Buyapowa Limited (“Buyapowa”)

Unit F, 11 Bell Yard Mews,
London
SE1 3TN
United Kingdom

Company Number 07574698

Date: 01.10.2024

Contents

1. INTRODUCTION 
2. WHAT DATA DO WE PROCESS IN ORDER TO PROVIDE THE PLATFORM?
3. HOW WE USE YOUR PERSONAL DATA
4. DATA PROTECTION RIGHTS
5. YOUR DATA AND THIRD PARTIES
6. HOW LONG WILL WE PROCESS YOUR DATA?
7. COOKIES
8. INTERNATIONAL DATA TRANSFERS
9. NOTIFICATION OF CHANGES AND ACCEPTANCE OF POLICY

Note: This privacy policy applies to our platform. For information regarding our public-facing website, please refer to our website privacy policy.

1. INTRODUCTION

1.1 Important information and who we are

Welcome to Buyapowa’s Platform Privacy Policy (“Platform Privacy Policy”).

At Buyapowa (“we”, “us”, or “our”) we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and all other relevant and applicable laws and regulations of the United Kingdom.

This Privacy Policy applies to personal data processed by us during your use of our platform. For information pertaining to the Buyapowa website, please refer to our website privacy policy.

1.1 Data Processor & Controller

Buyapowa acts as a processor regarding your client personal data. As your Data Processor under the UK and EU GDPR, and a Service Provider under the California Consumer Privacy Act (CCPA), Buyapowa’s customers are the Data Controllers under GDPR. This policy describes how Buyapowa processes personal data for the purpose of providing the referral service and associated platform. 

Any inquiries about your data should be sent to the above email. It can also be sent directly to the company, if you prefer, in a letter to the listed address. We cannot guarantee prompt responses if physical mail is your chosen method of communication.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance if possible.

1.2 Buyapowa’s Responsibility As Data Processor

While managing our responsibilities as a Data Processor, we have third party providers who will deal with your data on our behalf (known as “Subprocessors”). The responsibilities described below encompass our responsibilities as Processor, and are passed onto our Subprocessors. Buyapowa, and our Subprocessors, has the following responsibilities:

• comply with the requirements of the Services Agreement and associated Data Processing Agreement in the provision of services to the Controller; 
• process and use the data only to the extent strictly necessary to perform its obligations or as otherwise provided under the Services Agreement and associated Data Processing Agreement;
• only disclose data to our employees and personnel that have a need to access the data, and guarantee that all such employees and personnel are bound by a confidentiality agreement; 
• take all reasonable steps to ensure the reliability of all our employees and personnel who have access to the data; 
• implement, maintain and at all times operate adequate and appropriate technical and organisational measures to
  • (i) protect the security, confidentiality, integrity and availability of the data, and;  
  • (ii) protect against unauthorised or unlawful processing of the data and against accidental loss, destruction or the making vulnerable of, or damage to, the data; such measures shall, at a minimum, meet  a. the requirements of the UK GDPR or b. the standards required by all applicable accepted industry practices; 
• comply with our obligations under any applicable data protection law, and take such steps as are requested by Data Controller to enable the Data Controller to comply with the Data Controller’s obligations under any applicable data protection law; 
• provide evidence to the Data Controller on request of the technical and organisational measures the Data Processor has taken to comply with its obligations;
• provide assistance with Data Subject Access Requests, where possible and reasonable;
• provide assistance and notice regarding data breaches.

2. WHAT DATA DO WE PROCESS IN ORDER TO PROVIDE THE PLATFORM?

2.1 Types of Data / Privacy Policy Scope

“Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We collect, use, store and transfer different kinds of Personal Data about you which we have grouped together below. Not all of the following types of data will necessarily be collected from you, but this is the full scope of data that we collect and when we collect it from you:

• Employee access data: This covers any data used by your employees to access the Buyapowa platform. This can include their name, email address, associated company, phone number, and any information included in your profile.
• Your customer data: This includes any personal data of your customers that you or they submit to the Buyapowa platform. 
• Marketing and Communications Data: This is your preferences in receiving marketing information and other information from us for our marketing newsletters. You can sign up via the ‘book a demo’ form. Data includes your name & email address.
• Technical Data: This is your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to engage with us. This is used for the purpose of analytics, with your consent, as well as to improve site functionality.

Buyapowa will not collect any special categories of Personal Data according to the UK GDPR via the platform.

Buyapowa will access and use your personal data as Processor only for the purposes for which you have submitted it to us to (a) make available to you the platform, and (b) maintain the operations and security of the website and services we provide to you. We will not use your personal information for any other purposes, for example for the communication of marketing materials, unless we have your specific consent that permits us to do so.

3. HOW WE USE YOUR PERSONAL DATA

3.1 Sources of Data

We obtain data relating to you directly from you, when signing up for your platform account. Data we process on your behalf relating to your customers is provided by you, the client, to Buyapowa, and directly via the platform. 

3.2 Recipients, or Categories of Recipients, of the Personal Data (Subprocessors)

When processing your data, we work with service providers who have access to your data. They are identified as Subprocessors under the EU and UK GDPR.

The categories of recipients are as follows: 

• software companies that enable us to provide our services, help us to improve them and/or serve us for marketing purposes (for example, to send newsletters, emails, manage customer contacts or applications); 
• public bodies and administrations to the extent that we are legally obliged to do so; 
• payment service providers; 
• hosting providers; 

For the purposes of fulfilling the contract, we may also disclose your personal data to anyone to whom we assign rights arising from the contractual relationship with you. In these instances, you will be directly informed.

3.3 Marketing and Content Updates

You will receive marketing and new content communications from us if you opt into receiving those communications and provide valid consent. We also occasionally make suggestions and recommendations to you about goods or services that may be of interest to you as an existing client, but only if we have a reasonable expectation that you would benefit from or be interested in these services in line with the PECR. The lawful basis for this processing is legitimate interest, and a complementary legitimate interest assessment will be conducted when required.

3.4 Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the Lawful basis which allows us to do so.

Please note that we can occasionally process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. DATA PROTECTION RIGHTS

As Data Controllers, Buyapowa’s customers are responsible for disclosing the rights of individuals (“Data Subjects”) with respect to their Personal Data and other information regarding the collection and use of that Personal Data, in accordance with the GDPR, CCPA, and other laws requiring such disclosures.  

As a data subject under the UK GDPR, your clients have the right in law to:

• Information, in accordance with Art. 15 UK GDPR,
• Rectification, in accordance with Art. 16 UK GDPR,
• Data erasure (“right to be forgotten”), in accordance with Art. 17 UK GDPR, 
• Limitation of processing, pursuant to Art. 18 UK GDPR, 
• Data portability, according to Art. 20 UK GDPR and/or 
• Objection to the processing, pursuant to Art. 21 UK GDPR.

Your clients will have to submit these requests to you, the Data Controller, to exercise these rights. Buyapowa will be able to assist you in fulfilling these requests by providing you with relevant data where possible. Further information can be found in our Data Processing Agreement.

4.1 How Does Buyapowa Protect Our Customer’s Personal Data?

We are concerned with keeping your data secure and protecting it from inappropriate disclosure. Any Personal Data collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. When we use subcontractors to store your data, we will not relinquish control of your Personal Data or expose it to security risks that would not have arisen had the data remained in our possession. 

However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under the control of Buyapowa to intercept or access transmissions or private communications unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us at help@buyapowa.positivedesign.dev.

4.2 Opting Out Of Marketing Promotions

You can ask us to stop sending you marketing messages at any time by unsubscribing.

Where you opt out of receiving these marketing messages, we will continue to retain other Personal Data provided to us as a result of interactions with us not related to your marketing preferences.

5. YOUR DATA AND THIRD PARTIES

5.1 Will We Share Your Data With Third Parties?

We share your Personal Data with Subprocessors when necessary and with your consent. The sub-contractors are also subject to our confidentiality obligations to use it only for the purposes for which we disclose it to them and pursuant to our instructions. See section 3.2 for more information on which recipients we use.

We may also share Personal Data with interested parties in the event that Buyapowa anticipates a change in control or the acquisition of all or part of our business or assets or with interested parties in connection with the licensing of our technology.

If Buyapowa is sold or makes a sale or transfer, we may, in our sole discretion, transfer, sell or assign your Personal Data to a third party as part of or in connection with that transaction. Prior to such transfer, you will be provided with the appropriate Article 13/14 notice, and if consent is the lawful basis for processing your data we will contact you to renew this consent. In all other situations your data will remain protected in accordance with this Privacy Policy.

We may share your Personal Data at any time if required as a result of a legal obligation. In this instance, you will be informed.

6. HOW LONG WILL WE PROCESS YOUR DATA?

We process your personal data for as long as the contractual relationship with you exists, plus whatever length is prescribed in case of a legal issue post-contract termination. Buyapowa maintains a retention policy and schedule to ensure that data is not kept longer than is necessary.

In addition, data may be stored beyond the outlined periods in certain rare circumstances where data must be kept in order to exercise legal rights or to comply with other legal obligations. In these cases, the data is deleted when a storage or retention period prescribed by law expires. 

7. COOKIES

This Company website uses cookies to record log data. We use both session-based and persistent cookies, dependent upon how you use or interact with this website.

Cookies are small text files sent by us to your computer, and from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser session. Persistent cookies last until you or your browser delete them, or until they expire.

We use cookies which are not specific to your account but are unique and allow us to undertake website analytics and customization, among other similar things. If you decide to disable some or all cookies, you may not be able to use some of the functions on our website. We use third-party cookies, for example Google Analytics, and you may choose to opt-out of third party cookies by visiting their website.

Please view our cookies page for further information.

8. INTERNATIONAL DATA TRANSFERS

There is a transfer of data to third countries outside of the United Kingdom and European Union. Information we process may be transferred to Subprocessors in the United States or other third countries. Some third countries, such as the United States, have not currently received an adequacy decision from the European Union or UK under Article 45 of the UK GDPR. As defined in our Data Processing Agreements, Buyapowa as Processor passes on any Processor obligations to our Subprocessors. We rely on the rules set out in Article 49 of the GDPR or, where applicable, on safeguards pursuant to Article 46 of the UK GDPR.

We, and our Subprocessors, apply appropriate measures to protect the privacy and security of your personal data. For this reason, we only process your personal data in accordance with the practices described in our Privacy Policy.

9. NOTIFICATION OF CHANGES AND ACCEPTANCE OF POLICY

We keep our Privacy Policy under review and will place any updates on this webpage. If we are obliged to inform you of drastic changes, you will receive an email detailing these changes. For contact information, please refer to section 1.1 of this policy.

Date: 1st October, 2024