This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your sensitive information and how we will deal with it. For the purposes of the Data Protection Act (‘the DPA’) and the EU General Data Protection Regulation (‘the GDPR’), sensitive information includes what is defined as your ‘personal data’.
By visiting any website available on the sopost.com domain (the ‘Website’) you accept and consent to the practices described in this Privacy Notice including the processing of your personal data.
In this Privacy Notice, we seek to abide by the letter and spirit of the guidelines laid out by the UK Information Commissioner’s Office in the document ‘Privacy Notices, Transparency and Control’.
More formally, we are SoPost Limited. We are a company registered in England and Wales with Company number 08216668 and our registered office is at The Core, Bath Lane, Newcastle upon Tyne, NE4 5TF, United Kingdom.
We are registered with the Information Commissioner’s Office under registration number Z343508X and you can view our registration in full here.
For the purposes of the DPA and in-line with the GDPR, SoPost Limited is the Data Controller.
If you have any concerns about the way we use your information or any questions about this Privacy Notice, please let us know.
We will use your information to:
We will collect and process the following information about you:
Information you give us – this is information about you that you give us by filling in forms on our Website or by corresponding with us by phone, email or otherwise. It includes information you provide when you request a sample. We only ask from you the minimum data required for you to use our service.
If you are a brand wishing to partner with SoPost you can contact us via our Website. To do so we ask for the brand name, your name, a contact email address and telephone number.
SoPost does not collect or store any of your financial information. Where access to your financial information such as credit or debit card is required, this information will be processed through secure payment pages of our chosen third party service providers (e.g. PayPal, Stripe).
Information we collect about you – Whenever you visit our Website we will automatically collect the following information:
Information we receive from other sources – This is information we receive about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this Website. We will also have told you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.
The information and content held on our Website is deployed geographically to maximise user experience. All information that could identify individuals within the European Union is stored exclusively within the European Union. We will never share your user information with third parties for promotional purposes without your consent.
Our production databases are stored in Google Cloud which is contracted by use for the provision of technical services. We remain responsible at all times for the security of your information, but if you want to know more about how we interact with Google Cloud you can view their Privacy Notice, amongst their other policies at https://cloud.google.com/security/privacy/.
We will often share your information with our trusted brand partners that you have claimed a sample from through SoPost, but only where you have expressly consented for us to do so. Sometimes our brand partners will require that you explicitly agree to this consent in order to receive your sample.
We may also disclose your information to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
We take the security of your personal data very seriously. Our approach to information security is constantly evolving and continually reviewed.
We have adopted industry best practices from both technological and business process perspectives in order to make the security of your data a key part of the way we do business.
We have policies and practices in place that not only ensure our compliance under the DPA but also the GDPR, including training and adequate procedures put in place for any staff that handle or have access to sensitive information.
We may contact you via email with updates about the services that we offer or any changes that we have made to our Website.
You can opt in or out at any time by clicking the ‘Unsubscribe’ link in our emails.
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (including, but not limited to, websites on which our service may be advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy notices and that we are not responsible or liable for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.
You have the right to find out what information we hold about you. You can exercise that right by contacting us and we will send you all data we hold about you inside of 20 working days. To make a request for information please visit our privacy portal.
If any of your personal data is incorrect then you have the right to rectify this information and ensure that it is accurate and up to date. To make a request to update your information so that you may have any errors corrected, please visit our privacy portal.
You have the right ‘to be forgotten’ and to have your personal identifiable information permanently deleted from our systems. If you would like to exercise this right then please visit our privacy portal.
There will be no charge made for reasonable electronic access to your information, your right to rectification or for your right to be forgotten from our systems.
At SoPost we have procedures in place to regularly review what personal data we hold. We keep your personal data in a plain text format only for as long is required in order to carry out the processing activities you have permitted us to do. Once the sampling campaign that you engaged with has concluded (on average about 90 days) and we have completed all of the processing activities required to the get the sample into your hands and gather feedback from you, our data lifecycle management comes into effect. All personal data we hold on you in our production databases that was collected as part of your engagement with one of our sampling campaigns is encrypted using your email address and a secret hash as the encryption key. Once your personal information has been encrypted, we then create an irreversible hash of your email address plus a secret salt. We then replace the email address we hold on record with this hash.
At this point we will only be able to personally identify you as a user of SoPost again if you attempt to claim another sample in the future, using the same email address as you did previously.
So that we can continue to improve how SoPost works, there are five bits of personal data which you share with us that we exclude from our data lifecycle management process – your postcode, country, opt-in preference, any HTTP referrer value present when you visited our sampling page and any “utm_source” query string parameter present when you visited our sampling page.
We keep your postcode and country in plain text so that we can report on what parts of the world we are delivering samples to. We cannot identify you as the owner of this postcode once your other personal data has been encrypted.
We keep your opt-in preference in plain text so that we can report on average opt-in rates on our platform so that we can keep our brand partners informed about benchmarks on our platform. We cannot identify you as the owner of an opt-in preference once your other personal data has been encrypted.
We keep your utm_source and HTTP referrer value in plain text for two reasons. Firstly, so that we can report back to our brand partners about the performance of their sampling campaigns. Secondly, to help combat abuse of our platform by entities who act against our terms and conditions. We cannot identify you as the owner of a utm_source value or HTTP referrer once your other data has been encrypted.
Of course, you also have the right to forgotten at any point and can find out more about this in the ‘Access to Information’ section above.
Any changes we may make to our Privacy Notice in the future will be posted on this page. The new terms may be displayed on-screen and you will be required to read and accept them to continue your use of our services.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
As part of our overall approach to privacy and transparency, this section describes what cookies are in the context of our web and mobile interfaces, and what their use means to you. At the end, we’ve included some links to help you research cookies and their impact, and how you can use your web browser to control the way it manages cookies.
We use the following types of cookies:
You can find more information about the individual cookies we use and the purposes for which we use below:
We use Google Analytics to understand general trends about our content and traffic sources; for example, where users come from, which pages are most popular, which sites provide most traffic, how our marketing efforts impact the amount of visits we receive. We have our Google Analytics account set to retain data for twenty-six months from the point at which you last visited our website.
Google’s statement about privacy can be found here.
We use the Pinterest Tag to gather conversion insights for our brand partners and allow them to build audiences to target ads based on actions you’ve taken on our platform. For instance, Pinterest can exclude you from seeing the ad again once you’ve requested your sample. Or, Pinterest could show you ads that they think will be relevant to you because you’ve requested a sample from a particular brand partner.
Pinterest’s Advertising Guidelines require us to disclose and get consent to use the Pinterest Tag for each campaign you engage with.
Our platform respects Do Not Track and we will never use the Pinterest Tag if you have this setting enabled. Learn how to enable Do Not Track.
You can also opt out of online behavioural advertising in your Pinterest Personalisation Settings, the AdChoices website, or in your mobile ad identifier settings. Find out how to change your mobile ad identifier settings on iOS devices, or on Android, enable the ‘Opt out of Ads Personalisation’ option in your Google account’s Ads settings.
We allow our brand partners to use their Snap Pixel on our platform to help them optimise and measure the effectiveness of their campaigns. Our brand partners can use it to build audiences and target ads based on the actions you’ve taken on our platform. For instance, you may see ads on Snapchat that are relevant to you because you’ve ordered a sample from a particular brand partner.
When the Snap Pixel is used, it includes a SHA-256 hash of the email address that you enter to improve Snapchat’s measurement of your actions on our platform. The Snap Pixel is never used unless you provide consent. Our platform respects Do Not Track and we will never use the Snap Pixel if you have this setting enabled. Learn how to enable Do Not Track.
You can opt-out of activity-based advertising in your Snapchat Advert Preferences. Learn how to manage these preferences.
The Twitter button allows our users to share our platform and services with their followers more easily.
We use Facebook button to allow you to share out platform with your friends and other Facebook users. We also use the Facebook Connect feature in certain campaigns to verify your identity and that of any friends you wish to share a sample with.
Facebook’s statement about privacy relating their Connect feature is here and also here.
Still don’t know what cookies are? Then why not follow the link conveniently located here which provides more information about what they are and how they work.
If you consider we have not addressed your problem, you can contact the UK Information Commissioner’s Office for assistance. Further information can be found here.