Privacy Policy
This Privacy Policy was written to help you better understand how we collect, use, and store your information. Since technology and privacy laws are always changing, we may occasionally update this policy. The date of the last revision can be found in the footer. If you continue to use GPL Pass after these changes are posted, you agree to the revised policy.
By signing up for any of the products or services offered by GPL PAss (together, the “Services”) you are agreeing to the terms of this Privacy Policy and, as applicable, the GPL PASS Terms of Service. This policy is a legally binding agreement between you (and your client, employer, or another entity if you are acting on their behalf) as the user of the Services (referred to as “you” or “your”) and GPL PASS and its affiliates. If we add any new features or tools to our Services, they will also be subject to this policy.
We will keep your Personal Information accurate, complete, and up-to-date with the information that you provide to us. If you request access to your Personal Information, we will inform you of the existence, use, and disclosure of your Personal Information as allowed by law, and provide you access to that information.
Information gathered by GPL PASS:
We collect certain personal information about visitors and users of GPL PASS.
The most common types of information we collect are things like: user names, email addresses, other contact details, payment information such as payment agent details, transaction details, support queries, and web analytics data.
If you choose to subscribe to our free electronic newsletter we collect your email address, and, if you choose to provide it, a zip or postal code.
We use this information to service your account, verify your identity, process transactions, enhance our Services, manage our legal and operational affairs, and answer any questions you may have.
When do we collect this information?
We collect this information when you visit our website or engage with us either by email, web form, instant message, phone, or post content on our website (including forums & blogs). We also collect any additional information that you might provide to us.
When you provide personal information to us via GPL PASS you’re consenting to us collecting and using that information in line with this policy and the terms of service. You are likely to provide personal information when you complete membership registration and buy a subscription, subscribe to a newsletter, email list, submit feedback, enter a contest, fill out a survey, or send us a communication.
Information from cookies
What is a cookie? A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. Every device that accesses our website is assigned a different cookie by us. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.
Why and when does GPL PASS use cookies?
We use cookies to recognize your device and provide you with a personalized experience. We do this so that we can remember your settings such as your username for the member’s area and to keep you logged into your account. We do not use cookies to track you. The cookies we use are “session” cookies, which are used to customize the look and feel of the site for your own custom preference.
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address, and browser type: we’ll use this for purposes like estimating taxes and shipping
We’ll also use cookies to keep track of cart contents while you’re browsing our site.
When you purchase from us, we’ll ask you to provide information including your name, email address, credit card/payment details, and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to opt-in receive them
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you create an account, we will store your name and email address which will be used to populate the checkout for future orders. We do NOT store your credit or debit card information nor do we have sight of this information since the transaction is entirely between you and the gateway provider and this transaction is concluded on the site of the gateway provider.
We accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information.
Please see the Stripe Privacy Policy for more details.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Google Analytics
Our website uses Google Analytics, a service that transmits website traffic data to Google servers in Ireland. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and web page usage.
By using this website, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy and for the purposes set out above. You can opt-out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google
Facebook Pixel
We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.
This allows user behavior to be tracked after they have been redirected to our website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Who on our team has access
Members of our team have access to the information you provide us. For example, Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and;
- Customer information like your name, email address, and billing information.
Our team members have access to this information to help fulfill orders, process refunds and support you.
When and why do we share Personal Information with third parties?
We may use the following third-party service providers named below to process and store your data:
Zendesk which we use to manage our support tickets. If you chat to us via the contact option on the website or through our Facebook business page or Twitter account then a record of that chat is recorded on our Zendesk system. We do this so that support tickets don’t fall through the cracks and we ourselves don’t get confused as to whether customers have been properly responded to or not. You can read the Zendesk Privacy Policy here
Mailchimp (The Rocket Science Group, LLC), which we use to manage opt-in email marketing subscriber lists and to send emails to our subscribers. Read their privacy policy. And see here for further information on Mailchimp analytics.
You may remove your name from our mailing list at any time by clicking the “unsubscribe from this list” link at the bottom of any email that you receive.
Cloudflare, which is a traffic optimization and distribution service provided by CloudFlare Inc.
The way CloudFlare is integrated means that it filters all the traffic via its own servers, i.e., communication between this website and the User’s browser, while also allowing analytical data from this site to be collected.
We also may share your details due to the following legal exceptions:
Personal information may be shared with third parties to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service or any other agreement related to the Services, or as otherwise required by law.
Personal information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding. It may also be shared with our professional advisors (lawyers, accountants, etc) or with regulators and government authorities.
Email Enquiries
If you have emailed or written to us then we retain that email or letter to allow sufficient time for your query to be dealt with. Once the matter has been concluded the email or letter is securely deleted. We usually do this straight away but in any event within a one hundred and eighty (180) day time frame.
We do NOT use any information submitted to us by email or letter for marketing purposes.
What do we do with your Personal Information when you terminate your relationship with us?
If an account remains inactive for one hundred and eighty (180) days then it is deleted from our system unless you contact us to request otherwise. You may also close the account you have with us at any time. To make an access, correction, or closure request, please contact us using the contact details at the end of this policy.
We also keep ninety (90) day rolling backups of our systems after which time they are securely deleted and we keep log files (server logs and download logs) for one hundred and eighty (180) days after which time they are securely deleted.
We will continue to store archived copies of your previous financial transactions for legitimate business purposes only and for a period of six (6) years to comply with our legal and financial requirements.
Note that any pending failed or canceled orders are automatically deleted after a thirty (30) day period. Copies of these orders, because they have failed to be processed are not stored beyond this thirty (30) day period.
What we don’t do with your Personal Information
We do not and will never share, disclose, sell, rent, or otherwise provide Personal Information to other companies for the marketing of their own products or services.
We do not use the Personal Information we collect from you or your customers to contact or market to your customers or directly compete with you. However, GPL PASS may contact or market to your customers if we obtain their information from another source, such as from the customers themselves.
How do we keep your Personal Information secure?
We follow industry standards on information security management to safeguard sensitive information, such as financial information, intellectual property, and any other Personal Information entrusted to us. All personal information is fully encrypted and stored in secure off-site ‘zero-knowledge’ locations. Our information security systems apply to people, processes, and information technology systems on a risk management basis.
We do NOT store your credit or debit card information nor do we have sight of this information since the transaction is entirely between you and the gateway provider and this transaction is concluded on the site of the gateway provider.
In the event of a data breach, we shall inform you of the customer and the relevant authorities as soon as we become aware of it but in any event no later than 72 hours.
Access to your personal information
You retain all rights to your Personal Information and can access it anytime. In addition, GPL PASS takes reasonable steps to allow you to correct or amend personal information that is shown to be inaccurate or incomplete. If you have an account on this site you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.
You also have the right to be forgotten. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. We automatically delete expired accounts in line with our policies detailed above but if you wish for your account to be deleted sooner then contact us using the details below and we will expedite your request within thirty (30) days.
If you have any questions about your Personal Information or this policy, please contact us: [email protected]