PopID, Inc. (“PopID,” “we,” “us,” “our”) makes reasonable efforts to protect the privacy of your personal information. This Privacy Policy was created to demonstrate our commitment to fair information practices. This Privacy Policy covers PopID’s use of personal information that we collect in the normal course of our business, when you use our corporate website (www.popid.com) and when you otherwise interact with us, including when you create an account and contact us for support (collectively, the “Services”).

In addition to covering how we collect, use, disclose, transfer, and store your information, this policy also discloses our purpose and lawful basis for processing your information, and your related rights. Our legal basis for collecting and using personal information will depend on the personal information concerned and the specific context in which we collect it. In most cases, the lawful basis will be that the processing:  (i) is necessary for our legitimate interests in carrying out our business with you, including connecting you to customer accounts and loyalty programs, making payments, and obtaining physical entry into structures, provided those interests are not outweighed by your rights and interests, or (ii) is necessary to perform a contract with you. Where processing is based on your consent, we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent. If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

PopID may update this Privacy Policy from time to time. In the event we make any material changes to this Privacy Policy, we will notify you by email or by posting the revised policy on our corporate website (www.popid.com). When we update this Privacy Policy, we will note the date the most recent revision was posted below, at the end of the policy. Any revisions will become effective upon (7) calendar days following such posting on our corporate websites.

1. Definitions

In this policy the following words have the following meanings:

“Data Protection Laws” means any Applicable Law relating to the processing, privacy, and use of Personal Data, including (a) in the United Kingdom, (i) the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426, and any laws or regulations implementing Directive 95/46/EC (Data Protection Directive) or Directive 2002/58/EC (ePrivacy Directive); and/or (ii) the General Data Protection Regulation (EU) 2016/679 (GDPR), and/or any corresponding or equivalent national laws or regulations (Revised UK DP Law) (b) in member states of the European Union, the Data Protection Directive or the GDPR, once applicable, and the ePrivacy Directive, and all relevant member state laws or regulations giving effect to or corresponding with any of them; and (c) any judicial or administrative interpretation of any of the above, any guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued by any relevant Supervisory Authority;

“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and where referred to in this policy includes special categories of Personal Data.

2. Information we collect from you

Depending on the context in which you interact with us, PopID may collect or receive the following information:

1. Account and Profile Information: This includes information you provide when you create an account, contact support, and may include name, email address, phone number, address, company name, state, country, biometric identifiers, and biometric information and vectors.
2. Service Information: When you use our Services, we receive information generated through the use of the Services, either entered by you or others who use the Services, or from the Services infrastructure itself. This information may include, but is not limited to, name, username, company/organization, company/organization address, email address, phone number, IP address, MAC address, latitude, longitude, device name(s), device ID(s), and directory ID or other information you place within the Services.
3. Performance and Usage Data: We may collect statistical, usage, configuration, and performance data of the Services to monitor the performance, integrity, and stability of the Services. Further, we may use and disclose this information for any purpose, provided that such data is first de-identified.
4. Financial Information:

1. If you are a merchant, as part of your business relationship with us, we may receive financial about you such as your date of birth and government identifiers associated with you and your organization (such as your social security number, tax number, or Employer Identification Number).
2. If you are a user, when you make payments or conduct transactions through a PopID merchant we will receive your transaction information. Depending on how the PopID implements our Services, we may receive this information directly from you, or from the PopID merchant or third parties. The information that we collect will include payment method information (such as credit or debit card number, or bank account information), purchase amount, date of purchase, and payment method. Different payment methods may require the collection of different categories of information.

5. Information from Third Parties: We receive information from third party business partners such as the contact details of prospects and sales leads. In addition, we collect information from public databases or other data you may have made publicly available, such as information posted on professional networks and social media platforms.
6. Location Information: Some of our Services collect general location information based on IP address. This information is used to customize the services provided to you, such as location-based information of specific managed devices. Location information is only viewable by the end user. We do not use, disclose, or sell location information for the purposes of providing targeted marketing or advertisements.

The technologies we use for automatic data collection may include:

1. Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
2. Flash Cookies. Certain features of our website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our website. Flash cookies are not managed by the same browser settings as are used for browser cookies.

3. Information we collect from children

The Children's Online Privacy Protection Act of 1998 and its rules (collectively, "COPPA") require us to inform parents and legal guardians (as used in this policy, "parents") about our practices for collecting, using, and disclosing personal information from children under the age of 13 ("children"). COPPA and the GDPR also require us to obtain verifiable consent from a child's parent for certain collection, use, and disclosure of the child's personal information. We do not collect any personal identifiable information from children. At any time, you or the parents may review the child's personal information maintained by us, require us to correct or delete the personal information, and/or refuse to permit us from further collecting or using the child's information by logging into the child’s account or contacting us as indicated in the Contact section of this Policy.

4. Use of collected information.

1. We will only use your Personal Data to the extent the law allows us to do so. Under the GDPR we rely on the following legal bases for processing your Personal Data:

1. where you have given us your consent;
2. where it is necessary to perform a contract we have entered into or are about to enter into with you; and
3. where it is necessary for the purposes of our legitimate interests (or those of a third party) and your interests or fundamental rights and freedoms do not override those interests.

2. We use information held about you in the following ways:

1. processing of an enquiry received from you; and
2. processing a request for further information or in response to you expressing an interest in one or more of our products or services.

3. We will use information you give to us:

1. to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
2. to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about;
3. to provide you with information about services related to your enquiry;
4. to notify you about changes to the Services; and
5. to ensure that content from our site is presented in the most effective manner for you and for your computer.

4. We will use information we collect about you:

1. to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
2. to improve our site to ensure that content is presented in the most effective manner for you and for your computer; and
3. as part of our efforts to keep our site safe and secure.

5. We may combine information we receive from other sources with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).

5. Disclosure of your information

1. You agree that we have the right to share your Personal Data with:

1. Businesses that the consumer elects to use PopID to authenticate identity; and
2. Analytics and search engine providers that assist us in the improvement and optimization of our site.

2. We will not disclose your personal information to third parties except:

1. In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets.
2. If PopID or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.
3. If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce other agreements; or to protect the rights, property, or safety of PopID, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

6. Where we store your Personal Data

1. All information you provide to us is stored on our secure servers.
2. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

7. Retention of Personal Data

1. We will only retain your Personal Data for as long as necessary to fulfill the purposes for which we collected your Personal Data.
2. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of that Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

8. Your rights under GDPR.  Under certain circumstances, you have the right to:

1. Request access to your Personal Data (commonly known as a “subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
2. Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
3. Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data in certain circumstances.
4. Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
5. Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
6. Request the transfer of your Personal Data to another party.

1. If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please contact us as indicated in the Contact section of this Policy.
2. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any Personal Data to these websites.

11. To exercise any of the above rights, you can contact PopID using the information in Section 14 below. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

---

9. Privacy Shield Frameworks for EU, United Kingdom, and Swiss Citizens

PopID complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (including Iceland, Liechtenstein, and Norway), the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield. PopID has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, PopID is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

1. Pursuant to the Privacy Shield Frameworks, the EU, United Kingdom, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you.  You may also may correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to info@popid.com. If requested to remove data, we will respond within a reasonable timeframe.
2. We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to info@popid.com.
3. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
4. PopID’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, PopID remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless PopID proves that it is not responsible for the event giving rise to the damage.
5. In compliance with the Privacy Shield Principles, PopID commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints should first contact us by email at info@popid.com, or using the mailing address listed below.
6. PopID has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of charge to you.  If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

.

10. Non-EU/Non-United Kingdom/Non-Switzerland Citizens

PopID commits to resolve complaints about your privacy and our collection or use of your personal information. Non-EU/Non-United Kingdom/Non-Switzerland citizens with inquiries or complaints regarding this privacy policy please contact us as indicated in the Contact section of this Policy.

11. Agreement to Arbitrate 

In the event of a dispute between you and PopID arising under or relating to the Privacy Policy, either party may choose to resolve the dispute by binding arbitration, as described below, instead of in court (the “Arbitration Agreement”). Under certain conditions, more fully described on the Privacy Shield website, if applicable to you, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. Any claim (except for a claim challenging the validity or enforceability of this arbitration agreement, including the Class Action Waiver) may be resolved by binding arbitration if either side requests it. THIS MEANS IF EITHER YOU OR POPID CHOOSE ARBITRATION, NEITHER PARTY SHALL HAVE THE RIGHT TO LITIGATE SUCH CLAIM IN COURT OR TO HAVE A JURY TRIAL. ALSO DISCOVERY AND APPEAL RIGHTS ARE LIMITED IN ARBITRATION.

12. Class Action Waiver 

ARBITRATION MUST BE ON AN INDIVIDUAL BASIS. THIS MEANS NEITHER YOU NOR POPID MAY JOIN OR CONSOLIDATE CLAIMS IN ARBITRATION BY OR AGAINST OTHER INTERESTED PARTIES, OR LITIGATE IN COURT OR ARBITRATE ANY CLAIMS AS A REPRESENTATIVE OR MEMBER OF A CLASS OR IN A PRIVATE ATTORNEY GENERAL CAPACITY.

13. Governing Law and Rules for Arbitration.

The Arbitration Agreement is governed by the Federal Arbitration Act (FAA). Arbitration must proceed only with the American Arbitration Association (AAA) or Judicial Arbitration and Mediation Services (JAMS). The rules for the arbitration will be the procedures of the chosen arbitration organization. If the organization’s procedures change after the claim is filed, the procedures in effect when the claim was filed will apply. Arbitration hearings will take place in Minnesota. A single arbitrator will be appointed. The arbitrator must:

• Follow all applicable substantive law, except when contradicted by the FAA;
• Follow applicable statutes of limitations;
• Honor valid claims of privilege; and
• Issue a written decision including the reasons for the award.

The arbitrator’s decision will be final and binding except for any review allowed by the FAA. However, if more than $100,000 was genuinely in dispute, then either you or PopID may choose to appeal to a new panel of three arbitrators. The appellate panel is completely free to accept or reject the entire original award or any part of it. The appeal must be filed with the arbitration organization not later than 30 days after the original award issues. The appealing party pays all appellate costs unless the appellate panel determines otherwise as part of its award. Any arbitration award may be enforced (such as through a judgment) in any court with jurisdiction.

14. Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to us at:

PopID, Inc.

Attn: John Miller

6800 Owensmouth Avenue

Suite 350

Canoga Park CA 91303

E-mail:  info@popid.com

Dated:  June 11th, 2020