California residents – please click here to learn more about your privacy rights.
- COLLECTION AND USE OF PERSONAL INFORMATION
2.1 The Information We Collect
We may collect and store the following information when running the Services for our own purposes:
User Information. If you register using a third-party login, Penny App collects your name, email address, profile picture and location. When you register for an Account using email registration, Penny App collects your name, email address, location, information on the company you sell products for, your Customer information and social media information.
Usage Information. When Users use the Services, Penny App collects information about the User’s activity and transaction history. In particular, Penny App keeps track of the device used to log in, the time of day, the time spent on the app, location, actions completed and IP address.
Location Information. We may collect Location Information, that includes GPS data from devices and a rough estimate of location from IP Addresses.
We may collect and store the following information when running the Services on behalf of our Users and Subscribers:
Subscriber (and prospective client) Information. In order to provide the Services to our Subscribers, we collect Personal Information that may include names, contact information, billing information and order history, which we use for the purposes set out below.
Personal Information of our Subscribers’ users and end Customers: Our Subscribers use the Services to store Personal Information of their Consultants and Consultants use the Services to store Personal Information of their Customers. As result, we collect and store Personal Information on behalf of our Subscribers (and their Consultants) related to such individuals, including name, email address, phone number, birthday, mailing address and social media accounts.
2.2 How We Use Personal Information
Personal Information for Providing the Service. Personal Information is or may be used for: (i) to verifying a User’s identity; (ii) Allowing Users to create a profile on the Platform; (iii) Storing log-in credentials to allow Users to sync the Platform to their existing virtual back office; (iv) providing the Services to our Subscribers and Users, including allowing Subscribers to manage transactions and accounts of their Consultants and Customers; (v) Contacting Users about relevant information related to the Services; (vi) Allowing Users to keep track of their history; (vii) Maintaining Penny App’s accounting records; (viii) Enhancing and customizing User experience, including showing Users relevant content; (ix) Diagnosing technical problems; and (x) Monitoring compliance with our Terms of Service.
2.3 Penny App Purchases
If you purchase a premium Account or any in-app purchases, Penny App will request credit card and billing information which is collected by our third-party payment processor. You hereby agree that all payments will be processed using Penny App’s third-party payment processors (listed on our Sub-Processors Page) and that all such payments will be governed by such party’s terms and conditions available.
2.4 Marketing Communications
Penny App will use the contact information provided to notify Users of important information that is relevant to the Services and for marketing communications if the User chooses to opt in. Despite your indicated e-mail preferences, we may send you relevant notices where permitted by law.
Tracking technologies, such as cookies, beacons, scripts and tags, are used by us and our third-party partners. These technologies are used in analyzing trends, administering the Website or Services, tracking Users’ movements around the Website or Services, gathering demographic information about our User base as a whole and collecting information about your browsing activities over time and across different websites following your use of the Website. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis. Various browsers may offer their own management tools for removing these types of tracking technologies. Standing alone, cookies do not identify you personally. They merely recognize your browser.
- DISCLOSURE OF PERSONAL INFORMATION WITH THIRD PARTIES
Subscribers. Where Penny App is providing the Platform and/or Services to our Subscribers, then all Personal Information collected on behalf of the Subscribers through the Platform is made available to the Subscriber, including the Subscriber’s Consultant and Customer contact information, transaction information, as well as transcripts from support communications and survey results related to the Subscriber’s products. Subscribers are responsible for compliance with their own privacy policies as well as applicable privacy laws.
Consultants. Where Penny App is providing the Platform and/or Services to Consultants, then all Personal Information collected on behalf of the Consultants through the Platform is made available to the Consultant, including Customer contact information and transaction information. Consultants are responsible for compliance with their own privacy policies as well as applicable privacy laws.
Service Providers. We may from time to time employ or engage other companies and people to perform tasks on our behalf and need to share Personal Information with them to provide the Services. We reserve the right to use customer data to improve our products and services and to provide such third parties with the Personal Information that they need to perform their specific function. This includes third party companies and individuals employed or engaged by us to facilitate our products and services, including the Sub-Processors listed here, and businesses who engage our Services (to the extent provided for above).
Business Transfers. If we (or any of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control (collectively a “Transaction”), Personal Information may be made available or otherwise transferred to the new controlling entity during the diligence process or during or after the Transaction, where permitted under applicable law.
As required by law. We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other Users, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. Further, we may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to: (i) satisfy any applicable law, regulation, legal process or governmental request; (ii) enforce our contracts or user agreement (Terms of Service), including investigation of potential violations hereof; and (iii) detect, prevent, or otherwise address fraud, security or technical issues.
- SECURITY AND STORAGE
4.1 Storage Location
Penny App stores its data, including Personal Information, on servers located in the United States. By submitting any Personal Information or using the Services, you agree to this transfer, storing or processing of your Personal Information in the United States. You acknowledge and agree that your Personal Information may be accessible to law enforcement and governmental agencies in those countries under lawful access regimes or court order.
The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, you should take special care in deciding what information you send to us via email. Please keep this in mind when disclosing any Personal Information to us via the Internet. You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your email account information or password for the Services to third parties.
- CORRECTION AND ACCURACY
We will make every reasonable effort to keep your Personal Information accurate and up to date, and we will provide you with the right to correct your Personal Information as appropriate. Please contact email@example.com to correct your Personal Information.
- CALIFORNIA PRIVACY RIGHTS
The following table is intended to provide additional information about (1) the categories of Personal Information we collect (as described in Section 2.1), and (2) how we disclose Personal Information for business purposes. Nothing in this table limits our ability to use or disclose information as described above.
|Categories of Personal Information:||Disclosure of Personal Information:|
|User Information||We may disclose User Information to Subscribers, Service Providers, Affiliates, advertising partners, and unaffiliated entities that you request that we integrate with.|
|Usage Information||We may disclose Usage Information to Subscribers, Service Providers, and Affiliates..|
|Location Information||We may share Location Information with unaffiliated entities that you request that we integrate with.|
|Subscriber and Prospective Subscriber Information||We may disclose User Information to Subscribers, Service Providers, Affiliates, advertising partners, and unaffiliated entities that you request that we integrate with.|
|Consultants and Customers||We may share Personal Information with the relevant Consultant and/or Subscriber who is using the Services to store Personal Information of their Consultants or Customers.|
To the extent provided for by law and subject to applicable exceptions, California residents have the following privacy rights in relation to the Personal Information we collect:
- The right to know what Personal Information we have collected and how we have used and disclosed that Personal Information;
- The right to request deletion of your Personal Information;
- The right to opt out of sales: We do not make your Personal Information available for purchase. However, under the California Consumer Privacy Act (the “CCPA”), our sharing of User Information and Usage Information with our advertising partners may be considered a “sale,” even though we receive no financial compensation. We aren’t changing how we share your data, but we are letting you know that you have choices about what we do with your Personal Information under the CCPA’s definition of a “sale.” To opt out of such “sales,” please click [here];
- The right to be free from discrimination relating to the exercise of these privacy rights.
Verification: In order to protect your Personal Information from unauthorized access or deletion, we may require you to verify your login credentials before you can submit a request to know or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information and proof of residency for verification. If we cannot verify your identity, we will not provide or delete your Personal Information.
Authorized Agents: You may submit a request to know or a request to delete your Personal Information through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity and submit proof of your residency with us.
- Residents of the European Economic Area (“EEA”)
The legal basis on which Penny App relies to process Personal Information (known as “Personal Data” under the EU General Data Protection Regulation GDPR) are consent, fulfillment of our contracts with customers, as well as pursuit of legitimate business activities as explained below:.
Contract: We rely on the contract legal basis for verifying your identity, storing log-in credentials, processing your transactions, and providing the Service (including allowing Users to track their history).
Legitimate Business Activities: We rely on the legitimate business activities legal basis for creating your profile, contacting you about the Services, enhancing and customizing your experience by analyzing the information we collect about you to surface relevant content, diagnosing technical problems, monitoring compliance with our Terms of Service, and for the analytics purposes described above.
Consent: We rely on your consent to send you marketing communications.
Where we collect Personal Data directly from the data subjects, such as our Users , and make decisions in regards to processing such Personal Data, we act as the data controller. Otherwise, where we process Personal Data on behalf of third parties (such as when our Subscribers use the Services to process Personal Data of their Consultants and Customers ), or when Consultants use the Services to process Personal Data of their Customers and prospects, we are the data processor.
If you are a resident of the EEA, you have certain data protection rights. Penny App takes reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed of what Personal Data we hold about you and if you want it to be removed from our systems, please contact us using the contact information set out below. Note that where we act as the data processor on behalf of our users, you will be required to contact the data controller directly to exercise your rights.
In certain circumstances, where we act as data controller, you have the following data protection rights:
- Request access to your Personal Information (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Information we hold about you where we are the data controller and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Information in the following scenarios: (a) if you want us to establish the information’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Please note that we may ask you to verify your identity before responding to such requests. You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the EEA. If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org.
- LINKS TO OTHER WEBSITES AND SERVICES
- ADDITIONAL INFORMATION/CONTACT US