0800 038 5389

Privacy policy

INTRODUCTION

Welcome to It’s Lolly. This Privacy Policy was written to help you better understand how we collect, use and store your information.

Technology and privacy laws change frequently, therefore, we may need to update this policy from time to time. The latest version will always be accessible on the It’s Lolly websites. By continuing to use It’s Lolly, you agree to the latest version of this Privacy Policy. If any significant change is made, It’s Lolly will also post an email message to the master administrator on your LollyHQ account.

It’s Lolly provides point of sale, payment and business intelligence services (“SERVICES”) consisting of the LollyPOS client application and the LollyHQ cloud account. In addition, It’s Lolly may offer additional value added SERVICES, in the form of payment terminals or specialised till hardware and professional services (such as installation and training). By signing up to SERVICES, or dealing with a merchant using these SERVICES, you accept the terms of this Privacy Policy and, as applicable, the End User Licensing Agreement (EULA).

This Privacy Policy is a legally binding agreement between you (and your client, employer or another entity if you are acting on their behalf) as the administrator or user of the SERVICES (referred to in this Privacy Policy). If It’s Lolly adds any new features or tools to the SERVICES in the future, these will also be subject to this Privacy Policy.

When we use the term “Personal Information” in this policy, it means any information related to an identifiable individual, including the name, title, business address, or telephone number of an employee of an organisation.

As the provider of these services It’s Lolly, Crystal Gate, Worship Street, London EC2A 2AH as is the data controller and data processor of “Personal Information”.

We will keep your Personal Information accurate, complete and up-to-date with the information that you provide to us for the length of your contract or time that you use It’s Lolly services plus seven years. If you request access to your Personal Information, we will inform you of the existence, use and disclosure of your Personal Information as allowed by law, and provide you access to that information.

We will always ask for your permission before using your Personal Information for other purposes than those described in this Privacy Policy.

INFORMATION FROM OUR MERCHANTS

If you are a merchant, you agree to use the SERVICES in a manner that complies with the prevailing English laws applicable to your business, including but not limited to the General Data Protection Regulation (GDRP) that replaced The Data Protection Act 1998 (“DPA”) on 25th May 2018.

WHAT INFORMATION WE COLLECT FROM MERCHANTS AND WHY

Upon signing up to the SERVICES, we collect Personal Information in the form of your name, company name, address, email address, phone number(s). We need this information to provide you with our SERVICES; for example, to confirm your identity, contact you, invoice you and to keep you updated with product and service updates and offers and any changes that may affect you or your account.

Upon subscribing to the SERVICES, we will create a Stripe payments account on your behalf. Rest assured that It’s Lolly does not store, touch or process your card details. This activity is delegated to Stripe (www.stripe.com) which keeps your card details securely encrypted inside of a PCI-DSS Level 1 service provider environment. The Stripe account will contain your billing address and your card details. Stripe will use this information to collect service fees and comply with applicable legal and regulatory requirements. We instruct Stripe to collect one-time and monthly service fees and we are notified upon successful collection of service fees, which allows us to provide you the SERVICES.

We collect data about the LollyHQ cloud account that you visit to manage your point of sale configuration and business data. Specifically, we collect data about how and when you access your account, including information about your device make & model and the browser you use, your network connection and your IP address. We also run analytics services to provide business intelligence in respect to your real-time business data (such as sales records, wastage records, stock records are attributed back to actions by store employees or customers). We need this information to give you access to and improve our SERVICES.

We collect data about the LollyPOS client application that you run on your chosen device to use your point of sale in your store environment. Specifically, we collect data about your device make & model, your operating system, your network connection, your IP address, your application licensing rights, and your real-time business data (such as sales records, wastage records, stock records are attributed back to actions by store employees or customers). We need this information to give you access to and improve our SERVICES.

We collect data about the Lolly Shop account that you use to purchase additional hardware for your point of sale installation. Specifically, we collect data about your device make & model and the browser you use, your network connection and your IP address. We also collect your name, your phone number, your email address, your payment, your billing address and your shipping address. We need this information to recognise revenue, allocate physical goods from our stock locations, fulfil your order, and provide you with the purchased goods.

We will also use Personal Information in other cases where you give us your express permission, we have a contractual requirement or legitimate interest.

WHEN DO WE COLLECT THIS INFORMATION?

We collect Personal Information when you sign up for our SERVICES, when you access our SERVICES or otherwise provide us with the information.

INFORMATION FROM OUR MERCHANTS’ CUSTOMERS, WHAT INFORMATION WE COLLECT AND WHY

We collect Personal Information about your customers that you share with us. We collect your customers’ name, phone number, email address, physical address, and identification card number.

We need this information to provide you with our SERVICES to better serve your customers, including supporting and processing your sales transactions, providing tiered discounts, and view customer analytics. We also use this information to improve our SERVICES.

WHEN DO WE COLLECT THIS INFORMATION?

Information is collected when a merchant enters or uses customer information, or when a merchant sells to a specific customer via the SERVICES.

INFORMATION FROM PAYMENT CUSTOMERS, WHAT INFORMATION WE COLLECT AND WHY

From payment customers, we collect information about you, your merchant account, and your payment terminal configuration.

We collect data about Merchant Accounts and Payment Terminals that you apply for via It’s Lolly.

As an Independent Sales Organisation (ISO) for card payments, we provide competitive rates and process your due diligence. In addition, we are equipped to build, configure, install, and support your payment needs.

If you apply for a Merchant Account via It’s Lolly, we collect such personal information as is requested by the UK Acquiring Bank for full due diligence to minimise the risk on your card transactions.

If you apply for a payment terminal via It’s Lolly, we collect such personal information as is requested by the Terminal Supplier for a full configuration of your payment terminal.

WHEN DO WE COLLECT THIS INFORMATION

Information is collected when a new merchant orders a payment terminal that is supplied by It’s Lolly. The payment terminal must be tied to a merchant account.

INFORMATION FROM OUR SUPPORT USERS, WHAT WE COLLECT AND WHY

From support users, we collect information about you and your support case.

From telephone support users, we collect your name, phone number and call audio.

From email support users, we collect your name, email address and case information.

We use this information to service your account, troubleshoot issues, answer any questions you may have, and enhance our SERVICES.

WHEN WE COLLECT THIS INFORMATION

We collect this information when you engage with us, either by email or phone. We also collect any additional information that you might provide to us.

INFORMATION FROM OUR WEBSITE VISITORS, WHAT WE COLLECT AND WHY

From website visitors, we collect information about the device and browser you use, your network connection and your IP address.

We set a cookie to identify visitors to It’s Lolly hosted websites. A cookie is a small amount of data, which may include a unique identifier. Cookies are sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses It’s Lolly websites.

We use Google Analytics to analyse the traffic associated with usage of It’s Lolly websites to help us to improve our services to you.

WHEN WE COLLECT THIS INFORMATION

We use cookies to provide website visitors with a personalised experience.

WHEN AND WHY WE SHARE PERSONAL INFORMATION WITH THIRD PARTIES

It’s Lolly works with carefully selected trusted third parties to help provide you with our SERVICES.

In certain limited circumstances, we may be required to share information with these trusted third parties to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also receive Personal Information from our partners and third parties.

Personal Information may be shared with third parties to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our End User Licensing Agreement (EULA) or any other agreement related to the SERVICES, or as otherwise required by law.

Personal Information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganisation, or other similar transaction or proceeding. If this happens, we will post a notice on our Its Lolly website (www.itslolly.com) and we will send an email message to the master administrator in your Lolly HQ cloud account.

It’s Lolly websites are hosted in the United Kingdom (UK). We do not share your personal information with any third party outside the UK for any purpose, except if required to do so by law.

It’s Lolly is responsible for all onward transfers of Personal Information to third parties in accordance with the UK GDPR and the EU-U.S. Privacy Shield Principles.

It’s Lolly will always ask for your permission before sharing your Personal Information with third parties for other purposes other than those described in this Section 7 such as our PR agency should you agree to provide It’s Lolly with a case study or testimonials and our supply chain for the delivery of product and services to you.

HOW WE KEEP YOUR PERSONAL INFORMATION SECURE

We follow industry standards and best practices regarding information security management to safeguard sensitive information, such as financial information, intellectual property, employee details and any other Personal Information entrusted to us.

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Information.

WHAT WE WILL NEVER DO WITH YOUR PERSONAL INFORMATION

We do not and will never share, disclose, sell, rent, or otherwise provide Personal Information to other companies for the marketing of their own SERVICES.

We do not use the Personal Information we collect from you or your customers to contact or market to your customers or directly compete with you. However, It’s Lolly may contact or market to your customers if we obtain their information from another source, such as from the customers themselves.

WHAT HAPPENS TO YOUR PERSONAL INFORMATION WHEN YOU TERMINATE YOUR RELATIONSHIP WITH US

We will continue to store archived copies of your Personal Information for legitimate business purposes and to comply with English law.

We will continue to store anonymous or anonymized information, such as device types, website visits, without identifiers, in order to improve our SERVICES.

HOW TO ACCESS YOUR PERSONAL INFORMATION

You retain all rights to your Personal Information and can access it anytime. In addition, It’s Lolly recognises your right to correct, amend, delete, or limit the use of your Personal Information, withdraw your consent, opt out or lodge a complaint at anytime.

You can update many types of Personal Information, such as payment or contact information, directly within your LollyHQ or Lolly Shop account settings. If you are unable to change your Personal Information within your account settings, please contact us to make the required changes. It is important to remember that if you delete or limit the use of your Personal Information, the SERVICES may not function properly.

All individuals who are the subject of Personal Information held by It’s Lolly are entitled to request to see this information. This is called a Subject Access Request (“SAR”).

Individuals can submit SARs to the following email address: dataprotection@itslolly.com.

Upon receiving the email, It’s Lolly’s Data Controller will respond with a SAR request form which must be completed by the individual. The Data Controller will not ask for a fee as this is not permissible under the GDPR.

After receiving the completed SAR request form and collecting payment, It’s Lolly’s Data Controller will provide the relevant data within 30 days.

It’s Lolly’s Data Controller will always verify the identity of the individual making a SAR request before releasing any information.

The Company Secretary
It’s Lolly Ltd
1st Floor Crystal Gate
28-30 Worship Street
London
EC2A 2AH

Updated in accordance with the General Data Protection Act, 24th May 2018.

If you have any questions or would like to know more about how we handle your data you can call our EPoS & Payment experts

Freecall us on 0800 038 5389  or email to discuss further.

lolly-eopos-is-a-uk-company-uk-support-icon