Privacy Policy
PopID, Inc. (“PopID,” “we,” “us,” “our”) makes reasonable efforts to protect the privacy
of your personal information. This Privacy Policy was created to demonstrate our
commitment to fair information practices. This Privacy Policy covers PopID’s use of
personal information that we collect in the normal course of our business, when you use
our corporate website (www.popid.com) and when you otherwise interact with us, including
when you create an account and contact us for support (collectively, the “Services”).
In addition to covering how we collect, use, disclose, transfer, and store your
information, this policy also discloses our purpose and lawful basis for processing your
information, and your related rights. Our legal basis for collecting and using personal
information will depend on the personal information concerned and the specific context in
which we collect it. In most cases, the lawful basis will be that the processing:
(i) is necessary for our legitimate interests in carrying out our business with you,
including connecting you to customer accounts and loyalty programs, making payments, and
obtaining physical entry into structures, provided those interests are not outweighed by
your rights and interests, or (ii) is necessary to perform a contract with you. Where
processing is based on your consent, we will identify the processing purposes and provide
you with relevant information to make the processing fair and transparent. If you have
consented to our use of information about you for a specific purpose, you have the right
to change your mind at any time, but this will not affect any processing that has already
taken place.
PopID may update this Privacy Policy from time to time. In the event we make any material
changes to this Privacy Policy, we will notify you by email or by posting the revised
policy on our corporate website (www.popid.com). When we update this Privacy Policy, we
will note the date the most recent revision was posted below, at the end of the policy.
Any revisions will become effective upon (7) calendar days following such posting on our
corporate websites.
- Definitions
In this policy the following words have the following meanings:
“Data Protection Laws” means any Applicable Law relating to the processing, privacy,
and use of Personal Data, including (a) in the United Kingdom, (i) the Data Protection Act
1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI
2003/2426, and any laws or regulations implementing Directive 95/46/EC (Data Protection
Directive) or Directive 2002/58/EC (ePrivacy Directive); and/or (ii) the General Data
Protection Regulation (EU) 2016/679 (GDPR), and/or any corresponding or equivalent
national laws or regulations (Revised UK DP Law) (b) in member states of the European
Union, the Data Protection Directive or the GDPR, once applicable, and the ePrivacy
Directive, and all relevant member state laws or regulations giving effect to or
corresponding with any of them; and (c) any judicial or administrative interpretation of
any of the above, any guidance, guidelines, codes of practice, approved codes of conduct
or approved certification mechanisms issued by any relevant Supervisory Authority;
“Personal Data” means any information relating to an identified or identifiable
natural person (“Data Subject”); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an identifier such as a
name, an identification number, location data, an online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic, cultural or
social identity of that natural person and where referred to in this policy includes
special categories of Personal Data.
- Information we collect from you
Depending on the context in which you interact with us, PopID may collect or receive the
following information:
-
Account and Profile Information: This includes information you provide when you
create an account, contact support, and may include name, email address, phone number,
address, company name, state, country, biometric identifiers, and biometric
information and vectors.
-
Service Information: When you use our Services, we receive information generated
through the use of the Services, either entered by you or others who use the Services,
or from the Services infrastructure itself. This information may include, but is not
limited to, name, username, company/organization, company/organization address, email
address, phone number, IP address, MAC address, latitude, longitude, device name(s),
device ID(s), and directory ID or other information you place within the Services.
-
Performance and Usage Data: We may collect statistical, usage, configuration, and
performance data of the Services to monitor the performance, integrity, and stability
of the Services. Further, we may use and disclose this information for any purpose,
provided that such data is first de-identified.
- Financial Information:
-
If you are a merchant, as part of your business relationship with us, we may receive
financial about you such as your date of birth and government identifiers associated
with you and your organization (such as your social security number, tax number, or
Employer Identification Number).
-
If you are a user, when you make payments or conduct transactions through a PopID
merchant we will receive your transaction information. Depending on how the PopID
implements our Services, we may receive this information directly from you, or from
the PopID merchant or third parties. The information that we collect will include
payment method information (such as credit or debit card number, or bank account
information), purchase amount, date of purchase, and payment method. Different payment
methods may require the collection of different categories of information.
-
Information from Third Parties: We receive information from third party business
partners such as the contact details of prospects and sales leads. In addition, we
collect information from public databases or other data you may have made publicly
available, such as information posted on professional networks and social media
platforms.
-
Location Information: Some of our Services collect general location information based
on IP address. This information is used to customize the services provided to you,
such as location-based information of specific managed devices. Location information
is only viewable by the end user. We do not use, disclose, or sell location
information for the purposes of providing targeted marketing or advertisements.
The technologies we use for automatic data collection may include:
-
Cookies (or browser cookies). A cookie is a small file placed on the hard drive
of your computer. You may refuse to accept browser cookies by activating the
appropriate setting on your browser. However, if you select this setting you may be
unable to access certain parts of our website. Unless you have adjusted your browser
setting so that it will refuse cookies, our system will issue cookies when you direct
your browser to our website.
-
Flash Cookies. Certain features of our website may use local stored objects (or
Flash cookies) to collect and store information about your preferences and navigation
to, from, and on our website. Flash cookies are not managed by the same browser
settings as are used for browser cookies.
- Information we collect from children
The Children's Online Privacy Protection Act of 1998 and its rules (collectively,
"COPPA") require us to inform parents and legal guardians (as used in this
policy, "parents") about our practices for collecting, using, and disclosing
personal information from children under the age of 13 ("children"). COPPA and
the GDPR also require us to obtain verifiable consent from a child's parent for certain
collection, use, and disclosure of the child's personal information. We do not collect
any personal identifiable information from children. At any time, you or the parents may
review the child's personal information maintained by us, require us to correct or
delete the personal information, and/or refuse to permit us from further collecting or
using the child's information by logging into the child’s account or contacting us as
indicated in the Contact section of this Policy.
- Use of collected information.
-
We will only use your Personal Data to the extent the law allows us to do so. Under
the GDPR we rely on the following legal bases for processing your Personal Data:
- where you have given us your consent;
-
where it is necessary to perform a contract we have entered into or are about to
enter into with you; and
-
where it is necessary for the purposes of our legitimate interests (or those of a
third party) and your interests or fundamental rights and freedoms do not override
those interests.
-
We use information held about you in the following ways:
- processing of an enquiry received from you; and
-
processing a request for further information or in response to you expressing an
interest in one or more of our products or services.
- We will use information you give to us:
-
to carry out our obligations arising from any contracts entered into between you and
us and to provide you with the information, products and services that you request
from us;
-
to provide you with information about other services we offer that are similar to
those that you have already purchased or enquired about;
-
to provide you with information about services related to your enquiry;
- to notify you about changes to the Services; and
-
to ensure that content from our site is presented in the most effective manner for
you and for your computer.
- We will use information we collect about you:
-
to administer our site and for internal operations, including troubleshooting, data
analysis, testing, research, statistical and survey purposes;
-
to improve our site to ensure that content is presented in the most effective manner
for you and for your computer; and
-
as part of our efforts to keep our site safe and secure.
-
We may combine information we receive from other sources with information you give to
us and information we collect about you. We will use this information and the combined
information for the purposes set out above (depending on the types of information we
receive).
- Disclosure of your information
-
You agree that we have the right to share your Personal Data with:
-
Businesses that the consumer elects to use PopID to authenticate identity; and
-
Analytics and search engine providers that assist us in the improvement and
optimization of our site.
-
We will not disclose your personal information to third parties except:
-
In the event that we sell or buy any business or assets, in which case we will disclose
your Personal Data to the prospective seller or buyer of such business or assets
-
If PopID or substantially all of its assets are acquired by a third party, in which
case Personal Data held by it about its customers will be one of the transferred assets.
-
If we are under a duty to disclose or share your Personal Data in order to comply with
any legal obligation, or in order to enforce other agreements; or to protect the rights,
property, or safety of PopID, our customers, or others. This includes exchanging
information with other companies and organizations for the purposes of fraud protection
and credit risk reduction.
- Data obtained through the short code program will not be shared with any third-parties
for their marketing reasons/purposes
- Where we store your Personal Data
-
All information you provide to us is stored on our secure servers.
-
Unfortunately, the transmission of information via the Internet is not completely
secure. Although we will do our best to protect your Personal Data, we cannot
guarantee the security of your data transmitted to our site; any transmission is at
your own risk. Once we have received your information, we will use strict procedures
and security features to try to prevent unauthorized access.
- Retention of Personal Data
-
We will only retain your Personal Data for as long as necessary
to fulfill the purposes for which we collected your Personal Data.
-
To determine the appropriate retention period for Personal Data, we consider the
amount, nature, and sensitivity of the Personal Data, the potential risk of harm from
unauthorized use or disclosure of that Personal Data, the purposes for which we
process your Personal Data and whether we can achieve those purposes through other
means, and the applicable legal requirements.
-
Your rights under GDPR. Under certain circumstances, you have the right to:
-
Request access to your Personal Data (commonly known as a “subject access
request”). This enables you to receive a copy of the Personal Data we hold about you
and to check that we are lawfully processing it.
-
Request correction of the Personal Data that we hold about you. This enables you
to have any incomplete or inaccurate information we hold about you corrected.
-
Request erasure of your Personal Data. This enables you to ask us to delete or
remove Personal Data where there is no good reason for us continuing to process it.
You also have the right to ask us to delete or remove your Personal Data in certain
circumstances.
-
Object to processing of your Personal Data where we are relying on a legitimate
interest (or those of a third party) and there is something about your particular
situation which makes you want to object to processing on this ground.
-
Request the restriction of processing of your Personal Data. This enables you to
ask us to suspend the processing of Personal Data about you, for example if
you want us to establish its accuracy or the reason for processing it.
-
Request the transfer of your Personal Data to another party.
-
If you want to review, verify, correct or request erasure of your Personal Data,
object to the processing of your Personal Data, or request that we transfer a copy of
your Personal Data to another party, please contact us as indicated in the Contact
section of this Policy.
-
Our site may, from time to time, contain links to and from the websites of our
partner networks, advertisers and affiliates. If you follow a link to any of
these websites, please note that these websites have their own privacy policies and
that we do not accept any responsibility or liability for these policies. Please
check these policies before you submit any Personal Data to these websites.
-
To exercise any of the above rights, you can contact PopID using the information in
Section 14 below. You may also have the right to make a GDPR complaint to the relevant
Supervisory Authority. A list of Supervisory Authorities is available
here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
-
Privacy Shield Frameworks for EU, United Kingdom, and Swiss Citizens
PopID complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield
Framework as set forth by the US Department of Commerce regarding the collection, use,
and retention of personal information from European Union member countries (including
Iceland, Liechtenstein, and Norway), the United Kingdom, and Switzerland transferred to
the United States pursuant to Privacy Shield. PopID has certified that it adheres to the
Privacy Shield Principles with respect to such data. If there is any conflict between
the policies in this privacy policy and data subject rights under the Privacy Shield
Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy
Shield program, and to view our certification page, please
visit https://www.privacyshield.gov/
With respect to personal data received or transferred pursuant to the Privacy Shield
Frameworks, PopID is subject to the regulatory enforcement powers of the U.S. Federal
Trade Commission.
-
Pursuant to the Privacy Shield Frameworks, the EU, United Kingdom, and Swiss
individuals have the right to obtain our confirmation of whether we maintain personal
information relating to you in the United States. Upon request, we will provide you with
access to the personal information that we hold about you. You may also may
correct, amend, or delete the personal information we hold about you. An
individual who seeks access, or who seeks to correct, amend, or delete inaccurate data
transferred to the United States under Privacy Shield, should direct their query
to [email protected]. If requested to remove data, we will respond within a
reasonable timeframe.
-
We will provide an individual opt-out or opt-in choice before we share your data with
third parties other than our agents, or before we use it for a purpose other than which
it was originally collected or subsequently authorized. To request to limit the use and
disclosure of your personal information, please submit a written request to [email protected]
-
In certain situations, we may be required to disclose Personal Data in response to
lawful requests by public authorities, including to meet national security or law
enforcement requirements.
-
PopID’s accountability for personal data that it receives in the United States under
the Privacy Shield and subsequently transfers to a third party is described in the
Privacy Shield Principles. In particular, PopID remains responsible and liable under the
Privacy Shield Principles if third-party agents that it engages to process the personal
data on its behalf do so in a manner inconsistent with the Principles, unless PopID
proves that it is not responsible for the event giving rise to the damage.
-
In compliance with the Privacy Shield Principles, PopID commits to resolve complaints
about your privacy and our collection or use of your personal information transferred to
the United States pursuant to Privacy Shield. European Union, United Kingdom, and Swiss
individuals with Privacy Shield inquiries or complaints should first contact us by email
at [email protected], or using the mailing address listed below.
-
PopID has further committed to refer unresolved privacy complaints under the
Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU
PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if
your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/privacy-shield-complaints/ for more information and to file a complaint. This service is provided free of
charge to you. f your Privacy Shield complaint cannot be resolved through
the above channels, under certain conditions, you may invoke binding arbitration for
some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex
1
- Non-EU/Non-United Kingdom/Non-Switzerland Citizens
PopID commits to resolve complaints about your privacy and our collection or use of
your personal information. Non-EU/Non-United Kingdom/Non-Switzerland citizens with
inquiries or complaints regarding this privacy policy please contact us as indicated in
the Contact section of this Policy.
- Agreement to Arbitrate
In the event of a dispute between you and PopID arising under or relating to the
Privacy Policy, either party may choose to resolve the dispute by binding arbitration,
as described below, instead of in court (the “Arbitration Agreement”). Under certain
conditions, more fully described on the Privacy Shield website, if applicable to you,
you may invoke binding arbitration when other dispute resolution procedures have been
exhausted. Any claim (except for a claim challenging the validity or enforceability of
this arbitration agreement, including the Class Action Waiver) may be resolved by
binding arbitration if either side requests it. THIS MEANS IF EITHER YOU OR POPID CHOOSE
ARBITRATION, NEITHER PARTY SHALL HAVE THE RIGHT TO LITIGATE SUCH CLAIM IN COURT OR TO
HAVE A JURY TRIAL. ALSO DISCOVERY AND APPEAL RIGHTS ARE LIMITED IN ARBITRATION.
- Class Action Waiver
ARBITRATION MUST BE ON AN INDIVIDUAL BASIS. THIS MEANS NEITHER YOU NOR POPID MAY JOIN
OR CONSOLIDATE CLAIMS IN ARBITRATION BY OR AGAINST OTHER INTERESTED PARTIES, OR LITIGATE
IN COURT OR ARBITRATE ANY CLAIMS AS A REPRESENTATIVE OR MEMBER OF A CLASS OR IN A
PRIVATE ATTORNEY GENERAL CAPACITY.
- Governing Law and Rules for Arbitration.
The Arbitration Agreement is governed by the Federal Arbitration Act (FAA). Arbitration
must proceed only with the American Arbitration Association (AAA) or Judicial
Arbitration and Mediation Services (JAMS). The rules for the arbitration will be the
procedures of the chosen arbitration organization. If the organization’s procedures
change after the claim is filed, the procedures in effect when the claim was filed will
apply. Arbitration hearings will take place in Minnesota. A single arbitrator will be
appointed. The arbitrator must:
-
Follow all applicable substantive law, except when contradicted by the FAA;
- Follow applicable statutes of limitations;
- Honor valid claims of privilege; and
-
Issue a written decision including the reasons for the award.
The arbitrator’s decision will be final and binding except for any review allowed by
the FAA. However, if more than $100,000 was genuinely in dispute, then either you or
PopID may choose to appeal to a new panel of three arbitrators. The appellate panel is
completely free to accept or reject the entire original award or any part of it. The
appeal must be filed with the arbitration organization not later than 30 days after the
original award issues. The appealing party pays all appellate costs unless the appellate
panel determines otherwise as part of its award. Any arbitration award may be enforced
(such as through a judgment) in any court with jurisdiction.
- Contact
Questions, comments and requests regarding this privacy policy are welcomed and should
be addressed to us at:
PopID, Inc.
Attn: John Miller
6800 Owensmouth Avenue
Suite 350
Canoga Park CA 91303
E-mail: [email protected]
Dated: June 11th, 2020