Privacy & Terms

ipushpull Terms of Service

Updated: 1st November 2022

Thank you for your interest in ipushpull. By signing up as a subscriber or a user of our services, you agree to be bound by these terms together with our Privacy and Acceptable Use Policies which you will find on our website. If you sign up as a subscriber on behalf of a company, you are agreeing on the company’s behalf that it will be bound by these terms and our policies.

1.

Introduction

1.1

We are PushPull Technology Limited, a company incorporated in England (no. 08400980). We may be contacted at 43-45 Dorset St, London W1U 7NA.

1.2

Details of the services we offer, including our current prices, are available on our website.
 

2.

Your data

2.1

Use of our services may result in you uploading data to our servers, which may require us to keep routine backups and share that data with others when you ask us to do so. In order to make this possible for us, you:
(a) give us permission to store, backup and share the data – and that permission extends to anyone we contract to supply our services (such as Amazon Web Services); and
(b) guarantee that you have a right to upload and use the data in connection with our services and the right to give us permission in (a) above.

2.2

You must comply with our Acceptable Use Policy.

2.3

We have no obligation to check that any data we store is accurate, up to date or suitable for any of your purposes. It is your responsibility to ensure that any data you use is satisfactory for you.

2.4

We do not guarantee that changes you make to data will be saved to our servers or that it will be backed up by us. Data loss is possible. If the data is important to you, you must make sure that you have backed it up. We do not accept any liability for data loss however it was caused.

2.5

We may process personal data about you in accordance with our Privacy Policy.

2.6

Upon termination of this agreement or our stopping providing you services, we will delete the data we, or anyone we contract to supply our services, store or back up on your behalf.
 

3.

Our software

3.1

In order to use our services you may want to download software plug-ins that we may make available to you from time to time. We give you permission to do this and grant you a non-exclusive, revocable, licence to use such software plug-ins but only if you comply with the terms of this agreement. You may use the software only as part of using our services.

3.2

We may make changes to the software you have downloaded from time to time including in order to correct bugs or apply upgrades. When we do so, we will make reasonable efforts to avoid a material impact on the way the services operate for you.
 

4.

Our services

4.1

Although we aim to provide a reliable service, we cannot provide a firm commitment that our services, or any part of them, will be available:
(a) at any particular time; or
(b) in an uninterrupted manner.

4.2

In particular, we will not be responsible for a failure in the operation of the services, or data loss due to circumstances beyond our control.

4.3

If you require specific commitments for service availability or response times for support requests, please contact at support@ipushpull.com us to discuss your requirements further.

4.4

We may, from time to time, make changes to the way our services operate. If such changes would have a significant impact on you, we will do our best to give you advance notice of any change.
 

5.

Price and payment

5.1

Where you are a subscriber, payment is to be made in advance of the start of the subscription period selected by you at the time of subscribing to our services.

5.2

Where you choose to upgrade your account with us to a higher service level you will pay a pro-rated charge for the new service level from the date you upgrade until your next subscription period begins. You will then be automatically billed the full amount for the new service level from such date onwards.

5.3

If you fail to make payment on time we may (at our option) suspend providing the services to you until you make full payment.
 

6.

Intellectual Property Rights

6.1

Nothing in this agreement is intended to transfer any intellectual property rights, nor do we intend to give you any implied licence.

6.2

We reserve the right to delete or disable access to content alleged to infringe any third-party intellectual property rights, such as, but not limited to, copyrights or any rights in or to distribute data, and terminate accounts of those who we reasonably believe to infringe such third party intellectual property rights.
 

7.

Warranties

7.1

We do not give any warranties about the quality or functioning of our services or software. You should ensure that the software and services work for you as soon as possible after signing up for our services. If they do not work to your satisfaction, you have a right (see below) to cancel this agreement.

7.2

Nevertheless, this agreement does not intend to affect your statutory rights as a consumer.
 

8.

Exclusion and limitation of liability

8.1

Except for any legal responsibility that we cannot exclude in law (such as for death or personal injury caused by negligence), we are not legally responsible for any:
(a) losses:
        (i) that were not foreseeable to you and us when the contract was formed;
        (ii) that were not caused by any breach on our part
(b) business losses; and
(c) losses to non-consumers
 

9.

Indemnities

9.1

You will indemnify us against any damages (including reasonable legal costs) that may be awarded against us by a court or tribunal of competent jurisdiction in respect of any claim arising out of data that you have uploaded to our systems, including for any claim that the data infringes the intellectual property rights of a third party and/or that you did not have the necessary rights to permit such use of the data. This clause shall survive termination of this agreement on our stopping providing you services.
 

10.

Termination

10.1

Where you are a subscriber, you may terminate this agreement without a reason within 14 days of your signing up for our services by emailing us at support@ipushpull.com.

10.2

Once this 14-day period has expired, you may terminate this agreement by sending notice of termination to support@ipushpull.com at least one (1) full calendar month prior to the end of your subscription period. The termination will become effective on the last day of your subscription period.

10.3

We also reserve the right to terminate this agreement and stop providing services to you if you are or have been using the services in a manner that disrupts our ability to provide the services or other users’ enjoyment of them.
 

11.

Resolving disputes

11.1

Nothing in these terms affects your rights under the Consumer Rights Act 2015 or other applicable laws.

11.2

If you have a problem with the services or otherwise in connection with this agreement, you will first contact us at support@ipushpull.com. We will try to resolve any dispute with you quickly and efficiently.

11.3

If after 4 weeks from your first contacting us, in the unlikely event that we have not been able to resolve the dispute informally, we will, over a further 4 weeks, try to agree with you the most effective way of resolving the dispute using either mediation or arbitration based on the nature of the dispute.

11.4

You will not bring any claim against us in a court or tribunal in respect of any such problem or dispute unless we have not been able to agree on a way to resolve the dispute using either mediation or arbitration after such a further 4 weeks.
 

12.

Meaning of Consumer

12.1

"Consumer" means an individual acting for purposes that are wholly or mainly outside that individual’s trade, business, craft or profession.
 

13.

Communication

13.1

We will correspond with you using the email address you have associated with your account. You may communicate with us at support@ipushpull.com.
 

14.

Amendments to the contract terms and conditions

14.1

We may amend these terms from time to time. The most current version of these terms will be on our website. If a revision meaningfully reduces your rights, we will give you thirty days’ advance notice of any changes (except where we need to make changes in order to comply with the law in which case, such changes may be effective immediately on notice to you). Following any notification that these terms and conditions have changed, you will have the right to terminate this agreement by sending notice to us at support@ipushpull.com within 30 days from the date of the notification.
 

15.

Contracts (Rights of Third Parties) Act 1999

15.1

For the purposes of the Contracts (Rights of Third Parties) Act 1999 this contract is not intended to give any person who is not a party to it any right to enforce any of its provisions.
 

16.

Law and jurisdiction

16.1

English law is the law applicable to this agreement.

16.2

The courts of England and Wales shall have exclusive jurisdiction to settle any dispute which may arise in connection with this agreement, but if you are a consumer you may also have a right to sue in your place of domicile and we may have an obligation to use the courts of the country in which you are domiciled and nothing in this clause is intended to interfere with any such right.

 

ipushpull Privacy Notice

Updated: 30th May 2022

We take your privacy very seriously. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal information. It also explains your rights in relation to your personal information and how to contact us or supervisory authorities in the event you have a complaint.

We collect, use and are responsible for certain personal information about you. When we do so we are subject to the General Data Protection Regulation, which applies across the European Economic Area, as well as similar law in the United Kingdom, and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Key terms

It would be helpful to start by explaining some key terms used in this document:

We, us, our

Pushpull Technology Ltd

Our data protection officer

David Jones, Director

Personal information

Name, email address and phone number used to access our service

Personal information we collect about you

We may collect and use the following personal information about you:

  • your name and contact information, notably email address, and (where relevant) your phone number and company details

This personal information is required to provide the ipushpull service (including associated applications and platforms) to you or your employer. If you do not provide this information, we have no way to identify you and provide access to the service.

How your personal information is collected

We collect most of this personal information directly from you via online registration through our website, trade events or industry programmes. However, we may also obtain the same personal information from your employer, for example from colleagues who have been authorised by your employer to provide it.

How and why we use your personal information

Under data protection law, we can only use your personal information if we have a proper reason for doing so, e.g.

  • to comply with our legal and regulatory obligations;
  • for the performance of our contract with you or to take steps at your request before entering into a contract;
  • for our legitimate interests or those of a third party; or
  • where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use (process) your personal information for and our reasons for doing so:

What do we use your personal information for

Our reasons

To provide ipushpull products and services

For our legitimate interest in the performance of the services in accordance with our contract with you or your employer

To prevent and detect fraud

For our legitimate interest in minimising fraud

Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies

To comply with our legal and regulatory obligations

Preventing unauthorised access and modifications to systems

For our legitimate interests in preventing and detecting criminal activity

To comply with our legal and regulatory obligations

Updating customer records

For our legitimate interest in the performance of the services in accordance with our contract with you or your employer

To comply with our legal and regulatory obligations

For our legitimate interests in making sure that we can keep in touch with our customers about existing orders and new products

Marketing our services and those of selected third parties to:

—existing and former customers;

For our legitimate interests in promoting our business to existing and former customers

External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts

For our legitimate interests in maintaining our accreditations so we can demonstrate we operate at the highest standards

To comply with our legal and regulatory obligations

Promotional communications

We may use your personal information to send you updates (by email, text message, telephone or post) about our products and services, including exclusive offers, promotions or new products and services.

We have a legitimate interest in processing your personal information for promotional purposes (see above ‘How and why we use your personal information’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal information with the utmost respect and never sell OR share it with other organisations outside the Pushpull Technology Ltd. group for marketing purposes.

You have the right to opt-out of receiving promotional communications at any time by:

  • contacting us at info@ipushpull.com
  • using the ‘unsubscribe’ link in emails

We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and services in the future, or if there are changes in the law, regulation, or structure of our business.

Who we share your personal information with

We routinely share personal information with:

  • companies within the Pushpull Technology Ltd. group
  • third parties we use to help deliver our products and services to you, e.g. payment service providers;
  • other third parties we use to help us run our business, e.g. website hosts;

We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you. We may also share personal information with external auditors.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share personal information with other parties, such as potential buyers of some or all of our business or during a restructuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

We will not share your personal information with any other third party.

Where your personal information is held

Information may be held at our offices and those of our group companies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’).

Some of these third parties may be based outside the United Kingdom or the European Economic Area. For more information, including on how we safeguard your personal information when this occurs, see below: ‘Exporting your personal information’.

How long your personal information will be kept

We will keep your personal information while you have an account with us or we are providing products or services to you. Thereafter, we will keep your personal information for as long as is necessary:

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly;
  • to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy.

Exporting your personal information

To deliver services to you, it is sometimes necessary for us to transfer your personal information to places which do not have the same data protection laws as the United Kingdom or the European Economic Area (EEA).  For example:

  • with your and our service providers located elsewhere;
  • if you are based elsewhere;
  • where there is an international dimension to the services we are providing to you

European and UK data protection law requires us to check whether the transfer is lawful despite the difference in data protection law.  For example, a transfer to Argentina will almost always be lawful even though their data protection law is different.

Where this is not the case, we will ensure that we and the recipient of the data sign standard contractual clauses approved for the purpose and take any other steps that may be necessary, in order to ensure your personal information remains adequately protected.

If you would like further information please contact us (see ‘How to contact us’ below).

Your rights

You have the following rights, which you can exercise free of charge:

Access

The right to be provided with a copy of your personal information (the right of access)

Rectification

The right to require us to correct any mistakes in your personal information

To be forgotten

The right to require us to delete your personal information—in certain situations

Restriction of processing

The right to require us to restrict the processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data

Data portability

The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations

To object

The right to object:

—at any time to your personal information being processed for direct marketing (including profiling);

—in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.

Not to be subject to automated individual decision making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • email, call or write to us OR our Data Protection Officer —see below: ‘How to contact us’; and
  • let us have enough information to identify you (e.g. your full name, email details and service logon username);
  • let us have proof of your identity; and
  • let us know what right you want to exercise and the information to which your request relates.

Keeping your personal information secure

We have appropriate security measures to prevent personal information from being accidentally lost or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it (see above: ‘Who we share your personal information with’). Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

The security of your information is important to us. When you enter sensitive information on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).

We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, you can view our Security Overview Page or contact us at info@ipushpull.com.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your information.  Please feel free to contact us or our data protection officer using the details at the bottom of the notice.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in the United Kingdom or in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

Changes to this privacy policy

This Privacy Notice may change from time to time. If we make a change to this Privacy Notice that we believe materially reduces your rights, we will provide you with notice (for example, by email). And we may provide notice of changes in other circumstances as well. By continuing to use the Service after those changes become effective, you agree to be bound by the revised Privacy Notice.

How to contact us

Please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

Our contact details are shown below:

Pushpull Technology Ltd

43-45 Dorset St
London W1U 7NA
United Kingdom

+44 (0) 20 3808 4085
gdpr@ipushpull.com

ipushpull Data Protection Addendum

Updated: 7th March 2024

1.

Definitions

1.1

In this Data Protection Addendum, defined terms shall have the same meaning, and the same rules of interpretation shall apply as in the Master Terms. In addition, in this Data Protection Addendum the following definitions have the meanings given below:

 

Applicable Law

means applicable laws of the European Union (EU), the European Economic Area (EEA) or any of the EU or EEA’s member states from time to time together with applicable laws in the United Kingdom from time to time;

Appropriate Safeguards

means such legally enforceable mechanism(s) for Transfers of Personal Data as may be permitted under Data Protection Laws from time to time;

Controller

has the meaning given to that term in Data Protection Laws;

Data Protection Laws

means all Applicable Laws relating to the processing, privacy and/or use of Personal Data, as applicable to either party or the Services, including the following laws to the extent applicable in the circumstances:
(a) the GDPR;
(b) the Data Protection Act 2018;
(c) the UK GDPR, as defined in section 3 of that Act;
(d) any laws which implement any such laws; and
(e) any laws which replace, extend, re-enact, consolidate or amend any of the foregoing;

Data Protection Losses

means all liabilities, including all:
(a) costs (including legal costs), claims, demands, actions, settlements, interest, charges, procedures, expenses, losses and damages (including relating to material or non-material damage); and
(b) to the extent permitted by Applicable Law: (i) administrative fines, penalties, sanctions, liabilities or other remedies imposed by a Supervisory Authority; (ii) compensation which is ordered by a Supervisory Authority to be paid to a Data Subject; and (iii) the reasonable costs of compliance with investigations by a Supervisory Authority;

Data Subject

has the meaning given to that term in Data Protection Laws;

Data Subject Request

means a request made by a Data Subject to exercise any rights of Data Subjects under Data Protection Laws;

GDPR

means the General Data Protection Regulation, Regulation (EU) 2016/679;

International Recipient

means the organisations, bodies, persons and other recipients to which Transfers of Protected Data are prohibited under paragraph 9.1 without the Customer’s prior written authorisation;

List of Sub-Processors

means the latest version of the list of Sub-Processors used by PushPull, as Updated from time to time, which may be found at the end of this Addendum;

Onward Transfer

means a Transfer from one International Recipient to another International Recipient;

Personal Data

has the meaning given to that term in Data Protection Laws;

Personal Data Breach

means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Protected Data;

processing

has the meanings given to that term in Data Protection Laws (and related terms such as process have corresponding meanings);

Processing Instructions

has the meaning given to that term in paragraph 5.1.1;

Processor

has the meaning given to that term in Data Protection Laws;

Protected Data

means Personal Data in the Customer Data;

Sub-Processor

means another Processor engaged by PushPull for carrying out processing activities in respect of the Protected Data on behalf of the Customer;

Supervisory Authority

means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority, board or other body responsible for administering Data Protection Laws;

Transfer

bears the same meaning as the word ‘transfer’ in Article 44 of the GDPR (or to the extent wider the definition of ‘transfer’ in equivalent provisions of UK Data Protection Laws). Without prejudice to the foregoing, this term also includes all Onward Transfers. Related expressions such as Transfers, Transferred and Transferring shall be construed accordingly; and

UK Data Protection Laws

means Data Protection Laws that form part of the law of England and Wales, Scotland and/or Northern Ireland from time to time.

2.

Processor and Controller

2.1

The parties agree that, for the Protected Data, PushPull shall be the Processor to the Customer who may act as either a Controller or a Processor. For the avoidance of doubt, nothing in this Data Protection Addendum relieves the Customer of any responsibilities or liabilities under any Data Protection Laws.

2.2

To the extent the Customer is not the sole Controller of any Protected Data it warrants that it has full authority and authorisation of all relevant Controllers to instruct PushPull to process the Protected Data in accordance with our Agreement.
 

3.

Details of Processing

3.1

The subject matter of the data processing under this Data Processing Addendum is Protected Data.

3.2

The duration of the processing of Protected Data by PushPull , begins when Protected Data is first uploaded by the Customer and ends when the Agreement comes to an end.

3.3

The nature of the processing is for the Customer to be able to synchronise data across multiple instances of PushPull’s service, for such purposes as the Customer may determine.

3.4

The type of Protected Data processed by PushPull under this Data Processing Addendum will vary depending on the nature of the Customer Data uploaded by the Customer. The parties acknowledge that the type of Customer Data uploaded by the Customer from time to time is at the complete discretion and control of the Customer and PushPull has no visibility of the same.

3.5

The data subjects whose Protected Data may be processed by PushPull under this Data Processing Addendum may include the Customer’s customers, employees, suppliers and end-users. The parties acknowledge that PushPull has no visibility of the categories of data subjects covered by such processing which is under the complete discretion and control of the Customer.
 

4.

Compliance

4.1

PushPull shall process Protected Data in compliance with:

4.1.1

the obligations of Processors under Data Protection Laws in respect of the performance of its and their obligations under our Agreement; and

4.1.2

the terms of our Agreement.

4.2

The Customer warrants represents and undertakes, that at all times:

4.2.1

all Protected Data (if processed in accordance with our Agreement) shall comply in all respects, including in terms of its collection, storage and processing, with Data Protection Laws;

4.2.2

fair processing and other information notices have been provided to the Data Subjects of the Protected Data (and all necessary consents from such Data Subjects obtained and at all times maintained) to the extent required by Data Protection Laws in connection with all processing activities in respect of the Protected Data which may be undertaken by PushPull and its Sub-Processors in accordance with our Agreement;

4.2.3

the Protected Data is accurate and up to date;

4.2.4

it shall establish and maintain adequate security measures to safeguard Protected Data in its possession or control from unauthorised access and copying and maintain complete and accurate backups of all Protected Data provided to PushPull (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data in the event of loss, damage or corruption of such Protected Data by PushPull or any other person;

4.2.5

all instructions given by it to PushPull in respect of Personal Data shall at all times be in accordance with Data Protection Laws; and

4.2.6

it has undertaken due diligence in relation to PushPull’s processing operations and commitments and it is satisfied (and at all times it continues to use the Services remains satisfied) that:
(a) PushPull’s processing operations are suitable for the purposes for which the Customer proposes to use the Services and engage PushPull to process the Protected Data;
(b) the technical and organisational measures set out in the Information Security Addendum and our Agreement (each as Updated from time to time) shall (if PushPull complies with its obligations under such Addendum) ensure a level of security appropriate to the risk in regards to the Protected Data; and
(c) PushPull has sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws.

5.

Instructions and details of processing

5.1

Insofar as PushPull processes Protected Data on behalf of the Customer, PushPull:

5.1.1

unless required to do otherwise by Applicable Law, shall (and shall take steps to ensure each person acting under its authority shall) process the Protected Data only on and in accordance with the Customer’s documented instructions as set out in this paragraph 5.1 and paragraph 5.3 (including when making a Transfer of Protected Data to any International Recipient), as Updated from time to time (Processing Instructions); and

5.1.2

if Applicable Law requires it to process Protected Data other than in accordance with the Processing Instructions, shall notify the Customer of any such requirement before processing the Protected Data (unless Applicable Law prohibits such information on important grounds of public interest).

5.2

The Customer shall be responsible for ensuring all Authorised Affiliates and Authorised Users read and understand the Privacy Policy (as updated from time to time).

5.3

The Customer acknowledges and agrees that the execution of any computer command to process (including deletion of) any Protected Data made in the use of any of the Subscribed Services by an Authorised User will be a Processing Instruction (other than to the extent such command is not fulfilled due to technical, operational or other reasons, including as set out in the User Manual). The Customer shall ensure that Authorised Users do not execute any such command unless authorised by the Customer (and by all other relevant Controller(s)) and acknowledge that if any Protected Data is deleted pursuant to any such command PushPull is under no obligation to seek to restore it.
 

6.

Technical and organisational measures

6.1

Taking into account the nature of the processing, PushPull shall implement and maintain, at its cost and expense, the technical and organisational measures:

6.1.1

in relation to the processing of Protected Data by PushPull, as set out in the Information Security Policy; and

6.1.2

to assist the Customer insofar as is possible in the fulfilment of the Customer’s obligations to respond to Data Subject Requests relating to Protected Data, in each case at the Customer’s cost on a time and materials basis in accordance with PushPull’s Standard Pricing Terms.

7.

Using staff and other processors

7.1

PushPull shall not engage any Sub-Processor for carrying out any processing activities in respect of the Protected Data except in accordance with our Agreement without the Customer’s written authorisation of that specific Sub-Processor (such authorisation not to be unreasonably withheld, conditioned or delayed).

7.2

The Customer authorises the appointment of each of the Sub-Processors identified on the List of Sub-Processors as Updated from time to time. Pushpull shall inform the Customer of any intended changes concerning the addition or replacement of sub-processors and the Customer shall have the opportunity to object to such changes.

7.3

PushPull shall:

7.3.1

prior to the relevant Sub-Processor carrying out any processing activities in respect of the Protected Data, appoint each Sub-Processor under a written contract containing the same obligations as are imposed on PushPull by this Data Protection Addendum that is enforceable by PushPull (including those relating to sufficient guarantees to implement appropriate technical and organisational measures);

7.3.2

ensure each such Sub-Processor complies with all such obligations; and

7.3.3

remain fully liable for all the acts and omissions of each Sub-Processor as if they were its own.

7.4

PushPull shall ensure that all persons authorised by it (or by any Sub-Processor) to process Protected Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
 

8.

Assistance with compliance and Data Subject rights

8.1

PushPull shall refer all Data Subject Requests it receives to the Customer without undue delay. The Customer shall pay PushPull for all work, time, costs and expenses incurred in connection with such activity, calculated on a time and materials basis at PushPull’s rates set out in PushPull’s Standard Pricing Terms.

8.2

PushPull shall provide such reasonable assistance as the Customer reasonably requires (taking into account the nature of processing and the information available to PushPull) to the Customer in ensuring compliance with the Customer’s obligations under Data Protection Laws with respect to:

8.2.1

security of processing;

8.2.2

data protection impact assessments (as such term is defined in Data Protection Laws);

8.2.3

prior consultation with a Supervisory Authority regarding high-risk processing; and

8.2.4

notifications to the Supervisory Authority and/or communications to Data Subjects by the Customer in response to any Personal Data Breach,

provided the Customer shall pay PushPull for all work, time, costs and expenses incurred in connection with providing the assistance in this paragraph 8.2, calculated on a time and materials basis at PushPull’s rates set out in PushPull’s Standard Pricing Terms.
 

9.

International data transfers

9.1

Subject to paragraph 9.2 and 9.3, and excluding Transfers within the European Economic Area or between any part of that Area and the United Kingdom, PushPull shall not Transfer any Protected Data:

9.1.1

from any country to any other country; and/or

9.1.2

to an organisation and/or its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries,

provided that even where permitted by paragraphs 9.2 and/or 9.3, any Transfers by PushPull of Protected Data to an International Recipient (and any Onward Transfer) shall be (to the extent required under Data Protection Laws) effected by way of Appropriate Safeguards and in accordance with Data Protection Laws and our Agreement. The provisions of this clause 9, together with any specific Instructions otherwise given in writing by the Customer shall constitute the Customer’s instructions with respect to Transfers in accordance with paragraph 5.1.1.

9.2

Where Customer has required that notifications be sent to SMS or WhatsApp, PushPull may Transfer contact details relating to Customer contacts to Twillio, which Transfers are covered by the schedule to the Twillio data protection addendum as published on the world wide web at https://www.twilio.com/en-us/legal/data-protection-addendum). Further, the Customer has the option of determining whether the Protected Data is held in the UK or the Republic of Ireland, accordingly.

9.3

The Customer acknowledges that due to the nature of cloud services, the Protected Data may also be transferred to other geographical locations in connection with the use of the Service further to access and/or computerised instructions initiated by Authorised Users. The Customer acknowledges that it is responsible for any such processing (and hence any such Transfer is not legally made by PushPull but by the Customer) and the Customer shall ensure that Authorised Users (and all others acting on its behalf) only initiate the Transfer of Protected Data to other geographical locations in accordance with all Applicable Laws.
 

10

Information and audit

10.1

The Customer hereby authorises PushPull to Transfer any Protected Data for the purposes referred to in paragraph 3 to any International Recipient(s), provided all Transfers by PushPull of Protected Data to an International Recipient (and any Onward Transfer) shall be (to the extent required under Data Protection Laws) effected by way of Appropriate Safeguards and in accordance with Data Protection Laws and our Agreement.

10.2

The Customer acknowledges that due to the nature of cloud services, the Protected Data may also be transferred to other geographical locations in connection with the use of the Service further to access and/or computerised instructions initiated by Authorised Users. The Customer acknowledges that PushPull does not control such processing and the Customer shall ensure that Authorised Users (and all others acting on its behalf) only initiate the Transfer of Protected Data to other geographical locations if Appropriate Safeguards are in place and that such Transfer is in compliance with all Applicable Laws.
 

10.3

PushPull shall, on request by the Customer, in accordance with Data Protection Laws, make available to the Customer such information as is reasonably necessary to demonstrate PushPull’s compliance with its obligations under this Data Protection Addendum and Article 28 of the GDPR (and under any Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by the Customer (or another auditor mandated by the Customer) for this purpose provided:

10.3.1

such audit, inspection or information request is reasonable, limited to information in PushPull’s (or any Sub-Processor’s) possession or control and is subject to the Customer giving PushPull reasonable prior notice of such audit, inspection or information request;

10.3.2

the parties (each acting reasonably and consent not to be unreasonably withheld or delayed) shall agree on the timing, scope and duration of the audit, inspection or information release together with any specific policies or other steps with which the Customer or third party auditor shall comply (including to protect the security and confidentiality of other customers, to ensure PushPull is not placed in breach of any other arrangement with any other customer and so as to comply with the remainder of this paragraph 10.3);

10.3.3

all costs of such audit or inspection or responding to such information request shall be borne by the Customer, and PushPull’s costs, expenses, work and time incurred in connection with such audit or inspection shall be reimbursed by the Customer on a time and materials basis in accordance with PushPull’s Standard Pricing Terms;

10.3.4

the Customer’s rights under this paragraph 10.3 may only be exercised once in any consecutive twelve (12) month period, unless otherwise required by a Supervisory Authority or if the Customer (acting reasonably) believes PushPull is in breach of this Data Protection Addendum;

10.3.5

the Customer shall promptly (and in any event within one (1) Business Day) report any non-compliance identified by the audit, inspection or release of information to PushPull;

10.3.6

the Customer shall ensure that all information obtained or generated by the Customer or its auditor(s) in connection with such information requests, inspections and audits is kept strictly confidential (save for disclosure required by Applicable Law);

10.3.7

the Customer shall ensure that any such audit or inspection is undertaken during normal business hours, with minimal disruption to the businesses of PushPull and each Sub-Processor; and

10.3.8

the Customer shall ensure that each person acting on its behalf in connection with such audit or inspection (including the personnel of any third party auditor) shall not by any act or omission cause or contribute to any damage, destruction, loss or corruption of or to any systems, equipment or data in the control or possession of PushPull or any Sub-Processor whilst conducting any such audit or inspection.

11

Breach notification

11.1

In respect of any Personal Data Breach involving Protected Data, PushPull shall, without undue delay (and in any event within 48 hours):

11.1.1

notify the Customer of the Personal Data Breach; and

11.1.2

provide the Customer with details of the Personal Data Breach.

12

Deletion of Protected Data and copies

 

Following the end of the provision of the Services (or part) relating to the processing of Protected Data PushPull shall dispose of Protected Data in accordance with its obligations under our Agreement. PushPull shall have no liability (howsoever arising, including in negligence) for any deletion or destruction of any such Protected Data undertaken in accordance with our Agreement.
 

13

Compensation and claims

13.1

PushPull shall be liable for Data Protection Losses (howsoever arising, whether in contract, tort (including negligence) or otherwise) under or in connection with our Agreement:

13.1.1

only to the extent caused by the processing of Protected Data under our Agreement and directly resulting from PushPull’s breach of our Agreement; and

13.1.2

in no circumstances to the extent that any Data Protection Losses (or the circumstances giving rise to them) are contributed to or caused by any breach of our Agreement by the Customer.

13.2

If a party receives a compensation claim from a person relating to the processing of Protected Data in connection with our Agreement or the Services, it shall promptly provide the other party with notice and full details of such claim. The party with the conduct of the action shall:

13.2.1

make no admission of liability nor agree to any settlement or compromise of the relevant claim without the prior written consent of the other party (which shall not be unreasonably withheld or delayed); and

13.2.2

consult fully with the other party in relation to any such action but the terms of any settlement or compromise of the claim will be exclusively the decision of the party that is responsible under our Agreement for paying the compensation.

13.3

The parties agree that the Customer shall not be entitled to claim back from PushPull any part of any compensation paid by the Customer in respect of such damage to the extent that the Customer is liable to indemnify or otherwise compensate PushPull in accordance with our Agreement.

13.4

This paragraph 13 is intended to apply to the allocation of liability for Data Protection Losses as between the parties, including with respect to compensation to Data Subjects, notwithstanding any provisions under Data Protection Laws to the contrary, except:

13.4.1

to the extent not permitted by Applicable Law (including Data Protection Laws); and

13.4.2

that it does not affect the liability of either party to any Data Subject.

14

Survival

 

This Data Protection Addendum (as Updated from time to time) shall survive termination (for any reason) or expiry of our Agreement and continue until no Protected Data remains in the possession or control of PushPull or any Sub-Processor, except that paragraphs 12 to 14 (inclusive) shall continue indefinitely.
 
 

 

List of Sub-Processors

 

Subprocessor

Purpose

AWS

Providing cloud hosting services for PushPull

Microsoft

Providing cloud services for PushPull

Twilio

Providing cloud services for PushPull

ipushpull Acceptable Use Policy

Updated: 30th May 2022

Where you are a user, we give permission under this agreement solely for you personally to use our services.  You will not permit any other persons to access or use our services via your credentials.

You agree not to misuse the ipushpull services. For example, you must not, and must not attempt to, use the services to do the following things.

  • access, tamper with, or use non-public areas of the Service, shared areas of the Service you have not been invited to, or ipushpull (or our service providers’) computer systems;
  • interfere with or disrupt any user, host, or network, for example by sending a virus, overloading, flooding, spamming, or mail-bombing any part of the Services;
  • plant malware or otherwise use the Services to distribute malware;
  • access or search the Services by any means other than our publicly supported interfaces (for example, “scraping”);
  • send unsolicited communications, promotions or advertisements, or spam;
  • send altered, deceptive or false source-identifying information, including “spoofing” or “phishing”;
  • publish anything that is fraudulent, misleading, or infringes another's rights;
  • impersonate or misrepresent your affiliation with any person or entity;
  • publish or share materials that are unlawfully pornographic or indecent, or that advocate bigotry, religious, racial or ethnic hatred;
  • violate the law in any way, or to violate the privacy of others, or to defame others.

ipushpull Security Overview

Updated: 30th May 2022

Encryption in transit

ipushpull uses SSL/TLS to protect your data while it is in transit between your device and our servers.

Server-side Encryption

The contents of your Pages are encrypted using 256-bit AES symmetric encryption while they are stored on our servers. We restrict access to the keys we use to encrypt and decrypt your data.

Client-side encryption

If you wish, you may configure ipushpull to encrypt the contents of your Pages before they are pushed to our servers and decrypt them after they have been pulled back to your (or your permissioned Users’) devices. This encryption/decryption is performed automatically by our client applications e.g. our desktop and mobile websites and our Microsoft Excel add-in. The passphrases you use for encryption are not passed to the ipushpull servers so we have no way of decrypting the data. Only you, and the people you choose to share your passphrases with, will be able to decrypt the data.

IMPORTANT: if you lose or forget your passphrases there is no way to recover your data.

Note that activating client-side encryption on a page will restrict some functionality (e.g. SMS access to your Pages) which does not currently support encryption.

Data that is not encrypted on our servers

We do not encrypt data that is vital to the operation of the ipushpull service e.g. the set of Users you have granted access to your Pages. We also collect statistics to allow you to monitor the usage of your Folder and for billing purposes.

Maintaining your security

Choose a strong password to protect your Folder and encourage your Users to do the same.

Monitor the activity in your Folder. Your FolderUsage Page is updated every day with details of which of your users have been accessing your Pages.