Privacy Policy
Who Are We?
SureDash Inc is the legal entity operating the service. It is located at 2055 Limestone Rd, STE 200-C, Wilmington, Delaware 19808.
Your Acknowledgment of This Policy
You are not legally required to provide us with any personal data. This means that if you provide us with data, you are doing so out of your own volition and consent; we cannot force you to provide any personal data, but without your personal data we cannot provide you with the services.
You have the right to withdraw from this consent at any time, and in such a case request that we either cease processing your personal data, or that we delete whatever personal data is no longer required to retain under law. Such removal of data may also prevent you from receiving updates and support.
Which Personal Data Do We Collect About You?
We collect personal data on different types of users.
Merchant
We collect the merchant’s signup data, which includes their full name, business name, address, website URL, payment processors, transactions made, and their purchases made through our services.
End User
We may collect and retain, for our Merchants, the End Users’ contact details, purchase history and order history, which includes their payment details (but not their credit card number or similar details).
Affiliates
We may collect data relating to our affiliates, which include both the payment data, payout data and contact details.
What Types of Data Do We Collect?
Non-Personally Identifiable Data. The first type is non-personally-identifiable data and statistical information. Non-personally identifiable data that is being gathered consists of technical information and behavioral information that does not pertain to a specific individual (“Non-Personal Data”).
This includes your device type, browser type and version, IP data, screen size and resolution, language and other technical data. While it is not specifically personally identifiable, it may be reverse-engineered to be identifiable and therefore is considered personal data.
Usage Data. Usage data may include your search queries performed in the service and your activities on the services and additional information of a similar nature, such as the pages you viewed and the content you submitted or reviewed using the service.
Personally Identifiable Data. The other type of data we collect is individually identifiable data. To put it simply, this data identifies an individual or is of a private and/or sensitive nature, such as your contact information, including: (i) Personal Data that is provided by you voluntarily, such as your username, email address, profile picture, social accounts and other data you filled when signing up or using our services; and (ii) Personal Data we learn from your use of the services; including your IP address, payment type and similar information.
How Do We Collect Personal Data?
Personal data is collected from your use of the services and by your contact with us. We collect data through the forms and submissions made through the services, as well as by using JS capture. This means that if you fill out a form and do not submit it, we may collect that data.
We also use Google Address Autocomplete for postal addresses.
What Are the Purposes of the Collection and Processing of Data?
The purposes of collecting and processing the data are to provide you with the services, which means we use your data to provide you with the services and provide you with support.
Moreover, we may use the personal data to improve the services. This means that we use aggregated understandings of how our users interact with our services to obtain insights that lead to the improvement of future versions, bug reports, and feature requests. We may create look-alike audiences and share our customer lists with advertising services that may provide us with such services, all under confidentiality obligations..
We may also use your email address to send you information relating to our services and promotional material.
When we say “our services” we mean our website, our shop and our affiliated services.
How Can We Contact You?
If you registered to our newsletter, or if signed up to our services, we may contact you with periodic updates and promotional emails relating to the service and the products or services we offer.
You may opt out of these at any time, but not from transactional emails, such as updates on payments.
Moreover, if you showed interest in one of our products or services, we may contact you in relation to such product or service.
Your Personal Data Rights
Right of Access and Rectification
You have the right to know what personal data we collect about you and to ensure that such data is accurate and relevant for the purposes for which we collected it. You can receive a copy of your personal data, and to rectify such personal data if it is not accurate, complete, or updated. However, we may first ask you to provide us with certain credentials to permit us to identify you before rectifying, deleting, or reviewing.
Right To Delete Personal Data or Restrict Processing
Right To Withdraw Consent
You have the right to withdraw your consent to the processing of your personal data. Exercising this right will not affect the lawfulness of processing your personal data based on your consent before its withdrawal. Please note that in most cases, withdrawal of your consent would most likely cause us to delete your personal data rather than cease processing.
You have the right to delete your personal data or restrict its processing by ourselves and third parties. We may postpone or deny your request if your personal data is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.
Right of Data Portability
Where technically feasible, you have the right to ask to transfer your personal data in accordance with your right to data portability. In order to apply for this, please contact us at [email protected].
The Right to Lodge a Complaint
You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.
Your California Privacy Rights and Do Not Track Notices
We do not convey your personal data to third parties for direct marketing purposes.
However, if we did, then the California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding its disclosure of personal data to third parties for their direct marketing purposes.
To make such a request, please send an email to [email protected], and we will let you know that none of your personal data was shared. We are only required to respond to one request per customer each calendar year.
Your Brazilian LGPD Rights
Notwithstanding anything in this privacy policy, you may exercise your LGPD rights, including your rights for (i) confirmation of the existence of the processing; (ii) access to the data; (iii) correction of incomplete, inaccurate or out-of-date data; (iv) anonymization, blocking or deletion of unnecessary or excessive data or data processed in noncompliance with the provisions of the LGPD; (v) portability of the data to another service or product provider, by means of an express request and subject to commercial and industrial secrecy, pursuant to the regulation of the controlling agency; (vi) deletion of personal data processed with your consent, except in the situations provided in Art. 16 of this the LGPD; (vii) information about public and private entities with which the controller has shared data; (viii) information about the possibility of denying consent and the consequences of such denial; (ix) revocation of consent as provided in §5 of Art. 8 of the LGPD.
We Respond to “Do Not Track” Signals
If you do not wish your browser to allow us to use trackers, please use your browser’s “Do Not Track” option.
Exercising Your Rights
We acknowledge you have the right to access and change the Personal Data we collect and process. If you wish to access or to correct, amend, or delete Personal Data, please send us an email to [email protected]. We will respond within a reasonable timeframe, but in any event, no later than permitted by applicable law.
Additionally, please note that in order to ensure you have as much control over your Personal Data and other information as possible, you may modify certain parts of your information by yourself in the service.
Sharing Personal Data With Third Parties
We respect your privacy and will not disclose, share, rent, or sell your Personal Data to any third party.
The sharing of your Personal Data is made upon your specific, explicit, request. This includes sending personal data if you are a user which performs a purchase with our merchants, or sending merchant data to payment providers.
We may share your information if we believe that it is necessary to comply with any court order, law, legal obligation, or legal process, including to respond to any government or regulatory request.
Moreover, in order to operate the service, we need to share your personal data with third parties, which are our hosting companies, payment providers, license gateways and support staff.
Our subprocessors are:
- Stripe, PayPal, Mollie, and Paystack for payment services;
- Appsignal, Hex, Slack, Google Analytics, Sentry and Logtail for monitoring the services and providing statistics, crash reports and error logging;
- Postmark, AWS for email and storage;
- TaxJar for tax calculation;
- CloudFlare for optimization of the storage and content delivery;
- UpCloud for website hosting;
- Heroku for application hosting.
Location of Your Data
The personal data collected from you, as detailed in this Privacy Policy, may be transferred to, and stored at, servers that may be located in countries outside of your jurisdiction and in a country that is not considered to offer an adequate level of protection under your local laws.
It may also be processed by us and our suppliers, service providers or partners’ staff operating outside your country.
We are committed to protecting your Personal Data and will take appropriate steps to ensure that your Personal Data is processed and stored securely and in accordance with applicable privacy laws, as detailed in this Privacy Policy. Such steps include putting in place data transfer agreements or ensuring our third-party service providers comply with our data transfer protection measures.
We will ensure the confidentiality, integrity and availability of your Personal Data by Transferring your personal data only to (i) countries approved by the European Commission as having adequate data protection laws; and (ii) entities that executed standard contracts that have been approved by the European Commission and which provide an adequate level of high-quality protection, with the recipients of your Personal Data.
By submitting your personal data through the service, you acknowledge, and agree, in a jurisdiction where such consent is required, to such transfer, storing and/or processing of personal data.
Cookies
We use both first party and third party cookies. A cookie is a small file placed on your computer meant to authenticate or verify your session with us. However, a cookie may have some identifying features. You may opt out from cookies by clicking the “opt out” button there.
Minors / Children
The service is intended for users over the age of eighteen, or children over sixteen who obtained parental consent.
Therefore, we do not intend and do not knowingly collect Personal Data from children under the age of sixteen (16) and do not wish to do so.
We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the service.
If we learn that we collected Personal Data from minors under the age of thirteen (13) we will delete that data as quickly as possible.
If you have reasons to suspect that we collected Personal Data from minors under the age of sixteen (16), please notify us at [email protected], and we will delete that personal data as quickly as possible.
Security
We take appropriate measures to maintain the security and integrity of our service and prevent unauthorized access to it or use thereof through generally accepted industry standard technologies and internal procedures.
Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage, and we cannot guarantee that unauthorized access or use will never occur.
We will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Data and will inform you of such breach if required by applicable law.
To the extent that we implement the required security measures under applicable law, we shall not be responsible or liable for unauthorized access, hacking, or other security intrusions or failure to store or the theft, deletion, corruption, destruction, damage, or loss of any data or information included in the personal data.
Data Retention
We will retain the Personal Data for as long as we believe that it is accurate and can be relied upon. Personal Data that is no longer required for the purpose for which it was initially collected will be deleted unless we have a valid justification to retain it that is permitted under applicable law, such as to resolve disputes or comply with our legal obligations.
Data Breach Notification
We comply with local authorities in data breach notifications. In any case where a severe data breach occurred, we will also notify data subjects after such breach, and cooperate with the legal authorities to reduce the exposure of personal data.
EU-US Data Privacy Framework
We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), and the UK Extension to the EU-U.S. DPF (the UK Extension) as set forth by the U.S. Department of Commerce. The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. DPF, the Swiss-U.S. DPF, and the UK Extension.
We have certified to the U.S. Department of Commerce that we adhere to: (1) the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF; 2) the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF; and (3) the UK Extension with regard to the processing of personal data received from the UK in reliance on the UK Extension. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Swiss-U.S. DPF Principles or the UK Extension, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In cases of onward transfer of personal information to third parties of data of EU, Swiss and UK individuals received pursuant to the EU-U.S. DPF, the Swiss-U.S DPF and the UK Extension, and in a manner inconsistent with the DPF Principals, SureDash Inc will remain liable.
Complaints and Arbitration
If you feel or believe that your personal data rights were harmed in any way, you may contact our data protection officer at [email protected] and lodge a complaint. Such complaints shall include how and why you believe your personal data rights were harmed, and the required evidence. Our data protection officer will respond to most complaints within 14 days and shall offer the required remedies.
We will resolve all complaints according to applicable regulations. We also agree to resolve all complaints and deal with disputes with the local data protection authorities.
In compliance with the EU-U.S. DPF, the Swiss-U.S. DPF, and the UK Extension, we commit to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the Swiss-U.S. DPF and the UK Extension to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
As a last resort, and in limited situations, EU, Swiss, and UK individuals may invoke binding arbitration from the E.U.-U.S. DPF Panel for complaints regarding DPF compliance not resolved by any of the DPF Mechanisms: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
Merger, Transfer of Ownership
We may, in the future, merge, sell our operation or transfer the operation of the service to a third party. In such an event, the data would be used in accordance with the then relevant privacy policy, where no change shall have retroactive effect.
Updates to the Privacy Policy
We reserve the right to amend this Privacy Policy at any time; we will provide you with updates on any change, and such updates shall not have a retroactive effect.