POP International Holdings Pty Limited
POP International Holdings Pty Limited and its subsidiary companies, and POPai Holdings Pty Limited and its subsidiary companies, collectively known as “POP”.
Terms of Service
1) About this Website
2) POP Website Content
The POP Website:
(a) contains information of a general nature about POP and POP’s services;
(b) contains information of a general nature about various insurers featured on the POP website;
(c) enables you to purchase and pay for some insurance products and services online;
(d) enables you to renew some insurance products and services online; and
(e) enables you to view, manage and change your POP insurance policies online.
3) POP’s Standard Terms and Conditions apply
All applications for insurance or other products made via this POP Website are subject to and must comply with POP’s approval criteria, and are governed by the normal terms and conditions applying to each product or service requested. Click here to access POP policy documents. Click here to access POP’s Service Terms and Conditions.
4) POP Product Information and Insurance Purchase and Renewal
4.1 Transactions on the POP Website
(a) When entering into a transaction via the POP Website, whether it be the issuance of an insurance contract, a renewal payment, or a transaction relating to any other product or service, the transaction will not be completed until an “Electronic Instruction” (being any electronic instruction, information, message, request or communication issued or transmitted to POP via the POP Website) containing the acceptance from you to POP offer, or the confirmation of payment from you, whichever is applicable, has been received and processed by POP, and any specific steps or requirements as set out in this clause 5, have been complied with.
(b) You acknowledge that the transmission of your acceptance or the confirmation of any payment, made through an Electronic Instruction may not be received by POP in accordance with this clause 5 for reasons beyond either parties’ reasonable control including, but not limited to, mechanical, software, computer, telecommunications, or electronic failure, or the omission or failure of third party service providers or systems.
(c) You further acknowledge that, to the extent permitted by law, POP is not liable to you in any way for any loss or damage at all and however caused, arising directly or indirectly in connection with the transmission of an Electronic Instruction through the POP Website, or any failure to receive an Electronic Instruction for whatever reason.
4.2 Purchasing Insurance Policies
(a) Where the POP’s subsidiaries’ websites (“POP Website”) enables you to purchase insurance products or services online:
(1) The parties may enter into an insurance policy using the POP Website by POP making an electronic offer via the POP Website and you electronically communicating your acceptance of that offer via the POP Website;
(2) POP may act on and process all completed Electronic Instructions transmitted or issued through the POP Website without further consent from or reference to you; and
(3) POP may treat an Electronic Instruction as authentic and is under no obligation to investigate the authenticity or authority of persons issuing or transmitting such Electronic Instructions, or to verify the accuracy and completeness of such Electronic Instructions.
5) Automatic Renewal Terms and Conditions
To make your life easier, POP can automatically renew your policy next year before it expires – plus, we’ll guarantee that your premium will not increase! Each year, your primary credit card will automatically be charged the same premium as last year for that renewal period.
By opting in for automatic renewal, you hereby authorize POP on an automatic basis annually to:
Automatic renewals will be processed up to 7 days before your policy expires. If you do not wish to proceed with automatic renewal for an upcoming renewal, you can opt out before the 7 days preceding your renewal by contacting us. Send an email to customerservices@POP.insure.
To be eligible for the automatic renewal you must have not had any claims or circumstances during the policy year and had no material changes to your business activities, staff numbers or revenue.
If you lose eligibility for the automatic renewal, POP will no longer automatically renew your policies. POP will notify you of your need to renew your policy at least thirty (30) days before they expire.
Our Terms & Conditions
Terms and Conditions as at 01.08.2021
Insurance Terms and Conditions
It is very important that you read these terms and conditions as they set out the arrangements between us.
Duty of Disclosure Notice
Before you enter into an insurance contract you have a duty to tell POP anything that you know, or could reasonably be expected to know, may affect its decision to insure you and on what terms.
You have this duty until POP agrees to insure you.
You have the same duty before you renew, extend, vary or reinstate an insurance contract.
You do not need to tell the insurer anything that:
If you do not tell POP something
If you do not tell POP anything you are required to, it may cancel your insurance contract or reduce the amount it will pay you if you make a claim, or both.
If your failure to tell the insurer is fraudulent, it may refuse to pay a claim and treat the contract as if it never existed.
Claims Made & Notified Policy Notice – Relevant if you purchase a Warranty & Indemnity, Professional indemnity or Management Liability Insurance policy or where otherwise noted in the policy wording.
The proposed insurance is issued on a ‘claims made and notified’ basis as specified in the policy wording. This means that the policy responds to claims first made against the insured during the policy period and notified to the insurer during that policy period. Refer to the policy wording for full details.
Under Section 40(3) of the Insurance Contracts Act 1984 (Cth) if the insured gives notice in writing to the insurer of facts that might give rise to a claim against the insured as soon as reasonably practicable after the insured became aware of those facts but before the insurance cover provided by the policy expires, the insurer is not relieved of liability under the policy in respect of the claim, when made, by reason only that it was made after the expiration of the period of the insurance cover provided by the policy.
If during the policy period you become aware of circumstances which a reasonable person in your position would consider may give rise to a claim, and which you fail to notify to the insurer during the policy period, the insurer may not cover you under the policy or a subsequent policy for any claim which arises from these circumstances.
When completing the application, and at subsequent renewals, you are obliged to report and provide full details of all circumstances of which you are aware and which a reasonable person in your position would consider may give rise to a claim.
It is important that you make proper disclosure (see Duty of Disclosure Notice, above) so that your cover under any policy is not compromised.
The proposed insurance may be limited by a retroactive date either stated in the schedule or endorsed onto the policy. Where the cover provided by the proposed policy is subject to such a retroactive date, then the policy does not cover any claim arising from an actual or alleged act, error, omission or conduct occurring prior to such retroactive date.
In effecting this insurance, POP’s subsidiaries – Fusion Specialty Insurance Pty Limited and io.insure Pty Limited – as Authorised Agent for Fusion Specialty MGA Solutions Pty Ltd. (ABN: 50 010 454 190 AFSL 230917); Fusion Specialty Asia Ltd., Fusion Specialty Asia (Singapore) Ltd., Fusion Specialty Americas Insurance Services LLC., will be acting under an authority given to it by the insurer(s) and will be effecting the contract as agent of the insurer(s) and not the insured.
General Advice Warning
We do not recommend an insurance policy for you, we only offer the policies available to us from the insurers listed on our website. Any advice provided is General Advice only.
General Advice is advice that has been prepared without considering your current objectives, financial situation or needs.
Therefore, before acting on this advice, you should consider the appropriateness of the advice having regard to your current objectives, financial situation or needs. If the advice provided relates to the acquisition or possible acquisition of a new insurance policy you should read the Product Disclosure Statement and/ or Policy Wording (available on our website) before making any decision about whether to acquire such a financial product.
Renewing the Policy (including Auto-Renewal)
We will send you notification of whether the insurer is prepared to negotiate to renew the policy and if so, on what terms, at least 21 days before the expiry date of your policy.
Unless we require a new proposal or declaration from you to determine your premium or decide to offer renewal (we will tell you by email if this is the case), the renewal notice will show the premium for the new period of insurance and may also include notice of any changes to the terms of your policy.
If you wish to take up such a renewal offer and you are happy the information is accurate and you have no further disclosure to make to insurers under your duty of disclosure (see Duty of Disclosure Notice, above), you will not have to do anything and if we do not hear from you 7 days before the expiry of your current period of insurance we will automatically deduct / charge the renewal premium from your account / credit or debit card. If you do not wish to take up the renewal offer you must contact us before we deduct this payment which will be within the week before your policy expires.
When you receive a renewal offer, you must tell us before expiry if the information contained in it is incorrect or incomplete and make such additional disclosure to us as is required pursuant to your duty of disclosure. We will then consider the additional information and whether and on what terms we are able to arrange for policy renewal.
If we are not able to automatically renew your policy we will send you an email notification for you to either complete your renewal online or to contact us. Please ensure you keep us updated of any change to your email address.
Commission and Fees
For each insurance product, the insurer will charge you a premium. We receive a commission that is a percentage of this premium, varying between 0% and 33.5%.
For our POP polices issued, we also charge per policy an underwriting and administration fee of between $50 and 5% of premium (ex. GST). This fee relates to the delivery of the service from POP to you including but not limited to the provision and maintenance of the technology platform and the services provided by POP’s legal, consulting and administrative personnel. It is calculated based on factors including the work involved, the nature of your business and the product selected.
If you pay by credit or debit card we may charge you a card (including arrangement & handling) fee. This fee covers the cost of bank charges etc. associated with such facilities.
All fees payable for services will be advised to you separately from your premium on the invoices we provide.
You may cancel your policy at any time by providing written notice, and where available on POP Websites for policies conducted and generated online. The insurer may cancel your policy in accordance with the Insurance Contracts Act, 1984 (Cth).
POP Remuneration Rights on Policy Cancellation
On cancellation of any insurance policy effected through POP, unless the cancellation takes place within any applicable cooling off period, you agree that the commission and any fees paid to POP are non refundable to you and may be deducted by POP from any refund otherwise payable by the insurer to you on cancellation of the policy, irrespective of any terms to the contrary in the policy.
Following the expiry or termination of the insurance policy, we will retain a copy of your content in accordance with our archival policy which may be provided to you on request.
Privacy and confidentiality
Privacy Collection Notice
“POP Services” are all the products and services we may provide to you, including our websites, our online and offline insurance services and associated services such as the white-labelling of our platforms.
Our commitment to you. We will:
(a) not disclose any of your content that constitutes proprietary, confidential or personal information to any third party, except as necessary to provide the POP Services (including but not limited to allowing your users and guest users to access your content for the purpose of reviewing and assessing your content including by way of using third party review tools which users and guest users may use and which POP provides technical synchronisation with), where required by law, to our authorised sub-processors, where certain organisations whose users view or post Q&A information in the POP Website need us to separately provide them with copies of that information in order for them to comply with applicable US SEC rules or the listing rules of any stock exchange which applies to you, or where you give us permission to do so;
(b) have appropriate security measures in place that are designed to protect your proprietary, confidential and personal information against unauthorised access, disclosure or use;
(c) comply with privacy laws that apply to us (including but not limited to, where applicable, as a data processor) when collecting, holding, using or disclosing any personal information, including but not limited to personal information concerning Users; and
(d) comply with the Schedule (European Data Processing Terms) to this Agreement where POP processes personal data of data subjects that are located in the European Economic Area or where POP processes personal data on your behalf where you are established in the European Economic Area.
Naturally, your confidential information does not include any information that has rightfully been shared with us free of an obligation of confidence, or publicly disclosed by someone other than us.
Your commitment to us. You will:
(a) ensure that you have obtained all rights necessary for us to handle and process Your content;
(b) comply with any privacy legislation (including but not limited to, where applicable, as a data controller) when including personal information in the POP Website or other POP Services, or when disclosing any personal information to us in order to receive the POP Services;
(d) not disclose any of our proprietary, confidential or any personal information to any third party, except where required by law or where we give you written permission to do so. Our proprietary information includes without limitation the software applications used to provide the POP Services; and
(e) comply with the Schedule (European Data Processing Terms) to this Agreement where POP processes personal data of data subjects that are located in the European Economic Area or where POP processes personal data on your behalf where you are established in the European Economic Area.
(f) Provide ongoing and irrevocable consent to use your name and to describe the circumstances of your use of the product where we need to do so to stay compliant with applicable laws, regulations and rules of stock exchanges we are subject to.
Naturally, our confidential information does not include any information that has rightfully been shared with you free of an obligation of confidence, or publicly disclosed by someone other than you.
We generally collect personal information from you or through service providers that act for us. However, there may be occasions when we collect it from someone else where they hold relevant information.
You may choose not to give us your personal information, but this may affect our ability to provide you with a product or service, including arranging a quote for insurance or an insurance policy for you, communicate with you or respond to your enquiries.
POP International Holdings Pty Ltd. and POPai Holdings Pty Ltd.
Level 29, Chifley Tower. 2 Chifley Square, Sydney NSW 2000
We have complaint handling and internal dispute resolution procedures in place. This service is available to you free of charge. Clients who are not satisfied with our services may contact our Customer Services Officer on customerservices@POP to raise any concerns they have. We will respond to your complaint within fifteen (15) working days and if you are not satisfied with our answer and request us to do so, we will treat your complaint as a dispute. The matter will then be referred to our internal disputes resolution officer and they will respond to you within fifteen (15) working days. If you are still not happy with the outcome you may be able to have your matter considered by the Australian Financial Complaints Authority (AFCA). AFCA provides a free and independent dispute resolution service for consumers who have general insurance disputes falling within its terms of reference.
Determinations of AFCA are binding on us but are not binding on you. Contact details for AFCA are:
Phone: 1800 931 678
Post: GPO Box 3, Melbourne VIC 3001
Intellectual Property Rights
For the purposes of these Terms of Service:
(a) “Intellectual Property Rights” means any and all intellectual and industrial property rights throughout the world, whether conferred by statute, common law or in equity and including but not limited to:
(i) rights in respect of or in connection with any confidential information including any right to enforce an obligation to keep information confidential;
(ii) trade secrets;
(iii) know-how including know-how or insights derived over time from provision of POP Services but not including any personal information of customers;
(iv) copyright including but not limited to future copyright and rights in the nature of or analogous to copyright;
(v) Moral Rights;
(vi) inventions (including but not limited to patents, innovation patents and utility models);
(vii) trademarks and service marks;
(viii) designs, circuit layouts and mask works;
(ix) domain names and social media accounts;
(x) technical data;
(xi) rights in databases;
(xii) trade names or business names;
(xiii) any rights in any Resulting Data; and
(xiv) any other rights resulting from intellectual activity or from artificial intelligence insights or machine learning, in relevant business sectors which subsist or which may come to subsist, whether or not now existing and whether or not registered or registrable and including but not limited to:
(xv) any rights to apply for the registration of such rights and all renewals, extensions and reissues of such rights, anywhere in the world, and
(xvi) any rights of action against any third party in respect of any such rights including any right to claim or retain damages or other remedies; and
(b) “Moral Rights” means moral rights as described in Article 6bis of the Berne Convention for the Protection of Literary and Artistic Works and any analogous rights arising under statute that exist, or may come to exist, anywhere in the world:
(c) “Resulting Data” means any data or information arising from use by any person of POP Services or works, in anonymised or aggregated form and not including any of Your Content or personal information; and
(d) “Works” means all works, software, code, algorithms, documents, concepts, designs, systems and processes created, developed, programmed, invented or derived by POP (including its related entities or the employees, contractors, consultants and whether alone or in concert with others) or its licensors or in which any of those persons has any right, title or interest comprised in the POP Services.
Reservation of rights
All right, title and interest in and to the POP Services and works (and any modifications, customisations, configurations and derivative works of the POP Services or works) worldwide are the exclusive property of POP and its related entities and its licensors. All such rights in and to the POP Services and works are not expressly granted to you under POP Services are reserved by POP and its licensors.
We grant you a limited, non-exclusive, revocable licence to access and use the POP Services to the extent permitted by the agreement to use POP Services. This licence will remain in effect until the agreement between the parties expires or is terminated by you or by us, except where we suspend your account and/or your access to the POP Services as described in the Terms of Service. It does not grant you any ownership rights nor any other right or licence of any kind except as expressly set out above including, without limitation, any right to obtain possession of any source code, data or other technical materials in relation to the POP Services or works), in respect of any of the POP Services, the Works or the Intellectual Property Rights or proprietary information belonging to us or our licensors, including without limitation where they form part of the POP Services.
You agree that you will not, and users will not (except as expressly permitted in your order form);
(a) permit any third party to access or use the POP Services or works;
(b) modify, adapt, alter, copy, make derivative works, translate, reverse engineer, decompile, disassemble or otherwise derive or determine the source code (or the underlying ideas, algorithms, structure or organisation) of POP Services or works or attempt to do any of these things;
(c) disclose or transmit any content or data contained in the POP Services or works (not including your content) to any third party;
(d) circumvent or endanger the operation or security of the POP Services or works or attempt to do any of these things and you will use your reasonable endeavours to ensure that any guest users also comply with these limitations.
We warrant, represent and undertake (to the best of our knowledge) that the POP Services, as provided by us and used in accordance with the agreement between the parties and our instructions and policies, do not infringe the Intellectual Property Rights of any third party. For clarification, this warranty does not apply to any of your content, including without limitation where it is uploaded to or hosted on the POP Services.
You agree that POP is permitted to run data analytics on POP Services and your content for the purposes only of supporting the provision and development of POP Services, works and artificial intelligence/machine learning.
The things we will not be responsible for:
(a) in the case of goods, the replacement of the goods or the supply of equivalent goods, the repair of the goods, the payment of the cost of replacing the goods or of acquiring equivalent goods, or the payment of the cost of having the goods repaired; or
(b) in the case of services, the supplying of the services again, or the payment of the cost of having the services supplied again.
(a) except for our liability under clause 7, our maximum aggregate liability for all claims under or in connection with the POP Services or its subject matter, is limited to an amount equal to the amounts paid and payable by you under the POP Services;
(b) we are not liable for, and no measure of damages will, under any circumstances, include special, indirect, consequential, incidental or punitive losses or damages, whether or not such loss or damage was foreseeable and even if advised of the possibility of the loss or damage. Some jurisdictions do not allow for limitation of liability for incidental or consequential damages, so the limitations described above may not apply to you; and
(c) our liability to you under or in connection with the POP Services or its subject matter is reduced to the extent that your acts or omissions, or those of a third party, contribute to or cause such liability.
(a) any breach of your obligations under any of the following clauses of the agreement between the parties:
(i) The POP Services;
(ii) Privacy and confidentiality – Your commitment to us); or
(iii) Intellectual property rights;
(b) our provision of access to your content as determined or instructed by you;
(c) Your content, including but not limited to any claim alleging that your content or our handling or processing of your content infringes the Intellectual Property Rights of a third party; or
(d) any of our acts or omissions in reliance on false, misleading or incomplete information that you have provided to us, including without limitation all liability, damages, losses, costs, charges, outgoings, payments and expenses suffered or incurred in connection with any such claim.
(a) the indemnified party must:
(i) promptly notify the indemnifying party of any such claim,
(ii) provide full authority to the indemnifying party to assume control of the defence and settlement of any such claim, provided that the indemnified party will retain the right to defend or settle any portion of a claim to the extent that it is not within scope of an indemnity under clause 6 or 7;
(iii) cooperate with the indemnifying party (at the indemnifying party’s expense) in relation to the claim; and
(iv) not make admissions in relation to the claim without the prior consent of the indemnifying party (such consent not to be unreasonably withheld); and
(b) if the indemnifying party does not assume control of the defence and settlement of any such claim within a reasonable period of time, the indemnified party will have the right to defend the claim in such manner as it may consider appropriate.
12 .YOU EXPRESSLY UNDERSTAND AND AGREE THAT YOUR USE OF THE POP SERVICES AND ANY WORKS IS AT YOUR SOLE RISK. THE POP SERVICES AND ANY WORKS ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. WE EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. YOU FURTHER EXPRESSLY AGREE THAT NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM US OR THROUGH OR FROM THE POP SERVICES OR WORKS SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED IN THIS AGREEMENT AND THAT NO ACCOUNTING, FINANCIAL OR LEGAL ADVICE OR COUNSEL IS GIVEN OR SHALL BE DEEMED TO HAVE BEEN GIVEN BY THE POP SERVICES OR WORKS.
A few last points to consider
(a) if you are incorporated or established in Australia or Asia (except in China or Hong Kong), the laws of New South Wales, Australia. Each party submits to the non-exclusive jurisdiction of the courts of New South Wales and the Commonwealth of Australia;
(b) if you are incorporated or established in China or Hong Kong, the laws of Hong Kong. Each party submits to the non-exclusive jurisdiction of the courts of Hong Kong;
(c) if you are incorporated or established in Singapore, the laws of Singapore. Each party submits to the non-exclusive jurisdiction of the courts of Singapore;
(d) if you are incorporated or established in Europe (except in Germany or The Netherlands) or Africa, the laws of England and Wales. Each party submits to the non-exclusive jurisdiction of the courts of England and Wales;
(e) if you are incorporated or established in Germany, the laws of Germany. Each party submits to the jurisdiction of the courts of Frankfurt am Main;
(f) if you incorporated or established in The Netherlands, the laws of The Netherlands. Each party submits to the non-exclusive jurisdiction of the courts of Amsterdam; and
(g) if you are incorporated or established in North America or South America, the laws of Delaware, United States. Each party submits to the exclusive jurisdiction of the United States District Court for the Northern District of Delaware, and, only if there is no federal subject matter jurisdiction, any state court of Delaware.
8 .The provisions of the agreement between the parties that by their nature survive termination or expiry of the agreement between the parties will do so.
9 .Each person executing the agreement between the parties represents and warrants that he or she has full and legal authority to execute the agreement between the parties and acknowledges, understands and agrees that the agreement between the parties is enforceable against that party on whose behalf they are executing the agreement between the parties in accordance with its terms.
Schedule – European Data Processing Terms
This Schedule shall apply where POP processes personal data of data subjects that are located in the European Economic Area or where POP processes personal data your behalf where you are established in the European Economic Area and shall take priority over any other provision of these Terms of Service to the extent of any conflict or inconsistency between this Schedule and any other provision of the insurance policy or agreement.
2.1 Each Party shall comply with its obligations under this Schedule and under European Data Protection Law with respect to the types of personal data it processes and according to its responsibilities as a controller or processor (as appropriate) for the relevant personal data.
2.2 Without limiting clause 2.1, the Parties agree that:
(a) POP shall be a controller with respect to the processing of CRM Data and User Data; and
(b) you shall be the controller of and POP shall be a processor of Content Data (unless you are acting as a processor of content data on behalf of a third party, in which case you shall be a processor and POP shall be sub-processor of the content data, but for the purposes of this Schedule you shall be treated as a controller and POP shall be treated as a processor).
3.1 Whenever a party is acting in a capacity as a controller in relation to personal data, it shall comply in all respects with European Data Protection Law including:
(a) by processing such data fairly and lawfully;
(b) by implementing appropriate technical and organisational measures to protect such personal data against data security Incidents;
(c) by obtaining any consents required for its processing of personal data, particularly where sensitive personal data or special categories of personal data are processed; and
(d) by complying with its obligations with respect to data subject rights.
3.2 As the controller with respect to content data, you accept full responsibility for obtaining all consents necessary for, and otherwise for having lawfully grounds to process, content data that is processed in connection with POP’s performance of the POP Services.
Where POP is processing personal data on your behalf, whether as a processor or sub-processor, but not as a controller or joint controller, the following provisions shall apply:
4.1 Purpose limitation
POP shall process the personal data as necessary: (i) to perform its obligations under this Agreement; and (ii) to comply with its obligations under Applicable Law (the “Permitted Purpose”). In no event shall POP process the personal data for its own purposes or those of any third party.
4.2 Documented instructions
POP shall process the personal data only on documented instructions from you, which may include the instructions set out in these Terms of Service, and shall immediately inform the you if, in its opinion, an instruction infringes European Data Protection Law.
4.3 Categories of personal data
The Parties agree that the agreement between the parties sets out the categories of personal data, including Content Data, that are processed in connection with these Terms of Service and the agreement between the parties. It is the controller’s responsibility to determine if any further details of POP’s processing of such personal data need to be recorded in these Terms of Service to comply with European Data Protection Law and POP shall act in good faith to cooperate with any reasonable request to do so.
4.4 Confidentiality of processing
POP shall ensure that any person that it authorises to process the personal data (including POP’s staff, agents and subcontractors) (each an “Authorised Person”) shall be under an obligation (whether under contract or statute) to keep the personal data confidential.
POP shall implement appropriate technical and organisational measures to protect the personal data from data security incidents. Such measures shall have regard to the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 Sub processing
POP shall be authorised to engage third parties to process personal data on behalf of the controller, provided that it notifies you of such engagement (each, an “Authorised Sub-processor”). POP will ensure that there is in place a written contract between POP and the authorised sub-processor that specifies the authorised Sub-Processor’s processing activities and imposes on the Authorised Sub-Processor equivalent terms as those imposed on POP in this clause 5. POP will remain responsible for the acts and omissions of Authorised Sub-processors in respect of their processing of personal data as if they were its own. Where POP is instructed by you to grant access to personal data to a third party who is contracted to you (a “Contracted Third Party”), the contracted third party shall not be a sub-processor of POP for the purposes of this clause 5.6 and you shall have sole responsibility for putting in place an appropriate data processing agreement with the contracted third party that complies with European Data Protection Law.
(a) taking into account the nature of the processing, assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller’s obligation to respond to requests for exercising data subjects’ rights, provided that POP shall not be required to comply with any requests to access, amend, update, erase or restrict processing of any content data to the extent that you can access, amend, update, erase or restrict the processing of the content data using the functionality and settings made available in connection with the POP Services;
(b) assist the controller in implementing appropriate technical and organisational measures against data security Incidents, completing data protection impact assessments and notifying Data Security Incidents to the competent supervisory authority or to the data subjects concerned, as required by European Data Protection Law and taking into account the nature of the processing and the information available to POP.
If compliance with this clause 7 requires: (i) a change to the POP Services, (ii) a change to these Terms of Service, or (iii) the expenditure of material effort or cost that is not provided in these Terms of Service then either party may raise this in accordance with the change control procedure or, in the absence of any such change control procedure, by discussing the same in good faith. For avoidance of doubt, POP shall not be required to provide any assistance under this clause 4.7 that would result in any change or expenditure referred to in paragraph (i) to (iii) of this clause 4.7, except if and to the extent that a suitable change is agreed to this Agreement.
4.8 Data protection impact assessments
If POP believes or becomes aware that its processing of personal data is likely to result in a high risk to the data protection rights and freedoms of data subjects, we shall inform you and provide you with assistance to conduct a data protection impact assessment in accordance with clause 4.7.
4.9 Data Security Incidents
(a) Upon becoming aware of a Data Security Incident, POP shall inform you without undue delay and shall provide such timely information and assistance in accordance with clause 4.7 as you may reasonably require in order to fulfil your data breach reporting obligations under European Data Protection Law and to mitigate the effects of the Data Security Incident.
(b) You understand and accept that the performance by POP of certain POP Services may carry a risk to you of loss or corruption of data. POP’s obligations in respect of data backup or retention shall be set out in these Terms of Service. You understand and accepts that, save to the extent of any obligations detailed in these Terms of Service, you shall bear full responsibility for the loss or corruption of data that may result from a data security incident.
4.10 Subject access requests
POP shall promptly notify you if it receives a request from a data subject to exercise their rights in respect of their personal data and shall provide such assistance to you as may be required in accordance with clause 4.7.
4.11 Deletion or return of personal data
Upon termination or expiry of this Agreement, POP shall (at the other party’s election) destroy or return to the other party all personal data (including all copies of the personal data) in its possession or control (including any personal data that is processed by an authorised sub-processor) or alternatively make such facilities available to you using the functionality or settings for the POP Services to enable you to delete the personal data in question. This requirement shall not apply to the extent that POP is required by any applicable law to retain some or all of the personal data, in which event POP shall isolate and protect the personal data from any further processing except to the extent required by such applicable law. POP shall be entitled to render such charges or recover such costs associated with destroying or returning personal data to the controller or joint controller (as appropriate) as provided in these Terms of Service or, if no such charges or costs are provided these Terms of Service, such reasonable costs that POP can evidence.
4.12 Information and audit
POP shall make available to you all information necessary to demonstrate compliance with the obligations set out in this clause 4 and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller, except if and to the extent that providing such information or permitting such an audit would place POP in breach of applicable law or cause it to infringe the rights (including rights in intellectual property or confidential information) of any of POP’s other customers. No more than one audit may be carried out in any calendar year, except if and when required by instruction of a competent data protection authority. POP shall be entitled to recover its costs of complying with this clause 4.12. Where POP has appointed a third party auditor to assess any of its technical or organisational measures to protect against data security incidents for the purposes of any industry certification or otherwise (such as ISO 27001 compliance), POP may share a copy of the auditor’s certificate and an executive summary of its findings, in lieu of providing other information or allowing for other audits by the controller or another auditor under this clause 4.12. POP shall not be required to comply with any requests for content data to the extent that such content data can be accessed using the POP Services or the functionality or settings made available by POP.
5.1 The Parties acknowledge that POP is located in a territory outside of the EEA that is not an Adequate Territory. The appropriate form of the Model Clauses will be incorporated into these Terms of Service by reference and will apply to the processing of any personal data that is transferred from you to POP as follows:
(a) you will be the data exporter and will be deemed to have entered into the Model Clauses in its own name and on its own behalf in relation to the personal data disclosed to POP;
(b) POP will be deemed to have entered into the Model Clauses in its own name and on its own behalf in relation to the personal data disclosed to it by you and shall also be deemed to have entered into the model clauses on behalf of any related entities in its corporate group that are also located in a territory outside of the European Economic Area that is not an adequate territory;
(c) the descriptions of the categories of personal data that are transferred in these Terms of Service shall be incorporated based on the definitions in these Terms of Service (that is, CRM data, User Data and Content Data, as appropriate);
(d) the provisions of any security measures agreed in these Terms of Service will be deemed to be set out in Appendix 2 to the model clauses;
(e) the optional illustrative indemnification clause will be deemed to have been deleted; and
(f) where and to the extent that the model clauses apply pursuant to this clause 5, if there is any conflict between these Terms of Service and the model clauses, the model clauses will prevail.
5.2 Where POP is acting as a processor, it shall not permit any onward transfer of personal data to a third country located outside European Economic Area (other than the place in which POP is established) unless:
(a) POP first puts in place adequate transfer mechanisms to ensure the transfer is in compliance with European Data Protection Law;
(b) POP or the relevant authorised sub-processor is required to transfer the personal data to comply with applicable law, in which case POP will notify you of such legal requirement prior to such transfer unless such applicable law prohibits such notice from being given to you; or
(c) POP is entitled to rely on a permitted derogation under European Data Protection Law in order to transfer the personal data outside of the European Economic Area, which may include circumstances where (among other things): (i) the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request; (ii) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another person; or (iii) the transfer is necessary for the establishment, exercise or defence of legal claims.
5.3 For the purposes of clause 5.2(a), the adequate transfer mechanisms may include: (i) transferring the personal data to a recipient in an adequate territory, (ii) transferring the personal data to a recipient that has achieved binding corporate rules authorisation in accordance with European Data Protection Law, or (iii) transferring the personal data to a recipient that has executed model clauses.
You acknowledge that POP will appoint a sister-company of POP, once established in the European Union, as its representative and that the ICO is POP’s lead supervisory authority for the purposes of European Data Protection Law. You may provide notices to this POP company in addition to POP’s other relevant contacts for the purposes of administering the rights and obligations set out in this Agreement or under European Data Protection Law.
In this Schedule:
“Adequate Territory” means a territory outside of the European Economic Area that has been designated by the European Commission as ensuring an adequate level of protection pursuant to EU Privacy Law.
“Applicable Law” means applicable law, statute, bye-law, regulation, order, regulatory policy, guidance or industry code, rule of court or directives or requirements of any regulatory body, delegated or subordinate legislation or notice of any regulatory body.
“Content Data” means the content (comprising any speech, music, sounds, visual images or data of any description) created, provided, posted, hosted, uploaded, stored, communicated or displayed when using the POP Services.
“CRM Data” means any personal data of staff or representatives of a Party which is processed by the other Party for the purposes of managing the POP Services, administering a Services Agreement or marketing products or services to that Party.
“Data Security Incident” means the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Effective Date” has the meaning given at the top of this Agreement.
“European Data Protection Law” means:
(a) prior to 25 May 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
(b) on and after 25 May 2018, the GDPR; and
(c) Directive 2002/58/EC of the European Parliament and of the Council on privacy and electronic communications.
“European Economic Area” means the Member States of the European Economic Area as it is made up from time to time, comprising the Member States of European Union and such other countries that are party to the Agreement on the European Economic Area that entered into force on 1 January 1994, including the United Kingdom.
“GDPR” means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Model Clauses” means model clauses for the transfer of personal data to Controllers or Processors (as appropriate) established in third countries approved by the European Commission from time to time (available online at http://ec.europa.eu/justice/data-protection/document/international-transfers/transfer/index_en.htm), as such model clauses may be amended or superseded by the European Commission from time to time.
“User” means any end user or administrator of a Service.
“User Data” means personal data regarding Users which is not Content Data or CRM Data. Such personal data include user IDs, passwords, authenticators, addresses (including MAC addresses, IP addresses and email addresses) and telephone numbers.
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, to increase security, legal and compliance requirements where it relates to the storing, tracking, collection, and use of personal data of individuals within the EU.
The protection of our customers and their data (personal or commercial) is something we take very seriously here at POP, so considerable actions have been taken to ensure we maintain compliance with all regulations.
At POP, we adhere to the principles expressly stipulated by the GDPR. All personal data collected by POP shall be:
Due to the sensitive nature of the data that passes through our products, security and privacy have always been paramount at POP. While the GDPR imposed certain changes, the requirements did not represent a material change to the processes and safeguards we maintained prior.
With that said, our underwriting, marketing, operations, legal and compliance teams have all worked together to ensure we continue our existing approach of “Privacy by Design” and apply that to the changing laws for the protection of our customers. Other areas we have, and continue to address as part of our GDPR compliance include:
Security & compliance at POP
While a lot of data that passes through our products does not fall under the scope of GDPR, it is of course confidential information, and therefore handled in accordance to our robust security standards. We are applying the same rigorous standards to the privacy of the personal information we process.
We have a documented process for escalation and reporting of breaches and continue to invest, improve and report these.
Secure data management
POP data is hosted on the Google Cloud platform, whose infrastructure guarantees the following data security:
Google Cloud has the following information security certifications to ensure information stored by POP is fully secure.
POP supports single sign on and multi-factor authentication.
If you would like to discuss our GDPR status further please get in contact with our Chief Compliance Officer: michael@POP
If you’d like to have a chat with one of our team, please send us your name, email and phone number and we’ll get back you to as soon as possible