23 min article

Privacy Policy

This Privacy Policy is effective from 11 March 2020. See the previous version of this Privacy Policy.

In this Privacy Policy:
1.

General  

1.1 This privacy policy (“Privacy Policy”) governs your access to and use of the Platform and Trepup Services, and should be read in conjunction and together with the Terms of Use and the Policies. For the purposes of this Privacy Policy, all capitalized terms not otherwise defined herein shall have the meanings ascribed to them as set forth in the Terms of Use and the Trepup Glossary.

1.2All references in this Privacy Policy to the singular shall include the plural (and vice versa) where applicable, and any gender form shall include all others.

1.3Your privacy is important to Trepup. We strive to take reasonable care to protect the information we receive from you and to abide by applicable data and privacy protection laws and regulations. Trepup complies with the General Data Protection Regulation (EU) 2016/679 (hereinafter the “GDPR”), which sets guidelines for the collection and processing of personal information from individuals. We have therefore established and created this Privacy Policy to inform you about the type of personal information we collect from you, how we use it and what options you have to limit our use of the personal data related to you (“Personal Data”).

1.4When you create your User Account, we will ask for your consent to allow us to collect, store, disclose, process, deal with or transfer such Personal Data in the manner and for the purposes mentioned in the Policies. You may withdraw your consent at any time. For further details, refer to Section 9.1 of this Privacy Policy.

1.5By accessing or using the Platform or by otherwise giving us your information, you will be deemed to have the capacity to enter into a legally binding contract as per the jurisdiction from which you are accessing the Platform. You will consequently be deemed to have read, understood and agreed to the practices and policies outlined in this Privacy Policy and agree to be bound by its terms.

2.

How do we collect Personal Data?  

2.1

When you give it to us or give us permission to obtain it

(a)When you use or sign up for Trepup, you voluntarily give us certain Personal Data such as your name, email address and password. You can update this Personal Data anytime by logging in to your User Account.

(b)You may also choose to give us permission to access your Personal Data from other services. For example, you may link your Facebook or Google account to Trepup, which allows us to obtain Personal Data from those accounts. The Personal Data we obtain from these services (for example, your contact details) often depends on your settings or their privacy policies, so be sure to check them before you link other accounts. Providing any Personal Data to us via a social media platform is beyond our control and made at your own risk as such platforms are hosted by third parties.

(c)If you create a Seller Account on Trepup, we may collect your business-related information such as the nature of business and other related details, in addition to the information indicated above.

2.2

When you use Trepup Services

Whenever you use any website, mobile application or other Internet service, there is generally certain Personal Data that gets created and recorded automatically. Similarly, when you access or use the Platform, some Personal Data may get created or recorded automatically. Here are some of the types of Personal Data that we collect:

(a)

Log data

While accessing or using the Platform, our servers automatically record Personal Data, including Personal Data that your browser sends whenever you visit a website. This log data may include your IP address, browser type and settings, operating system, the referring web page, pages visited, location, search terms and cookie data.

(b)

Cookie data

Depending on how you access Trepup, we may use “cookies” (a small text file sent by your device each time you visit the Platform, unique to your User Account or browser) or similar technologies, such as Web Beacons or pixels, to record log data, analyze trends, gather demographic information or track navigation through our website. For further details, refer to the Cookies Policy.

(c)

Device information

In addition to log data, we may also collect information about the device on which you are using Trepup. The device information will include Personal Data such as type of device, operating system, device settings, unique device identifiers and crash data. This helps us make sure that our website displays and functions correctly on your device. Whether we collect some or all of this device information, including Personal Data, often depends on what type of device you are using and its settings. For example, different types of device information and Personal Data are available depending on whether you are using a Mac or a personal computer (PC). To learn more about what device information and Personal Data your device makes available to us, check the policies of your device manufacturer or software provider.

(d)

Email information

By using Trepmail, we may further receive access to the data you provide if you create an email and add a mailing distribution list (“Distribution List”) with recipients (“Contacts”). Such a Distribution List may be created by importing your Contacts. The Distribution List is stored on a secure server of Trepup and only authorized employees have access to it. We will solely use and disclose the Personal Data provided in a Distribution List as set out in this Privacy Policy. We may share the Distribution List with anti-spam organizations, if we detect illegal or abusive behavior. For further details, refer to the Email Marketing Policy.

(e)

Web Beacons

We include Web Beacons on our website and in the emails we send. For further details, refer to the Cookies Policy.

(f)

FTF links

If one of your Contacts uses the Forward to a Friend (FTF) link in an email you send, your email content may be shared with people that are not in your Distribution List. We do not keep records of your Contacts' friend's email addresses, and do not add anyone to any Distribution List as a result of the FTF link if a Contact forwards an email to a friend. Users only see the total amount of times their Contacts forwarded their email and cannot access the email addresses that were used to share or receive the forwarded content.

(g)

Other sources

In order to develop Trepup Services, we may search through the Internet to receive further information concerning you or your Contacts, such as name, email address, location, IP addresses, demographic information and use of social media websites.

3.

What type of Personal Data do we collect?  

3.1

We do not have any direct relationship with your Contacts or other people you provide us Personal Data with by using Trepmail. Therefore, it is your sole responsibility to obtain the explicit consent of your Contacts for us to collect and process information in accordance with applicable laws and regulations. Trepup takes no responsibility and assumes no liability for any unlawful use of Trepmail. If a Contact no longer wishes to be contacted, he or she can directly unsubscribe from the Distribution List uploaded by the User or ask the User to update or delete him or her from the Distribution List.

3.2

Some other types of information that we may collect about you are as follows:

(a)

Demographic information

We may collect information that is not unique to you and refers to selected population characteristics, including age, gender, location and occupation.

(b)

Behavioral information

In addition to log data, we may collect information about how the Platform is being used, including usage statistics, traffic data, access times and locations, your previous order details, such as the pricing and transaction information, and payment and browsing history.

(c)

Indirect information

Your use of certain third-party websites and applications require us to collect such information as is considered necessary for that purpose.

(d)

Customer support data

We may collect your information when you contact us through (i) email or other means/tools available on the Platform; or (ii) telephone, including interactive voice response (IVR) channels or SMS (short message service) for requesting support in relation to the Platform and Trepup Services. This includes the following: (i) information solicited by our support staff to validate your User Account and identity; (ii) record of communication between you and our support staff, which may be used for monitoring and quality improvement; (iii) response to a query or comment about the Platform, Trepup Services, Products or Services; and (iv) for the purpose of reinstatement of accounts blocked or suspended by us on any ground in accordance with the Policies.

(e)

Sensitive personal data or information

You will also be required to provide your financial information such as your bank account details for the purposes of facilitating transactions on the Platform and debiting your account with any fees pursuant to the use of Trepup Services. Other information that we collect and process may include your credit/debit card details that you have saved on the Platform for expediting your checkout.

3.3

While we may collect log data, cookie data, device information, demographic information, behavioral information and indirect information when you access or use the Platform, we collect User Account information, email information, customer support data and sensitive personal data or information (SPDI) directly from you.

3.4

All User Account information and SPDI is provided by you to us voluntarily. By providing us your account information and SPDI, you provide your express consent to us to collect, store, process, transfer and disclose to third parties your account information and SPDI in accordance with the terms of this Privacy Policy.

3.5

You may choose to not provide us with any or all information included under your settings and SPDI, but in the event that you do so, we will be unable to provide you with some Trepup Services.

4.

How do we use the Personal Data we collect and on what basis?  

4.1

We use the Personal Data we collect to provide Trepup Services to you and make them more effective, develop new Products and Services, and protect Trepup and our Users. For example, we may compare how different Trepup pages perform using a random sample of Users, which helps us understand which page is better.

4.2

We also analyze the Personal Data we collect to provide you customized content, including:

(a)

Suggesting sellers that you may like to follow. For example, if you have indicated that you are interested in women’s fashion or have visited web pages about clothing brands that have Trepup features, we may suggest clothing, accessories and jewelry-related sellers that we think you may like to follow; and

(b)

Suggesting Trepup Services or tools that you may be interested in.

4.3

We may also use the Personal Data we collect to:

(a)

Send you updates about activities on Trepup, emails, promotional materials and other information that may be of interest to you. For example, depending on your notification settings, we may send you periodic updates that include topics you may like. You will always have an option to stop getting these updates or unsubscribe from getting any emails or other notifications by updating your settings or by following the procedures we may provide;

(b)

Help your friends find you on Trepup. For example, if you sign up using your Facebook account, we may help your Facebook friends find your User Account when they first sign up for Trepup. We may also allow people to search for your User Account on Trepup using your email address;

(c)

Respond to your questions or comments;

(d)

Send you emails, invoices and further notifications concerning billing and collecting money as a result of using the Platform and Trepup Services;

(e)

Send you system notifications such as version updates, warnings or changes in the Policies; and

(f)

Communicate with you in any other context, including, but not limited to, providing customer support, meeting legal requirements or enforcing compliance with the Policies.

4.4

We may also use Personal Data for the following purposes:

(a)

To operate and improve the Platform to foster a positive user experience and to improve our business as a whole;

(b)

To analyze data, track trends, build algorithms and create databases for rating systems and recommendation engines;

(c)

To carry out research activities;

(d)

To carry out non-targeting activities such as frequency capping, compliance, billing, ad reporting or delivery, market research or product development purposes;

(e)

To conduct audits and quality assessment procedures for the Platform and Trepup Services;

(f)

To analyze the use of our resources, troubleshooting problems and improving the Platform and Trepup Services;

(g)

To investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of the Terms of Use, the Policies, or as otherwise required by law or initiate any legal proceedings against you in relation to the foregoing;

(h)

To respond to any queries that you may have and to communicate information to you, including notifications of any promotions or alerts and any updates to the Platform; and

(i)

To contact you from time to time to record your feedback on the Platform and Trepup Services, as they currently stand, and/or other Trepup Services that may be offered in the future.

4.5

We process Personal Data for the following purposes:

(a)

To perform the contract that we have entered into with or to carry out precontractual measures that occur as part of your request;

(b)

For the establishment, exercise or defense of legal claims or proceedings;

(c)

To comply with legal and regulatory obligations;

(d)

For legitimate interests, including the interests set out above; and

(e)

Based on consent.

4.6

The Personal Data we collect is “personally identifiable” (i.e., it can be used to specifically identify you as a unique person). We may also collect or process “non-personally identifiable” data (i.e., it cannot be used to specifically identify you or identify you only in combination with other pieces of information). We use both types of data and combinations. We may use, transfer or store Personal Data wherever Trepup does business, including countries outside your own and with third parties on their servers on our behalf, but always in accordance with this Privacy Policy or other applicable laws or regulations.

5.

What options do you have about your Personal Data?  

5.1

Our aim is to give you simple options so that you can exercise control over your Personal Data. If you have a User Account, many of the options you have on Trepup are built directly into the Platform or your settings.

5.2

Scope of your Personal Data

Certain actions you may take with respect to your Personal Data:

(a)

Change or remove Personal Data on your profile at any time;

(b)

Link or delink your User Account from an account on another service (e.g., Facebook and Google); and

(c)

You may also have options available to you through the device or software you use to access Trepup. For example, the browser you use may provide you with the ability to control cookies or other types of local data storage. To learn more about your options, check the policies for Personal Data provided by the device manufacturer or software provider.

5.3

Deactivation or closing of your User Account

(a)

You can deactivate your User Account at any time by visiting your settings and clicking “Deactivate account”. After deactivating your User Account, you can always request to reactivate or close your User Account. If you want to close your User Account and delete your Personal Data, then click “Close account” in your settings. We will delete your Personal Data from our systems within a maximum period of 180 calendar days unless we are obliged to retain archived copies of your Personal Data as required by law or for legitimate business purposes, including helping address fraud and Spam. For further details, refer to Section 9.3 of this Privacy Policy. Please note that closing your User Account and deleting your Personal Data cannot be revoked.

(b)

You should be aware that some of the Personal Data that may have been shared on third-party websites may still continue to be available as we do not have control over these websites. Your Personal Data may also appear in online searches. Other Personal Data that you have shared with others, or that other Users have copied, may also remain visible. You should only share Personal Data with people that you trust because they will be able to save it or reshare it with others, including when they sync the Personal Data to a device.

5.4

Further rights to your Personal Data

You may further amend your preferences concerning your Personal Data rights as specified in Section 9 of this Privacy Policy.

6.

How do we share your Personal Data?  

6.1

Depending on your usage of the Platform and Trepup Services, your Personal Data may be visible to others. For example, when you create your profile on Trepup, anyone can view it and access your Personal Data.

6.2

In addition, if you are following a seller, such seller may communicate with you using Trepmail and send you publications, alerts, updates, invitations and other information by email. If required by law, we will ask for consent first, before activating Trepmail.

6.3

Trepup does not disclose, nor does it sell your Personal Data to third parties. Limited instances where we may share your Personal Data are:

(a)

When you give us your consent. For example, if you sign up for or log in to Trepup with other services such as Facebook and Google, or publish your activity on Trepup to them, then you agree to share Personal Data with such services;

(b)

To comply with a law, regulation or legal request;

(c)

To protect the safety, rights or property of the public, any seller or person, or Trepup;

(d)

To detect, prevent or otherwise address fraud, security or technical issues;

(e)

To third parties who are authorized by us to perform functions on our behalf, including, but not limited to, those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies, payment gateway service providers, data centers and auditors; and

(f)

If Trepup were to engage in a merger, acquisition, reorganization, bankruptcy, dissolution or similar transaction or proceeding that involves the transfer of the Personal Data described in this Privacy Policy.

7.

How do we protect your Personal Data?  

7.1

In order to protect your Personal Data in line with the applicable data and privacy protection laws and regulations, we have implemented all appropriate technical and organizational measures as required under the GDPR.

7.2

Technical measures

We use industry-leading technology to keep your Personal Data safe. Here are some steps we take to protect your Personal Data:

(a)

We automatically encrypt your confidential Personal Data in transit from your computer to ours using Transport Layer Security (TLS) version 1.3, a security protocol designed to facilitate privacy and data security for communications over the Internet. TLS uses symmetric and asymmetric cryptography for protecting User information such as logins, passwords, credit card numbers and personal correspondence.

(b)

Once you provide us your Personal Data, it resides on a server that is heavily guarded both physically and electronically. Trepup servers sit behind an electronic firewall and are not directly connected to the Internet, so your private Personal Data is available only to authorized computers.

(c)

To enhance security, we use process automation to analyze account activity for fraudulent or anomalous behavior, limit use of our website in response to signs of abuse, remove inappropriate User Content or links to illegal content, and suspend or disable accounts for any security violations.

7.3

Organizational measures

We maintain records of Personal Data and on processing activities for as long as required by law. We will notify the relevant supervisory authority within 72 hours after becoming aware of a Personal Data breach where it is likely to result in a risk to the rights and freedoms of individuals.

8.

How can you protect your Personal Data?  

8.1

We do our best to keep your Personal Data safe, but we cannot guarantee that your Personal Data will be 100% safe. We, however, request that you cooperate with us in protecting your Personal Data and comply with the following personal security measures:

(a)

Do not give third parties access to your computer or other devices when you access Trepup;

(b)

Keep your login credentials, including access code and passwords for your computer or other devices, as well as your Trepup login credentials, confidential;

(c)

Permanently update your antivirus software when requested by your antivirus software provider; and

(d)

Do not send any confidential information by using the Platform and Trepup Services. When you use Trepmail, your email bounces from one server to another as it crosses the Internet. In the course of this process, server administrators can review what you have sent.

8.2

You agree that the security measures adopted by us are reasonable to protect your Personal Data. We disclaim any liability as a result of any breach of security or unintended loss or disclosure of your Personal Data.

8.3

We can only keep your Personal Data up to date and accurate to the extent you provide us with the necessary information. It is your responsibility to notify us of any changes in your Personal Data.

9.

Your rights concerning your Personal Data  

9.1

Your consent

(a)

At any time, you may give or withdraw your consent to us for collecting and processing your Personal Data in the manner and for the purposes mentioned in the Policies. We will ask for your consent when you create your User Account and in other cases if required by law. You may withdraw or limit your consent at any time by changing your settings or by directly contacting us. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your Personal Data to the extent required or permitted by law.

(b)

Your withdrawal of consent or deletion of your User Account may result in us not being able to provide you with Trepup Services or terminate any existing relationship that we may have with you.

(c)

You may also object to any processing of your Personal Data. Please inform us about the reason for your objection, and we will review whether and to which extent we will restrict or stop the future processing of your Personal Data in accordance with applicable law. We will inform you accordingly, if we decide to lift a restriction or objection to processing.

9.2

Information about and access to your Personal Data

(a)

You are always entitled to request confirmation or information about whether, where and for what purpose your Personal Data is being processed, and you may access your Personal Data without limitations. If you require, we will provide you with a copy of your Personal Data in a commonly used electronic format, free of charge. You may reuse your Personal Data also for your own purposes across other services.

(b)

If you become aware that your Personal Data is incomplete or inaccurate, you can rectify or change it at any time in your settings. Please note that it is your responsibility to keep your Personal Data complete, accurate and up to date.

9.3

Deletion of your Personal Data

If you choose to close your User Account or request us to delete your Personal Data, we will delete your Personal Data within a maximum period of 180 calendar days unless retention obligations apply. For example, we will retain your Personal Data for the exercise or defense of legal claims, to comply with legal obligations, or to perform requests of official authorities or for archiving purposes in the public interest. For further details, refer to Section 5.3 of this Privacy Policy.

9.4

Breach notification

We will inform you immediately if a data security incident occurs, which is likely to result in a high risk to your rights and freedoms. If due to certain data security incidents Article 33 of the GDPR requires notification of a data protection supervisory authority, we will inform the competent authority within 72 hours about the incident.

10.

Transfer of Personal Data outside the European Union  

We will only transfer your Personal Data outside the European Union in compliance with applicable data and privacy protection laws and regulations. Such transfers may be made with your prior informed consent or where an adequate level of protection is ensured, or in other circumstances making the transfer necessary, such as in terms of the performance of a contract made in your interest, for important reasons of public interest or for the defense, exercise or establishment of legal claims.

11.

Data provided on Third-Party Links  

11.1

The Platform may include hyperlinks to various external websites, and may also include advertisements, and hyperlinks to applications, content or resources (“Third-Party Links”). We have no control over such Third-Party Links present on the Platform, which are provided by persons or companies other than us. You acknowledge and agree that we are not responsible for any collection or disclosure of your information by any external sites, applications, companies or persons thereof. The presence of any Third-Party Links on the Platform cannot be construed as a recommendation, endorsement or solicitation of any material or content on such Third-Party Links, or any other material on or available via such Third-Party Links.

11.2

You further acknowledge and agree that we are not liable for any loss or damage which may be incurred by you as a result of the collection and/or disclosure of your information via Third-Party Links, as a result of any reliance placed by you on the completeness, accuracy or existence of any advertising, products, services, or other materials on, or available via such Third-Party Links. This will include all transactions and information transmitted between you and any such third-party sites, applications or resources. All such transactions will be strictly between you and the third-party sites, applications or resources. We shall not be liable for any disputes arising from or in connection with such transactions between you and the aforementioned third parties.

11.3

Such third-party websites, and external applications or resources, accessible via the Third-Party Links may have their own privacy policies governing the collection, storage, retention and disclosure of your information that you may be subject to. We recommend that you exercise reasonable diligence, as you would in traditional offline channels and practice judgment and common sense before committing to any transaction or exchange of information, including but not limited to reviewing the third-party website or application’s privacy policy.

12.

Children’s privacy  

The Platform, Trepup Services, and Products and Services made available on the Platform are not intended for use by children. We do not knowingly collect Personal Data from Users who are less than 18 years of age. Upon discovery of any Personal Data of any children, we shall purge such Personal Data in accordance with applicable law. If you become aware of any minors having a User Account or listing their information on the Platform, then notify us at the address provided below.

13.

How are changes to this Privacy Policy made?  

We may update this Privacy Policy from time to time, and if we do, we will post any changes on this page. If we believe that a revision is material, we may notify you. We further reserve the right to determine the most appropriate manner of providing notifications to you, and you agree to receive notices electronically if we so choose. You are advised to review this Privacy Policy periodically. Your continued access or use of the Platform and Trepup Services once a revision becomes effective will mean that you accept the revised policy and agree to be bound by such policy. If you do not agree to the revised policy, then stop accessing or using the Platform and Trepup Services and providing your information to us.

14.

Contact us  

If you have any additional questions or require further clarification regarding this Privacy Policy or any of the Policies, please contact us at any time using the details below.

Trepup.com AG Attn: Legal Operations Dorfstrasse 16 6341 Baar Switzerland Email: legal@trepup.com

Previous Privacy Policy

This Privacy Policy was effective until 10 March 2020.

1.

General

This Privacy Policy forms an integral part of Trepup's (hereafter "Trepup", "we" or "us") policies which govern your access to and use of Trepup's products, including without limitation the use of the content on Trepup's website, products and services (collectively the "Products", each a "Product").

The use of our Products is also subject to the Terms of Use and other policies (collectively the "Policies"). By using our Products, you (hereafter "User" or "you") agree to use them in accordance with the Policies.

Please go through this Privacy Policy in detail, and contact us if you have any questions or require any clarifications.

Your privacy is important to Trepup. We strive to take reasonable care to protect the information we receive from you and to abide by applicable data and privacy protection laws and regulations. Trepup complies with the General Data Protection Regulation (EU) 2016/679 (hereinafter the "GDPR"), which sets guidelines for the collection and processing of personal information from individuals. We have therefore established and created this Privacy Policy to inform you about the type of personal information we collect from you, how we use it and what options you have to limit our use of the personal data related to you ("Personal Data").

When you create your Trepup account ("User Account"), we will ask for your consent to allow us to collect, store, disclose, process, deal with or transfer such Personal Data in the manner and for the purposes mentioned in the Policies. You may withdraw your consent at any time (for further details, refer to Section 8.1 of this Privacy Policy).

2.

What type of Personal Data do we collect?

We collect Personal Data in two ways:

2.1

When you give it to us or give us permission to obtain it

When you use or sign up for Trepup, you voluntarily give us certain Personal Data such as your name, email address and password. You can update this Personal Data anytime by logging in to your User Account.

You may also choose to give us permission to access your Personal Data in other services. For example, you may link your Facebook and Google account to Trepup, which allows us to obtain Personal Data from those accounts. The Personal Data we obtain from these services (e.g., your contact details) often depends on your settings or their privacy policies, so be sure to check them before you link other accounts. Providing any Personal Data to us via a social media platform is beyond our control and made at your own risk as such platforms are hosted by third parties.

2.2

We also get Personal Data when you use our services

Whenever you use any website, mobile application or other Internet service, there is generally certain Personal Data that gets created and recorded automatically. The same applies when you use Trepup. Here are some of the types of Personal Data we collect:

(a)

Log data

While using Trepup, our servers automatically record Personal Data, including Personal Data that your browser sends whenever you visit a website. This log data may include your IP address, browser type and settings, operating system, the referring web page, pages visited, location, search terms and cookie data.

(b)

Cookie data

Depending on how you access Trepup, we may use "cookies" (a small text file sent by your computer each time you visit our website, unique to your User Account or browser) or similar technologies, such as web beacons or pixels, to record log data, analyze trends, gather demographic information or track navigation through our website. When we use cookies, we may use “session” cookies (that last until you close your browser) or “persistent” cookies (that last until you or your browser delete them). For example, we may use cookies to store your Trepup settings, so you do not have to set them up every time you visit Trepup. Some of the cookies we use are associated with your User Account (including Personal Data about you, such as the email address you gave us) and other cookies are not. You may disable or restrict cookies using your browser’s security settings, but that may impact your experience of using Trepup.

(c)

Device information

In addition to log data, we may also collect information about the device on which you are using Trepup. The device information will include Personal Data such as type of device, operating system, device settings, unique device identifiers and crash data. This helps us make sure that our website displays and functions correctly on your device. Whether we collect some or all of this device information, including Personal Data, often depends on what type of device you are using and its settings. For example, different types of device information and Personal Data are available depending on whether you are using a Mac or a personal computer (PC). To learn more about what device information and Personal Data your device makes available to us, please check the policies of your device manufacturer or software provider.

(d)

Email information

By using our email marketing service (hereafter "Trepmail"), we may further receive access to the data you provide if you create an email and add a mailing distribution list ("Distribution List") with recipients (your "Contacts"). Such a Distribution List may be created by importing your Contacts (for further details, refer to Section 3 of the Email Marketing Policy). The Distribution List is stored on a secure server of Trepup and only authorized employees have access to it. We will solely use and disclose the Personal Information provided in a Distribution List as set out in this Privacy Policy. We will only contact someone on the Distribution List if he or she directly gets in touch with us. We may further share the Distribution List, e.g., with anti-spam organizations, if we detect illegal or abusive behavior.

(e)

Web Beacons

We include web beacons on our website and in the emails we send. Web beacons allow us to monitor behavior by collecting information such as who is reading a web page or email, when and from which computer. They can also be used to see if an email was read or forwarded to someone else, or if a web page was copied to another website. This helps us to improve our Products for our users and to measure the performance of Trepmail. We use such collected data from web beacons to generate reports concerning the performance of your emails and the actions of your Contacts. When we send you an email, reports are also available to us, so that we can gather and verify that information.

(f)

FTF links

If one of your Contacts uses the Forward to a Friend (FTF) link in an email you send, your email content may be shared with individuals that are not on your Distribution List. We do not keep records of your Contacts' or their friend's email address, and do not add anyone to any Distribution List as a result of the FTF if a Contact forwards an email to a friend. Users only see the total amount of times their Contacts forwarded their email and cannot access the email addresses that were used to share or receive the forwarded content.

(g)

Other sources

In order to develop our products, we may search through the Internet to receive further information concerning you or your Contacts, such as IP addresses, demographic information, location, email address, name and use of social media websites.

We do not have any direct relationship with your Contacts or other individuals you provide us Personal Data with by using Trepmail. Therefore, it is your sole responsibility to obtain the explicit consent of your Contacts for us to collect and process information in accordance with applicable laws and regulations. Trepup takes no responsibility and assumes no liability for any unlawful use of Trepmail. If a Contact no longer wishes to be contacted, he or she can directly unsubscribe from the User Distribution List or ask the User to update or delete him or her from the Distribution List.

3.

How do we use the Personal Data we collect and on what basis?

3.1 We use the Personal Data we collect to provide our services to you and make them more effective, develop new products and services, and protect Trepup and our users. For example, we may compare how different Trepup pages perform using a random sample of users, which helps us understand which page is better.

3.2

We also analyze the Personal Data we collect to provide you customized content, including:

(a)

Suggesting businesses that you may like to follow. For example, if you have indicated that you are interested in women’s fashion or have visited web pages about top brands that have Trepup features, we may suggest apparel, fashion and luxury-related businesses that we think you may like to follow.

(b)

Suggesting services or tools that you may be interested in.

3.3

We may also use the Personal Data we collect to:

(a)

Send you updates about activities on Trepup, emails, promotional materials and other information that may be of interest to you. For example, depending on your notification settings, we may send you periodic updates that include topics you may like. You will always have an option to stop getting these updates or unsubscribe from getting any emails or other notifications by updating your settings or by following the procedures we may provide.

(b)

Help your friends find you on Trepup. For example, if you sign up using your Facebook account, we may help your Facebook friends find your User Account when they first sign up for Trepup. We may also allow people to search for your User Account on Trepup using your email address.

(c)

Respond to your questions or comments.

(d)

Send you emails, invoices and further notifications concerning billing and collecting money as a result of using our Products.

(e)

Send you system notifications such as version updates, warnings or changes in the Policies.

(f)

Communicate with you in any other context, including, but not limited to, providing customer support, meeting legal requirements or enforcing compliance with the Policies.

3.4

We process Personal Data for these purposes on the following basis:

(a)

To perform the contract that we have entered into with or to carry out precontractual measures that occur as part of your request.

(b)

For the establishment, exercise or defense of legal claims or proceedings.

(c)

In order to comply with legal and regulatory obligations.

(d)

For legitimate interests including the interests set out above.

(e)

Based on consent.

The Personal Data we collect may be "personally identifiable" (i.e., it can be used to specifically identify you as a unique person) or "non-personally identifiable" (i.e., it cannot be used to specifically identify you or only in combination with other pieces of information). We use both types of data and combinations of both types. We may use, transfer or store Personal Data wherever Trepup does business, including countries outside your own and with third parties on their servers on our behalf, but always in accordance with this Privacy Policy or other applicable laws or regulations.

4.

What options do you have about your personal data?

Our aim is to give you simple options so you can exercise control over your Personal Data. If you have a User Account, many of the options you have on Trepup are built directly into the Products or your settings.

4.1

Scope of your Personal Data

For example, you can:

(a)

Change or remove Personal Data on your profile at any time.

(b)

Link or unlink your User Account from an account on another service (e.g., Facebook and Google).

You may also have options available to you through the device or software you use to access Trepup. For example, the browser you use may provide you with the ability to control cookies or other types of local data storage. To learn more about your options, please check the policies for Personal Data provided by the device manufacturer or software provider.

4.2

Deactivation or deletion of your User Account

You can deactivate your Trepup account at any time by visiting your settings and selecting "Deactivate account". After deactivating your Trepup account, you can always request to reactivate or to delete your Trepup account. If you want to delete your Trepup account, including your Personal Data, please select "Delete account" in your settings. We will delete your Personal Data from our systems within a maximum period of 180 days unless we are obliged to retain archived copies of your Personal Data as required by law or for legitimate business purposes, including helping address fraud and spam (for further details, refer to Section 8.3 of this Privacy Policy). Please note that the deletion of your Trepup account and of your Personal Data cannot be revoked.

You should be aware that some of the Personal Data that may have been shared on third-party websites may still continue to be available as we do not have control over these websites. Your Personal Data may also appear in online searches. Other Personal Data that you have shared with others, or that other Users have copied, may also remain visible. You should only share Personal Data with people that you trust because they will be able to save it or reshare it with others, including when they sync the Personal Data to a device.

4.3

Further rights to your Personal Data

You may further amend your preferences concerning your Personal Data rights as specified in Section 8 of this Privacy Policy.

5.

How do we share your Personal Data?

5.1

Depending on your usage of our Products, your Personal Data may be visible to others. For example, when you create your profile on Trepup, anyone can view it and access your Personal Data.

In addition, if you are following a business, such business may communicate with you using Trepmail and send you publications, alerts, updates, invitations and other information by email. If required by law, we will ask for consent first, before activating Trepmail.

5.2

Other limited instances where we may share your Personal Data are:

(a)

When you give us your consent

If you sign up for or log in to Trepup with other services (e.g., Facebook and Google), or publish your activity on Trepup to them, then you agree to share Personal Data with such services. For example, you can choose to publish your posts to Facebook.

(b)

In order to comply with a law, regulation or legal request; to protect the safety, rights or property of the public, any business or person, or Trepup; or to detect, prevent or otherwise address fraud, security or technical issues.

(c)

If Trepup were to engage in a merger, acquisition, reorganization, bankruptcy, dissolution or similar transaction or proceeding that involves the transfer of the Personal Data described in this Privacy Policy.

(d)

Trepup does not disclose, nor does it sell, your Personal Data to third parties.

6.

How do we protect your Personal Data?

6.1
In order to protect your Personal Data in line with the applicable data and privacy protection laws and regulations, we have implemented all appropriate technical and organizational measures as required under the GDPR.
6.2

Technical measures

We use industry-leading technology to keep your Personal Data safe. Here are some steps we take to protect your Personal Data:

We automatically encrypt your confidential Personal Data in transit from your computer to ours using Transport Layer Security (TLS) version 1.3, a security protocol designed to facilitate privacy and data security for communications over the Internet. TLS uses symmetric and asymmetric cryptography for protecting User information such as logins, passwords, credit card numbers and personal correspondence.

Once you provide us your Personal Data, it resides on a server that is heavily guarded both physically and electronically. Trepup servers sit behind an electronic firewall and are not directly connected to the Internet, so your private Personal Data is available only to authorized computers.

To enhance security, we use process automation to analyze account activity for fraudulent or anomalous behavior, limit use of our website in response to signs of abuse, remove inappropriate content or links to illegal content, and suspend or disable accounts for any security violations.

6.3

Organizational measures

We maintain records of Personal Data and on processing activities for as long as required by law. We will notify the relevant supervisory authority within 72 hours after becoming aware of a Personal Data breach where it is likely to result in a risk to the rights and freedoms of individuals.

7.

How can you protect your Personal Data?

7.1

We also get Personal Data when you use our services

We do our best to keep your Personal Data safe, but we cannot guarantee that your Personal Data will be 100% safe. We however request that you cooperate with us in protecting your Personal Data and comply with the following personal security measures:

(a)

Do not give third parties access to your computer or other devices when you access Trepup.

(b)

Keep your access code and passwords for your computer or other devices, as well as your Trepup password, confidential.

(c)

Permanently update your antivirus software when requested by your antivirus software provider.

(d)

Do not send any confidential information by using our Products. When you use Trepmail, your email bounces from one server to another as it crosses the Internet. In the course of this process, server administrators can review what you have sent.

7.2

You agree that the security measures adopted by us are reasonable to protect your Personal Data. We disclaim any liability as a result of any breach of security or unintended loss or disclosure of Personal Data in relation to your Personal Data.

We can only keep your Personal Data up-to-date and accurate to the extent you provide us with the necessary information. It is your responsibility to notify us of any changes in your Personal Data.

8.

Your rights concerning your Personal Data

8.1

Your consent

At any time, you may give or withdraw your consent to us processing your Personal Data in the manner and for the purposes mentioned in the Policies. We will ask for your consent when you create your User Account and in other cases if required by law. You may withdraw or limit your consent at any time by changing your settings or by directly contacting us. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your Personal Data to the extent required or permitted by law.

You may also object to any processing of your Personal Data. Please inform us about the reason of your objection, and we will review whether and to which extent we will restrict or stop the future processing of your Personal Data in accordance with applicable law. We will inform you accordingly, if we decide to lift a restriction or objection to processing.

8.2

Information about and access to your Personal Data

You are always entitled to request confirmation or information about whether, where and for what purpose your Personal Data is being processed, and you may access your Personal Data without limitations. If you require, we will provide you with a copy of your Personal Data in a commonly used electronic format, free of charge. You may reuse your Personal Data also for your own purposes across other services.

If you become aware that your Personal Data is incomplete or inaccurate, you can rectify or change it at any time in your settings. Please be aware that it is your responsibility to keep your Personal Data complete and up to date.

8.3

Deletion of your Personal Data

Your Personal Data is stored with us for as long as your User Account is active or if required by law. During the deactivation of your User Account, we will keep your Personal Data stored in our system. If you choose to delete your User Account or request us to delete your Personal Data (for further details, refer to Section 4.2 of this Privacy Policy), we will delete your Personal Data within a maximum period of 180 days unless retention obligations apply. We will retain your Personal Data, for example, for the exercise or defense of legal claims, to comply with legal obligations or to perform requests of official authorities or for archiving purposes in the public interest.

8.4

Breach notification

We will inform you immediately if a data security incident occurs, which is likely to result in a high risk to your rights and freedoms. If due to certain data security incidents Article 33 of the GDPR requires notification of a data protection supervisory authority, we will inform the competent authority within 72 hours about the incident.

9.

Transfer of Personal Data outside the European Union

We will only transfer your Personal Data outside the European Union in compliance with applicable data and privacy protection laws and regulations. Such transfers may be made with your prior informed consent or where an adequate level of protection is ensured, or in other circumstances making the transfer necessary, such as in terms of the performance of a contract made in your interest, for important reasons of public interest or for the defense, exercise or establishment of legal claims.

10.

How are changes to this Privacy Policy made?

We may update this Privacy Policy from time to time, and if we do, we will post any changes on this page. If we believe that a revision is material, we may notify you. We further reserve the right to determine the most appropriate manner of providing notifications to you, and you agree to receive notices electronically if we so choose. You are advised to review this Privacy Policy periodically. Your continued access or use of Trepup once a revision becomes effective will mean that you accept the revised policy and agree to be bound by such policy. If you do not agree to the revised policy, please stop using our Products.

  • Was this article helpful?

Submit

You may also be interested in:

Need more help?

Call us

+41 44 563 98 20

Mon to Fri 08:00 to 18:30 CET (UTC+01:00)