Data Protection Policy

  1. About this Policy
    1. This policy explains how  BubbleUp  manages personal information, how we use it and how we keep it secure and your rights in relation to it.
    2. BubbleUp LLC is the web-agency that operates on behalf of hundreds entertainment, personal, ecommerce and corporate website owners. We may collect, use and store your personal data, as described in the Privacy Policy published on each individual website.
    3. We reserve the right to amend this Data Protection Policy from time to time without prior notice.
    4. We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, in most cases we will be the "processor", except few sites where are the "controller" of all personal data we hold about you.
  2. Who are we?
    1. We are the BubbleUp LLC - web-agency that develops, manages and hosts websites for brands and world class entertainers. Current contact information could be found on our website www.bubbleup.com
  3. Why do we collect your personal data?
    1. We are operating on behalf of website owners and helping them to manage their website functionality, content and data workflow in a safe and secure manner. We are helping our clients to meet PCI DSS, GDPR, SSAE and other compliance standards by processing incoming data in accordance with these standards.
  4. How we protect your personal data
    1. We are not transferring your personal data without your consent unless information provided is required to fulfill the contract with you (e.g. pass shipping info from webstore to delivery providers).
    2. We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
    3. Please note however that where you are transmitting information to us over the internet using encrypted HTTPS protocol and data is stored encrypted at rest this can never be guaranteed to be 100% secure.
    4. We screen and use only recognised vendors who meet required compliance standards for online secure payment system or sensitive information processing.
    5. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
  5. Who else has access to your information?
    1. In most cases we operate only as "data processor" for the website owner who is a "data controller" and defines data flow and companies with whom information should be shared. All the third parties should be listed on the Privacy Policy page published on the data controller's website. With some of those companies we do have automatic connection to update your data or request removal, for some we would be provide you with links or contacts to request data access, update or execute your right to be forgotten.
    2. Website owner or "data controller" may also provide your data when required to do so by law or for the purposes of completing tasks and providing services to you (e.g. to print newsletters and send you mailings) or for the purpose of their legitimate interests in operating their business or performing their contract with you.
    3. It is possible that third parties may themselves engage others (subprocessors) to process your data. Where this is the case third parties will be required to have contractual arrangements with their sub-processor(s) that ensure your information is kept secure and not used for their own purposes.
  6. How long do we keep your information?
    1. We will hold your personal data on our systems for 24 months as required by PCI DSS standard or until you execute you "right to be forgotten". Under certain circumstances we may refuse to delete your information immediately if it's required by law or to comply with legal obligations e.g. compliance with tax requirements and exemptions, and the establishment, exercise or defence of legal claims.
    2. We securely destroy all financial information once we have used it and no longer need it.
  7. Your rights under the GDPR
    1. to access your personal data
    2. to be provided with information about how your personal data is processed
    3. to have your personal data corrected
    4. to have your personal data erased in certain circumstances
    5. to object to or restrict how your personal data is processed
    6. to have your personal data transferred to yourself or to another business in certain circumstances.
    7. to take any complaints about how we process your personal data to the Information Commissioner: https://ico.org.uk/concerns/

Updated: 4 May 2018

The information contained in this Policy represents the BubbleUp interpretation of the law as at the date of this edition. The BubbleUp takes all reasonable care to ensure that the information contained here is accurate and that any opinions, interpretations and guidance expressed have been carefully considered in the context in which they are expressed. However, before taking any action based on the contents of this Policy, readers are advised to confirm the up to date position and to take appropriate professional advice specific to their individual circumstances.