Privacy Policy – Website, SaaS platform and Mobile Application

We are E-Search DAC, an Irish incorporated company trading as “Poppulo” (“we”, “us”, “our”) and we are located at 5100 Cork Airport Business Park, Cork, T12 YE28, Ireland.

Poppulo is registered as a data processor with the Information Commissioner’s Office in the UK, and the Data Protection Commissioner in Ireland.

We take our responsibilities under applicable data protection law, including the EU General Data Protection Regulation and implementing legislation such as the Data Protection Act 2018, very seriously. The purpose of this Privacy Policy is to inform you of the data relating to you that we collect and use in connection with this website and the uses (including disclosures to third parties) we make of such data.

For the purposes of the GDPR, we are a data controller in respect of personal information collected through our website and any social media accounts such as Facebook, any blogs etc that post a link to this Privacy Policy, and, a data processor for information collected through our SaaS website platform and/or mobile application.

This Privacy Policy applies to the personal information shared or stored by people who interact with our company website situated at www.poppulo.com and it also applies to anybody who interacts with our Software as a Service (SaaS) platform website and/or our mobile application.

By visiting our website(s), and/or signing up to receive communications sent through Poppulo’s SaaS platform and/or mobile application, you are accepting the terms of this Privacy Policy. You are therefore encouraged to read this policy before using or submitting information to Poppulo.

1) Your rights, processing, data collection and use of personal data

Your Rights

You have the following legal rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:

  • Right to access the data– You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data
  • Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete
  • Right to erasure– You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the “right to be forgotten”
  • Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes
  • Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format

You also have the right to lodge a complaint with the Irish Data Protection Commission if you are not happy with the way we have used your information or addressed your rights. Details of how to lodge a complaint can be found at on the Data Protection Commissioner website or you can call the Data Protection Commissioner at 353 (0)761 104 800. However, before deciding to proceed with this option, we would appreciate if you contacted our Data Protection Officer, Dan Egan, as we would welcome an opportunity to discuss any issues you may have in relation to your personal data.

If you wish to exercise any of the above rights, then please do not hesitate to contact us using the contact details provided at the end of this Privacy Policy.

Processing

We will use personal data relating to you for the purposes of:

  • dealing with any queries that you have submitted to us via our website or our SaaS platform/mobile application
  • processing applications and transactions submitted through our website or our SaaS platform/mobile application
  • improving and developing our website and the services provided on our SaaS platform/mobile application
  • carrying out research and user surveys
  • sending you promotional and marketing materials, subject to any preferences that you express when we collect your contact details or subsequently. You can opt out of receiving promotional and marketing materials from us at any time, including by contacting privacy@poppulo.com
  • generating and analyzing statistics regarding usage of our website and SaaS platform, including the frequency of use of individual pages (where possible, personal data will be anonymized before being used for this purpose)
  • fraud prevention, investigation and detection
  • establishing, exercising or defending legal claims
  • providing information to our professional advisors

The legal bases on which we process your personal data are as more particularly set out below.

  • our legitimate interests in conducting our business, being the delivery of emailed newsletters
  • compliance with a legal or regulatory obligation that applies to us
  • the performance of a contract with you or in order to take steps at your request prior to entering into a contract

Browsing our website

As an anonymous visitor to our website we collect no personally identifiable information about you, apart from information which you volunteer (please see more on this in the next section below).

We use temporary third party Google Analytics or HubSpot cookies to collect an anonymous record of your site page views and to recognize return visits (also anonymously) using a unique cookie that Google Analytics or HubSpot stores in your browser.

We use the collected page-view information to understand how visitors use the website and to help us improve access to its information and functionality.

Submitting website forms

We have a number of (entirely optional) data collection forms on the company website. These include the forms used by customers to “Book a Live Demo” or for example the “Contact Us” form. If you submit your details on the Request a Free Trial form, Book a Demo form, Contact Us form, or any other similar form we may implement in the future, we will save your personal details in our Customer Relationship Management (CRM) database.

We also record this activity with a temporary third party Google Analytics or Hubspot cookies to provide a best estimate of where you came from before you visited the Poppulo website e.g. a Google advertisement, Ad-campaign, a search listing, or an external link to our site.

When you register for a Free Trial via that form, we ask you to choose a password, and we then record an encrypted copy of this. We do not know your password, and it is entirely your responsibility to keep it secret and to ensure your account is accessed only by authorized individuals.

Other information submitted via the Free Trial form will be stored in our CRM system, and used by our sales or support people to make contact in relation to your request for a demo, trial or other inquiry. We may use your information to contact you again in future if we believe we have an offer that may be relevant to you. We may also analyze collected contact information in aggregate form to better inform our future marketing efforts. We record your origin to allow us analyze the effectiveness of our marketing and search engine optimisation efforts.

Subscribing to communications

We have a number of (entirely optional) subscription forms on our company website. These include, for example, subscribing to a newsletter which we call the “Business of Email”. When you subscribe to the Business of Email we record and save your email address, whether you are a customer or prospective customer, in addition to your format preference. This data is used only to enable us to send you a bi-monthly issue of the newsletter in your preferred format.

Poppulo tracks email ‘opens’ using an invisible 1×1 pixel- unique image that is placed in each email sent by

our system i.e. not a cookie. These 1×1 pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. We may use this information to reduce or eliminate messages sent to customers. We use temporary session cookies in microsites, which are necessary for the operation of the system.

If you receive the HTML formatted version of the newsletter and your email client is configured to download images, we will be notified each time you open the email, and this information will be saved with your subscriber record. We also record your clicks on links in the newsletter and in the companion website with your subscriber record.

Issues of our newsletter may carry a survey and if you respond your answers are saved with your subscriber record and are used to prevent multiple entries by an individual. We use the stored open, click and survey information in aggregated form to give us an indication of the popularity of the content and to help us make decisions about future content and formatting. We may also use the information to publish more relevant content to individual newsletter readers in future issues.

You may cease receiving our newsletters at any time by using the “unsubscribe” link included in every issue sent. Your email address may be retained to ensure you no longer receive communications, unless you choose to actively re-subscribe.

Commenting on our blog

When you comment on our blog cookies are sometimes used, which means that, for example, you won’t need to retype all your information when you want to leave another comment.

Registering and Using our SaaS platform/Mobile Application

Poppulo provides customers with a platform and a mobile application that supports a number of internal (employee) and external (marketing) communications requirements. This platform is not part of our company website. Poppulo serves as a data processor for the customers who use these applications. As such, except where we are a customer user of our own platform, Poppulo does not control or own the information submitted to this platform. The information that is submitted to this platform is instead subject to our customer’s own privacy policies. You are entirely responsible for ensuring that you have all appropriate permissions from your own customers in order to collect and process their personal data and, as appropriate to the services being used, engage in marketing activities with them and accordingly, we have absolutely no liability or responsibility (or indeed, no direct contractual link) whatsoever arising from our processing of that data on your behalf.

You are not under a statutory or contractual obligation to provide us with any personal data. However, where you sign up a trial account (or contact us, or sign up for our newsletter) we will ask you to provide certain information, such as your name and email address. If you do not provide this information, we may not be in a position to process your request.

When you begin to use such a trial account, you may upload data to the Poppulo application in the form of subscriber lists and newsletter content to be published to your subscribers. All this data remains entirely yours and is only stored and processed by Poppulo for the purposes of providing a newsletter publishing service to you. Note that the data lists and content you upload and your use of our software are entirely subject to our Anti-spam and Terms and Conditions of Use policies respectively.

If you later wish to become a paying client of Poppulo, we will request sufficient additional contact and other information such as billing details from you to allow us provide a contract-based service to you. This information will be used solely to enable the provision of our email newsletter publishing service to you.

When you use the Poppulo system, we record a log of all significant actions taken by you while logged in, together with related information such as browser and OS type, and IP address. We use this information to estimate system load, and to plan for system and product enhancements. The information can also be used to allow us investigate incidents such as those involving compromised login credentials.

Poppulo, as the data processor, maintains only the personal information which its customers have asked Poppulo to process. As noted above, it is your responsibility to ensure that the customer data you collect can be legally collected. You are responsible for providing your employees, users and other data subjects the appropriate level of notification that personal information is being collected and stored and for receiving the appropriate permissions from them as required under all applicable legislation.

On the question of transfer of data, we would note that Poppulo is a global organization with operations in several countries and its HQ in Ireland. We have developed global data practices designed to ensure personal information is appropriately protected. Poppulo’s data center and support facilities are in the European Economic Area (EEA) and United States of America (USA). Customer data, including personal information, may be accessed by Poppulo support agents in facilities in the EEA or USA. Poppulo does directly not share, transfer or disclose personal information to other countries, and does not transfer personal information to third parties. In the event this did occur, Poppulo would ensure that any such party had agreed to abide by the principles of Poppulo’s privacy policy and would be able to provide assurances that adequate protection of personal information would be provided in line with all applicable GDPR measures.

2) Data storage, sharing, rectification

Personal information, such as collected on our company website, is securely stored in our servers and the servers of selected third-parties (like Google and Hubspot). We will never share personal information with other third parties, except where we are required to do so by law or for fraud prevention, investigation and detection, or, for establishing, exercising or defending legal claims.

We will not hold your personal data for longer than is necessary. We shall retain your personal data for as long as we need it for the purposes described in this privacy policy, or to comply with our obligations under applicable law, or, to provide you with our services, and, if relevant, to deal with any claim or dispute that might arise between you and us.

We and our providers employ industry-accepted levels of security on all data storage and transmission. This includes the use of HTTPS/TLS (Transport Layer Security encryption) when interacting with secure areas of our website, and SMTP/TLS (email encryption) when interacting via email. Personal information stored on any portable media (for example portable backup media or laptops) is subject to encryption (Full Disk Encryption).

Your contact, billing and other details will never be shared or stored with third parties, except where we are legally obliged to do so, or where we make use of an external service to operate some aspect of our business, such as credit card processing, or CRM. In such instances, the storage of your data on third party systems will be solely for the purpose of operating our business to provide you with the contracted service, and never for the direct benefit of the third party, who will never have any other right of use to your data.

Where we make use of an external service in this way, we will require the same commitment to the protection of your data as we ourselves implement.

You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information to make it complete.

In addition, and as also previously noted, you have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.

3) Data access and data portability

You may request a copy of any personal information we may hold about you. You can do this by using the contact details at the end of this policy. You may request that any incorrect data be amended, or alter your communications preferences at any time. Your requests for this type of access or amendment will be subject to the relevant data protection legislation.

In addition, and as also previously noted, on the question of your right to data portability, you have the absolute right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine-readable format.

4) Data control and right to be forgotten

Your contact data is an asset of our business. If Poppulo were to be acquired, or in the unlikely event of Poppulo going out of business, control of your data could transfer to a third party. Your data would remain subject to the terms as set out in our privacy policy at the time of the transaction, until such time as you were notified of any change by the new controller or processor. Your rights to access and/or to have your data corrected would be unaffected.

As noted previously, you have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the “right to be forgotten”.

5) Data privacy policy changes

We reserve the right to make changes to this Privacy Policy and any such changes will be posted on our website 30 days prior to such changes becoming effective. Where we propose to make changes to how we collect, use or disclose personal information that could reduce the privacy of its owner in any way, we will notify all persons potentially affected (typically via email), with an opportunity to opt out of such use. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices.

6) Policy questions

If you have any queries about our Privacy Policy, or about Poppulo’s overall approach to the privacy of your personal information, or indeed, any complaint in connection with our processing of your personal data then you can contact us as follows:

Email:
Phone:
Fax:
Or post:
privacy@poppulo.com
+353 21 242 7277
+353 21 458 0462
Dan Egan
Data Protection Officer
Poppulo, 5100 Cork Airport Business Park
Cork
T12 YE28
Ireland

Last updated: November 2018