SLIPZ provides the SERVICE of receiving, downloading, storing and cataloguing purchase receipts issued by retailers licensed to generate digital receipts and send them to consumers in a digital format via the SLIPZ app. The SERVICE is provided at no cost. The SLIPZ app is intended for use “as is” and has been developed as a free app by the COMPANY, that is:
Triq Il-Gendus 7, Il-Belt Valletta, Malta
The COMPANY is hereafter referred to as “we”, “our”, or “us”.
By choosing to use the SERVICE, you agree to the collection, use/processing and disclosure of data, including Personal Data in terms of the applicable policies.
Data is collected either when provided by you or automatically when using any of the SLIPZ websites, hosted services or social media platforms or other web pages as well as if you use any of our products including mobile application(s).
Among the types of data that we collect, whether through our own digital platforms or those belonging to third parties, there is:
- Personal Data, that is; any information that identifies you as an individual or that relates to an identifiable individual, such as a name, surname, username, login details, mailing address, email address, phone numbers, credit card details, transaction details and geo-location;
- Log Data.
Third-party Personal Data:
Cookies are small text files stored on a visitor’s web browser and applications. Cookies are often used to make web-browsing easier by performing functions such as saving passwords and maintaining lists of personal preferences regarding the use of the website. Our website/s, app/s, and the SERVICE may collect:
- Strictly necessary Cookies which are essential to enable you to browse our websites and to use our app and the SERVICE;
- Performance Cookies which collect information about how you use our websites, app, and the SERVICE, and;
- Functionality Cookies which allow our websites, app, and the SERVICE to remember your preferred choices while browsing, such preferences relating to text font and size.
Cookies do not collect information that personally identifies you. The collected data is aggregated and anonymous. Data collected through Cookies may be used to help optimize our websites, app, and the SERVICE.
Log Data is collected automatically when using the SLIPZ app and may include information such as your device Internet Protocol (“IP”) address, domain names, URI (“Uniform Resource Identifier”) addresses, the configuration of the app when utilizing the SERVICE, the time, date and duration of your use of the app and SERVICE, your location at the time of use of the SERVICE, the method used to submit a request to the server, features of the browser and the operating system you are using including the device make and model and operating system version and details of the pages visited with special reference to the sequence in which pages are visited and other statistics.
In addition to the above we may also collect information when you engage with us, our affiliates, third-party service providers, retailer customers and brands that use our SERVICE whether through the app, website/s, voice calls, SMS (or similar) messaging, social media pages/profiles/groups or similar platforms or digital engagement solutions. Such information may come through your requests for information, your submission of a technical support report, your participation in any promotions and your application for recruitment. In such instances, we may also receive information about your location and your mobile device, including a unique identifier for your device. Most mobile phones allow you to control or disable location services. If you have questions on how to turn off location services, please consult your mobile phone’s instructions for use. We may also receive information if you choose to allow us access to your device’s camera and microphone, or to data stored on your device, such as photos and videos. You may always opt out of these features through your device.
We may also collect publicly available data about you.
Other identification technologies that may be used by us:
Pixel tags (also called beacons or pixels) – these are small blocks of code installed on (or called by) a web page or application, which can retrieve certain information about your device and browser, including device type, operating system, browser type and version, websites visited, time of visit, referring website, IP address and other similar information. Software Development Kits (also called SDKs) – function like pixels and cookies, but operate in the mobile application context where pixels and cookies cannot always function. The application developer can install pieces of code (the SDK) into the application to collect certain information about user interaction with the application and information about the user device and network information.
We may use third-party service providers who may place cookies, pixel tags or similar technologies on our websites, app, and the SERVICE. These technologies help us compile metrics and analytics (without collecting personally identifiable information) to help improve our websites, app and the SERVICE. Third-party cookies and technologies are covered by the third party’s privacy notice to which you are directed.
Do Not Track:
Various browsers offer a “do not track” or “DNT” option. While we attempt to honour DNT instructions received from a user’s browser, we cannot guarantee a consistent positive response to such signals since a common industry standard for DNT is not yet in place.
USE/PROCESSING OF COLLECTED DATA:
Collected data is used to allow the continued provision and improvement of the SERVICE. We may therefore use your information to determine whether to render any revision or deploy particular content or new functions to the app. We may also use your information to meet your technical support requests or to inform you of promotions available to you.
Processing for Research and Statistical Reasons:
Research and statistics using your information is only carried out so that we may understand your needs. In any case, we will always ensure to obtain any consent that may be legally required from you beforehand. As in all other cases, in using data in this manner we will ensure to implement all appropriate safeguards as may be necessary.
Mode and place of processing of data:
Collected data is processed at our operating offices or at the operating offices of our third-party service providers. Data is only processed for the purposes for which it was collected and in a manner which applies all appropriate safeguards.
Collected data is retained for as long as is necessary (taking into consideration the purpose for which it was originally obtained). The criteria used to determine what is ‘necessary’ depends on the particular data in question and our specific relationship with you (including its duration). Data may also be retained for the duration of time needed for us to pursue legitimate business interests, conduct audits, comply with legal obligations, resolve disputes, and enforce our agreements. The normal practice is to determine whether there are any specific law(s) (for example tax, anti-money laundering or corporate laws) permitting or even obliging retention of data for a certain period of time (in which case it will be kept for the maximum period indicated by any such law).
SHARING OF DATA:
Personal Data will only be shared with third-party service providers performing services to us or on our behalf as is necessary to provide the SERVICE, with retailer customers using our app to deliver the SERVICE to you, and with brands that use our SERVICE if you engage with them.
Third-party service providers are individuals and/or entities we contract to provide services to us on our behalf, such as [i] to manage costumer and consumer requests [ii] to assist us in developing, maintaining and running our digital footprint (including the SLIPZ app and related websites and social media platforms) and to make them available to visitors and users [iii] to provide us with credit card processing services, analytics, and data storage services. These third parties may access, process or store Personal Data in the course of providing their services.
Retailer customers using our app to deliver the SERVICE to you are the retailers that you choose to give custom to who, by using a licensed version of our software, can deliver the SERVICE to you by generating digital receipts and sending them to your device in a digital format.
Brands that use our SERVICE refer to entities or companies which we may from time to time partner with to allow us and our retailer customers to offer additional services to you. If you engage with any such brand by opting to use additional services, we may share your Personal Data with it, receive further data about you from it, and/or combine any such data.
We do not control how any third-party partner may use your Personal Data. Use of your information by the third-party partner is governed by their privacy policies which we would direct you to read. If you do not wish for your information to be shared in this way, you may opt not to use such additional services.
Personal Data may also be shared/disclosed for legal reasons (including authorised disclosures not requiring your consent) such as:
- to comply with a legal process (such as a Court order, subpoena, search warrant or other legal requests by an official and competent public entity or authority);
- to prevent, detect, or suppress fraud (for example, if you provide false or deceptive information about yourself or attempt to pose as someone else, we may disclose any information we may have about you in order to assist any type of investigation into your actions);
- to prevent unauthorized transactions;
- to report transactions as may go against the prevalent laws, rules or regulations relating to money laundering and financing of terrorism or other illegal activities;
- to protect and defend our safety, rights or property or the safety, rights or property of any person or entity and to mitigate our liability in an actual or potential lawsuit;
vii. in the event that we are involved in a merger, sale, restructuring, acquisition, joint venture, assignment or transfer;
viii. to protect against abuse, misuse or unauthorised use of our SERVICE or digital platforms, or;
- as may otherwise be specifically allowed or required by or under any applicable law.
Any such authorised disclosures will be done in accordance with the Data Protection Laws.
We may also share your Personal Data with our subsidiaries or other affiliates in order to deliver and improve the SERVICE.
We may also aggregate information so that it is not personally identifiable and use and share such aggregated information for training and quality assurance purposes and to deliver and improve our SERVICE.
Other third parties:
The Cookies section above addresses the information we or third parties collect through cookies, pixel tags, and similar third-party technologies and how you can control cookies through your web browsers. It is you, not us, who has to control what Cookies to consent to.
YOUR RIGHTS UNDER THE DATA-PROTECTION LAW:
As one of the security measures we implement, before being in a position to help you exercise your rights under the data-protection law, we may need to verify your identity. It is up to you to decide what, if any, information to provide us with, however, and depending on your request, it may not be possible for us or our affiliates to deliver a full service or address all of your questions or requests without the necessary information from you.
Your various rights at law include those listed below.
You may, at any time request to confirm what data is being retained by us about you and to access that data. You may also request information as to why said data is being retained, who the data is disclosed to, how long is the data intended to be kept (where possible), whether the data is transferred abroad and if it is, the safeguards taken to protect it, what your rights are, how you can make a complaint, where your data was obtained from and, whether any automated decision-making (including profiling) has been carried out.
Upon request, we shall (without adversely affecting the rights and freedoms of others including our own) provide you with a copy of the Personal Data undergoing processing within the legal terms from time to time applicable.
- to rectification
All reasonable efforts are made to keep any Personal Data that may be held about you up-to-date and as accurate as possible. You can check the information that is held about you at any time by contacting us in the manner explained herein. If you find any inaccuracies, you have the right to ask us to rectify inaccurate Personal Data and to complete incomplete data concerning you. We may seek to verify the accuracy of the data before rectifying it.
iii. to erasure (to be forgotten)
You have the right to ask us to delete your Personal Data and we shall comply without undue delay only where:
- The data is no longer necessary for the purposes for which it was collected; or
- You have withdrawn your consent (in those instances where it is processed on the basis of your consent) and we have no other legal ground to process the data; or
- You have successfully exercised your right to object (as explained below); or
- Your data shall have been processed unlawfully; or
- There exists a legal obligation to which we are subject; or
- Special circumstances exist in connection with certain children’s rights.
In any case, we shall not be legally bound to comply with your erasure request if the processing of your Personal Data is necessary:
- for compliance with a legal obligation to which we are subject (including but not limited to data retention obligations); or
- for the establishment, exercise or defence of legal claims.
There are other legal grounds entitling us to refuse erasure requests although the two instances above are the most likely grounds that may be invoked to deny such requests.
- to data restriction
You have the right to ask for the restriction (that is, the storing but not further processing) of your Personal Data only where:
- The accuracy of your data is contested (see the right to data rectification above), for a period enabling us to verify the accuracy of the data; or
- The processing is unlawful and you oppose the erasure of your data; or
- We no longer need the data for the purposes for which it was collected but you need the data for the establishment, exercise or defence of legal claims; or
- You exercised your right to object and verify our legitimate grounds to override your objection.
Following your request for restriction, except for storing your data, we may only process your data:
- Where we have your consent; or
- For the establishment, exercise or defence of legal claims; or
- For the protection of the rights of another natural or legal person; or
- For reasons of important public interest.
- to data portability
You have the right to ask us to provide you with a copy of the Personal Data retained by us (and that you shall have provided us with) in a structured, commonly used, machine-readable format, or (where technically feasible) to have it ‘ported’ directly to another data controller, provided this does not adversely affect the rights and freedoms of others. This right shall only apply where:
- The processing is based on your consent or on the performance of a contract with you; and
- The processing is carried out by automated means.
- to withdraw consent relied on
In those cases where we process data on the basis of your consent, you have the right to withdraw your consent at any time. Should you exercise your right to withdraw your consent at any time (by writing to us at our physical or email address), we will determine whether at that stage an alternative legal basis exists for processing your data in terms of which we would be legally authorised (if not obliged) to process your data without needing your consent (for example, on the basis of a legal obligation to which we are subject) and if so, notify you accordingly.
When your data is processed for direct marketing or advertising purposes, you may, at any time, opt-out of receiving further communications by clicking on the unsubscribe or opt-out link at the bottom of a marketing or advertising email. You may also contact us to opt-out or to request changes to your personal information.
Please note that even if you withdraw any consent you may have given or if you object to receiving such direct marketing or advertising material (in those cases where your consent is required), we may still need to send you certain important communications from which you cannot opt-out.
vii. to object to certain processing
In the instances where you may have a right to object to the processing of your data, if you enter an objection, the processing of data shall cease unless we, as data controllers, provide compelling and legitimate grounds requiring the continuation of the data processing which outweigh the objections you may have raised.
viii. to lodge a complaint
You have the right to lodge complaints with the appropriate Data Protection Supervisory Authority.
You are kindly asked to first attempt to resolve any issues you may have directly with us.
FURTHER TO YOUR RIGHTS UNDER THE DATA-PROTECTION LAW:
As explained in the Retention Period section above, we may also need to keep certain data for compliance with our legal obligations but also to complete transactions that you would have requested prior to the change or deletion that you requested. Additionally, please note that because we have limited ability and legal standing to intervene between you and our retailer customers and brands that use our SERVICE, if you wish to exercise any of your rights under the data-protection law with reference to a retailer customer or brand that uses our SERVICE, and should you be unable to communicate directly with said retailer customer or brand that uses our SERVICE, please contact us with the name of the relevant retailer customer or brand through which you used our SERVICE. We will refer your request to them and will, without the assumption of any responsibility or liability for which you, as of now, waiver any and all rights to claims against us, support you and them as needed in responding to your request.
We value your trust in providing us and entrusting us with your data and are committed to protecting it. We therefore use commercially acceptable means to protect against the loss, misuse, and alteration of the information under our control. When possible, data is also encrypted during transmission. In addition, the data that we store is maintained and archived on secure, hardened servers that are hosted by secure platforms. Access to this data is protected by multiple layers of controls, including firewalls, role-based access controls, authentication mechanisms and monitoring. Data is backed up, and archives are stored in secure locations. However, please be aware that by its very nature, no method of transmission of data via the internet, whether or not the sender and receiver of information are located in the same country, is 100% secure and reliable. We cannot, therefore, guarantee absolute security of data transmitted between you and us or be held responsible for anything done or omitted to be done by you or any third party in connection with any data prior to receipt of said data by us. We shall accept no responsibility or liability whatsoever for the security of your data while in transit through the internet. Similarly, no method of electronic storage is 100% secure and reliable. We cannot guarantee that stored information cannot be accessed, disclosed, altered or destroyed by a breach of our systems and/or safeguards. If we learn of a breach, we will take all reasonable measures to remedy it in the best possible time and we may also notify you so that you can take appropriate steps.
INTERNATIONAL DATA TRANSFERS:
Our SERVICE is not intended for use by persons under eighteen  years of age and we will never intentionally collect any Personal Data from such persons. If you are a parent of a person who is under eighteen  years of age and you believe that said person has provided Personal Data to us please contact us so that we may be able to take the necessary measures.
LINKS TO OTHER SITES:
Links that we may provide to third-party websites are clearly marked. We shall not in any way whatsoever be held responsible for (nor be deemed to endorse in any way) the content of such websites (including any applicable privacy policies or data processing operations of any kind). We suggest for you to read the privacy policies of any such third-party websites.
We are not responsible for and do not control the privacy practices of any of our customers or any other third party. We encourage you to review the privacy practices of each third party independently.
Additional details relating to the collection or processing of data may be requested from us at any time by contacting us on any of the contact details provided herein.