🔔 按此填妥「 PopSquare x Netgear 」問卷即可享有產品折扣優惠 🔔

Privacy Policy

Personal Data Protection Policy
PopSquare Limited
Last updated: 24 Sep 2019 

Introduction

PopSquare is an AI-enabled pop-up store that helps brands around the world to penetrate to overseas markets more cost effectively with artificial intelligence technology. Unlike other traditional pop-up stores or vending machines, our strength is a good combination of product experience, branding, customer behavior data collection and analysis for O2O2O (online to offline to online) conversion. Being a professional & responsible solution provide, PopSquare has implemented guideline and policy to ensure that appropriate measures are put in place to protect the customer data we collected.

This policy explains what, how, and why of the personal information we collect when you visit our website(s), or when you use our Services.  This policy also explains how we use and disclose the information we collected.  We take your privacy extremely seriously, and we never sell the personal data to any third parties.

If you choose to use our Service, then you agree that we will collect and use of your personal information in relation with this policy. The personal information that we collect are used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

 

Compliance with the Personal Data (Privacy) Ordinance (Cap. 486)

We, as a Data Controller and also a Data Processor, will use our effort to comply with the requirements of the Personal Data (Privacy) Ordinance and ensure that the personal data we have collected are accurately, securely kept and used only for the purpose as they are collected for.

All our staff who handle identifiable personal data would take extra precaution to ensure that the relevant laws on personal data (privacy) and our guidelines are complied with and that effective security measures are adopted to protect personal and sensitive data concerning a wide spectrum of data subjects such as our clients, business parties, job applicants, etc.

 

Commitment to General Data Protection Regulation (GDPR)

We take data protection and people’s privacy very seriously and we are committed to comply with the GDPR.

 

Type of Data and Means of Collection   

  • Traffic data when you approach our kiosks within 1 meter and 4 meters through camera
  • Product pick-up data when you pick-up product on our kiosks by image through camera
  • Demographics data including gender and age range when you approach our kiosks in 1 meter through camera
  • Clickstream data when you provide to us via our kiosk screen
  • QR code scan data when you scan the QR code on our kiosk screen or product tag cards besides the products
  • Your mobile number when you provide it to us via our kiosk screen
  • Your personal identifiable information, including but not limited to your name, email address, phone number, postal address, location when you fill in our survey, fill in our membership registration form, or place an order for any of our products or services
  • Log data on our website(s) when you use or visit our websit(s) via your browser’s cookies. This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our Service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

 

The Use of Data

The data that we collect will be used to operate our pop-up store service. The data analytics report we collect can allow ourselves, as well as the brand owners and the space owners, to better understand the traffic around the kiosks across the days, to understand different product popularity as break-down by the number of pick-up, pick-up time, different gender and age range segments, to understand different customer segmentations’ engagement level towards different product. We can also make use of the data to further personalize the shoppers’ experience on our kiosks and the screens, to send the shoppers any special offers on our products as per their request or we think that they may be interested in, to process their order, to send them e-newsletter about our promotional news, to contact them for prize redemption, to collect market intelligence via a survey, or for internal research study for our future service improvement. They can object to the use of their data by contacting us at privacy@popsquare.io anytime.

 

Data Ownership

All kinds of customer data collected through our kiosk belong to PopSquare.

 

Data Transfer, Storage, Retention and Disposal 

We value your trust in providing us your personal data, thus we take reasonable precautions and take appropriate security measures to follow the industry best practices to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data, and following organizational procedures and modes strictly related to the purposes indicated.

 

Data Transfer

All data collected by PopSquare are encrypted and sent over the Internet through the Hypertext Transfer Protocol Secure (HTTPS). All data transferred carries an end-to-end encryption (E2EE) from service to service with public key encryption. Such encryption secures communication that prevents the third-party from accessing the data while it's transferred from the PopSquare localhost machine to the cloud servers.

 

Data Storage

The data collected by PopSquare are analyzed and stored in the database server hosted in the cloud platforms at Singapore or the USA as operated by the third-party service providers. All storage services are safeguard by anti-hack mechanisms. Our third-party service providers are committed themselves to comply with the GDPR.

  1. Microsoft Azure at Singapore: https://www.microsoft.com/en-us/trustcenter/privacy/gdpr/gdpr-overview
  2. Linode at Singapore: https://www.linode.com/compliance

We will take reasonable steps to ensure that these companies clearly identify themselves and handle your information appropriately. However, please note that these external parties are not operated by us. We strongly advise you to review the Privacy Policy in their websites. We have no control over, and shall assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

 

Data Retention & Disposal

  • The server data (including all kinds of data collected from the PopSquare except the image data) are backed up daily on the cloud platforms that are provided by the third-party service providers. We keep and store these types of data permanently on the cloud platforms for continuous machine-learning research and data analytics purposes. We cannot identify the personal identify of the data subject from these kind of data. 
  • All image data collected from the kiosk are kept in the cloud platform for 2 weeks after the last day of the pop-up event. When there is any theft incident happened at our kiosk in the pop-up event, we will provide the image data as per the police or related authorities’ request and the images serve as an evidence of proof. After 2 weeks, all faces in the image data will be blurred and stored in our database server at the cloud platform permanently for continuous machine-learning research and data analytics purposes. We cannot identify the personal identify of the data subject from these kind of data. 
  • Besides PopSquare kiosk services, customer information may also resided on other work environments such as PC workstations, notebooks, tablets, shared network disks, FTP server, SFTP server, portable storage or devices, etc. in the format as a survey report, membership registration report or product purchase information. Department manager should define data retention period for data on various environments and PopSquare staff are responsible for deleting or removing the data no longer than it is needed. All these kind of reports or documents should be kept with password protection and all reports or documents are not recommended to bring outside from offices or assigned working areas.

 

No.

Types of Personal Data

Retention Period & Purpose

Disposal

       1

Image data

 - 2 weeks after the last day of the event
 - Purpose: As evidence for robbery report to police, and for internal analysis

 - Blur the face in the image
 - The blurred images will be stored in the cloud server permanently for machine-learning
 - Data Protection Officer will conduct quarterly check.

2

Membership data

 - Permanent until the subscriber requests us to opt-out
 - Purpose: for sending them future membership news and offers

 - Directly delete the data subject's record from our email marketing system
 - Data Protection Officer will conduct quarterly check.

3

Survey data

 - (i) Opt-in case: Permanent until the respondents request us to opt-out; OR (ii) 3 months if the respondents did not opt-in
 - Purpose: for internal analysis

 -  (i) Directly delete the data subject's record from our email marketing system OR (ii) Directly delete the record
 - Data Protection Officer will conduct quarterly check.

4

Transaction data

 - 3 months
 - Purpose: for product delivery & internal analysis

 - Directly delete the file
 - Data Protection Officer will conduct quarterly check.

5

IP address

 - 3 months
 - Purpose: for internal analysis

 - Directly delete the file
 - Data Protection Officer will conduct quarterly check.

6

Freelancer personal data at Europe

 - 3 months after service termination
 - Purpose: for settling payment

 - Directly delete the file
 - Data Protection Officer will conduct quarterly check.

 

The data subject can always request us to suspend or remove their personal data and ensure that the personal data we collected are accurately, securely kept and used only for the purpose as they were collected for by contacting our Data Protection Officer at privacy@popsquare.io

 

Data Sharing Policy and Procedure:

The data may be accessible to certain types of persons in charge, involved with the operation of the Service and the websites (system administration, sales, marketing, legal, location owners, brands) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications or marketing agencies) appointed. Their access control should be administrated by specific users as delegated by PopSquare.No data can be shared or distributed without the approval of PopSquare in advance.

The sharing of data would be in the format of a dashboard report on a data visualization tool – Data Catalog. The dashboard report will not display any personal data that can identify the individual identity. The staff of PopSquare, the related staff of the product brand or the space owner partner (where our kiosk located at) will have the access right to login to the data visualization tool for reading the report. 

The data collected from the kiosk will also be accessible or transferred between PopSquare and below service applications that  maybe located at a third country including but not limit to Singapore, Canada or the United States, subject to the internal policy of the third-party service providers as below:

  • Shopify (at Canada) – it is a third-party online shop platform to which the PopSquare customers will be diverted and finish the process of product purchase. Active consent is collected from the customers before further processing by PopSquare.
  • Brand’s e-commerce website – it is the brand’s own online shop platform to which the PopSquare customers will be diverted and finish the process of product purchase. The website is operated by the brand itself.
  • Google Form (the United States) – it is an online form tool to collect and store the survey answers or membership subscription information. Active consent is collected from the customers before further processing by PopSquare.

Your personal data maybe transferred to the third countries by riding on the above international service providers’ platforms and may have a risk of illegitimate access or leakage of the data. We will take reasonable steps to ensure that these companies clearly identify themselves and handle your information appropriately. However, please note that these external parties are not operated by us. We strongly advise you to review the Privacy Policy in their websites. We have no control over, and shall assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

In any circumstances, we collect the permission from the customers or data subjects before sharing their information to the brands or partners. The customers or data subjects have the right to request PopSquare to prohibit uses or sharing of their personal data by contacting us at privacy@popsquare.io for such a request. 

 

Data Subject Access Request (SAR) Policy and Procedure

In compliance with GDPR, you have the below rights in order to protect your privacy as long as the type of data can represent your identity.

Right to be forgotten
Individuals may request to delete all personal data on that individual without undue delay.

Right to object
Individuals may request to prohibit certain personal data uses.

Right to rectification
Individuals may request that incomplete data be completed or that incorrect data be corrected.

Right of access
Individuals may request to view the data we have collected on the individual.

Right of portability
Individuals may request that personal data held by on organization be transported to another.

Right to lodge a complaint
Individuals may request to lodge a complaint with a supervisory authority

Please contact us at privacy@popsquare.io for such a request by providing information that can represent your identity including but not limit to your full name, email address and mobile number. We will acknowledge your request by reply your email within 5 working days.

 

Links to Other Sites

Our website(s) may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

 

Changes to This Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

 

Unsubscribe

If you do not wish to receive our newsletter or promotional email, you may click on a link named “unsubscribe” which is embedded in the email sent by us in order to not receive future messages from us.

 

Direct Marketing

We will use your personal data to send you marketing offers, information surveys and invitations through emails, text messages, phone calls and postal mail.

You may inform us any time that you no longer wish to receive our marketing offers and information by clicking on “Unsubscribe” through the links as indicated in our emails.

 

How to contact us

If you have any questions about our privacy policy, the data we hold on you, or you would wish to report a complaint if you feel that we have not addressed your concern in a satisfactory manner, please do not hesitate to contact our Data Protection Officer at:

 

Email us at: privacy@popsquare.io

Call us at: +852 3188 7418

Write to us at: Unit 611 & 612, 6/F, Lakeside 2, No. 10 Science Park West Avenue, Science Park, Shatin, Hong Kong