MYPOP Ltd Privacy Policy

Company Number: 14490001
Address: 2 Frederick Street, Kings Cross, London, WC1X 0ND, United Kingdom
Effective Date: 19 June 2024

1. INTRODUCTION

1.1 Important Information and Who We Are

Welcome to MYPOP Ltd’s Privacy and Data Protection Policy (“Privacy Policy”). At MYPOP Ltd (“we”, “us”, or “our”), we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018, and all other mandatory UK laws and regulations. This Privacy Policy explains how we collect, process, and keep your data safe. It will inform you about your privacy rights, how the law protects you, and inform our employees and staff members of their obligations and protocols when processing data. We may gather and use data from:

• Customers
• Other individuals with whom we have a relationship or may need to contact

This Privacy Policy applies to all our employees, staff members, and all Personal Data processed by us.

1.2 Your Data Controller and Data Protection Officer

MYPOP Ltd is your Data Controller and responsible for your Personal Data. We have appointed a Data Protection Officer (DPO), Linda Essumai, who oversees questions regarding this Privacy Policy. Contact details:

• Email: [email protected]
• Postal Address: 2 Frederick Street, Kings Cross, London, WC1X 0ND, United Kingdom

You may also make a complaint to the Information Commissioner’s Office (ICO) at www.ico.org.uk, but we would appreciate the opportunity to address your concerns first.

1.3 Processing Data on Behalf of a Controller and Processors’ Responsibility to You

Our responsibilities as a Data Controller and those of our Processors include:

• Ensuring all processing of Personal Data is governed by a legal basis laid out in the GDPR.
• Ensuring confidentiality commitments from Processors authorized to process Personal Data.
• Implementing appropriate security measures.
• Obtaining prior authorization before engaging another Processor.
• Assisting the Controller in fulfilling obligations to respond to data subjects’ rights requests.
• Making available all necessary compliance information.
• Maintaining records of all processing activities.
• Cooperating with supervisory authorities.
• Appointing a Data Protection Officer and providing necessary resources.
• Ensuring any person processing Personal Data does so under proper instruction.
• Notifying the Controller of any Personal Data Breaches without undue delay.

2. LEGAL BASIS FOR DATA COLLECTION

2.1 Types of Data / Privacy Policy Scope

Definition of Personal Data

“Personal Data” refers to any information that can identify an individual. This does not include data that has been anonymized.

Categories of Personal Data

We may collect, use, store, and transfer various kinds of Personal Data. While not all of the following types will necessarily be collected from you, this outlines the full scope of data we may gather:

• Profile/Identity Data: Includes first name, last name, gender, and date of birth.
• Contact Data: Includes phone numbers, addresses, and email addresses.

Special Categories of Personal Data

We do not collect any Special Categories of Personal Data, such as:

• Race or ethnicity
• Religious or philosophical beliefs
• Sex life or sexual orientation
• Political opinions
• Trade union membership
• Health information
• Genetic and biometric data

Rights Regarding Personal Data

You have several rights concerning your personal data:

• Right to Erasure: You can request the deletion of your personal data under specific circumstances, such as when the data is no longer necessary, you withdraw your consent, or the processing is unlawful. Note that there may be legal reasons we cannot fulfill your request.
• Right to Object:You can object to our processing of your personal data. This is not an absolute right and only applies in certain situations, such as:
  • When we use your data for direct marketing.
  • When we rely on legitimate interests and you believe it impacts your rights and freedoms.
  • We may continue processing if we demonstrate compelling legitimate grounds.
• Right to Restrict Processing:You can request to restrict the processing of your data under certain conditions:
  • You want us to verify the data’s accuracy.
  • Our use of the data is unlawful, but you prefer restriction over deletion.
  • We no longer need the data, but you need it to establish or defend legal claims.
  • You have objected to our use of your data, and we need to verify if we have overriding legitimate grounds.
• Right to Data Portability: You can request the transfer of your data to you or a third party in a structured, commonly used, machine-readable format. This applies only to automated data processed based on your consent or a contract.

To exercise any of these rights, please contact us at [email protected].

3. COLLECTION OF INFORMATION

Information You Provide to Us

We collect information you provide directly to us. This includes information you provide when you:

• Create an account
• Participate in a meeting or use another product or service that integrates with our Services (e.g., Google Calendar, Microsoft Outlook and Teams, Slack, and Zoom Calendar and Messaging)
• Communicate through our text chat feature
• Use our calendar integration or email invitation feature
• Provide feedback
• Make a purchase
• Communicate with us via third-party platforms, such as LinkedIn, Twitter, Facebook, and Instagram
• Request customer support
• Explicitly opt into our collection of specific data
• Otherwise communicate with us

The types of personal information we may collect include:

• Name, username, email address, postal address, phone number
• Account login information for our accounts and accounts on video conferencing platforms
• Profile photo, image and/or voice
• Social media profile ID, user presentations, text chat communications, feedback on our Services
• Hashed payment card value and other payment-related information, like your billing address
• Any other information you choose to provide

Information We Collect Automatically During Interactions with Us When you access or use our Services, we automatically collect certain information, including:

• Meeting Information: Details such as names and email addresses of invitees and participants, meeting subject and description, audio and visual files, meeting location, and access details (e.g., meeting ID). We notify users in video conferences that the meeting is being measured and data is being collected, and provide opt-out options except where chat and notifications are disabled or unsupported.
• Transactional Information: Details about transactions, such as service details, purchase price, and transaction date.
• Information Collected by Cookies and Similar Tracking Technologies: We use cookies and web beacons to collect information about your interactions with our Services. For more information about our use of cookies and other tracking technologies, see the “Your Choices” section below.

Information We Collect from Other Sources We also obtain information about you from other sources, such as:

• Video conferencing platforms you use
• Third-party data brokers who provide audio and visual data sets
• Other users who refer our Services to you
• Third parties who integrate our Services into their products and services

Information We Derive We may derive information or draw inferences about you based on the information we collect, including:

• Analytics: Using audio and visual information to score and provide recommendations to improve processes, team collaboration, and efficiency.
• Company Affiliation: Using names and email addresses to identify users during meetings and infer company affiliation for metrics.
• Meeting Characteristics: Inferring characteristics of scheduled meetings from scheduling information.

4. USE OF INFORMATION

When you create a new account, we will request your consent to link your Google or Microsoft account to your MYPOP account, granting us access to your calendar. This integration checks your schedule to determine which meetings to include our services in. When integrating with your Google or Microsoft calendar, MYPOP stores calendar event titles, times, attendee information, and video conferencing access links. Calendar event timing and video conferencing access links are used to automatically include the MYPOP Dashboard in your calendar events. Event titles and attendee information are used to customize and compute the MYPOP Dashboard’s analytics for attendees. This data is stored in an encrypted database and not shared with third parties.

We use the collected data to:

• Monitor and analyse trends, usage, and activities related to our services, generating reports including real-time reports and alerts.
• Make inferences about users and their organizations, compiling metrics about participation in meetings, as described in “Information We Derive.”
• Provide, maintain, and improve our services, including user account maintenance and using information to train and improve our models.
• Process transactions and send related information, including confirmations, receipts, invoices, customer experience surveys, and recall notices.
• Respond to your comments and questions and provide customer service.
• Communicate with you about products, services, and events offered by MYPOP and others, providing news and information of potential interest (see the “Your Choices” section for opting out of communications).
• Personalize advertisements on third-party platforms and websites (see the “Advertising and Analytics” section for more information).
• Personalize your experience with us, including tracking your preferences on our services.
• Send technical notices, security alerts, and support and administrative messages.
• Debug to identify and repair errors in our services.
• Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activities, protecting the rights and property of MYPOP and others.
• Comply with our legal and financial obligations.
• Fulfill any other purpose described at the time of information collection.

4.1 Marketing and Content Updates
You will receive marketing communications if you have created an account and opted in. You can opt-out at any time.

4.3 Change of Purpose

We will only use your Personal Data for the purposes for which it was collected unless we consider it necessary for another reason compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

USER CONSENT FOR AI APPS

Your privacy and control over your data are paramount to us. This section provides specific information about how your data is shared with and used by AI models employed by third-party tools or platforms.

Specific Information about AI Models

• Third-Party AI Models Utilized: Our app utilizes third-party AI models, specifically Azure OpenAI Ada 002 private cloud. It is important to note that your data is not used to train these AI models.
• Data Shared with AI Models: We share meeting transcripts with these AI models.
• Purpose of Sharing Data with AI Models: The data shared with AI models is used to generate intelligence that provides teams with recommendations on how to improve their working practices, team collaboration, and overall teamwork efficiency.
• How the Models Use This Data: The AI models analyse the meeting transcripts to identify patterns in agile practices. They provide advice on how teams can improve their collaboration, such as suggesting the use of an agenda for meetings or starting an interview with a round of introductions.
• Impact on Users: The insights generated by these models are intended to enhance team performance and collaboration. The recommendations provided aim to foster better communication and more efficient workflows within teams.
• User Options to Control or Opt-Out of Data Sharing: Users have the option to control or opt-out of data sharing with these AI models. If a user chooses to opt-out, it may affect the functionality of the tool as without this intelligence, teams would not receive the recommendations designed to improve their practices and collaboration.
• Ensuring Responsible and Ethical Use of Data: We are committed to ensuring the responsible and ethical use of your data through the following measures:
  • Robust Security Measures: We implement advanced security measures to protect your data at all stages. This includes firewalls, intrusion detection systems, and regular security audits to ensure our systems are secure against threats.
  • End-to-End Encryption: We use end-to-end encryption to protect your data from the moment it is collected until it is processed and stored. This means that your data is encrypted on your device, remains encrypted while being transmitted to our servers, and is only decrypted once it reaches its intended destination.
  • Private Cloud Environments: The AI models we use are hosted on private cloud environments. These environments are designed to provide high levels of security and compliance, ensuring that your data is securely processed and stored away from public access.
  • Strict Data Handling Protocols: Our data handling protocols include strict access controls, ensuring that only authorized personnel can access your data. We also use pseudonymization and anonymization techniques where possible to protect your privacy further.
  • Adherence to Data Privacy Standards: We adhere to stringent data privacy standards, including the GDPR and other relevant regulations. This commitment ensures that we handle your data in compliance with the highest standards of data protection and privacy.
  • Data Access and Usage Policies: We have clear policies on who can access your data and how it can be used. These policies are designed to prevent unauthorized access and misuse of your information.
  • Regular Security Audits and Updates: We conduct regular security audits and updates to our systems and protocols to ensure that we stay ahead of potential threats and vulnerabilities. This proactive approach helps to maintain the security and integrity of your data.

By implementing these measures, we ensure that your data is handled responsibly and ethically, providing you with the confidence that your privacy is protected at all times.

5. YOUR RIGHTS AND HOW YOU ARE PROTECTED BY US

5.1 Your Legal Rights

You have rights under data protection laws, including:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to object
• Right to restrict processing
• Right to data portability

To exercise these rights, contact us at [email protected].

5.2 Your Control Over MYPOP Ltd’s Use of Your Personal Data

You can delete your account at any time. Your account information is protected by a password.

5.3 How MYPOP Ltd Protects Customers’ Personal Data

We implement various security measures, including encryption, secure access controls, and regular audits, to protect your Personal Data. However, no data transmission over the internet is completely secure, and any transmission is at your own risk.

5.4 Opting Out of Marketing Promotions

You can stop receiving marketing messages at any time by contacting us. We will continue to retain Personal Data provided through other interactions.

5.5 Requesting Your Data

You can access your data by logging into your account. To make a request, contact us at [email protected].

6. YOUR DATA AND THIRD PARTIES

6.1 Sharing Your Data with Third Parties

We may share Personal Data if MYPOP Ltd anticipates a change in control, sells or transfers part or all of its business or assets, or if required for legal reasons.

7. HOW LONG WE RETAIN YOUR DATA

We retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected. We may retain data longer in the event of a complaint or anticipated litigation.

8. INTERNATIONAL TRANSFER OF DATA

Your information may be stored and processed outside the UK. By using MYPOP Ltd, you consent to the transfer of information, including Personal Data, outside the UK.

9. NOTIFICATION OF CHANGES AND ACCEPTANCE OF POLICY

We review and update our Privacy Policy regularly. Continued use of MYPOP Ltd constitutes acceptance of any changes.

10. INTERPRETATION

Terms like “including” mean “including but not limited to.” Email addresses provided should be used for their stated purposes. Our staff are not authorized to contract on behalf of MYPOP Ltd or make representations contrary to this policy.

11. TERMS OF USE

Please refer to our Terms of Use for terms governing your use of MYPOP Ltd.

12. GOOGLE API SERVICES USER DATA POLICY COMPLIANCE

MyPop’s use and transfer of information obtained from Google APIs, whether to other applications or within its services, will comply with the Google API Services User Data Policy. This includes adherence to the Limited Use requirements outlined by Google, ensuring that the data is used only in ways that are necessary for the intended functionality and within the constraints of user privacy and security guidelines.

For any questions or further information, please contact our Data Protection Officer, Linda Essumai, at [email protected].