Last Modified: November 3, 2021
On or through the Web Properties.
In email, text, and other electronic messages between you and the Web Properties.
It does not apply to information collected by:
Us offline or through any other means, including on any other website or social media platform profile operated by Shappi Inc. or any third party (including our affiliates and subsidiaries); or
Any third party (including our affiliates and subsidiaries), including through any application or content (including advertising) that may link to or be accessible from, or on, the Web Properties. Please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices.
SHAPPI INC.’S PRIVACY ASSURANCE
We do not sell your Personal Information to any nonaffiliated third parties.
We do not share your Personal Information with nonaffiliated third parties that would use it to contact you about their own products and services, unless you have allowed us to do so and as permitted pursuant to a joint marketing agreement.
We require our employees to protect your Personal Information and keep it confidential.
We require persons or organizations that represent or assist us in serving you to keep your information confidential.
Our Web Properties are not intended for children under 13 years of age. No one under the age of 13 may provide any Personal Information to, or on, the Web Properties. We do not knowingly collect Personal Information from children under 13. If you are under 13, do not use or provide any information on the Web Properties, or on or through any of their features/functionality, make any purchases through the Web Properties, use any of the interactive or public comment features that may be available on the Web Properties, or provide any information about yourself to us, including your name, address, telephone number, email address or any screen name or user name you may use. If we learn that we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at firstname.lastname@example.org.
We collect several types of information from and about users of our Web Properties, including log data, device data, and Personal Information.
When you visit our Web Properties, our servers may automatically log the standard data provided by your web browser. It may include your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
We may also automatically collect data about the device you’re using to access our Web Properties. This data may include the device type, operating system, unique device identifiers, device settings, and location data. What we collect depends on the individual settings of your device and software.
We may collect information from you while you use the Web Properties, including:
By which you may be personally identified, such as your name, postal address, email address, telephone number, date of birth, driver’s license number, passport number, and other identifying information that you choose to share with us by which you may be contacted online or offline (“Personal Information”); and/or
That is about you but individually does not identify you, such as your annual revenue, gender, certain demographic information. This information is not considered Personal Information, as it is anonymized statistical data.
As you navigate through and interact with our Web Properties, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, as described above. The technologies we use for this automatic data collection may include cookies, flash cookies, or web beacons. For more information on these technologies, see our DATA COLLECTION POLICY below. The information we collect automatically is statistical data and does not include Personal Information, but we may maintain it for any of the reasons listed in HOW WE USE YOUR INFORMATION.
The information we collect on or through our Web Properties may include:
Information that you provide by filling in forms on our Web Properties. This includes information provided at the time of registering to use our Web Properties. We may also ask you for information if you report a problem with our Web Properties;
Records and copies of your correspondence (including email addresses), if you contact us;
Details of transactions you carry out through our Web Properties; and/or
Your search queries on the Web Properties.
The technologies we use for automatic data collection on the Web Properties may include:
Flash Cookies. Certain features of our Web Properties may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on our Web Properties. Flash cookies are not managed by the same browser settings as are used for browser cookies; and/or
Web Beacons. Pages of the Web Properties, and our emails, may contain small electronic files known as web beacons (also referred to as clear gifs. pixel tags and single-pixel gifs) that permit Shappi Inc., for example, to count users who have visited those pages, or opened an email, and for other related Web Properties statistics (for example, recording the popularity of certain Web Properties content and verifying system and server integrity).
“Do Not Track” is a preference you can set in your browser to let websites you visit know that you do not want them collecting certain information about you. We do not currently respond to, or honor, Do Not Track signals or requests from your browser.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
We may collect your information for a number of reasons, specifically:
To enable you to access and use our Web Properties;
To enable you to customize or personalize your experience of our Web Properties;
To contact and communicate with you;
To prevent fraud;
For internal record keeping and administrative purposes;
For analytics, market research, and business development, including to operate and improve our Web Properties;
To offer additional benefits to you, including but not limited to sending promotional information about our products/services and/or facilitating competitions and/or giveaways;
To provide you with information about third parties that may be of interest to you;
To fulfill any other purpose for which you provide your information and consent; and/or
To comply with our legal obligations and resolve any disputes that we may have.
To our subsidiaries and affiliates;
To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them;
To fulfill the purpose for which you provide it;
For any other purpose disclosed by us when you provide the information; or
With your consent.
We may disclose your Personal Information to third party service providers for the purpose of enabling them to provide their services, if you have allowed us to do so, including but not limited to:
Information Technology (“IT”) service providers;
Data storage, hosting, and server providers;
Maintenance or problem-solving providers;
Marketing or advertising providers;
Payment systems operators;
Sponsors or promoters of any competition or promotion we run; and/or
Background checking agencies.
We may also disclose your Personal Information to third parties for the purpose of establishing, exercising, or defending our legal rights, including but not limited to:
Our legal counsel and/or prospective legal counsel; and/or
Courts, tribunals, regulatory authorities, and law enforcement officers, as required by law.
We may disclose aggregated, anonymized, statistical data and/or non-identifying information about our users without restriction.
We strive to provide you with choices regarding the Personal Information you provide to us. The following mechanisms should help to provide you with control over your information:
Disclosure of Your Information for Third-Party Advertising. If you do not want us to share your Personal Information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by checking the relevant box located on the form on which we collect your data (the “Registration Form”). You can also always opt-out by sending us an email stating your request to email@example.com.
Promotional Offers from Shappi Inc. or Our Affiliates. If you do not wish to have your email address/contact information used by Shappi Inc. or our affiliates to promote our own or third parties’ products or services, you can opt-out by sending us an email stating your request to firstname.lastname@example.org. If we have sent you a promotional email, you may use the unsubscribe option in the footer of the email. This opt out does not apply to information provided to Shappi Inc. as a result of a product or service purchase, or other transactions.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can review and change your Personal Information by logging into your account profile on the Web Properties and navigating to the appropriate settings page or sending us an email at email@example.com to request access to, correct, or delete any Personal Information that you have provided to us. We cannot delete some of your Personal Information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or regulatory requirement, result in fraud, or cause the information to be incorrect.
We won’t keep Personal Information for longer than is necessary to present our Web Properties to you or to provide our services to you.
We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration and disclosure. All information you provide to us through the Web Properties are secured by TLS technology, and is stored on our secure, password protected servers behind firewalls. We have implemented a restricted employee access for all of our servers containing personally identifiable information.
Any payment transactions will be encrypted using SSL technology. We use Stripe (PCI-DSS compliant) as our payment processor.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Web Properties, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to our Web Properties. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Web Properties.
Accepting requests, complaints, and communications from data subjects and the National Authority;
Providing guidance to employees about good practices and carrying out other duties as determined by the controller or set forth in complementary rules;
Keeping records of the data processing operations Shappi Inc. carries out;
Adopting security, technical and administrative measures able to protect personal data from:
Unauthorized accesses, and/or
Accidental or unlawful situations of:
Any type of improper or unlawful processing.
If you are a California resident, you have the right to request information from us regarding the manner in which we share certain categories of your Personal Information with third parties for their own direct marketing uses. California’s “Shine the Light” Act provides that you have the right to submit a request to us at our email address in order to receive information on the categories of customer information that we shared and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year. To obtain this information, please send an email message to firstname.lastname@example.org with “Request for Privacy Information- California” in the subject line and in the body of your message. We will provide the requested information to you in your email address in response.
Please be aware that not all information sharing is covered by the Shine the Light requirements, and only information on covered sharing will be included in our response.
The Personal Data Protection Law/Act 25,326 (“PDPL”) of Argentina, Regulatory Decree 1558/2001, and other provisions issued by the National Directorate for Personal Data Protection comprise the current main legal framework of Argentine Data Protection Regulations.
The PDPL aims to help protect the privacy of personal data, and to give individuals access to any information stored in public and private databases and registries. The PDPL outlines obligations and principles related to data processing, including on security and the transfer of data internationally between data controllers or data processors.
As the PDPL only applies to reporting databases (PDPL, Section 1), we believe that the PDPL is not applicable to Shappi Inc in connection with the provision of services offered through the Web Properties.
Additionally, Article 43 of the Federal Constitution, third paragraph, provides, in relevant part that any person may have access to personal data about such person and to information about the purpose with which they are kept, and to request the suppression, correction, confidentiality or updating of the data where inaccurate or discriminatory. If you are a resident of Argentina and would like to make a request for information that Shappi Inc. maintains regarding yourself, please send an email to email@example.com with “Request for Privacy Information- Argentina” in the subject line and in the body of your message.
The Brazilian General Data Protection Law (“LGPD”), Federal Law no. 13,709/2018 applies to any processing operation carried out by a natural person or a legal entity, of public or private law, irrespective of the means used for the processing, the country in which its headquarter is located, or the country where the data are located, provided that:
The processing operation is carried out in Brazil;
The purpose of the processing activity is to offer or provide goods or services, or the processing of data of individuals located in Brazil; or
The personal data was collected in Brazil.
As such, users of the Web Properties that are located in Brazil will have protections under the LGPD.
The LGPD defines personal data as any information related to an identified or identifiable natural person. Anonymized data is not considered personal data, except when the process of anonymization has been reversed or if it can be reversed by applying reasonable efforts.
Sensitive personal data is defined as any personal data concerning:
Racial or ethnic origin;
Religious, philosophical or political organization membership;
Health or sex life; or
Genetic or biometric data.
The processing of personal data may only be carried out based on one of the following legal bases:
With data subject (you, a user of the Web Properties) consent;
To comply with a legal or regulatory obligation;
By the public administration, for the processing and shared use of data which are necessary for the execution of public policies provided in laws or regulations or contracts, agreements or similar instruments;
For carrying out studies by research entities, ensuring, whenever possible, the anonymization of personal data;
For the execution of a contract or preliminary procedures related to a contract of which the data subject is a party;
For the regular exercise of rights in judicial, administrative or arbitration procedures;
As necessary for the protection of life or physical safety of the data subject or a third party
For the protection of health, exclusively, in a procedure carried out by health professionals, health services or sanitary authorities;
To fulfill the legitimate interests of Shappi Inc. or a third party, except in the case of prevailing the fundamental rights and freedoms of the data subject, and
For the protection of credit.
Notwithstanding the above, personal data processing shall be done in good faith and based on the following principles:
Quality of the data;
At this time, we do not process any sensitive data, as defined under the LGPD.
If you are a resident of Argentina and have questions about our compliance with the LGPD, please send an email to firstname.lastname@example.org with “Request for Privacy Information- Brazil” in the subject line and in the body of your message.
Colombia recognizes two fundamental personal data rights under Articles 15 and 20 of its Constitution: the right to privacy and the right to data rectification. Personal data processing is further regulated by two statutory laws and several decrees that set out data protection obligations: Statutory Law 1266 of 2008 (Law 1266) and Statutory Law 1581 of 2012 (Law 1581). As such, users of the Web Properties that are located in Brazil will have rights and protections under these laws.
Under Law 1266, personal data is defined as any information related to or that may be associated with one or several determined or determinable natural or legal persons. Personal data may also be regarded as public, private or semi-private data. Public data is available to the public based on a legal or constitutional mandate. Private or semi-private data is data that does not have a public purpose, is intimate in nature and the disclosure of which concerns only the data subject.
Under Law 1581, personal data is defined as any information related to, or that may be related to, one or several determined or determinable individuals, meaning natural persons only.
Under Law 1266, sensitive personal data is defined as data that due to its sensitivity is only relevant to its owner.
Under Law 1581, sensitive personal data is any data that affects its owner’s intimacy or whose improper use might cause discrimination. Data that reveals any of the below information is considered sensitive data and its processing is forbidden by law:
Ethnic or racial origin;
Religious or philosophic convictions;
Membership in labor unions, human right groups or social organizations;
Membership in any group that promotes any political interest or that promotes the rights of opposition parties;
Information regarding health and sexual life; and
At this time, we do not process any sensitive data, as defined under Law 1581; we may process sensitive data, as defined under Law 1266.
Sensitive data shall only be processed:
With a special and specific authorization given by you, the data subject;
When it is necessary to preserve the data subject’s life, or a vital interest and such data subject is physically or legally unable to provide authorization;
When it is data used for a legitimate activity and with all necessary security measures, by an NGO, an association or any kind of nonprofit entity, in which case, the entity will need an authorization granted by the data subject to provide the data to third parties;
When the data is related to or fundamental to the exercise of a right in the context of a trial or any judicial procedure; or
When the data has a historic, statistical or scientific purpose, in which case the identity of the data subject will not be disclosed.
Under the Colombian Constitution, all individuals have the right to personal and family privacy, as well as the right to know, update, and rectify information collected about them in data banks and in the records of public and private entities.
If you are a resident of Colombia and would like to make a request or claim to update, rectify or suppress data, or revoke authorization, please send an email to email@example.com with “Request to Update Data- Colombia” in the subject line and in the body of your message. Please note, we will require you to provide verification that you are a Colombian resident and that you are the individual you are claiming to be. You will be required to verify access to the email address you submitted. You are required to verify your email in order for us to proceed with your Colombian rights requests. Please check your spam or junk folder in case you can’t see the verification email in your inbox.
If you are a resident of Colombia and have questions about our compliance with Laws 1581 or 1266 or Articles 15 and 20, please send an email to firstname.lastname@example.org with “Request for Privacy Information- Colombia” in the subject line and in the body of your message.
Colombia recognizes a right to privacy regarding information that affects personal and family privacy through Article 2 of the Political Constitution of Peru. Personal data processing is further regulated by the Personal Data Protection Law N° 29733 (“PDPL”). As such, users of the Web Properties that are located in Peru will have rights and protections under these laws.
Personal data is defined as information—regardless of whether numerical, alphabetic, graphic, photographic, acoustic—about personal habits or any other kind of information about an individual that identifies or may identify such individual by any reasonable means.
Sensitive personal data includes all of the following:
Personal data created through biometric data which by itself renders a data subject identifiable;
Personal data regarding an individual’s physical or emotional characteristics, facts or circumstances of their emotional or family life, as well as personal habits that correspond to the most intimate sphere;
Data referring to racial and ethnic origin;
Economic income, opinions or political, religious, philosophical or moral convictions;
Union membership; or
Information related to physical or mental health, to sexual life or other similar information that affect the data subject’s privacy.
The collection and processing of personal data requires the data subject’s prior, informed, express and unequivocal consent. We will ask for your consent before collecting your personal data through any forms or registration for use of the Web Properties. You understand that your consent is not necessary if the data collected from you is dissociated or anonymized.
At this time, we do not process any sensitive data.
If you are a resident of Peru and have questions about our compliance, please send an email to email@example.com with “Request for Privacy Information- Peru” in the subject line and in the body of your message.
In Bolivia, any individual or collective person who believes to be unduly or illegally prevented from knowing, objecting or obtaining the deletion or rectification of the data registered by any physical, electronic means, magnetic or computer, in public or private files or databases, or that affect their fundamental right to personal or family privacy, or in their own image, honor and reputation, may file a Private Protection Action.
Personal data is defined as any information about a natural person identified or identifiable, expressed by numbers, alphabetic letters, graphics, photographs, alphanumeric symbols, acoustic forms or any other type of data. It is considered that a person is identified when his identity can be determined directly or indirectly as long as this do not require terms or disproportionate activities.
Sensitive data is defined as data that refers to the intimate sphere of the individual, or whose inappropriate use can cause discrimination of any type or high risk to the particular individual.
We will only process personal data when you grant your consent for one or more specific purposes, when necessary for the fulfilment of a court order, for the defense or recognition of the rights of the holder/owner before a public authority, to protect the vital interests of the holder/owner or of another natural person; among other legitimate and informed reasons. By using our Web Properties and the services they offer, you are granting your consent for Shappi Inc. to process your personal data for the specific purpose of providing services to you.
At this time, we do not process any sensitive data.
If you are a resident of Bolivia and have questions about our compliance, please send an email to firstname.lastname@example.org with “Request for Privacy Information- Bolivia” in the subject line and in the body of your message.
In Paraguay, any person may file an action to have access to (i) personal data about such person or its property; and (ii) information about the use of such data and purpose for which it is kept, whether it is stored in public or private data registries. Additionally, any person may request the suppression, correction, confidentiality or updating of the data where inaccurate or discriminatory.
Art. 3 of Personal Credit Data Protection Law defines personal data or personal information as information of any type that refers to legal entities or natural persons that are identified or identifiable. An identifiable person shall mean any person who can be identified by means of an identifier or by one or more elements that characterize the physical, physiological, genetics, mental, economic, cultural, or social identity of the data subject. The rights and guarantees of personal data protection shall be extended to legal entities, insofar as they are applicable.
Sensitive data is defined as information that refers to the intimate sphere of the data subject, or data that, if misused, may give rise to discrimination or entail a serious risk for the data subject. Personal data is considered sensitive when it reveals aspects such as:
racial and ethnic origin;
religious, philosophical and moral beliefs or convictions;
trade union memberships;
political opinion; or
data related to health, life, sexual preference or orientation, genetic or biometric data aimed at uniquely identifying a natural person.
At this time, we do not process any sensitive data.
A data subject has the right to:
access the information and data about themselves, their dependents and/or property;
know the use and purpose of such data; and
where data is incorrect, inexact or misleading, request access, prompt correction, rectification, to withdraw consent and object to the processing.
If you are a resident of Paraguay and would like to make a request or claim to update, rectify or suppress data, or revoke authorization, please send an email to email@example.com with “Request to Update Data- Paraguay” in the subject line and in the body of your message. Please note, we will require you to provide verification that you are a Paraguayan resident and that you are the individual you are claiming to be. You will be required to verify access to the email address you submitted. You are required to verify your email in order for us to proceed with your Paraguayan rights requests. Please check your spam or junk folder in case you can’t see the verification email in your inbox.
If you are a resident of Paraguay and have questions about our compliance, please send an email to firstname.lastname@example.org with “Request for Privacy Information- Paraguay” in the subject line and in the body of your message.
Our Data Protection Officer DPO may be contacted at email@example.com