain, use and analyse Personal information from supported Platforms and third party services of their choosing, and also view, display or share Personal Information through the functionality in the Services. Such information can include Personal Information of all types, including but not limited to the following category - user names, billing address, shipping address, goods purchased and payment methods.
The Services use “session cookies”, which improve your user experience by storing certain information from your current visit on your device, such as log-in information. These enable us to remember your log-in session so you can move easily within the Website or the other Services. Without these session cookies, we wouldn’t be able to provide the Services to you. These session cookies have limited functionalities and expirations, and you will be required to re-enter your SupaDupa log-in information after a certain period of time has elapsed to protect you against others accidentally accessing your account contents and related Personal Information. Other examples of our use of session cookies include to track the number of visits by a particular visitor to a page and to store items in an online shopping cart for the Shop.
SupaDupa uses a specific cookie in order to facilitate the use of Google Universal Analytics for users logged-in to the Applications or the Platforms (“Logged-In User). If you are a Logged-In User, SupaDupa may use your SupaDupa user ID in combination with Google Universal Analytics and Google Analytics to track and analyse the pages of the Services you visit. We do this only to better understand how you use the Website, Platform and the other Services, with a view to offering improvements for all SupaDupa users; and to tailor our business and marketing activities accordingly, both generally and specifically to you. Google Analytics cookies do not provide SupaDupa with any Personal Information.
Google Display Advertising
Additionally, SupaDupa uses Google Analytics code that allows for certain forms of display advertising and other advanced features. Subject to change, the Google Display Advertising features SupaDupa currently uses are Remarketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting.
These features are used to advertise online; to allow third-party vendors, including Google, to show you advertising across the Internet; to allow SupaDupa and third-party vendors, including Google, to use first-party cookies (such as the Google Analytics cookie) and third-party cookies together to inform, optimise, and serve ads based on your past visits to the Website and to report how ad impressions, uses of ad services, and interactions with these ad impressions and ad services are related to visits to the Website. Data from Google's interest-based advertising or third-party audience data (such as age, gender, and interests) is also combined with Google Analytics to better understand the needs of SupaDupa users and to improve the Services.
From time to time, SupaDupa uses other third-party performance and remarketing cookies, and further information on those third-party cookies can be obtained by contacting us.
SupaDupa may also use related technologies including web beacons, bugs, pixels, and software tokens in order to facilitate your use of the Services. Most notably, the Services use software tokens (stored securely on SupaDupa servers) in order to facilitate the logging in to and the functioning of both the Supported Platforms and Third-Party Apps.
Most computer and some mobile web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. The Network Advertising Initiative has also developed a tool that may help you understand which third parties have currently enabled cookies for your browser and opt-out of those cookies. Further information can be found at http://www.networkadvertising.org/managing/opt_out.asp. Please note however that, by blocking or deleting cookies, you may not be able to take full advantage of the Website, Applications, Platforms, and/or Shop. If you do not want to receive tracking pixels, you will need to disable HTML images in your email client, and that may affect your ability to view images in other emails that you receive.
We use industry best practices to keep any information collected and/or transmitted to the Supported Platforms or Third-Party Apps secure. This includes the use of HTTPS with TLS (Transport Layer Security), which encrypts all transmitted data, and OAuth 2.0 protocols for authentication and data transfer to Supported Platforms and Third-Party Apps.
Certain Personal Information, most notably SupaDupa log-in details, is encrypted during transmission using TLS. Once validated within our system, passwords are deleted from our system. In addition, SupaDupa uses third-party vendors and hosting partners such as Amazon Web Services to provide the necessary hardware, software, networking, storage, and related technology required to run the Services. These vendors have been selected for their high standards of both physical and technological security, including ISO and SSAE16 certifications.
When payments are processed via credit card, SupaDupa uses third-party vendors that are PCI-DSS Compliant. At no point does SupaDupa have access to your credit card information.
You should bear in mind that submission of information over the Internet is never entirely secure. We cannot guarantee the security of information you submit via the Services whilst it is in transit over the Internet and any such submission is at your own risk, and this risk is specifically disclaimed in our Terms.
If you are a Logged-in User, it is advisable that you log out of your account at the end of every session and not leave a logged-in account unattended for any period of time, particularly if you use a shared computer or device.
To make sure your personal information is secure, we communicate our privacy and security guidelines to SupaDupa employees and strictly enforce privacy safeguards within the company.
SupaDupa, the entity which provides the Services, is a British company with its head-office located in London, United Kingdom. For the purposes of EU data protection law, the United Kingdom is considered a country which provides adequate protections for Personal Information, as confirmed by the European Commission in Commission Decision 2002/2/EC.
The Services are mainly provided from our offices in London. However, by the very nature of the Services, the data that is viewed, collected, stored or posted on or through the Services also needs to flow from wherever you are located in the world, to where our Supported Platforms are storing the same data (i.e. in most cases, in the United States). In addition, SupaDupa uses third-party service providers (such as managed hosting providers, card processors, CRM systems, sub-processors of Customer Content and technology partners) to provide the necessary hardware, software, networking, storage and other services that we use to operate the Services. These third party providers may process, or store, the same Customer Content on servers outside of the EEA, including in Canada or the US.
By using any of the Services, or submitting or collecting any Personal Information via the Services, you authorise SupaDupa and its authorised service partners to use and process Customer Content and SupaDupa Data (including any Personal Information) in these countries. Please be aware that the privacy protections and the rights of authorities and Government agencies to access your Personal Information in some of these countries may not be equivalent to those in your country.
As a Service operated from within the EEA, we process Customer Content (which may include Personal Information) as a data processor on your behalf. Under EU law, you are considered to be the data controller of the Customer Content, and as such you are responsible for complying with applicable data protection laws in respect of the processing of Customer Content and the lawful instructions you give us.
To facilitate the lawful transfer by you of your Customer Content (as a data controller) through the Services to outside the EEA, SupaDupa offers its customers a data processing agreement as an addendum to their existing SupaDupa agreement (“Data Processing Addendum”). This incorporates the European Commission’s Standard Contractual Clauses (processors) of 2010 (also known as “model processor clauses” or "SCC 2010”).
Please note that the Data Processing Addendum (DPA) only applies to the extent there is not another legal basis in place to validate the transfer of Personal Information to outside the EEA.
The most recent version of the Data Processing Addendum is available on SupaDupa's website at info.supadupa.me/dpa.
If you have any questions, please feel free to contact us.
You may opt out of marketing communications sent by SupaDupa by managing your email preferences on our Account Management page, or by following the unsubscribe instructions included in each marketing email.
You can contact us to obtain a copy of the Personal Information held about you by us. This may be subject to a fee not exceeding any prescribed fee permitted by applicable law. You can also ask us to correct and, where relevant, erase that information. Please note that certain Personal Information may need to be retained by SupaDupa for a period of time following cancellation of your account where this is necessary for our legitimate business purposes or required or authorised by applicable law. As mentioned above you have a right to change your email preferences or unsubscribe at any time.
You should be aware that SupaDupa acts as a conduit between our users and the various Supported Platforms and Third-Party Apps. In several instances, the content published via SupaDupa will not be in SupaDupa’s custody or control, and any content that has been shared by you through any Supported Platform or Third-Party Apps via the Services may continue to be available to third parties and the public at large, as this content is now under the control of the operators of the Supported Platforms and/or the Third-Party Apps.
Last revised: May 23rd, 2018