This Privacy Policy was last updated on 25^th February 2022, with changes taking effect at midnight (in your time zone) on 26^th February 2022 or immediately for new Subscribers to Aptimyz after 28^th February 2022.

This Privacy Policy explains how Aptimyz Retail Limited (“Aptimyz”, “We”, “Us”) collect, use, disclose, transfer, protect, store and otherwise process your personal information. It also explains your rights and options around our use of your information and how you can exercise these choices. From time to time, we will need to update this Privacy Policy and we encourage you to check it regularly so that you stay informed. If you have any questions or concerns regarding this Privacy Policy or our privacy practices, please contact us using the information provided below.

Aptimyz is committed to protecting individuals' privacy. This Privacy Policy applies to personal information collected through our websites, mobile applications, products and services (collectively, "Services") that include a link to this Privacy Policy. In this Privacy Policy, personal information means any information that relates to an identified or identifiable natural person – either on its own or in combination with other information.

This Privacy Policy sets out how Aptimyz processes personal information about individuals that register for or use our Services ("Subscribers"). We collect this information so that we can provide our Services to those Subscribers. By registering for or using our Services, you acknowledge the collection, transfer, processing, storage, disclosure and other uses of your information as described in this Privacy Policy. Please be aware that this Privacy Policy does not apply to "Customer Information", being personal information that relates to individuals with whom our Subscribers interact (such as customers of their stores). We process Customer Information under the direction of our Subscribers, and have no direct relationship with these individuals. For the purposes of privacy and data protection laws, we process Customer Information as a "data processor"(under the GDPR) or a "service provider"(under the California Consumer Privacy Act). Subscribers are solely responsible for establishing appropriate policies for and ensuring compliance with all applicable laws and regulations relating to the processing of personal information in connection with the use of our Services. If you are an individual who interacts with a Subscriber using our Services – for instance if you’re an employee or customer of a retail store – you should contact them directly for assistance with any requests or questions relating to your personal information.

In registering for or using our Services, you provide us with certain information which we store securely. This includes your account and profile information, as well as other information that you choose to provide us with when you interact with features of our Services

ACCOUNT AND PROFILE INFORMATION

We collect certain information when you register for the Services, including:

• Contact information, such as name, email address, mailing address, phone number and country
• Profile information, such as a username, profile photo, and job role
• Preferences information, such as notification and marketing preferences

OPERATIONAL DATA

We also store information that you choose to upload to or send to us through our Services, including:

• Information about products and services the Subscriber sells (including inventory, pricing, sale, transaction, tax, and other data)
• Information about the Subscriber or the Subscriber’s business (employee, customer, and contact data)

OTHER SUBMISSIONS

We also ask for and collect certain information from you when you submit web forms on our websites or when you participate in any interactive features of our Services (such as a survey, competition, promotion, activity or event), apply for a job, request customer support, download content, communicate with us via third party social media sites, or otherwise communicate with us.

When you interact with or use our Services, we automatically collect certain information about your device and your use of our Services. This includes information such as your Merchant ID, device type, Internet Protocol (IP) address and other data about your device. We (or the third parties we work with) use standard tracking technologies (such as cookies and web beacons) to do this. For more information about our use of these technologies, please see the section below under "Cookies, web beacons and other tracking technologies". Finally, when you use and interact with our Services we may also collect certain information about you from third parties partners.

ACCESS LOGS

Like most websites and services delivered over the Internet, we gather certain information automatically when you interact with our Services and store it in log files. This information includes Internet protocol (IP) addresses as well as browser type, URLs of referring/exit pages, operating system, language and location preferences, time/date stamp, search history, device and system configuration information. Occasionally, we connect information gathered in log files with other personal information that we hold, in order to improve our Services. If we do this, we treat the combined information in accordance with this Privacy Policy.

ANALYTICS INFORMATION DERIVED FROM OPERATIONAL DATA

Analytics information also consists of data we collect as a result of running queries against Operational Data across our user base for the purposes of generating Usage Data. "Usage Data" is aggregated data about a category or group of features, services, or users that is not of itself personal information. It is also data about our Subscribers and their business. We may incidentally come across sensitive or personal information when we compile Usage Data.

INFORMATION FROM THIRD PARTY SERVICES

We may also receive personal information from third parties such as social media, data enrichment or authentication services when, for example, you sign up to our Services, fill in forms on our Services or log onto our Services through such services. Any access we may have to such information is governed by the authorisation procedures of that service. By authorising us to connect with a third party service, you authorise us to access and store your name, email address(es), locale, profile picture URL, and other personal information that the third party service makes available to us, and to use and disclose it in accordance with this Privacy Policy. Please check your privacy settings on these third party services to learn and modify the information these services send to us.

We (and third party advertising and analytics partners that we work with) may use cookies, web beacons and other technologies to collect some of the information described above. A cookie is a small text file that is stored on your hard drive or in device memory for record keeping purposes. We may use cookies to give you a better and more personalised use of the Services, to save you logging in every time and to count the number of visits. Web beacons are objects embedded in our Services or in emails that assist us to check whether content has been accessed for web analytics. You may be able to opt out of receiving personalised advertisements as described below under "Your choices and privacy rights".

We use the information collected through our Services for the purposes described in this Privacy Policy or as disclosed to you in connection with our Services. We may use information about you for purposes such as:

• Enabling you to access and use our Services
• Creating your account and maintaining your profile information
• Sending you marketing, advertising, educational content and promotional messages and other information that may be of interest to you, including information about us, our Services, or general promotions for business partner campaigns and services. You can unsubscribe or opt-out from receiving these communications as the Children’s use of the services subscribed below under “Your Choices and Privacy Rights”
• Administering referral programs, rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners
• In the case of retail stores, to share the name of the retail store with potential customers to encourage them to use our Services
• Measuring, customising, optimizing and improving the Services and developing new products
• Sending to you service, support and administrative messages, reminders, technical notices, updates, security alerts and other information requested by you
• Facilitating software updates and automatically update the software on your device
• Protecting our Services from security incidents, investigating and preventing fraudulent transactions, unauthorised access to Services, and other illegal activities, and enforcing our terms of use

We may also use information we collect from or about you to create aggregated or de-identified data that does not specifically identify you.

When you use the Services, we may share your information with the third parties described in this section.

SERVICE PROVIDERS, BUSINESS PARTNERS AND OTHERS

We use and work with third party service providers and our trusted business partners to provide application development, hosting, website, infrastructure, maintenance, backup, payment processing, customer relationship management, marketing, accounting, human resources, business intelligence and analytics, data enrichment, customer support and other services for us. These service providers may have access to or process your information for the purpose of providing those services for us. Some of our pages use white-labelling techniques to serve content from our service providers while providing the look and feel of our site.

With your consent, we also share your contact information with select trusted business partners, such as our partners who integrate with Aptimyz services, to enable them to contact you about their services (as they relate to your Aptimyz Services).We also obtain contact information from select business partners to better understand your preferences and to deliver you more personalised marketing.

AFFILIATES

We may share your personal information with our affiliated companies in order to provide our Services to you and for the purposes described in this Privacy Policy. For more information, please see the section below under "Our global operations".

THIRD PARTIES YOU AUTHORISE

You can give third parties access to your and your end users’ information on the Services. For example, you may wish to integrate Aptimyz with a third party ecommerce platform that requires access to the email addresses you collect from your end users, in order to synchronise customer accounts. Just be aware that such third party’s use of this information will be governed by the terms and privacy policies of the third party.

LINKS TO THIRD PARTY SITES

Our Services may contain links to other sites. We have no control over, and take no responsibility for, the privacy practices or content on other sites. You are responsible for checking the privacy policy of any such sites so that you can be informed of how they handle personal information.

COMPLIANCE WITH LAWS AND PROTECTION OF RIGHTS

In certain situations, we may be required to use and disclose your information (including personal information) to a third party if we believe the disclosure is reasonably necessary:

• To comply with any applicable law, legal process (for example, subpoenas and warrants) or governmental request
• To enforce and administer our agreements, policies and terms of use
• To protect the property, rights, and safety of Aptimyz, our Subscribers or the public from harm or illegal activities
• For fraud prevention, risk assessment, investigation, customer support, product development or debugging purposes
• To protect the rights, property or personal safety of Aptimyz, its users or members of the public
• To establish or exercise our legal rights or defend ourselves against any third-party claims or allegations

BUSINESS TRANSFERS

If Aptimyz undertakes or is involved in any merger, acquisition, reorganization, sale of assets or bankruptcy or insolvency event, then we may transfer or share some or all of our assets, including your personal information. In this event, we will notify you before your personal information is transferred and becomes subject to a different privacy policy.

NON-IDENTIFYING ORAGGREGATED DATA

We may share aggregated or other non-personal information that does not directly identify you with third parties in order to improve our Services.

UPDATING YOUR PERSONAL INFORMATION

You may access, change, or correct information about you by logging into your Aptimyz account at any time or by making a request to us using the contact details below, in which case we may need to verify your identity before granting access or otherwise changing or correcting your information.

DEACTIVATING YOUR ACCOUNT

If you wish to deactivate your Aptimyz account, you may do so by logging into your Aptimyz account and following these instructions or by emailing us using the contact details provided below.

OPTING OUT OF PROMOTIONAL COMMUNICATIONS

You may opt out of receiving promotional communications from Aptimyz by using the unsubscribe link within each email or contacting us via our home page or sales team. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding Services (e.g., account verification, purchase and billing confirmations and reminders, technical and security notices).

OPTING OUT OF PARTNER COMMUNICATIONS

If you have given us permission to share your information with our business partners for their own marketing purposes, you may opt out from such sharing at any time by emailing us using the contact details provided below. Please be aware that even after you opt out, you may continue to receive messages from the businesses that have already received your information – if you wish to opt out of from receiving these messages, you should contact the businesses directly.

OPTING OUT OF ADVERTIZING AND ANALYTICS

You may opt out of receiving cookies by instructing your browser to stop accepting cookies or to prompt you before accepting a cookie from websites you visit, by changing your browser options.

You also can learn more about cookies by visiting www.allaboutcookies.org which includes useful information on cookies and how to block cookies on different types of browsers and mobile devices. Please note, however, that by blocking or deleting cookies used in Services, you may not be able to use all aspects of our Services.

If you are a California resident, the following information also applies to you with respect to personal information collected through your use of our Services.

INFORMATION WE COLLECT AND SOURCES OF INFORMATION

This Privacy Policy already describes the information we collect and the sources of information – see the section above titled "Your Information". This section of the Policy organizes that information around the categories of personal information set out in the California Consumer Privacy Act (CCPA).

In the past 12 months, we have collected the following information for the following purposes:

• Identifiers, including your name, email address, mailing address, Internet Protocol address and other Subscriber profile information. We obtain this information when you provide it to us or otherwise automatically in the course of your interactions with our Services.
• Internet or other electronic network activity information, including your browser type, operating system, language, device ID and other information regarding your interactions with our Services. We obtain this information automatically in the course of your interactions with our Services.
• Commercial information, including records of products and services that you sell and other information about your business. We obtain this information when you provide it to us.
• Demographic information / protected classification characteristics, including your age and gender. We obtain this information when you provide it to us or otherwise automatically in the course of your interactions with our Services.
• Geo-location data, including your locale, zip code, and general geolocation information (based on your IP address).We obtain this information when you provide it to us or otherwise automatically in the course of your interactions with our Services.
• Audio, video and other electronic Data, such as chat and any interaction that you may have with us (such as for customer service purposes) or any information you submit in forums, chat or message boards, and feedback or testimonials you provide about our Services. We obtain this information when you provide it to us or otherwise automatically in the course of your interactions with our Services.
• Professional and employment-related information, including your job history and professional experience. We obtain this information when you provide it to us when applying for a role with Aptimyz.
• Inferences: This includes inferences drawn from any of the information identified above to create a profile reflecting preferences and characteristics. We obtain this information automatically in the course of your interactions with our Services.

HOW WE USE AND SHARE INFORMATION

We collect and use personal information for the business and commercial purposes as described in the section above titled "How Aptimyz uses your information". You can also find information about how we share your personal information in the section above titled “Sharing & disclosure of your information”.

In the preceding 12 months, we have disclosed the following categories of personal information for a business purpose:

• Identifiers, such as those set forth above;
• Internet or other electronic network activity information;
• Commercial information;
• Demographic information / protected classification characteristics;
• Geo-location data;
• Audio, video and other electronic data;
• Professional and employment-related information;

We do not "sell" your personal information for the purposes of the CCPA. While we use various service providers to provide our Services to you, these service providers are contractually bound to use the information we share only for the purposes of providing their service to us (and not for their own purposes). In addition, we only disclose your personal information to third parties for their own commercial purposes with your consent.

YOUR PRIVACY RIGHTS

You have the right to:

• Request that we disclose to you the personal information we have collected, used and disclosed over the past 12 months, and information about our data practices;
• Request that we delete the personal information that we have collected from you;
• Be notified of any financial incentives offers and their material terms and opt-out of such incentives at any time;
• Not be discriminated against for exercising any of these rights;

As stated above, we do not "sell" your personal information and do not currently offer any financial incentives.

You can exercise some of these rights by following section above titled "Your choices and privacy rights". You (or your agent authorized to exercise your rights under the CCPA) can also request to exercise any of these rights by emailing privacy@aptimyz.com

Please note that to protect your information, we may need to verify your identity before processing your request. In some cases, we may need to collect additional information to verify your identity, such as a government issued ID. Under the CCPA, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf. We may request that your authorized agent have written permission from you to make requests on your behalf and may need to verify your authorized agent’s identity.

If you are a resident of the European Economic Area, the United Kingdom, the following information also applies to you with respect to personal information collected through your use of our Services.

DATA PROCCESSOR

Aptimyz Retail limited is the data processor of your personal information.

LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

We collect, use and share your personal information on the following legal bases: We process your information as necessary to perform our contract with you, for example to provide our Services, to maintain your account. In certain cases, we process your information based on your consent, for example for the establishment, exercise or defense of legal claims. We may also process your information in order to comply with a legal obligation to which we are subject.

YOUR PRIVACY RIGHTS

You have the right to:

• Know what personal information we hold about you, and to make sure it’s correct and up to date.
• Request a copy of your personal information or ask us to restrict processing of or delete your information
• Request that we provide your personal information in a readily usable format so that it can be ported to another data controller
• Object to our continued processing of your personal information
• Withdraw your consent, where we rely on your consent to process your personal information

You can exercise some of these rights by following section above titled "Your choices and privacy rights". You can also request to exercise any of these rights by emailing privacy@aptimyz.com

In addition, if you’re not happy with how we are processing your personal information, you also have the right to complain to your local information protection authority. Your local data protection authority will be able to give you more information on how to submit a complaint.

Our Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at the address listed below.

We have adopted technical, administrative and physical procedures to collect, manage, maintain and store information in a manner designed to help protect your information from loss, misuse, unauthorised access, and alteration. Unfortunately, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. Where data is transferred over the Internet as part of the Services, the data is encrypted using industry standard TLS (HTTPS).

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (in connection with the purposes described in this Privacy Policy). For information about how long any of our Subscribers retain your personal information, please contact that Subscriber.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Aptimyz reserves the right to change this Privacy Policy from time to time, and if we do we will post any changes on this page. Aptimyz will make every effort to communicate any significant changes to you directly.

If you have any questions about this Privacy Policy or Aptimyz’s privacy practices, or would like to request a printable version of the Privacy Policy, please contact us at privacy@aptimyz.com or at our mailing address below:

Privacy Officer
Aptimyz Retail Limited
12 Herbert Lane
Dublin 2
Ireland