PlumPop Privacy Policy

Last Updated: May 9, 2022

OVERVIEW

We respect your privacy. This Privacy Policy describes the privacy practices of the PlumPop Loyalty Rewards Platform (the “Service”) operated by PlumPop, Inc., a Delaware corporation (collectively, “Company” or “PlumPop” or “we” or “us” or “our”), the Personal Data we collect about you, how we collect it, how we use it and with whom we share it. This Privacy Policy also describes the choices you can make about how we collect and use your Personal Data. This Policy does not apply to the practices of companies that we do not own or control, or to people whom we do not employ or manage.

By using the Service, whether on our web application or on our mobile device, you agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy is subject to and incorporated within the Service’s Terms of Service (“Terms”), including its provisions on liability and dispute resolution. Capitalized terms not otherwise defined in this Privacy Policy shall have the meanings ascribed to them in the Terms.

DEFINITIONS

  • Cookies. Cookies are small pieces of data stored on your device (computer or mobile device).
  • Data Controller. Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any Personal Data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.
  • Data Processors (or Service Providers). Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the service of various Service Providers in order to process your data more effectively.
  • Data Subject (or User). Data Subject is any living individual who is using our Service and is the subject of Personal Data. For the purpose of this Privacy Policy, you are a Data Subject.
  • Personal Data. Personal Data means information about a living individual who can be identified from such information (or from those and other information either in our possession or likely to come into our possession).
  • Usage Data. Usage Data is data collected automatically by the use of the Service infrastructure itself (for example, dates and times of Service visits or usage, the duration of a page visit or the use of an app, IP addresses, browser characteristics, device characteristics, operating system, language preferences, referring URLs and information on actions taken on our Service).

HOW WE COLLECT YOUR PERSONAL DATA

We collect information in different ways from individuals who access the Service. We collect information from you in the following ways:

  • When you sign-up to use the Service.
  • When you provide information to create your account.
  • When you collect, explore and use tokens through the Service.
  • When you use tokens to redeem rewards through the Service.
  • When you access the Service by using our mobile app.
  • When you enable Bluetooth and location permissions for our mobile app.
  • Through third party tools used to collect User behavior, such as through Cookies. We may also receive reports based on the use of these technologies from our Service Providers on an individual as well as aggregated basis.

WHAT TYPES OF PERSONAL DATA WE COLLECT

We collect different information from you depending on how you engage with us.

  • We collect your phone number when you provide it to us by signing up to use the Service.
  • We collect your association with merchants on our Service when you collect tokens through the Service by visiting merchants.
  • We collect your association with merchants on our Service when you redeem tokens to use rewards through the Service.
  • We collect your location when using our mobile app.
  • We automatically collect Usage Data through your use of the Service.

HOW WE PROCESS AND USE YOUR PERSONAL DATA

We may process and use your Personal Data primarily to perform a contract with you, and to otherwise deliver the Service or a service that you request, including:

  • To create your account and authenticate you.
  • To associate you with the merchants that you select or visit.
  • To associate you with the tokens you collect.
  • To fulfill your request to redeem tokens and redeem rewards, as applicable.
  • To assist us in operating and improving the Service.

We may also process your Personal Data because it is necessary for our or a third party's legitimate interests and it’s not overridden by your rights. In this respect, we may use your Personal Data to:

  • To contact you via email, postal mail, or telephone to learn more about your preferences, to conduct market research and learn more about how we can improve our offerings.
  • To track Service performance, to make your visit better, and for aggregate Service analytics.
  • To analyze trends, measure page views and performance, administer the Service, track Users’ movements around the Service and to gather demographic information about our User base as a whole.
  • We use Cookies and LSOs to remember Users’ preferences (e.g. search filters), for authentication, for source tracking, for analytics, or for product recommendations.

We may also process your Personal Data for our compliance with our legal obligations. In this respect, we may use your Personal Data for the following:

  • When necessary to conform to legal requirements or to respond to a subpoena, search warrant or other legal process received by us, whether or not a response is required by applicable law.
  • When necessary to enforce or apply our Terms and other related agreements.
  • To protect our rights or the property or safety of our employees, Users or members of the general public.

WITH WHOM WILL WE SHARE YOUR PERSONAL DATA

We generally do not share your Personal Data with third parties. However, we may share your Personal Data:

  • If we have received your permission beforehand.
  • With our employees, if necessary for the development, improvement, and provision of our Service. Our employees must have a business reason to obtain access to your Personal Data.
  • With Service Providers, such as processors when they meet the requirements of this Privacy Policy, and when necessary for the purposes of providing the Service, (e.g., statistical analyses and data processing).
  • Under certain circumstances, if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
  • If in good faith, we believe that such action is necessary to comply with a legal obligation or to protect and defend our rights or property.
  • To a successor entity upon a merger, consolidation or other corporate reorganization in which we participate or to a purchaser of all or substantially all of our assets to which this Service relates.

YOUR DATA PROTECTION RIGHTS AND CHOICES

We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us using the details set out below. You have the right to:

  • Access or update the information we have on you. Find out if we use your Personal Data, access your Personal Data and have it corrected or amended if it is inaccurate or incomplete.
  • Withdraw consent. Withdraw any express consent that you have provided to the processing of your Personal Data at any time without penalty.
  • Object. You have the right to object to our processing of your Personal Data.
  • Data portability. Obtain a transferable copy of some of your Personal Data which can be transferred to another provider when the Personal Data was processed based on your consent.
  • Rectification. If you believe your Personal Data is inaccurate, no longer necessary for our business purposes, or if you object to our processing of your Personal Data, you also have the right to request that we restrict the processing of your data pending our investigation and/or verification of your claim.
  • Deletion or restriction. Request your Personal Data be deleted or restricted under certain circumstances. For example, if PlumPop is using your Personal Data on the basis of your consent and has no other legal basis to use such, you may request your Personal Data be deleted when you withdraw your consent.

If you wish to exercise any of these rights, or raise a complaint on how we have handled your Personal Data, please contact us at or via the details below.

You additionally have choices regarding the collection, use, and sharing of your Personal Data.

  • You have a right at any time to stop us from contacting you for promotional marketing purposes. If now or in the future you receive promotional or electronic newsletter communications from us, you may indicate a preference to stop receiving such communications from us, and you will have the opportunity to “opt-out” by clicking the “Unsubscribe” hyperlink at the bottom of all such communications. Notwithstanding your indicated email marketing preferences, we may send you administrative emails regarding the Service, including, for example, order confirmations or updates to our Privacy Policy or the Terms.
  • You may be able to configure your browser to accept or reject all or some Cookies, or notify you when a Cookie is set — all browsers are different, so check the “Help” menu of your particular browser to learn how to change your Cookie preferences. Please note that if you have set your browser to refuse Cookies, you will not be able to be authenticated and thereby you will not be able to use the Service - you will only be able to browse public portions of our website. Users can control the use of Cookies at the individual browser level. Various browsers may offer their own management tools for removing HTML5 LSOs.

Users of the Service from California:

Under California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a policy identifying the categories of personal customer information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this Privacy Policy, please submit a written request to the address below.

Visiting our Service from outside the United States:

We store and process all Personal Data within the US.

If you are visiting our Service from outside the United States, please be aware that your information will typically be transferred to, stored, and processed in the United States where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country. Please be assured that we seek to take reasonable steps to ensure that your Personal Data is protected. If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Users of the Service from the EU:

If your Personal Data is subject to GDPR, in the course of providing the Service to you, we may transfer your Personal Data outside of the EU, principally to our servers in the United States; this means that your Personal Data will not have the automatic protection of European data protection laws (including the GDPR) which apply in the EU. In these circumstances, in order to ensure that your Personal Data continues to have adequate protection when it is transferred outside the EU, your Personal Data will only be transferred on one of the following bases:

  1. Where the transfer is subject to one or more of the appropriate safeguards for international transfers prescribed by applicable law (for example, standard data protection clauses adopted by the European Commission);
  2. A European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection; or
  3. There exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).

You can obtain more details of the protection given to your Personal Data when it is transferred outside the EU by contacting us using the details set out below.

RETENTION OF DATA

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to perform a contract with you, comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

SECURITY OF DATA

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. We take precautions to insure that our visitors’ Personal Data is secured and we strive to use commercially acceptable means to protect your Personal Data, but we cannot guarantee its absolute security.

We use a variety of industry-standard technical, contractual, administrative and physical security measures and procedures to help protect your Personal Data from unauthorized access, use, alteration or disclosure. Unless otherwise provided, we restrict access to Personal Data to those employees who need access to perform their job functions. Please note that despite our best efforts, no one can guarantee the security of Personal Data. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of Personal Data at any time.

SERVICE PROVIDERS

We may employ Service Providers, to process Service-related data on our behalf, to perform Service-related service or to assist us in analyzing how our Service is used. Each of these Service Providers is contractually obligated to provide services to us in a manner consistent with this Privacy Policy.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose and must comply with the requirements for third party processors set forth in this Privacy Policy.

OUR LIABILITY FOR TRANSFERS OF YOUR PERSONAL DATA

We require third-party controllers to whom we disclose your Personal Data to contractually agree to (i) only process such Personal Data for the limited and specified purposes consistent with the consent you provide; and (ii) provide the same level of protection to your Personal Data as required under this Privacy Policy; and (iii) notify us if the third-party controller makes a determination that it can no longer meet the foregoing obligations.

In addition, when we transfer your Personal Data to a third party processor acting as our agent, we will: (i) transfer such Personal Data only for the limited and specified purposes consistent with the request or consent you provide; (ii) contractually require the processor to provide at least the same level of privacy protection as is required by this Privacy Policy; (iii) require the processor to notify us if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the this Privacy Policy. Should we receive any such notice, we will take reasonable and appropriate steps to stop and remediate unauthorized processing.

We shall remain liable should our processors process Personal Data in a manner inconsistent with this Privacy Policy, unless we can prove we are not responsible for the event giving rise to the damage. We acknowledge our liability for such data transfers to third parties in violation of this Privacy Policy.

CHILDREN’S PRIVACY AND INTERNATIONAL CONSIDERATIONS

Our Service does not address anyone under the age of 13 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

CHANGES TO THIS PRIVACY POLICY

From time-to-time we may modify, change, update, add to, remove portions of or otherwise alter this Privacy Policy. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. If you object to any such changes, you must immediately cease using the Service.

CONTACT, QUESTIONS, OR FEEDBACK

When we receive formal written complaints, it is our policy to contact the person regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Data that cannot be resolved between us and an individual.

CONTACT US

If you have any questions about our Privacy Policy, you can always contact us in any of two ways:

Send us an e-mail at:

Write to us at:

PlumPop, Inc.
Attn: Privacy Policy
1320 Arrow Point Drive
Suite 501 #194
Cedar Park, Texas 78613