SupaDupa is committed to protecting the privacy of all individuals who:
- Visit any website or mobile site offered by SupaDupa, without limitation supadupa.me or mysupadupa.com and including all subdomains, present and future (the “Website”)
- Use the services including SupaDupa Store & Website builder and other SupaDupa products and services (the “platforms”)
To make this policy easier to read, we call the Website and the Platforms together the "Services". When we talk about “Personal Information”, we mean information relating to you or other identifiable individuals.
SupaDupa Data and Customer Content
We collect Personal Information (such as registration and account information) from our customers and users of the Services for our own purposes, such as to provide and administer the Services (“SupaDupa Data”). We’re the data controller in respect of this information.
We also process Personal Information on behalf of our customers as their data processor, such as content generated, requested or published via the Platforms in accordance with the instructions our customers give us through the Services (including, for example, the information our customers monitor or collect from social media sites like Instagram through the Services) (“Customer Content”). Our customers control how their Customer Content is collected and used by them. In legal terms this means that our customers are the data controller of their Customer Content. Accordingly, we only use Customer Content to provide the Services to our customers in accordance with the lawful instructions they give us through the Services.
SupaDupa Data we receive or collect
When you first register for a SupaDupa account, and when you use the Services, we collect some Personal Information about you such as:
- Store name
- Email address and other contact details
- the geographic area where you use your computer and mobile devices
- a unique SupaDupa store ID (an alphanumeric string) which is assigned to you upon registration
- other optional information as part of your account profile
- your IP Address and, when applicable, timestamp related to your consent and confirmation of consent
- other information submitted by you or your organisational representatives via various methods (phone, email, online forms, surveys, in-person meetings, etc)
- your billing address and any necessary other information to complete any financial transaction, and when making purchases through the Services, we may also collect your credit card or PayPal information
- Product information including variants, images, description, weights, price and shipping information
- information we may receive relating to communications you send us, such as queries or comments concerning our Services
- information relating to an individual’s real time location
- SupaDupa also automatically collects and receives certain information from your computer or mobile device, including the activities you perform on our Website, the Platforms, and the Applications, the type of hardware and software you are using (for example, your operating system or browser), and information obtained from cookies (see “Cookies and Related Technologies” below). For example, each time you visit the Website or otherwise use the Services, we automatically collect your IP address, browser and device type, access times, the web page from which you came, the regions from which you navigate the web page, and the web page(s) you access (as applicable).
How we use SupaDupa Data
SupaDupa uses SupaDupa Data for the following general purposes:
- to identify you when you login to your account
- to enable us to operate the Services and provide them to you
- to verify your transactions and for purchase confirmation, billing, security, and authentication (including security tokens for communication with installed Third-Party Apps)
- to analyze the Website or the other Services and information about our visitors and users, including research into our user demographics and user behaviour in order to improve our content and Services
- to contact you about your account and provide customer service support, including responding to your comments and questions
- to share aggregate (non-identifiable) statistics about users of the Services to prospective advertisers and partners
- to keep you informed about the Services, features, surveys, newsletters, offers, contests and events we think you may find useful or which you have requested from us
- to sell or market SupaDupa products and services to you
- to better understand your needs and the needs of users in the aggregate, diagnose problems, analyze trends, improve the features and usability of the Services, and better understand and market to our customers and users
- to keep the Services safe and secure
We also use non-identifiable information gathered for statistical purposes to keep track of the number of visits to the Services with a view to introducing improvements and improving usability of the Services. We may share this type of statistical data so that our partners also understand how often people use the Services, so that they, too, may provide you with an optimal experience.
Customer Content we process for our customers
SupaDupa is a store and website building tool. SupaDupa Services enable our customers to build and manage their own online presence by making it possible for them to host their website and sell products and services to their customers
Services help our customers manage their product inventories, webpages, customer flow, manage and fulfil orders and analyse their results.
In particular, the various Services allow our customers to instantly connect to other third party services, including “Supported Platforms” such as PayPal or SagePay, etc.
When our customers link a Supported Platform or a third party service (such as PayPal) to their SupaDupa account or when they register with a Supported Platform through their SupaDupa account, our customers can choose to instantly collect, process, share and access such third party services and Supported Platform via their SupaDupa account (subject to the terms of the license agreements with the Supported Platforms and other third party services).
In this way, our customers can obtain, use and analyse Personal information from supported Platforms and third party services of their choosing, and also view, display or share Personal Information through the functionality in the Services. Such information can include Personal Information of all types, including but not limited to the following category - user names, billing address, shipping address, goods purchased and payment methods.
Cookies and related technologies
The Services use “session cookies”, which improve your user experience by storing certain information from your current visit on your device, such as log-in information. These enable us to remember your log-in session so you can move easily within the Website or the other Services. Without these session cookies, we wouldn’t be able to provide the Services to you. These session cookies have limited functionalities and expirations, and you will be required to re-enter your SupaDupa log-in information after a certain period of time has elapsed to protect you against others accidentally accessing your account contents and related Personal Information. Other examples of our use of session cookies include to track the number of visits by a particular visitor to a page and to store items in an online shopping cart for the Shop.
Performance and Remarketing Cookies
(i) Google Analytics
SupaDupa uses a specific cookie in order to facilitate the use of Google Universal Analytics for users logged-in to the Applications or the Platforms (“Logged-In User). If you are a Logged-In User, SupaDupa may use your SupaDupa user ID in combination with Google Universal Analytics and Google Analytics to track and analyse the pages of the Services you visit. We do this only to better understand how you use the Website, Platform and the other Services, with a view to offering improvements for all SupaDupa users; and to tailor our business and marketing activities accordingly, both generally and specifically to you. Google Analytics cookies do not provide SupaDupa with any Personal Information.
Learn more about privacy at Google and to opt-out of this feature by installing the Google Analytics Opt-out Browser Add-on.
(ii) Google Display Advertising
Additionally, SupaDupa uses Google Analytics code that allows for certain forms of display advertising and other advanced features. Subject to change, the Google Display Advertising features SupaDupa currently uses are Remarketing, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting.
These features are used to advertise online; to allow third-party vendors, including Google, to show you advertising across the Internet; to allow SupaDupa and third-party vendors, including Google, to use first-party cookies (such as the Google Analytics cookie) and third-party cookies together to inform, optimise, and serve ads based on your past visits to the Website and to report how ad impressions, uses of ad services, and interactions with these ad impressions and ad services are related to visits to the Website. Data from Google's interest-based advertising or third-party audience data (such as age, gender, and interests) is also combined with Google Analytics to better understand the needs of SupaDupa users and to improve the Services.
You may opt out of such display advertising at any time by visiting your Google Ads Settings page or by installing and running the Google Analytics Opt-out Browser Add-on .
From time to time, SupaDupa uses other third-party performance and remarketing cookies, and further information on those third-party cookies can be obtained by contacting us.
SupaDupa may also use related technologies including web beacons, bugs, pixels, and software tokens in order to facilitate your use of the Services. Most notably, the Services use software tokens (stored securely on SupaDupa servers) in order to facilitate the logging in to and the functioning of both the Supported Platforms and Third-Party Apps.
Most computer and some mobile web browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. The Network Advertising Initiative has also developed a tool that may help you understand which third parties have currently enabled cookies for your browser and opt-out of those cookies. Further information can be found at http://www.networkadvertising.org/managing/opt_out.asp. Please note however that, by blocking or deleting cookies, you may not be able to take full advantage of the Website, Applications, Platforms, and/or Shop. If you do not want to receive tracking pixels, you will need to disable HTML images in your email client, and that may affect your ability to view images in other emails that you receive.
When we may share Personal Information
- when you consent to the disclosure of such information to a third party when connecting to a third-party service that asks you if you consent to such sharing;
- where we are legally required to do so, such as in response to court orders or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands;
- if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person;
- if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Services infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of the Website infrastructure or the Services generally);
- to a parent company, subsidiaries, joint ventures, or other companies under common control with SupaDupa;
- if this information is not private, is aggregated or is otherwise non-Personal Information, such as your public user profile information and related public data (such as Tweets, likes, etc.) or the number of users who clicked on a particular link (even if only one did so).
We use industry best practices to keep any information collected and/or transmitted to the Supported Platforms or Third-Party Apps secure. This includes the use of HTTPS with TLS (Transport Layer Security), which encrypts all transmitted data, and OAuth 2.0 protocols for authentication and data transfer to Supported Platforms and Third-Party Apps.
Certain Personal Information, most notably SupaDupa log-in details, is encrypted during transmission using TLS. Once validated within our system, passwords are deleted from our system. In addition, SupaDupa uses third-party vendors and hosting partners such as Amazon Web Services to provide the necessary hardware, software, networking, storage, and related technology required to run the Services. These vendors have been selected for their high standards of both physical and technological security, including ISO and SSAE16 certifications.
When payments are processed via credit card, SupaDupa uses third-party vendors that are PCI-DSS Compliant. At no point does SupaDupa have access to your credit card information.
You should bear in mind that submission of information over the Internet is never entirely secure. We cannot guarantee the security of information you submit via the Services whilst it is in transit over the Internet and any such submission is at your own risk, and this risk is specifically disclaimed in our Terms.
If you are a Logged-in User, it is advisable that you log out of your account at the end of every session and not leave a logged-in account unattended for any period of time, particularly if you use a shared computer or device.
Information storage and international transfers
SupaDupa, the entity which provides the Services, is a British company with its head-office located in London, United Kingdom. For the purposes of EU data protection law, the United Kingdom is considered a country which provides adequate protections for Personal Information, as confirmed by the European Commission in Commission Decision 2002/2/EC.
The Services are mainly provided from our offices in London. However, by the very nature of the Services, the data that is viewed, collected, stored or posted on or through the Services also needs to flow from wherever you are located in the world, to where our Supported Platforms are storing the same data (i.e. in most cases, in the United States). In addition, SupaDupa uses third-party service providers (such as managed hosting providers, card processors, CRM systems, sub-processors of Customer Content and technology partners) to provide the necessary hardware, software, networking, storage and other services that we use to operate the Services. These third party providers may process, or store, the same Customer Content on servers outside of the EEA, including in Canada or the US.
By using any of the Services, or submitting or collecting any Personal Information via the Services, you authorise SupaDupa and its authorised service partners to use and process Customer Content and SupaDupa Data (including any Personal Information) in these countries. Please be aware that the privacy protections and the rights of authorities and Government agencies to access your Personal Information in some of these countries may not be equivalent to those in your country.
For our customers with a principal location in the EU:
As a Service operated from within the EEA, we process Customer Content (which may include Personal Information) as a data processor on your behalf. Under EU law, you are considered to be the data controller of the Customer Content, and as such you are responsible for complying with applicable data protection laws in respect of the processing of Customer Content and the lawful instructions you give us.
To facilitate the lawful transfer by you of your Customer Content (as a data controller) through the Services to outside the EEA, SupaDupa offers its customers a data processing agreement as an addendum to their existing SupaDupa agreement (“Data Processing Addendum”). This incorporates the European Commission’s Standard Contractual Clauses (processors) of 2010 (also known as “model processor clauses” or "SCC 2010”).
Please note that the Data Processing Addendum (DPA) only applies to the extent there is not another legal basis in place to validate the transfer of Personal Information to outside the EEA.
The most recent version of the Data Processing Addendum is available on SupaDupa's website at info.supadupa.me/dpa.
If you have any questions, please feel free to contact us.
You may opt out of marketing communications sent by SupaDupa by managing your email preferences on our Account Management page, or by following the unsubscribe instructions included in each marketing email.
You can contact us to obtain a copy of the Personal Information held about you by us. This may be subject to a fee not exceeding any prescribed fee permitted by applicable law. You can also ask us to correct and, where relevant, erase that information. Please note that certain Personal Information may need to be retained by SupaDupa for a period of time following cancellation of your account where this is necessary for our legitimate business purposes or required or authorised by applicable law. As mentioned above you have a right to change your email preferences or unsubscribe at any time.
You should be aware that SupaDupa acts as a conduit between our users and the various Supported Platforms and Third-Party Apps. In several instances, the content published via SupaDupa will not be in SupaDupa’s custody or control, and any content that has been shared by you through any Supported Platform or Third-Party Apps via the Services may continue to be available to third parties and the public at large, as this content is now under the control of the operators of the Supported Platforms and/or the Third-Party Apps.