Privacy Policy


PRIVACY STATEMENT

 

The American company PopSockets, whose registered office is located at 1426 Pearl Street, Suite 400, Boulder, CO 80302, USA, registered under the number 273935248 ("PopSockets", "we") values the privacy of those who provide personal data to us. 

This Privacy Statement describes how we collect and use personal data about you, via our website popsockets.co.uk as a data controller, in accordance with applicable data protection legislation. It also explains the basis upon which we process it, with whom it is shared, and how it is stored. 

We may process your personal data, as described in this Privacy Statement and as described when we collect data from you. Our Privacy Statement must be read together with any other legal notices or terms and conditions provided to you when we collect personal data from you (or at a later stage) or that are available on other pages of our website.

 

SECTION 1 - WHAT PERSONAL DATA DO WE COLLECT?

 

When you purchase something from our store, as part of the buying and selling process, we collect the personal data you give us such as your name, address and email address. 

When you browse our website, we also automatically receive your computer’s internet protocol (IP) address via our cookies in order to provide us with information that helps us learn about your browser and operating system. To know more about our use of cookies, please read our Cookie Policy

 

SECTION 2 - WHY DO WE PROCESS YOUR PERSONAL DATA?

 

We may process your personal data for different purposes as described below:

Purposes of the processing

Legal basis of the processing

To create and manage your user account 

Performance of an agreement to which you are party (Terms of Service)

To verify standards of customer submitted images for product customization

Performance of an agreement to which you are party (Terms of Service)

To manage your participation to the Poptivism program

Performance of an agreement to which you are party (Terms of Service)

To complete a transaction, verify your credit card, place an order, send you invoices, arrange for a delivery or return a purchase, send you non-marketing communications

Performance of an agreement to which you are party (Terms of Sale)

To answer any request you made through the contact form 

Performance of an agreement to which you are party (if such type of agreement is in place) or our legitimate interest (if no such type of agreement is in place) which is the management and development of our business

To send you marketing communications (including our newsletter)

Your consent (if requested and provided)

To answer any question or request you made via our contact form

Our legitimate interest, which is the management and development of our business.

To organize sweeptakes and price draw (selection and sending of price to the winner)

Performance of an agreement to which you are party (General Competition and Prize Draw Terms and Conditions)

To use your name and photograph (i.e. the photographs that are public on your social network account) in publicity Popsockets’ materials related to a competitions and/or a prize draw you entered, on social networks (Facebook, Instagram, Twitter)

Your consent (if provided)

To manage customer reviews

Our legitimate interest, which is the management of our website

To ensure the good functioning of the website (including to analyse the use of the website, to handle data subjects' requests or claims, to improve the website and the goods and services we provide,  to verify address deliverability, to correct performance problems, to organize satisfaction surveys, for the detection and prevention of fraud, other criminal offences and for risk management purposed, for business and disaster recovery – to create back-ups)

Our legitimate interests, which are the management and development of our business. 

 

We believe the risk to your data protection rights in connection with personal data that we process on the basis of our legitimate interests is not excessive or overly intrusive. We have also put in place protections for your rights by ensuring security controls.

If you choose not to provide the personal data requested by us, we may not be able to provide you with the products and/or services you have requested or otherwise fulfil the purpose(s) for which we have asked for the personal data.

If we ask for your personal data to send you marketing communications, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

If after you opt-in, you change your mind, you may withdraw your consent at anytime, by contacting us at uk-ecomstore@popsockets.com or mailing us at: 

PopSockets LLC

1426 Pearl Street, Suite 400, Boulder, CO 80302, USA. Please remember that any information that you disclose in public areas of the website (such as reviews) will become public information, and be accessible to the public. You should be cautious when considering whether to disclose your personal data on the website.

 

SECTION 3 – HOW AND WHEN DO WE SHARE PERSONAL DATA WITH THIRD PARTIES?

 

Some products and/or services that we provide require the involvement of third parties. We do not sell, rent, distribute or otherwise make personal data commercially available to any third party, except that we may share information with our service providers and other third parties for the purposes set out in this Privacy Statement:

a) Data sharing with service providers

We may share your personal with our third party whom we engage to provide various services. 

  • We use the services of Salesforce Commerce Cloud to host our store. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your personal data is stored through Salesforce Commerce Cloud’s data storage, databases and the general Salesforce Commerce Cloud application. They store your personal data on a secure server behind a firewall.

If you choose a direct payment gateway to complete your purchase, then Salesforce Commerce Cloud stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. 

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. 

For more insight, you may also want to read Salesforce Commerce Cloud’s Terms of Service (https://www.salesforce.com/company/legal/sfdc-website-terms-of-service/) or Privacy Statement (https://www.salesforce.com/company/privacy/).

 

  • We also use the services of Salesforce Marketing Cloud. Salesforce Marketing Cloud is a multifunctional e-mail platform that is used for communication around orders and for sending newsletters. 

 

  • We also use the services of Klaviyo. Klaviyo is a multifunctional e-mail platform that is used for communication around orders and for sending newsletters. 

 

  • We use the services of order, packing and shipping companies, couriers, and transport companies for the deliveries of our products, such as Janssen, XB Fulfillment, Crane Logistic, Shipstation and Desktop Shipper.

 

  • We use the services of Payment Service Providers, such as Adyen, PayPal, First Data, Braintree, Wells Fargo, HSBC, ApplePay, AmazonPay.

 

  • We use the services of different providers for the management of our business activities such as Amazon Web Services (order management and production processes), Zendesk ticketing system (customer service inquiries), Snowflake (aggregate reporting and business intelligence), BounceExchange (email service and conversion tool), Wishlist (saved and shared cart), Yotpo (management of customer reviews).

 

  • We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

 

 

b) Data sharing with other recipients

We may also share your personal data with: 

  • Popsockets group companies, including PopSockets LLC  (US), PopSockets Europe B.V.  (Netherlands), PopSockets EMEA Oy (Finland), PopSockets Pte. Ltd. (Singapore), PopSockets Japan Kabushiki Kaisha (PopSockets Japan K.K.)  (Japan), PopSockets Korea LLC (Korea), PopSockets Hong Kong Limited (Hong Kong); 

 

  • our accountants, auditors, lawyers or similar advisers when we ask them to provide us with professional advice; 

 

  • any other third party if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect our rights, property and/or safety of our personnel and others; 

 

  • any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a court order or acting in accordance with an applicable law or regulation; or 

 

  • investors and other relevant third parties in the event of an potential sale or other corporate transaction related to PopSockets.

 

SECTION 4 - LINKS

 

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

 

SECTION 5 – LOCATION OF PERSONAL DATA

 

As mentioned above, your personal data are stored on Salesforce's servers. As part of its service, Salesforce may transfer your personal data to other regions, including to Canada and the United States. In order to ensure that your personal data is protected when transferred out of the EEA, Salesforce relies on the EU-U.S. Privacy Shield, as well as inter-company agreements between its various affiliates that may process your personal data on behalf of Salesforce. Salesforce is responsible for all onward transfers of personal information to third parties. Please read Salesforce Privacy Policy for more information: https://www.salesforce.com/company/privacy/

Your personal data can also be processed by other service providers listed above at Section 3 that may not be located in the EEA. Please note that to make sure your personal data are stored securely and protected, we concluded with each of these service providers an agreement compliant with article 28 of the General Data Protection Regulation ((EU) 216/679) and incorporating EU-Commission’s Standard Contractual Clauses. 

 

SECTION 6 – RETENTION PERIOD

 

We will keep your personal data for as long as we need it to provide you with your requested service(s) or to meet our commercial or legal obligations.

To determine the retention period of your personal data, we consider several criteria to make sure that we do not keep your personal data for long than is necessary or appropriate. These criteria include:

  • The purpose for which we hold your personal data;
  • Our legal and regulatory obligations in relation to that personal data, for example any financial reporting obligations;
  • Any specific requests from you in relation to the deletion of your personal data; and
  • Our legitimate business interests in relation to managing our own rights, for example the defence of any claims.

When we no longer need to retain your personal data, it will be deleted or be anonymised so that you can no longer be identified from it.

 

SECTION 7 - SECURITY

 

To protect your personal data, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. 

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

 

SECTION 8 - CHILDREN

 

We do not knowingly solicit or collect personal data from children below the age of 15. If we discover that we have unintentionally collected personal data from a child below 15, we will remove that child’s personal data from our records promptly.

 

SECTION 9 - CHANGES TO THIS PRIVACY STATEMENT

 

We reserve the right to modify this Privacy Statement at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this Privacy Statement, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 

 

SECTION 10 – YOUR RIGHTS

 

The following section explains your rights that you may exercise. The various rights are not absolute and each is subject to certain exceptions or qualifications in accordance with applicable data protection legislation. 

  • • The right of access – you have the right to obtain from us confirmation as to whether or not your personal data is being processed by us, and about certain other information (similar to that provided in this Privacy Statement) about how it is used. You also have the right to access your personal data, by requesting a copy of the personal data concerning you. This is so you are aware and can check that we are using your information in accordance with data protection law. We can refuse to provide information where to do so may reveal personal data about another person or would otherwise negatively impact another person's rights. 

 

  • • The right to rectification – you can ask us to take measures to correct your personal data if it is inaccurate or incomplete (e.g., if we have the wrong name or address for you). 

 

  • • The right to erasure – this right enables you to request the deletion or removal of your personal data where, for example, there is no compelling reason for us to keep using it or its use is unlawful. 

 

  • • The right to restrict processing – you have the right to ‘block’ or suppress the further use of your personal data when we are assessing a request for rectification or as an alternative to erasure. When processing is restricted, we can still store your personal data, but may not use it further. 

 

  • • The right to data portability – you have the right to obtain and reuse certain personal data for your own purposes across different organisations (being separate data controllers). This only applies to your personal data that you have provided to us that we are processing with your consent and for the purposes of contract fulfilment, which is being processed by automated means. In such a case we will provide you with a copy of your data in a structured, commonly used and machine-readable format or (where technically feasible) we may transmit your data directly to a separate data controller. 

 

  • • The right to object – you have the right to object to certain types of processing, on grounds relating to your particular situation. We will be allowed to continue to process the personal data if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or we need this for the establishment, exercise or defence of legal claims. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for such purposes. 

 

  • • The right to provide us with directives regarding the use of your personal data after your death – if you are a resident of France, you have the right to provide us with instructions on the management (e.g., retention, erasure and disclosure) of your personal data after your death. You can change or revoke your instructions at any time.

 

QUESTIONS AND CONTACT INFORMATION

 

If you want to exercise your rights  or simply want more information please contact us at gdpr@popsockets.com or by mail at 

PopSockets LLC

1426 Pearl Street, Suite 400, Boulder, CO 80302, USA 

Before assessing your request, we may request additional information in order to identify you.  If you do not provide the requested information and, as a result, we are not in a position to identify you, we may refuse to action your request.

If you are not satisfied with our response to your complaint or believe our processing of your personal data does not comply with data protection law, you can file a complaint to the relevant data protection authority.