LAST UPDATED: 10 JANUARY 2022

1. Agreement to this Policy.

1.1. This privacy policy (“Policy”), as amended from time to time, sets out how NinjaPad (“Company,” “we,” “us” “our” or “NinjaPad”) collects, processes, uses, maintains, stores, transfers, discloses, erases or destroys your personal data, obtained from and through our platforms and related services offerings, via the website, mobile application and its platforms or portals and any other features or content related, linked, or otherwise connected thereto (“Site”). The specific data points which we collect from you (“User”, “you” or “your”) are explained below in this Policy. When you visit our Sites, or use any of our services, we take your privacy very seriously as we are committed to protecting your personal information and right to privacy.  

1.2. Please read this Policy carefully to understand our practices regarding your personal information and how we treat it. If you do not agree with this Policy, or you do not have the right, power, or authority to act on behalf of and bind the business, organization, or other entity you represent, do not access or otherwise use the Sites. This Policy also explains how we use cookies. Please read this carefully as this Policy is legally binding when you access or use the Site. 

1.3. This Policy, together with our terms and conditions found at https://www.ninjapad.com/terms-and-conditions (“Terms and Conditions”) govern your access to and use of the Site. By using the Site, you agree to be bound by these policies, which supplement and are incorporated into our Terms and Conditions. This Policy does not intend to override any of our Terms and Conditions.

2. Changes to this Policy.

From time to time, we may revise, amend or supplement this Policy to reflect necessary changes in law, our personal data collection and usage practices, the features of our services or Sites, or certain advances in technology. If any material changes are made to this Policy, the changes may be prominently posted on the relevant or affected Sites. However, this is not obligatory for us; the onus is on you to periodically familiarize yourself with the contents of this Policy for your own information; and particularly to do so every time you access our Sites or make use of our services. Changes to this Policy are effective when they are published. You can determine when these Terms were last revised by referring to the “LAST UPDATED” legend at the top of these Terms. Your continued access of the Site after such changes conclusively demonstrates your acceptance of those changes.

3. Eligibility.

3.1. Age. By accessing or using the Site, you represent and warrant that you are at least eighteen (18) years of age. If you are under the age of eighteen (18), you may not, under any circumstances or for any reason, use the Site

3.2. Legality. You are solely responsible for ensuring that this Policy follows all laws, rules, and regulations applicable to you and in your specific jurisdiction. If your use of the Site, or any functionality provided or activity enabled thereby, is prohibited or conflicts with any applicable law, rule or regulation in your jurisdiction, you may not, under any circumstances or for any reason, use the Site.

3.3. Criteria. We may in our sole discretion refuse to offer the Site to any person or entity and change the eligibility criteria for use thereof at any time.

4. Privacy of children.

Our Site is not directed to collect any data from people under the age of 18 years. We do not knowingly allow anyone under the age of 18 years to submit any data to our Site. If you believe your child may have provided us with their data, you can contact us using the information in the Contact section of this Policy and we will delete the data from our Site.

5. Applicability.

This Policy applies to all your interactions with us via the Site, and your interactions with us in connection therewith.

6. Consent for legal obligations and legitimate interests.

You provide consent to your personal data (whether provided directly by you, whether collected by us, or received by us from third parties or otherwise) being processed to satisfy all legal obligations arising from any contracts entered into/ with/ involving you or to deliver any services to you; or to take steps at your request prior to entering into a contract with you; or for our legitimate interests to protect our property, rights or safety of either the Company, its users, customers, clients, other persons or other entities.

7.  Data processing in connection with the Site.

The information you provide, or which we obtain from other sources will be used by us, in accordance with this Policy, our other policies, applicable laws, and the European Union’s General Data Protection Regulation (“GDPR”). The table below specifies which data points we collect, by what method and for what purposes.

Company’s Data Collection

8.  We process and use Aggregated, anonymised and de-identified data.

8.1. We may also create, process, collect, use, and share aggregated, anonymised or de-identified data such as statistical or demographic data for any purpose which may be derived from your personal data. We may use this data to comply with legal or regulatory obligations. 

8.2.  We may share your data with members of our group, service providers and our key partners. Some of these third parties may be in a jurisdiction not covered by the laws stated in this Policy, in which case we will take all necessary steps to ensure that your personal information is treated securely and that such transfers are permitted under the applicable data protection laws. 

8.3. We may also use any or all of the personal information above to administer and manage our business in general, to detect and prevent misuse of our services (including fraud and unauthorised payments), and to enforce our Terms and Conditions or any other contract to which we may be a party to.

9. Blockchain Data.

Please note that we are not responsible for your use of any applicable blockchains and your data processed in this decentralized and permissionless network. We are neither the data controllers nor the data processors for any personal or non-personal data submitted to and stored on a blockchain’s network and/or any other decentralised and permissionless network.

10. Types of Data we Collect.

We may share your personal information with third parties.

10.1.  We may have to share your personal data with a selected and trusted group of third party/parties to fulfil our obligations under our contract with you, to meet government, regulatory and law enforcement requests, and to continue providing you with the services. We will only disclose your personal information to third party service providers under strict terms of confidentiality. We do not allow our third party service providers to use your personal data and information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions. 

We may have to share or transfer your personal information in the specific circumstances listed below:

• Applicable Law, Government Requests, etc. Where we are legally required to do so, we may disclose your personal data to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements), or where we find it is necessary to investigate, prevent or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved disclose your personal information. Additionally, we may disclose your personal data to enforce our Terms and Conditions, or to protect the rights, safety, and security of the Company, our users, other persons or the public.

•  Merger, Acquisition etc. In connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition of all or a portion of our business to another company, any dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your personal data may also be transferred as a business asset forming part of our goodwill. If another company acquires us, our business or assets, that company will possess the personal information collected by us and will assume the rights and obligations held by us regarding your personal information, as described in this Policy.

•  Advertisements. Where we use third party advertising companies to serve ads when you visit or use the Sites. These companies may use information about your visits to our Sites and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you, provided you have consented to the same.

•  Affiliates. We may share your personal information with our affiliates, in which case we will require those affiliates to honour this Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us. We may share your information with our business partners to offer you certain products, services or promotions.

•  Select Third Party Vendors. In connection with the provision of our services, we may share your personal information with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples of such third parties include payment processing, customer relationship management, data analysis, email delivery, hosting services, customer service, quality assurance testing, technical support, operational support and maintenance services and marketing efforts. We have provided a list of such third-party vendors below.

11. Links to third-party websites.

11.1. Our services, Sites or communications may contain links to other third-party websites which are not owned or operated by us and are regulated by their own privacy policies. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. We are not responsible for the privacy policies of these third-party websites, regardless of whether they were accessed using the links from our Sites. We have no control over and assume no liability for the content, privacy policies or practices of any third-party sites or services.

11.2. We specifically recommend that you, as the user (under this Policy) visit, familiarize, understand the privacy policies of such entities, as they are our partners in providing services under the facilities to you. However, even if not done as mandated herein, you undertake that you as the user accept their terms and conditions, their individual privacy policies, cookies policies, as third-party service providers to us.

12. DATA STORAGE AND DATA TRANSFERS.

12.1. Your personal data is stored and transferred in compliance with the applicable legislation or regulations of every jurisdiction in which we operate.

12.2. We store and process your personal information SquareSpace.com.

12.3. If you are based in the United Kingdom (“UK”), the European Union (“EU”) or the European Economic Area (“EEA”), any storage, processing and transfer of your personal data outside these territories will adhere to the relevant legal requirements, particularly the GDPR, as and however applicable and/or required.

12.4. Many of our external third-party service providers may also be based outside of the UK, EU, or EEA, so their processing, storage and transfer of your personal data will involve the transfer to and from and storage of data outside the UK, EU, or EEA. We reiterate that by using our services you accept the terms of their individual privacy policies, cookies policies, as well as terms and conditions.

12.5. Some of the international organisations and countries to which your personal data may be transferred do not benefit from an appropriate data protection regulatory framework. For such international organisations and countries, we shall transfer your personal information only upon ensuring that a suitable degree of protection is afforded to it through the implementation of the necessary safeguards. These safeguards include an adequacy decision by the relevant authority, adequate binding corporate rules or through the inclusion of standard contractual clauses in our agreements with such organisations and countries. We shall notify you with regards to the specific safeguard we shall adopt in transferring your personal information to such an international organisation and/or country if you must require such data.

12.6. In respect of GDPR compliance (if applicable): we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe.  

12.7. Please contact us at info@ninjapad.com if you want further information on the specific mechanism used by us when transferring your personal information. 

13. Your rights under GDPR.

If you are a citizen of the EU, then you have these rights under the GDPR:

13.1.  Right To Be Informed. This means you have a right to know:

• The identity and the contact details of the Company and its European representative;

• The contact details of our data privacy officer;

• The purposes of the processing your personal information as well as the legal basis for the processing;

• The legitimate interests pursued by us or by a third party who processes your personal information;

• The recipients or categories of recipients of your personal data; 

• Our intention to transfer your personal data to a third country or international organisation and the existence or absence of an adequacy decision by the relevant supervisory authority, or where applicable, reference to the appropriate safeguards and the means to obtain their copy;

• The period for which your personal data will be stored, or if that is not possible, the criteria used to determine that period;  

• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obligated to provide the personal data and of the possible consequences of failure to provide such data;

• The existence of automated decision-making, including profiling and meaningful information about the logic involved.

• Where we intend to further process your personal data for a purpose other than that for which the personal information was collected for, we must apprise you, prior to such further processing, with information on those other purposes and with any other relevant information.

13.2. Right Of Access. This is your right to see what personal data is held about you by us. Particularly you have the right to:

Receive confirmation as to whether or not your personal data is being processed;

• Access your personal data which we are processing along with the purposes of processing; the categories of personal data being processed; the recipients or categories of recipients to whom the personal data has been or will be disclosed; the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; where the personal data is not collected from you, any available information as to their source;

• Where your personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards relating to the transfer;

• A copy of your personal data being processed; and

• Any further copies requested by you, upon paying a reasonable fee.

13.3.  Right To Rectification. This is your right to have your personal data corrected, rectified or amended, if what is held by us or a third party onboarded by us is incorrect/ inaccurate in some way. 

13.4.  Right To Erasure. This is your right under certain circumstances to ask for your personal data to be deleted. This would apply if your personal data is no longer required for the purposes it was collected for, or your consent for the processing of that personal data has been expressly withdrawn, or where your personal data has been unlawfully processed. Once deleted all your personal data will be removed from our systems and will not be recoverable. 

13.5. Right To Restrict Processing. This is your right to ask for a temporary halt or pause in processing your personal data, such as in the case where a dispute or legal case must be concluded, or the data is being corrected.

13.6. Right To Data Portability. This is your right to ask for your personal data supplied directly to us, which we have processed pursuant to your consent, under a contract, or by automated means, to be provided to you in a structured, commonly used, and machine-readable or electronic format.

13.7. Right To Object. This is your right to object to the further processing of your personal data which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation and direct marketing.

13.8. Rights In Relation To Automated Decision Making And Profiling. This is your right not to be subject to a decision based solely on automated processing.

13.9. Right To Lodge A Complaint With The Supervisory Authority. You have the right to lodge a complaint with the supervisory authority of the member state in which you are habitually resident, or with the supervisory authority of the member state in which you work or in which your rights under the GDPR have been infringed if you believe such infringement has taken place.

13.10. Right To Contest Automated Decisions. You may contest any automated decision by us, which has been made about you and where this has a legal or similar significant effect and ask for it to be reconsidered.

13.11. If you wish to exercise any of the rights set out above or any other laws concerning your personal information (in so far as same is applicable), please contact us at info@ninjapad.com in the first instance, so that we may resolve your query, feedback or complaint amicably.

13.12. Automated Decisions. You may contest any automated decision by us, which has been made about you and where this has a legal or similar significant effect and ask for it to be reconsidered.   

13.13. We aim to respond to all legitimate requests without undue delay and within seven (7) calendar months of receipt of any request from you. Occasionally it may take us longer than seven (7) calendar months, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).

13.14. If you wish to exercise any of the rights set out above, please contact us at info@ninjapad.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This security measure is to ensure that your personal information is not disclosed to any person who has no right to receive it.

14. YOUR RIGHTS UNDER THE PRIVACY LAWS OF CALIFORNIA.

14.1. If you are a resident of the state of California, you may have certain rights with respect to your data under the California Consumer Privacy Act (CCPA) and the California Civil Code as amended by the CCPA. Your rights as a resident of California are:

14.2. Right to access. You may request that we disclose the categories of personal data collected, the categories of sources from which personal data is collected, the business or commercial purpose, the categories of third parties with which the business shares personal data and specific pieces of information that have been shared or sold.

14.3. Right To Opt-Out. You may tell us not to sell personal data about you to third parties.

14.4. Right To Deletion. You may ask us to delete your personal data under certain circumstances.

14.5. Please note, under the California Civil Code sections 1798.83-1798.84, California residents are entitled to ask us for a notice describing what categories of personal data we share with third parties or corporate affiliates for those third parties or corporate affiliates’ direct marketing purposes. That notice will identify the categories of information shared and will include a list of the third parties and affiliates with which it was shared, along with their names and addresses. If you are a California resident and would like a copy of this notice, please submit a written request by email at info@ninjapad.com. We aim to respond to all legitimate requests without undue delay and within one (1) calendar month of receipt of any request from you. Occasionally it may take us longer than one (1) calendar month, if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).

15. SECURITY PRECAUTIONS AND MEASURES EXERCISED BY us FOR PROTECTION OF YOUR personal information DATA

15.1. Your personal information is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.

15.2. No Guarantee.

15.2.1. Please note that no transmission over the Internet or any method of electronic storage can be guaranteed to be absolutely secure. However, our best endeavours will be made to secure data and the ability to access your personal data.

15.2.2. Without prejudice to our efforts on protection of your data, nothing contained in this Policy constitutes a warranty of security of the facilities, and you agree to transmit personal data at your own risk.

15.2.3. Please note, that we do not guarantee that your personal data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

15.2.4. Please always check that any Site on which you are asked for financial or payment information in relation to our reservations or services is in fact legitimately owned or operated by us. The risk of impersonating hackers exists and should be taken into account when using our Sites and/or services.

15.2.5. If you do receive any suspicious communication of any kind or request, do not provide your information and report it us by contacting our offices immediately at info@ninjapad.com.

15.2.6. Since we cannot guarantee against any loss, misuse, unauthorised acquisition, or alteration of your personal data, please accept that you play a vital role in protecting your own personal data, including the adoption of sufficient safety measures such as your choosing of an appropriate password (where applicable) of sufficient length and complexity and to not reveal this password to any third-parties.

15.2.7. Furthermore, we cannot ensure and do not warrant the security or confidentiality of data transmitted to us, or sent and received from us by Internet or wireless connection, including: email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. If you have reason to believe that your data is no longer secure, please contact us info@ninjapad.com.  

15.2.8. Please note that should your personal data be breached, and the security of your rights be at high risk, we shall promptly and immediately communicate to you the nature of the breach which has taken place, the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights. In the unlikely event of a breach occurring, please reach out to us at info@ninjapad.com for further information and for further advise on how to mitigate the potential adverse effects of such a breach.

15.2.9. We also aim to conduct all applicable security risk assessments to ensure the availability of risk mitigation controls, to better safeguard the integrity of user data.

16. Use of Cookies and Similar Technologies. 

16.1. The Site uses cookies. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies are typically stored on your computer’s hard drive.  

16.2. Information collected from cookies is used by us to evaluate the effectiveness of our Site and analyze trends. The information collected from cookies allows us to determine such things as which parts of the Site are most visited and difficulties our users may experience in accessing the Site. With this knowledge, we can improve the quality of your experience on the Site by recognizing and delivering more of the most desired features and information, as well as by resolving access difficulties.

16.3. If you want to avoid using cookies altogether, you can disable cookies in your browser. However, disabling cookies might make it impossible for you to use certain features of the Site. Your use of the Site with a browser that is configured to accept cookies constitutes acceptance of our and third-party cookies.

17. Do Not Track (DNT) signals disclosure.

Some web browsers may transmit “do-not-track” (DNT) signals to the Sites. Currently, we do not respond to DNT signals. If an industry standard on responding to such signals is established and accepted, we may reassess how to respond to DNT signals. 

18.  Data Retention Period.

18.1. We retain your personal data for a period of 5 years. When we no longer need personal data, we securely delete or destroy it.

18.2. Aggregated de-identified data, which cannot identify a device/ browser/ individual and are used for purposes of reporting and analysis, are maintained for as long as commercially necessary.

18.3. Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, for an extended period of time. When we do so, we will take your explicit consent for the same. Reasons we might retain some data for longer periods of time include:

• Security, fraud & abuse prevention;

• Financial record-keeping;

• Complying with legal or regulatory requirements; and

• Ensuring the continuity of our services at our Site.

19. Your Inquiries.

You may contact us by email to the following email address: info@ninjapad.com. We use the data that you provide in an email to us, which you may give voluntarily, only to answer your questions or to reply to your email in the best possible manner.

20. Supervisory authority oversight.

If you are a data subject whose data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.

21. LEGAL RECOURSE TO RELEVANT AUTHORITIES.

21.1.  If you are based in the UK, EU or the EEA region, then you have the right to make a complaint at any time to a supervisory or regulatory authority, in particular within the UK, or a member state in the EU or EEA where you are habitually resident, where we may be based (if applicable), or where an alleged infringement of any data protection law has taken place. However, we would appreciate the opportunity to address your concerns before you approach any such authority. Please contact us in the first instance so that we may try to resolve your complaint swiftly and satisfactorily. Please contact us via email at info@ninjapad.com.

22. GENERAL.

22.1.  In the case of abuse or breach of security, we are not responsible for any breach of security or for any actions of any third parties which receive the information illegally.

22.2.  We will not distribute customer information to be used in mailing lists, surveys, or any other purpose other than what is required to perform our services.

22.3. If you choose to restrict the collection or use of your confidential and personal information, please exit our Site.

23. Contact.

Please contact us with questions, comments, or concerns regarding our Policy as well as with any requests at info@ninjapad.com.