Privacy Policy

[Italian version]

Data Controller

Hoculus srl - Via B. Telesio 12, 20145 Milan Italy
VAT number 10781740963

Owner contact email: info@hoculus.com

Definitions and legal references

Personal Data (or Data)

Any information that, directly or indirectly, also in connection with any other information, including a personal identification number, makes a natural person identified or identifiable constitutes personal data.

Usage Data

This is the information collected automatically through this Website (including from third-party applications integrated into this Website), including: the IP addresses or domain names of the computers used by the User who connects with this Website, the addresses in URI (Uniform Resource Identifier) ​​notation, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc. .) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (for example the time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of the pages consulted, to the parameters relating to the operating system and the IT environment of the User.

User

The individual using this Website who, unless otherwise specified, coincides with the Data Subject.

Interested

The natural person to whom the Personal Data refers.

Data Processor (or Manager)

The natural person, legal person, public administration and any other body that processes personal data on behalf of the Data Controller, as set out in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data and the tools adopted, including the security measures relating to the operation and use of this Website. The Data Controller, unless otherwise specified, is the owner of this Website.

This Website (or this Application)

The hardware or software tool through which the Personal Data of Users are collected and processed.

Service

The Service provided by this Website as defined in the relative terms (if any) on this site / application.

European Union (or EU)

Unless otherwise specified, any reference to the European Union contained in this document is intended to be extended to all current member states of the European Union and the European Economic Area.


Legal references

This privacy statement is drawn up on the basis of multiple legislative systems, including articles. 13 and 14 of Regulation (EU) 2016/679.

Unless otherwise specified, this privacy policy applies exclusively to this Website.

Cookie Policy

Cookies consist of portions of code installed in the browser that assist the Owner in providing the Service according to the purposes described. Some of the purposes for installing cookies may also require the consent of the user.

When the installation of Cookies takes place on the basis of consent, this consent can be freely revoked at any time by following the instructions contained in this document.

Technical and aggregate statistical cookies

Activities strictly necessary for operation

This Website uses Cookies to save the User's session and to carry out other activities that are strictly necessary for the functioning of this Website, for example in relation to the distribution of traffic.

Activities for saving preferences, optimization and statistics

This Website uses Cookies to save browsing preferences and to optimize the User's browsing experience. These cookies include, for example, those for setting the language and currency or for the management of statistics by the owner of the site.

Other types of cookies or third-party tools that could install them

Some of the services listed below collect statistics in aggregate and anonymous form and may not require the consent of the User or could be managed directly by the Owner - depending on how they are described - without the help of third parties.

If among the tools indicated below there were services managed by third parties, these could - in addition to what is specified and also without the knowledge of the Owner - perform User tracking activities. For detailed information on this, it is advisable to consult the privacy policies of the services listed.

  • Tag management

    This type of service is functional to the centralized management of the tags or scripts used on this Website.
    The use of these services involves the flow of User Data through them and, where appropriate, their retention.

    Google Tag Manager (Google Ireland Limited)

    Google Tag Manager is a tag management service provided by Google Ireland Limited.

    Personal Data collected: Cookies and Usage Data.

    Place of processing: Ireland - Privacy Policy . Subject adhering to the Privacy Shield.

  • Heat mapping and session recording

    Heat mapping services are used to identify which areas of a page are subject to the passage of the cursor or mouse clicks in order to detect which of them attract the most interest. These services allow you to monitor and analyze traffic data and are used to keep track of User behavior.
    Some of these services may log sessions and make them available for later viewing.

    Hotjar Heat Maps & Recordings (Hotjar Ltd.)

    Hotjar is a heat mapping and session recording service provided by Hotjar Ltd.
    Hotjar respects generic “Do Not Track” headers. This means that the browser can tell the script not to collect any User data. This is a setting that is available in all major browsers.

    Personal Data collected: Cookies, Usage Data and various types of Data as specified in the privacy policy of the service.

    Place of processing: Malta

  • Interaction with live chat platforms

    This type of service allows you to interact with live chat platforms, managed by third parties, directly from the pages of this Website. This allows the User to contact the support service of this Website or this Website to contact the User while browsing his pages.
    In the event that an interaction service with live chat platforms is installed, it is possible that, even if the Users do not use the service, it collects Usage Data relating to the pages in which it is installed. Additionally, live chat conversations may be recorded.

    Facebook Messenger Customer Chat (Facebook, Inc.)

    The Facebook Messenger Customer Chat is an interaction service with the Facebook Messenger live chat platform, provided by Facebook, Inc.

    Personal Data collected: Cookies, Data communicated while using the service and Usage Data.

    Place of processing: United States - Privacy Policy . Subject adhering to the Privacy Shield.

  • Interaction with social networks and external platforms

    This type of service allows interaction with social networks or other external platforms directly from the pages of this Website.
    The interactions and information acquired from this Website are in any case subject to the User's privacy settings relating to each social network.
    This type of service may still collect traffic data for the pages where the service is installed, even when Users do not use it.
    It is recommended to log out from the respective services to make sure that the data processed on this Website is not connected back to the User's profile.

    Like button and Facebook social widgets (Facebook, Inc.)

    The "Like" button and Facebook social widgets are interaction services with the Facebook social network, provided by Facebook, Inc.

    Personal Data collected: Cookies and Usage Data.

    Place of processing: United States - Privacy Policy . Subject adhering to the Privacy Shield.

    Advertising

    This type of service allows the User Data to be used for commercial communication purposes in various forms of advertising, such as banners, also in relation to the User's interests.
    This does not mean that all Personal Data is used for this purpose. Data and conditions of use are indicated below.
    Some of the services listed below may use cookies to identify the user or use the behavioral retargeting technique, that is to display advertisements tailored to the interests and behavior of the user, also detected outside this website. more information on this, we suggest you check the privacy policies of the respective services.

    Users can also choose not to participate in certain advertising features through the corresponding device configuration options, such as the mobile device advertising configuration options or the generic advertising configuration .

    Facebook like audience (Facebook, Inc.)

    Facebook Similar Audience is an advertising and behavioral targeting service provided by Facebook, Inc. that uses Data collected through the Facebook Custom Audience service in order to show advertisements to Users with similar behavior to Users who are already in a list. Custom Audience based on their previous use of this Website or their interaction with relevant content through Facebook applications and services.
    Based on this Data, personalized ads will be shown to Users suggested by Facebook Similar Audience.

    Users can choose not to use Facebook cookies for ad personalization by visiting this opt-out page .

    Personal Data collected: Cookies and Usage Data.

    Place of processing: United States - Privacy Policy - Opt Out . Subject adhering to the Privacy Shield.

    Remarketing and behavioral targeting

    This type of service allows this Website and its partners to communicate, optimize and serve advertisements based on the past use of this Website by the User.
    This activity is carried out through the tracking of Usage Data and the use of Cookies, information that is transferred to the partners to whom the remarketing and behavioral targeting activity is connected.
    Some services offer a remarketing option based on email address lists.

    Users can also choose not to participate in certain advertising features through the corresponding device configuration options, such as the mobile device advertising configuration options or the generic advertising configuration .

    Facebook Remarketing (Facebook, Inc.)

    Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of this Website with the Facebook advertising network.

    Personal Data collected: Cookies and Usage Data.

    Place of processing: United States - Privacy Policy - Opt Out . Subject adhering to the Privacy Shield.

    Statistics

    The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to keep track of User behavior.

    Google Analytics (Google Ireland Limited)

    Google Analytics is a web analytics service provided by Google Ireland Limited ("Google"). Google uses the Personal Data collected for the purpose of tracking and examining the use of this Website, compiling reports and sharing them with other services developed by Google.
    Google may use the Personal Data to contextualize and personalize the advertisements of its own advertising network.

    Personal Data collected: Cookies and Usage Data.

    Place of processing: Ireland - Privacy Policy - Opt Out . Subject adhering to the Privacy Shield.

    Facebook Ads conversion tracking (Facebook pixel) (Facebook, Inc.)

    Facebook Ads conversion tracking (Facebook pixel) is a statistics service provided by Facebook, Inc. that connects data from the Facebook ad network with actions performed on this Website. The Facebook pixel monitors the conversions that can be attributed to Facebook, Instagram and Audience Network ads.

    Personal Data collected: Cookies and Usage Data.

    Place of processing: United States - Privacy Policy . Subject adhering to the Privacy Shield.

    Google Ads conversion tracking (Google Ireland Limited)

    Google Ads Conversion Tracking is a statistics service provided by Google Ireland Limited that links data from the Google Ads ad network with actions performed on this Website.

    Personal Data collected: Cookies and Usage Data.

    Place of processing: Ireland - Privacy Policy . Subject adhering to the Privacy Shield.

    How can I express consent to the installation of Cookies?

    In addition to what is indicated in this document, the User can manage preferences relating to Cookies directly within their browser and prevent - for example - third parties from installing them. Through the browser preferences it is also possible to delete the Cookies installed in the past, including the Cookie in which the consent to the installation of Cookies by this site is eventually saved. The User can find information on how to manage Cookies with some of the most popular browsers, for example at the following addresses: Google Chrome , Mozilla Firefox , Apple Safari and Microsoft Internet Explorer .

    With reference to Cookies installed by third parties, the User can also manage their settings and withdraw consent by visiting the relative opt out link (if available), using the tools described in the third party's privacy policy or by contacting the third party directly.

    Notwithstanding the foregoing, Users are informed of the possibility of using the information provided by YourOnlineChoices (EU), Network Advertising Initiative (USA) and Digital Advertising Alliance (USA), DAAC (Canada), DDAI (Japan) or other similar services. With these services it is possible to manage the tracking preferences of most advertising tools. The Owner, therefore, advises Users to use these resources in addition to the information provided in this document.

Since the installation of third-party Cookies and other tracking systems through the services used within this Website cannot be technically controlled by the Owner, any specific references to Cookies and tracking systems installed by third parties is to be considered indicative. To obtain complete information, the User is invited to consult the privacy policy of any third party services listed in this document.

Given the objective complexity surrounding the identification of technologies based on Cookies, Users are encouraged to contact the Owner should they wish to receive any further information on the use of Cookies by this Website.

[Italian version]

Your privacy is important to us. Our use and collection your information is governed by our Privacy Policy. Please ensure you have read and understood that Privacy Policy.

We are committed to protecting your privacy, in accordance with the terms and conditions of the Privacy Policy. By accessing and continuing to use the Services, including without limitation by registering or creating an account or profile with Hoculus, and by providing personally identifiable information or personal data to Hoculus through the Services, you are acknowledging that you have read our Privacy Policy (which sets out how we process personal data, and our legal basis for processing personal data) and that you agree and consent to us processing your personal data to provide the Services to you in accordance with this Agreement and our Privacy Policy. Please ensure that you have reviewed and understand our Privacy Policy before purchasing or subscribing for any Services from us or providing personal data to us. When you use the Services to transfer your Customersʼ personal data to us, you represent and warrant that you have your Customersʼ consent to: a) the transfer of such personal data to us; and b) our collection, use, retention, and disclosure of that and other personal data of your Customers, for the purposes which are set out in the Privacy Policy. You further acknowledge and agree that our use of your Customersʼ personal data for these purposes is in our capacity as your agent, only.

Who we are

Hoculus srl
Via B. Telesio 12 - Milan (MI) 20145
VAT number 10781740963
Our website address is: https://hoculus.com.

Which personal data we collect and why we collect it

Contact form and comments when visitors leave comments or asks info on the site we collect the data shown in the comments and all the other forms, and also the visitorʼs IP address and browser user agent string to help spam detection.

Media and contact form
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies
If you leave a comment or send a contact request on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Embedded content from other websites
Articles on this site may include embedded content (eg videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Which rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Confidentiality

We will treat all of your data and records as confidential. We will only share it if necessary to deliver the services. If you were referred to us by one of our partners, you authorize us to share commercial details related to your services with any such partner.

We will not sell, share, or rent your personal data to or with any third party. Your records are regarded as confidential and therefore will not be divulged to any unaffiliated third party, other than our payment gateway in order to process your payment (s), and as is otherwise necessary for the delivery of the Services and / or if legally required to do so, to the appropriate authorities. Further information on the collection, use, retention, and disclosure of personal data is available in our Privacy Policy.

Your Account

You might need an account to use some features of Hoculusʼ services. Keep all account details confidential - you are responsible for it. We work hard to make sure your account is secure, but we cannot guarantee it. If you know or think your account has been compromised, let us know.

You may be required, when you use certain features of the Services, to create an account with us, including a username and password. If we determine the username is in use by someone else or it is otherwise offensive, we may refuse to allow you, in our sole discretion, to use the chosen username. In addition, you are responsible for maintaining the confidentiality of your password and you are responsible for all uses of your username, whether or not you authorize such uses. You agree to notify us immediately of any actual or suspected loss, theft or unauthorized use of your username and password, or your account. We are not responsible for verifying your identity or the identity of anyone who uses your account, and we are not liable for any loss or damage as a result of your failure to protect your password, or as a result of unauthorized use of your username and / or password. You agree that any registration information you provide will be true and accurate, and that you will update it, as is necessary to keep it current. We reserve the right to automatically log you out of your account after such a period of inactivity as we determine is reasonable, in the circumstances. We care about the security of our users. While we work hard to protect the security of your Uploaded Content, personal data, and account, we cannot guarantee that unauthorized third parties will not be able to defeat our security measures. Please notify us immediately in the event of any actual or suspected breach or unauthorized access or use of your account.

If you are a resident of the European Union: You have the right to delete your account with us by contacting us. If you choose to permanently delete your account, the non-public personal data that we have associated with your account will also be deleted.

Internet Connectivity and Compatible Technology

Your (and your customersʼ) internet access, software and hardware compatibility is out of our control. We .re not responsible where our services are unavailable for re.sons such as those that are outside of our control.

The availability and functioning of the Services depend on the availability of a properly functioning Internet connection, as well as compatible hardware and software. We are not responsible for ensuring uninterrupted access to the Internet or any charges you incur, in association with your use of the Internet, nor are we responsible for ensuring your hardware and software are compatible with the Services. You acknowledge that your access to and use of the Services may be impaired or prevented by factors beyond our control (such as issues with your computer system or Internet connectivity), and that we are not responsible for any such factors, or their effects. We are not liable for any failure to backup or restore any information or for interruptions, delay or suspension of access to or unavailability of the Services, or any loss of such information, data or transmissions. It is your responsibility to ensure that your data is backed up effectively.

Links from this Website

Our website contains links to other websites - we do not monitor or review those links. We are not responsible for any content on those sites.

We do not monitor or review the content of other partiesʼ websites and services which are linked to from this website, nor do we control the availability and content of such websites and services. Opinions expressed or material appearing on such websites are not necessarily shared or endorsed by us and we should not be regarded as the publisher of such opinions or material, nor are we responsible for the accuracy of such opinions or material. Please be aware that we are not responsible for the privacy practices, or content of third party websites and services. We encourage our users to be aware when they leave our website, and to read the terms of use and privacy statements of the websites that they may link to or access. You should evaluate the security and trustworthiness of any other website connected to our website or accessed through our website yourself, before disclosing any personal data to it. Hoculus will not accept any responsibility for any loss or damage in whatever manner, howsoever caused, resulting from your disclosure to third parties of personal data.

Acceptable Use

You cannot use our website or services in any way that would contradict this agreement, or that would otherwise be inappropriate.

Without limiting anything else in this Agreement, you must not use (or cause or permit to be used) this website or the Services:

- in any way that causes, or may cause, damage to our website or the Services, or impairment of the availability or accessibility of our website or the Services;

- in any way which is unlawful, illegal, fraudulent or harmful, or in connection with any unlawful, illegal, fraudulent or harmful purpose or activity;

- to post, transmit, or otherwise make available any material that is or may be: (a) threatening, harassing, degrading, hateful, or intimidating; (b) defamatory; (c) fraudulent or tortious; (d) obscene, indecent, pornographic, or otherwise objectionable; or (e) non-compliant with applicable privacy legislation or an infringement of another personʼs privacy, including without limitation by disclosing the personal data of another individual without their knowledge and consent;

- to post, transmit, or otherwise make available, any material that may violate: a) our proprietary rights; or b) the proprietary rights of any third party, including, without limitation, copyrighted software, photographs, texts, videos or artwork or any moral rights associated therewith;

- for any commercial purposes other than those which are expressly set out in this Agreement;

- to copy, store, host, transmit, send, use, publish or distribute any material which consists of (or is linked to) any spyware, computer virus, Trojan horse, worm, keystroke logger, rootkit or other malicious computer software;

- to conduct any systematic or automated data collection activities (including, without limitation, scraping, data mining, data extraction and data harvesting) on ​​or in relation to this website without our prior express written consent;

- to impersonate any person or entity or misrepresent your affiliation with any other person or entity;

- to engage in spamming, flooding, harvesting of email addresses or other personal information, spidering, "screen scraping", "database scraping", or any other activity with the purpose of obtaining lists of users or other information (including any activity which involves accessing or using the Services for purposes which are unrelated to the Services);

- to attempt to gain (or gain) unauthorized access to other computer systems through the Services, or to obtain or attempt to obtain any materials or information through any means not intentionally made available or provided for through the Services;

- in a manner that is disrespectful toward Hoculus employees, which may involve actions, words or physical gestures that could reasonably be perceived to be the cause of the employeeʼs distress or discomfort; or

- in a manner which is otherwise contrary to this Agreement.

Any use of the Services which is contrary to the terms of this Agreement may result in the immediate termination of this Agreement and your use of the Services, by us.

International Terms

We are based primarily in Italy. If you are outside of Italy, your data will be transferred to, stored and processed in Italy and / or other countries. You must comply with all laws in your part of the world when you access our services.

If you are not a Italian resident and you are accessing our Services from outside of Italy, you agree to transfer certain information outside your home country to us, and that you will follow all the laws that apply to you. We provide our Services outside of Italy; however, our servers and operations are located primarily in Italy (and, in the case of our servers, Italy, the European Union, and the United States), and our policies and procedures are based primarily on Italian law. Because of this, the following provisions apply specifically to users located outside of Italy: (i) you consent to the transfer, storage, and processing of your information, including but not limited to Uploaded Content and any personal data, to and in Italy and / or other countries; and (ii) you agree to comply with all local laws, rules, and regulations including, without limitation, all laws, rules, and regulations in effect in the country in which you reside and the country from which you access the Services. The Services are not intended for distribution to, or use by, any person or entity in any jurisdiction or country where such distribution or use would be contrary to law or regulation.

Miscellaneous

We are physically located within the Province of Milan, Italy. This Agreement will be governed by the laws of the Province of Milan and the laws of Italy applicable therein and shall be treated in all respects as an Italian contract, without reference to the principles of conflicts of law. In the event of a dispute, you agree to submit to the exclusive jurisdiction of Italian courts.
Your use of the Services may also be subject to other local, state, provincial, national or international laws and the use of the Services may be prohibited by law in some jurisdictions.
By using the Services you certify that the laws of the jurisdiction in which you are using the Services, permit the use of it, and you are responsible for complying with all local laws in your jurisdiction. If the laws which apply to your use of the Services would prohibit the enforceability of this Agreement, or impose any additional burdens on us, or confer to you rights which are materially different than those granted to you under this Agreement, you are not authorized to use the Services and you agree to remove them from any computer or other device on which they may be installed.
You agree to waive any right you may have to: a) a trial by jury; and b) commence or participate in any class action against us related to your use of the Services, the exchange of electronic documents between us or this Agreement and, where applicable, you also agree to opt out of any class action proceedings against us. The Services offered by Hoculus are directed towards and designed for the use of persons above the age of majority in their respective province, state, or country.
Persons under the age of majority are not permitted to use the Services on their own, and Hoculus will not approve applications of, or establish, or maintain accounts or memberships for any persons below their respective regionʼs age of majority. If you are younger than 18, you may use the Services under the supervision of a parent or legal guardian. Otherwise, you must be 18 or older to use the Services and in no circumstances shall people under the age of majority in your state, province, or country, use the Services.
Use of the Services by anyone under 13 years of age is strictly prohibited. The parties hereto have required that this Agreement and all documents relating thereto be drawn up in English. Words importing the singular include the plural and vice versa; and words importing gender include all genders, including the neuter gender, as the context may require. We will not be liable for the failure or delay in our performance of our obligations under this Agreement due to any cause beyond our reasonable control, including, but not limited to: a) acts of God; or b) failure or disruptions in third-party-controlled or operated communications facilities; or c) worms, viruses and other disabling or disruptive software, communications or files. Our failure to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision. If any provision of these terms shall be unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from these terms and shall not affect the validity and enforceability of any remaining provisions. We may assign this Agreement without restriction. You may not assign your rights under this Agreement without our prior written permission and any attempt by you to do so shall be void. This Agreement is binding on you and us, and your and our respective successors (including any successor by reason of amalgamation of any party), heirs, legal representatives and permitted assigns, as the case may be.

Communication

We may communicate with you via email or by posting notices on our website. You can opt out of receiving promotion.l messages from us at any time. If you need to provide us with notice, you may do so by mailing us or sending us an email to info@hoculus.com.

When you visit our website, use the Services or send emails to us, you are communicating with us electronically. We may communicate with you by email or by posting notices on our website. You agree that all agreements, notices, disclosures and other communications that we provide to you electronically, satisfy any legal requirement that such communications be in writing and / or signed. You are not required to agree to receive promotional messages from us as a condition of using the Services. However, by electing to submit your contact information to us and agreeing to this Agreement, you agree to receive certain communications from Hoculus. These communications may include, for example, operational communications concerning your account or use of the Services, updates concerning new and existing features of the Services or Hoculus websites, and promotional communications concerning promotions run by us or third parties, and news relating to the Services and industry developments. If you wish to stop receiving promotional communications from us, follow the instructions we provide in the communication for that category of communication. All notices given by you to us, must be given to us at the address set out below or by email to info@hoculus.com. We may give notice to you at the email or mailing address you provide to us when you place an order with us, or register to use the Services, or by way of a general posting on our website. Notice will be deemed to be received immediately when posted on our website, twentyfour (2a) hours after an email is sent and three (3) days after a letter is posted. In proving the service of any notice, it will be sufficient to prove, in the case of a letter, that such letter was properly addressed, stamped and placed in the post. In the case of an email, notice will be proved by showing the email was sent to the specified email address of the recipient of the notice. Hoculus is registered in Milan, Italy and registered office: Viale Campania 2 / a, Cologno Monzese (MI) 201a5.

GDPR Compliance

At Hoculus, we take the protection and handling of personal information very seriously. Making sure that Merchants (and their Customers) can trust that our team will keep their personal and financial information safe is vital, and frankly, something we obsess over each and every day.

Hoculus as Processor

Hoculus primarily acts as a Processor on behalf of our Merchants (who are Controllers) in relation to data we receive and process from Merchants about their Customers, as described in our updated Privacy Statement. A Processor takes personal data on behalf of a Controller and acts on it as the Controller has requested. In Hoculusʼ case, we process the personal data of our Merchantʼs Customers to help facilitate a transaction between the Merchant and Customer. For example, our Recurring Orders app reads Shopify customer and order data to be able to generate and report on purchased subscriptions. Where Hoculus acts as a Processor, Merchants (as Controllers) are responsible for having a Legal Basis for Processing. Hoculus only processes personal data in this capacity on the instructions of Merchants.

Hoculus as Controller

In some limited circumstances, Hoculus may act as a Controller. For example, where we process a Merchantʼs personal data when a Merchant installs one of our apps, submits a form indicating interest in Hoculus services (such as a quote request for our Professional Services, or a pre-sales support request), or signs up to our email list. Where Hoculus acts as a Controller, we have implied consent to process a Merchantʼs personal data when installing one of our apps, or submitting a form indicating interest in Hoculus services. We may also have express consent to process your data. This would happen if you sign up to our email list: we tell you what youʼre signing up for in plain English.

Protection of Personal Data

Weʼve completed an audit of our physical, technical, and administrative security measures to make sure we have implemented appropriate and reasonable measures to ensure that personal data weʼre entrusted with is kept safe. One important outcome of this audit was the minimization and redaction of information that could potentially be used to identify someone personally. The best way to avoid a data breach is to not have that data in the first place; weʼve instituted policies to ensure that we only keep Customer (or Merchant) information for as long as is reasonable and necessary. At Hoculus, this means that Customer personal data is redacted after a Merchant uninstalls one of our apps. A Data Protection Impact Assessment helps us assess the risk that apps, services and features could pose to an Data Subjectʼs personal data. This process is undertaken as we develop new services and functionality to make sure weʼre building with privacy in mind. Weʼve also reviewed processes of teams across the company to make sure weʼre handling personal data in a way that meets the high standards set by the GDPR. One of our biggest undertakings has been to review our relationships with the vendors or subprocessors used by our team that could potentially come in contact with personal data. This includes server hosts, support ticketing software, blog providers, and everything in between. Weʼve taken steps to ensure they also meet the requirements set out by the GDPR, appropriate to their role in the chain of processing. For example, weʼve implemented Data Processing Agreements / Addendums with such vendors (where necessary). These Data Processing Agreements / Addendums also incorporate standard contractual clauses approved by the European Commission to ensure any onward transfer of this data to countries without adequate privacy laws (as determined by the European Commission) is done safely. Training sessions have also been held with members of our staff to ensure that they are educated on their legal obligations as it pertains to personal data, and to ensure their commitment to the ideals of privacy and respect for personal data being at the core of working alongside Merchants.

Data Subject Rights

One of the most relevant components of the GDPR is the rights of Data Subjects. A set of rights granting people the ability to exercise control over their personal data. The three most relevant ones to you as an eCommerce entrepreneur are likely the right of access, the right to rectification, and the right of erasure.

Right of Access

The right of access allows a Data Subject (ie the person about whom data has been collected or stored) to request from a Data Controller any data they have collected relating to that person, along with information on if and how it has been processed. In plain language, this is a “Give me everything you have on me” type of request. The Data Controller (in many cases, the Merchant) is responsible for providing the data from their systems, including any which may be held / stored by their third-party Processors. If a Merchant receives a request relating to the right of access for data that may be held by Hoculus, they should contact info@hoculus.com for assistance.

Right to Rectification

The right to rectification allows Data Subjects to request their personal data be modified or corrected. As a Merchant, this may simply mean you make the change as requested in your eCommerce platform. If you have a concern relating to a rectification request as it exists in a Hoculus app or service, contact info@hoculus.com.

Right to Erasure

The right to erasure, commonly referred to as the “Right to be forgotten” means Data Subjects have the right to ask for all of their personal data be deleted by a Controller. This means, as with each of the other rights, the Controller is responsible for their own records, and must ensure Processors with whom they work also delete this personʼs data. Fulfilling requests for erasure and deletion are handled through an email to info@hoculus.com.