Dashboard > Admin > Privacy Policy

Privacy Policy

1. Introduction

Welcome to It’s Lolly! This Privacy Policy was written to help you better understand how we collect, use and store your information.

Since technology and privacy laws are changing frequently, we may need to update this policy from time to time. The latest version will always be accessible on the It’s Lolly websites. By continuing to use It’s Lolly, you agree to the latest version of this Privacy Policy. If any significant change is made, It’s Lolly will also post an email message to the master administrator on your LollyHQ account.

It’s Lolly offers point of sale, payment and business intelligence services (“SERVICES”) consisting of the LollyPOS client application and the LollyHQ cloud account. In addition, It’s Lolly may optionally offer additional value added SERVICES, in the form of payment terminals or specialised till hardware and professional services (such as installation and training). By signing up to SERVICES, or dealing with a merchant using these SERVICES, you accept the terms of this Privacy Policy and, as applicable, the End User Licensing Agreement (EULA).

This Privacy Policy is a legally binding agreement between you (and your client, employer or another entity if you are acting on their behalf) as the administrator or user of the SERVICES (referred to in this Privacy Policy). If It’s Lolly adds any new features or tools to the SERVICES in the future, these will also be subject to this Privacy Policy.

When we use the term “Personal Information” in this policy, it means any information related to an identifiable individual, including the name, title, business address, or telephone number of an employee of an organization.

We will keep your Personal Information accurate, complete and up-to-date with the information that you provide to us. If you request access to your Personal Information, we will inform you of the existence, use and disclosure of your Personal Information as allowed by law, and provide you access to that information.

We will always ask for your consent before using your Personal Information for other purposes than those described in this Privacy Policy.

2. Information from our Merchants

If you are a merchant, you agree to use the SERVICES in a manner that complies with the prevailing English laws applicable to your business, including but not limited to the UK Data Protection Act 1998 (“DPA”).

What information do we collect from merchants and why?

·        Upon signing up to the SERVICES, we collect Personal Information in the form of your name, company name, address, email address, phone number(s). We need this information to provide you with our SERVICES; for example, to confirm your identity, contact you, and invoice you.

 

·       Upon subscribing to the SERVICES, we will create a Stripe payments account on your behalf. Rest assured that It’s Lolly does not store, touch or process your card details. This activity is delegated to Stripe (www.stripe.com) which keeps your card details securely encrypted inside of a PCI-DSS Level 1 service provider environment. The Stripe account will contain your billing address and your card details. Stripe will use this information to collect service fees and comply with applicable legal and regulatory requirements. We instruct Stripe to collect one-time and monthly service fees and we are notified upon successful collection of service fees, which allows us to provide you the SERVICES.

 

·       We collect data about the LollyHQ cloud account that you visit to manage your point of sale configuration and business data. Specifically, we collect data about how and when you access your account, including information about your device make & model and the browser you use, your network connection and your IP address. We also run analytics services to provide business intelligence in respect to your real-time business data (such as sales records, wastage records, stock records are attributed back to actions by store employees or customers). We need this information to give you access to and improve our SERVICES.

 

·        We collect data about the LollyPOS client application that you run on your chosen device to use your point of sale in your store environment. Specifically, we collect data about your device make & model, your operating system, your network connection, your IP address, your application licensing rights, and your real-time business data (such as sales records, wastage records, stock records are attributed back to actions by store employees or customers). We need this information to give you access to and improve our SERVICES.

 

·        We collect data about the Lolly Shop account that you use to purchase additional hardware for your point of sale installation. Specifically, we collect data about your device make & model and the browser you use, your network connection and your IP address. We also collect your name, your phone number, your email address, your payment, your billing address and your shipping address. We need this information to recognise revenue, allocate physical goods from our stock locations, fulfil your order, and provide you with the purchased goods.

 

·        We will also use Personal Information in other cases where you give us your express permission.

When do we collect this information?

·        We collect Personal Information when you sign up for our SERVICES, when you access our SERVICES or otherwise provide us with the information.

3. Information from our Merchants’ Customers

What information do we collect and why?

·        We collect Personal Information about your customers that you share with us. We collect your customers’ name, phone number, email address, physical address, and identification card number.

 

·        We need this information to provide you with our SERVICES to better serve your customers, including supporting and processing your sales transactions, providing tiered discounts, and view customer analytics. We also use this information to improve our SERVICES.

When do we collect this information?

·        Information is collected when a merchant enters or uses customer information, or when a merchant sells to a specific customer via the SERVICES.

4. Information from Payment Customers

What information do we collect and why?

From payment customers, we collect information about you, your merchant account, and your payment terminal configuration.

·       We collect data about Merchant Accounts and Payment Terminals that you apply for via It’s Lolly.

 

·        As an Independent Sales Organisation (ISO) for card payments, we provide competitive rates and process your due diligence. In addition, we are equipped to build, configure, install, and support your payment needs.

 

·        If you apply for a Merchant Account via It’s Lolly, we collect such personal information as is requested by the UK Acquiring Bank for full due diligence to minimise the risk on your card transactions.

 

·        If you apply for a payment terminal via It’s Lolly, we collect such personal information as is requested by the Terminal Supplier for a full configuration of your payment terminal.

When do we collect this information?

·        Information is collected when a new merchant orders a payment terminal that is supplied by It’s Lolly. The payment terminal must be tied to a merchant account.

5. Information from our Support Users

What information do we collect and why?

From support users, we collect information about you and your support case.

·        From telephone support users, we collect your name, phone number and call audio.

 

·       From email support users, we collect your name, email address and case information.

 

·        We use this information to service your account, troubleshoot issues, answer any questions you may have, and enhance our SERVICES.

When do we collect this information?

We collect this information when you engage with us, either by email or phone. We also collect any additional information that you might provide to us.

6. Information from our Website Visitors

What information do we collect and why?

From website visitors, we collect information about the device and browser you use, your network connection and your IP address.

·        We set a cookie to identify visitors to It’s Lolly hosted websites. A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses It’s Lolly websites.

 

·        We use Google Analytics to analyse the traffic associated with usage of It’s Lolly websites.

When do we collect this information?

We use cookies to provide website visitors with a personalized experience.

7. When and why do we share Personal Information with third parties?

What information do we share and why?

It’s Lolly works with carefully selected trusted third parties to help provide you with our SERVICES. 

In certain limited circumstances, we may be required to share information with these trusted third parties to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also receive Personal Information from our partners and third parties.

·        Personal Information may be shared with third parties to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our End User Licensing Agreement (EULA) or any other agreement related to the SERVICES, or as otherwise required by law.

 

·       Personal Information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. If this happens, we will post a notice on our It's Lolly website (www.itslolly.com) and we will send an email message to the master administrator in your Lolly HQ cloud account.

 

·       It’s Lolly websites are hosted in the United Kingdom (UK). We do not share your personal information with any third party outside the UK for any purpose, except if required to do so by law.

 

·       It’s Lolly is responsible for all onward transfers of Personal Information to third parties in accordance with the UK DPA and the EU-U.S. Privacy Shield Principles.

 

·        It’s Lolly will always ask for your consent before sharing your Personal Information with third parties for other purposes than those described in this Section 7.

8. How do we keep your Personal Information secure?

·        We follow industry standards and best practices on information security management to safeguard sensitive information, such as financial information, intellectual property, employee details and any other Personal Information entrusted to us.

 

·        No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Information.

9. What we will never do with your Personal Information

·        We do not and will never share, disclose, sell, rent, or otherwise provide Personal Information to other companies for the marketing of their own SERVICES.

 

·        We do not use the Personal Information we collect from you or your customers to contact or market to your customers or directly compete with you. However, It’s Lolly may contact or market to your customers if we obtain their information from another source, such as from the customers themselves.

10. What happens to your Personal Information when you terminate your relationship with us?

·        We will continue to store archived copies of your Personal Information for legitimate business purposes and to comply with English law.

 

·        We will continue to store anonymous or anonymized information, such as device types, website visits, without identifiers, in order to improve our SERVICES.

11. How do you access your Personal Information?

You retain all rights to your Personal Information and can access it anytime. In addition, It’s Lolly takes reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information.

You can update many types of Personal Information, such as payment or contact information, directly within your LollyHQ or Lolly Shop account settings. If you are unable to change your Personal Information within your account settings, please contact us to make the required changes. It is important to remember that if you delete or limit the use of your Personal Information, the SERVICES may not function properly.

All individuals who are the subject of Personal Information held by It’s Lolly are entitled to request to see this information. This is called a Subject Access Request (“SAR”).

·        Individuals can submit SARs to the following email address: dataprotection@itslolly.com.

 

·       Upon receiving the email, It’s Lolly’s Data Controller will respond with a SAR request form which must be completed by the individual. The Data Controller will also collect a fee of £20 for processing of the SAR.

 

·       After receiving the completed SAR request form and collecting payment, It’s Lolly’s Data Controller will aim to provide the relevant data within 14 days.

 

·        It’s Lolly’s Data Controller will always verify the identity of the individual making a SAR request before handing over any information.

 

Last updated: 16th January 2017.
© 2017 It’s Lolly Limited.