Logo
Log in

PRIVACY POLICY

 

v3, last updated 30 March 2023

IMPORTANT: PLEASE READ THIS PRIVACY POLICY AS IT APPLIES TO ANY PERSONAL DATA YOU PROVIDE US OR WE COLLECT ABOUT YOU, FOR EXAMPLE, IF YOU ACCESS THE WEBSITE AT SUPERJOI.COM, PRIVACY KITCHEN’S VIDEO CHANNEL OR ACCESS ANY OTHER WEBSITE OR ONLINE PRESENCE OWNED, OPERATED OR PROVIDED BY SUPERJOI LTD, INCORPORATED IN ENGLAND, COMPANY #13604021, REGISTERED OFFICE 9TH FLOOR, 107 CHEAPSIDE, LONDON, EC2V 6DN, VAT #407 312 040 (‘WEBSITE’ AND ‘SUPERJOI’, ‘US’, ‘WE’ RESPECTIVELY) OR USE ANY OF OUR PRODUCTS OR SERVICES (‘SERVICES’).  WE DO NOT MARKET TO OR ENTER INTO CONTRACTS WITH CHILDREN, NOR WE DO COLLECT PERSONAL DATA FROM ANY PERSON UNDER 18 YEARS OF AGE.  PLEASE DO NOT ACCESS OR USE THE WEBSITE OR SERVICES IF YOU ARE UNDER 18 YEARS OF AGE.

This Policy

This Policy sets out what personal data we might collect, how we process and protect that data, the lawful grounds for that processing, and your related rights. We always seek to comply with the data protection laws applicable to our processing of personal data. For example, the EU General Data Protection Regulation 2016/679 (‘EU GDPR’) may apply and, as a UK company, the UK Data Protection Act 2018, the UK e-Privacy Regulations (‘PECR’), and the UK-adopted version of the EU GDPR (‘UK GDPR’) apply directly to all our processing.

We use ‘GDPR’ to refer to either the EU or UK version, as they’re almost identical. The GDPR is the world standard for data protection laws, inspiring legal developments worldwide.

'Personal data' is a defined term in EU and UK law.  We also use it here to cover ‘personally identifiable information’ as defined in US law and other similar legal definitions. Essentially 'personal data' means any information relating to an identified or identifiable natural person, namely one who can be identified, directly or indirectly, from that information alone or in conjunction with other information.

In most cases, the lawful ground (or legal basis) for our processing will be that the processing is necessary: (i) for our legitimate interests in carrying out our business, including to secure, manage, grow and improve our Services, provided those interests are not outweighed by your rights and interests (‘Legitimate Interests’), (ii) to perform a contract with you (‘Contract’), or (iii) to comply with our legal obligations (‘Legal Obligation’). Where the processing is based on your consent (‘Consent’), we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent when we ask for your consent.

As data protection law and practice are constantly developing, we’ll need to update this policy from time to time, which we’ll do by posting a new policy on the Website that takes effect from the date stated.  You are responsible for returning to the Website from time to time and checking for changes.

Description of Users and Acceptance of Terms

This Privacy Policy applies to visitors to the Site, who view only publicly-available content ("Visitors"), individuals who have signed up to access and use our Platform as fans ("Users"), organisations (“Brands”), and individuals that have signed up to access and use our Platform as content creators ("Content Creators").

By visiting our Site, Visitors are agreeing to the terms of this Privacy Policy and the accompanying Terms of Service.

By clicking “Sign up”, “Continue with Google”, “Continue with Facebook”, or “Continue with Apple”, or otherwise manifesting assent to this Privacy Policy, each User, Brand and Content Creator is agreeing to the terms of this Privacy Policy, and the accompanying Terms of Service.

How We Obtain Personal Data

We collect or are provided personal data in the normal course of business. For example:

  • you may provide us with your details when you become a customer, such as your name, email, date of birth, and address (‘Account Data’),

  • we may receive personal data from our customers when using our Services, such as names of team members or data entered into the Services (‘Customer Data’),

  • you may provide us with your details when you ask about our Services (such as through the Website, by email or by commenting), and we may otherwise lawfully obtain contact details of potential customers for our Services for our marketing purposes, for example, from the publicly available personal and/or business contact information on LinkedIn, YouTube, TikTok, Instagram or your social platform (‘Marketing Data’),

  • when you visit the Website, we may collect information about your visit, such as your IP address and the pages you visited (‘Website Data‘) and when you use our Services, we may collect information on how you use those Services (‘Service Data’), and

  • you may provide us with your personal data when you signup as Creator or Superfan on Superjoi for KYC purposes (‘Verification Data’) or when you send us your CV for recruitment purposes (‘Recruitment Data’).

  • When you purchase in-platform coin (“Superjoi Coin”), contribute Superjoi Coins, cash out or conduct any other transaction through our Platform, we may collect certain additional information from you, including but not limited to, your name, age, email address, phone number, your organisation's documents, social security number, and the nature and subject of the transaction. We refer to this information as ("Transaction Information"). We use the Transaction Information that we collect generally to facilitate transactions between Content Creators, Brands and Users, through our Platform. Additionally, we use this Transaction Information to: communicate with you; screen our transactions for potential risk or fraud and comply with applicable laws, regulations and guidelines regarding identity verification and Know Your Customer policies (“KYC”). We use third-party payment processing providers to process your payment-related information. Our third-party payment processing providers will collect from you, process and store your payment-related information including credit card information and/or bank account information in accordance with the terms and conditions of their privacy policies and terms of use. Superjoi does not collect, store or process any payment-related information.

In GDPR’s terms, we are the ‘controller’ of Account, Marketing, Website, Service, Verification Data and Recruitment Data as we determine the purposes (the ‘why’) and the essential means (the ‘how’) of the collection and processing. We are the ‘processor’ of Customer Data as the customer remains the ‘controller’ of Customer Data, and we only process Customer Data to fulfil our contract with the customer and on their instructions.

Your Provision of Personal Data

When you provide us with personal data about yourself or another person, for example, through referrals or contact, you are confirming to us that you have their consent or are otherwise authorised to provide us with that information and that any personal data you give us is accurate and up-to-date.

Provision of personal data to us is never a requirement, however, if you do not provide us with the personal data necessary for us to carry out an action at your request or under a contract with or relating to you, for example, to respond to your query or provide Services to you, we may not be able to respond to your query or provide Services to you.

Special Categories & Crime

Given the nature of our business, we do not ask for ‘special categories of personal data’ such as information about your health, political opinions, racial origins or sexual life, or personal data relating to criminal convictions and offences – and we would ask you not to send any to us or upload any into the Services.

However, if at any time you choose to transmit such personal data over our Website or Services for any reason, or you provide us such personal data to us as part of Recruitment Data, you must have the full authority or consent to do so, and you agree that it will be dealt with according to this Privacy Policy, including possible transfer to our offices or the third parties, inside or outside the UK or EEA, as described in this policy.

Financial Data

We do not collect or process bank, debit, or credit card data. Our payment processor collects and processes such data to process the relevant payments as an independent controller. We will at all times comply and choose payment providers who comply, with the applicable industry codes and laws regarding security and retention of such data, for example, the Payment Card Industry Data Security Standard.

Our payment processor is Stripe, Inc., a company registered in the United States, registered office 354 Oyster Point Blvd, South San Francisco, US. More information related to payment processing can be found under our Terms of Service at https://superjoi.com/terms.

How We Use Personal Data

We use personal data in the normal course of our business to provide, secure, manage and improve our Services and to meet any binding contractual or legal obligations.  This includes:

  • use Verification Data to ensure we run proper KYC (Know Your Customer) compliance.

  • to use Marketing Data and Account Data to respond to enquiries, to provide the Websites and Services, to provide advice and support, and to invoice accordingly. Lawful basis: Legitimate Interests or Contract.

  • to use the Website Data and Service Data to analyse and improve the Website and Services, for example, for technical or security purposes and to improve the customer experience. Lawful basis: Legitimate Interests, however where for example, applicable law requires your consent to use certain cookies, we will ask for your Consent, having provided you with relevant information.

  • to use the Marketing Data and Website Data to market and sell our Services, including to communicate with you about the same or similar services that we offer – if we do so, we will provide you with an easy and free way to opt out of receiving such communications in the future. Lawful basis: Legitimate Interests (or Consent as above).

  • in certain circumstances, to share it with a limited number of third parties as described in this policy, for example, for operational requirements, KYC and business continuity purposes. Lawful basis: most processing will be based on Legitimate Interests, some processing is based on Contract and, where necessary (as above), some processing may be based on your prior Consent.

  • to use Recruitment Data in our recruitment activities, including that Recruitment Data will only be reviewed by those who need to know as part of that recruitment, and that it may be stored with our cloud storage or cloud HR service providers.

  • we use third-party services to provide our offer permanently, user-friendly, secure and reliable. Such services may also be used to embed content on our website. Such services - for example, hosting and storage services, video services and payment services - require your Internet Protocol (IP) address, as such services cannot otherwise transmit the corresponding content. For their own security, statistical and technical purposes, third parties whose services we use may also process data related to our offer as well as from other sources - including cookies, log files and counting pixels - in aggregated, anonymised or pseudonymised form. We use in particular:

Electronic Direct Marketing

Where we carry out electronic direct marketing – including phone calls, automated phone calls, emails, SMS and IM – we will comply with the relevant, applicable laws, including the EU e-Privacy Directive, which has been implemented by national laws across the EEA and in the UK. This means, for example, that we will, where required, check national do-not-call registers and obtain your prior specific and informed consent.

Service provider for notifications and messages

We send notifications and messages via third-party services or with the help of service providers. Cookies may also be used in the process. We use in particular:

Sharing Data & International Transfers

We will not share, sell or rent your personal data to third parties so they can market their services to you.  Nor do we accept advertising from third parties on the Website.  We may share personal data in the following limited circumstances.

In limited situations, your personal data may be collected by or shared with third parties, who will act as separate or joint controllers:

  • as mentioned elsewhere in this Policy, Stripe and Social Platforms are separate controllers who may collect your personal data while, respectively, processing direct debits, making Superjoi videos available online, and creating and managing URLs for those videos, and

  • if we provide social media links such as buttons to like or share content through social media organisations such as YouTube, Twitter, TokTok, Spotify and Facebook, those organisations will be joint controllers with us for the collection of the personal data. We will then be separate controllers for any processing of your personal data after collection (we typically only receive aggregated information).

For the provision of the Services and for our own disaster recovery and business continuity purposes, we may store or transmit personal data to or through third-party providers such as our cloud service provider, Google, with whom we have entered into the EC standard contractual clauses for transfers and Stripe, our payment processor as above. We only share the minimum personal data required to help us operate, secure and analyse our business. Lawful basis: Legitimate Interests or Contract.

We may be obliged to disclose your personal data to comply with a law, order or request of a court, government authority, other competent legal or regulatory authority or any applicable code of practice or guideline. Lawful basis: Legal Obligation.

If we enter negotiations with a third party for the sale or purchase of all or part of our business, we will only disclose personal data to that third party to the extent it relates to that business and only under conditions of confidentiality requiring the third party to be bound by the privacy policy that applies to that data. Lawful basis: Legitimate Interests.

In each case, we have written contracts in place incorporating relevant wording to safeguard that personal data and comply with applicable laws, and we will only share such data as is necessary for the purpose in question. Our starting position is always to keep personal data within the UK or European Economic Area (‘EEA’) where the UK GDPR or EU GDPR applies, respectively. However, to carry out the above purposes, we may use third parties and their facilities outside the UK or EEA. In all such cases, we will ensure that appropriate security measures are in place to protect your personal data and that a valid legal basis for the transfer applies.

Cookies

The UK Information Commissioner (‘UK ICO’) defines a cookie as ‘small text files placed on your computer by websites you visit. They are widely used to make websites work or work more efficiently, as well as to provide information to the site owners'. You can find out all about cookies, how to manage and delete them, and how to manage your browser settings at the UK ICO and www.aboutcookies.org.

Opting Out & Changing Consent

You can chose not to consent to the cookies policy while visiting for the first time and not being tracked by Google Analytics across all websites.

Please note that if you manage your browser and third party settings to block cookies, some or all of the Website and Services may not have full functionality and your user experience may be impacted.

Social Media

As noted in our Privacy Policy:

  • if we provide social media links such as buttons to like or share content through social media organisations such as YouTube, Twitter, TokTok, Instagram, Spotify and Facebook, those organisations will be joint controllers with us for the collection of the personal data. We will then be separate controllers for any processing of your personal data after collection (we typically only receive aggregated information).

  • we use YouTube, TokTok, Instagram to obtain information about your videos online. Although we can block them on our site unless and until you consent to marketing cookies, YouTube cookies resulting from accessing the videos on YouTube are covered by YouTube’s Privacy Policy.  All social platforms provide us with aggregate reports as to number of visitors, length of viewtime, number of videos viewed per session etc.

  • we use third-party services to enable the registration, login and direct playback of audiovisual media such as music or videos on our website. We use in particular:

Retention

As a default position, we will only retain personal data for any statutory retention period, then a reasonable period (if any) necessary for the above purposes.  This is subject, for example, to any valid opt-out or withdrawal of consent where processing is based on consent, or other valid exercise of your data subject rights.

Security

The security of data is very important to our business.  In accordance with our legal obligations, we take appropriate technical and organisational measures to protect your personal data and keep those measures under review.  However, we can only be responsible for systems that we control and we would note that the internet itself is not inherently a secure environment.

Anonymised Data

We may create anonymised data from personal data, and any anonymisation would be carried out in accordance with applicable law as well as relevant guidelines from regulators such as the UK Information Commissioner (‘UK ICO’).  Anonymisation may, for example, be achieved by aggregating data to the point that no individual can be identified such as aggregating website use statistics to see which web content is working well and which could be improved.  Anonymised data does not allow for the identification of any individual person and, as it is no longer personal data, neither data protection laws nor this Privacy Policy would apply to such data.

We also receive aggregate reporting from YouTube, TikTok & Instagram when you access Superjoi’s videos online or visit our channel on YouTube. All social platforms, as a controller, collect certain information such as your region, watch time, and number of videos watched per visit to provide us with aggregate reports.

Third Party Services

If you access the services of another provider through our websites or services, for example through a link on the Website, your use of those services is entirely at your risk and governed by the terms and privacy policy of that third party provider.  If we redirect you to a third party (‘Third Party Service’), including any website that is delivered or owned by a third party (‘Third Party Software’), it is that third party’s separate privacy policy that will apply to your personal data and your use of the Third Party Service and Third Party Software. Your use of a Third Party Service is not covered by this Privacy Policy. Please therefore review the privacy policy for any Third Party Service and Third Party Software before using it.

Your Rights

Under the UK and EU GDPRs, you have the following rights (some of which may be subject to conditions set out in the relevant GDPR):

  • to know if we process any personal data about you and, if we do, with certain limitations, to a copy of that personal data,

  • to ask us to remove or correct any of that personal data that is inaccurate,

  • to object to certain processing,

  • to withdraw any consent you may have given us for any processing of your personal data,

  • to ask us to restrict processing certain of your personal data,

  • to ask us to erase your personal data, and

  • to ‘port’ certain of your personal data to you or another provider, provided in each case that we have such data and certain conditions are met.

You have the right, at any time, to object to the processing of your personal data for direct marketing.

'Do Not Track'

The Website and Services do not use technologies that respond to ‘Do-Not-Track’ signals communicated by your internet browser.

Contact Us

If you’ve any question you can always contact us at the address above or by email to hi@superjoi.com.  You have the right, at all times, to notify a complaint to the regulator.  Our supervisory authority, or regulator for data protection, is the UK ICO. We always welcome the opportunity to discuss and resolve any complaint with you first.

 

We use cookies 🍪

Not the tasty ones, but the ones that make your Superjoi experience fun! Learn more