Peep Inc. (“Peeple”, “we”, “us” or “our”) is committed to protecting the privacy of personal data of identifiable individuals who use the services, websites, and applications offered by Peeple (the “Service”). This GDPR Policy describes Peeple’s policies and procedures on the collection, use, disclosure, and sharing of your information when data subjects within the European Union (“EU”) use the Service, via our website at www.forthepeeple.com, Peeple content embedded on another site, your mobile phone, or one of Peeple’s applications for mobile devices and/or any other platform or media through which we make such services available from time to time.
This GDPR Policy informs you of Peeple’s policies and practices regarding the collection and use of information you submit to us or which we collect about you through the Services and to inform you of options that you have to control or restrict the availability and use of your information. Wherever you reside or from whichever country you submit your information, you consent to our use of your information, consistent with this GDPR Policy, in Canada and in other territories where Peeple provides the Service.
Peeple reserves the right to change this GDPR Policy from time to time. Amendments to this GDPR Policy will be posted to the Service and will be effective when posted. In the event that such changes are made, your explicit and informed consent will be sought as a condition to Peeple’s continued collection and processing of your personal data.
In this GDPR Policy, “personal data” means any information about an identified or identifiable individual.
In collecting and using this data, Peeple is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it. It has been determined that Peeple as an organization that not only operates within the EU, but also collects and processes personal data of EU citizens is subject to GDPR legislation.
The purpose of this GDPR Policy is to set out the relevant GDPR legislation and to describe the steps Peeple is taking to ensure that it complies with it.
This GDPR Policy applies to:
General Data Protection Regulation 2016 (“GDPR”)
There are a number of fundamental principles upon which the GDPR is based.
There are a total of 26 definitions listed within the GDPR and it is not appropriate to reproduce them all here. The most fundamental definitions with respect to this policy are captured in the Definitions section below.
1. Principles Relating to Processing of Personal Data
There are a number of fundamental principles upon which the GDPR is based.
Peeple must ensure that it complies with all of these principles both in the processing it currently carries out and as part of the introduction of new methods of processing such as new IT systems.
2. Rights of the Individual
Each of these rights must be supported by appropriate procedures within Peeple that allow the required action to be taken within the timescales stated in the GDPR. These timescales are shown in Table 1.
|Data Subject Request||Timescale|
|The right to be informed||When data is collected (if supplied by data subject) or within one month (if not supplied by data subject)|
|The right of access||One month|
|The right to rectification||One month|
|The right to erasure||Without undue delay|
|The right to restrict processing||Without undue delay|
|The right to data portability||One month|
|The right to object||On receipt of objection|
|Rights in relation to automated decision making and profiling.||Not specified|
Table 1 - Timescales for data subject requests
Unless it is necessary for a reason allowable under the GDPR, explicit consent must be obtained from a data subject to collect and process their data. In case of children below the age of 16 parental consent must be obtained. Transparent information about our usage of their personal data must be provided to data subjects at the time that consent is obtained and their rights with regard to their data explained, such as the right to withdraw consent. This information must be provided in an accessible form, written in clear language and free of charge.
If the personal data are not obtained directly from the data subject then this information must be provided within a reasonable period after the data are obtained and definitely within one month.
When you register as a user of our Service, we ask for personal data that will be used to activate your account, create a user profile, provide the Service to you, communicate with you about the status of your account, and for other purposes set out in this GDPR Policy. Your name, company name, address, gender, birth date, telephone number, email address, specific or general location, and certain other information about you may be required by us to provide the Service or be disclosed by you, directly or indirectly, during your use of the Service. If you use your Facebook, or any other social media networking site (“SMN”) account information to sign in to the Service, or link your Peeple account with such SMN, we will collect and store such account information (such as your name, profile picture, and email address) and we may receive information about you from such SMN, depending on the privacy settings you have with that SMN.
By providing personal data to us and by retaining us to provide you with the Service, you voluntarily consent to the collection, use and disclosure of such personal data as specified in this GDPR Policy. Without limiting the foregoing, we may on occasion ask you to consent when we collect, use, or disclose your personal data in specific circumstances.
Your name, likeness, and other personal data you submit to your user profile through the registration process will be available for public viewing on the Service. You also provide us information in any Content (as defined in the Terms and Conditions of Service) you post to the Service, including any comments, questions, recommendations, ratings, reviews, and other contributions on the Service, as well as metadata about them, all of which is intended for public consumption and will be publicly viewable on the Service. We may display this information through the Service, share it with third parties, and further distribute it to a wider audience through third party sites and services. This information may also be “crawled” by third party search engines so that personal data in your user profile may be accessible through search engines in search results.
In addition, we may use your personal or account information for the following purposes (the “Purposes”):
In addition, from time to time we may disclose or allow access to your personal data outside Canada where it may be subject to the lawful access requirements of the jurisdiction in which it is stored or able to be accessed. If you have any questions about our use of service providers outside of Canada, you may contact Peeple’s Privacy Officer by email at firstname.lastname@example.org.
Subject to applicable legislation, we may occasionally communicate with you regarding our products, services, news and events. You have the option to not receive this information. We provide an opt-out function within all email communications of this nature, or will cease to communicate with you for this purpose if you contact us and tell us not to communicate this information to you. The only kind of these communications that you may not “opt-out” of are those required to communicate announcements related to the Service, including information specific to your user account, planned Service suspensions and outages. We will attempt to minimize this type of communication to you.
For the purposes of billing your account, Peeple may share your credit card and other payment information with banks or other third parties, such as Paypal or Stripe in order to process payments. In addition, while Peeple has in place up-to-date technology and internal procedures to guard such payment information against unauthorized access or intruders, there is no guarantee that such technology or procedure can eliminate all of the risks of theft, loss or misuse. Peeple shall not be liable to you or any other person for any damages that might result from unauthorized use, publication, disclosure or any other misuse of such payment information, including credit card information.
4. Age of Consent
We do not knowingly provide the Service to, and will not knowingly collect the personal data from anyone under the age of consent.
5. Rights to Your Information
You have the right to access and edit your information that is in the custody or under the control of Peeple at any time through the interface provided as part of the Service. In the event an access request is refused, you will be advised in writing of the reasons for the refusal and other applicable information.
We may disclose personal data to third parties for legitimate business purposes or for the Purposes and will obtain assurances from such third parties that they will safeguard personal data in a manner consistent with this GDPR Policy. To the extent such personal data is disclosed to third parties in other countries, those countries to which personal data will be transferred may or may not have laws that seek to preserve the privacy of personal data.
Peeple uses services hosted by third parties in the course of providing the Service, including Stripe, Google Maps, email providers, and social networking sites including, but not limited to, Facebook, Twitter and LinkedIn (the “Third Party Hosts”). To the extent any Third Party Host collects the personal data of users, such collection will be subject to the applicable privacy policies of the Third Party Hosts and shall not fall under the scope of this GDPR Policy.
7. Retention and Destruction
Subject to the terms of this GDPR Policy, your personal data is only retained as long as is reasonable to fulfill the purpose for which it was collected or for legal or business purposes (such as backup, archival, or audit purposes, or to improve the Service) or as otherwise required under applicable law. Notwithstanding the foregoing, and subject to applicable laws and regulations, Peeple will retain all personal data generated by users with respect to user intercommunications, and all personal data which is posted by users to areas of the Service which are accessible to the public or other users, indefinitely.
Personal data which is used to make a decision that directly affects a specific user will be retained for at least one year after the date of that decision.
8. Aggregated Data
We may also use your personal data to generate Aggregated Data for internal use and for sharing with others on a selective basis. “Aggregated Data” means records which have been stripped of information potentially identifying users, and which have been manipulated or combined to provide generalized, anonymous information. Your identity and personal data will be kept anonymous in Aggregated Data.
9. Cookies and Log Files
10. Change of Ownership or Business Transition
In the event of a change of ownership or other business transition, such as a merger, acquisition or sale of our assets, your information may be transferred in accordance with applicable privacy laws.
We will strive to prevent unauthorized access to your personal data, however, no data transmission over the Internet, by wireless device or over the air is guaranteed to be 100% secure. We will continue to enhance security procedures as new technologies and procedures become available.
Please remember that you control what personal data you provide while using the Service, and what personal data you choose to make available to the public through the Service. Ultimately, you are responsible for maintaining the secrecy of your identification, passwords and/or any personal data in your possession for the use of the Service. Always be careful and responsible regarding your personal data. We are not responsible for, and cannot control, the use by others of any information which you provide to them and you should use caution in selecting the personal data you provide to others through the Service. Similarly, we cannot assume any responsibility for the content of any personal data or other information which you receive from other users through the Service, and you release us from any and all liability in connection with the contents of any personal data or other information which you may receive using the Service. We cannot guarantee, or assume any responsibility for verifying, the accuracy of the personal data or other information provided by any third party. You release us from any and all liability in connection with the use of such personal data or other information of others.
Privacy by Design
Peeple has adopted the principle of privacy by design and will ensure that the definition and planning of all new or significantly changed systems that collect or process personal data will be subject to due consideration of privacy issues, including the completion of one or more privacy impact assessments.
The privacy impact assessment will include:
Use of techniques such as data minimization and pseudonymisation will be considered where applicable and appropriate.
13. Transfer of Personal Data
Transfers of personal data outside the European Union must be carefully reviewed prior to the transfer taking place to ensure that they fall within the limits imposed by the GDPR. This depends partly on the European Commission’s judgement as to the adequacy of the safeguards for personal data applicable in the receiving country and this may change over time.
14. Data Protection Officer
A defined role of Data Protection Officer (DPO) is required under the GDPR if an organization is a public authority, if it performs large scale monitoring or if it processes particularly sensitive types of data on a large scale. The DPO is required to have an appropriate level of knowledge and can either be an in-house resource or outsourced to an appropriate service provider.
Based on these criteria, Peeple has not appointed a Data Protection Officer.
15. Breach Notification
It is Peeple’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed within 72 hours.
16. Addressing Compliance to the GDPR
The following actions are undertaken to ensure that Peeple complies at all times with the accountability principle of the GDPR:
These actions will be reviewed on a regular basis as part of the management review process.
Infringement of this Policy by Personnel may be subject to disciplinary actions, among other actions, including dismissal, termination of contract and possible legal proceedings following such termination. Reports of infringement may be forwarded to email@example.com. In cases where local or international law is violated, Peeple has a responsibility to involve the relevant law enforcement agencies.
If Peeple believes that a breach of a third party’s confidential information, contract, or regulations has taken place; Peeple may have a duty to report the matter to that organization.
Terms of particular importance for this document include.