Privacy Policy

We respect the privacy of your personal and corporate information. This Privacy Policy describes how ERPLY collects, uses and discloses information, and what choices you have with respect to the information. ERPLY Privacy Policy also reflects changes in the new data protection law (GDPR). Under “ERPLY” this Privacy Policy refers to ERPLY entity that acts as controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below.

This Privacy Policy applies to ERPLY’s retail ERP software, including the associated ERPLY Point-Of-Sale solutions (collectively, the “Services”), Erply.com and other ERPLY websites (collectively, the “Websites”) and other interactions with ERPLY (e.g., customer inquiries, conferences, etc.). If you do not agree with the terms, do not access or use the Services, Websites or any other aspect of ERPLY’s business.

This Privacy Policy does not apply to any third party applications or software that integrate with the Services through the ERPLY platform (“Third Party Services”), or any other third party products, services or businesses. In addition, a separate agreement governs the delivery, access and use of the Services (the “Customer Agreement”) or other content submitted through Services accounts (collectively, “Customer Data”). The organization (e.g., your employer or another entity or person) that entered into the Customer Agreement (“Customer”) controls their instance of the Services (their “Workspace”) and any associated Customer Data. If you have any questions about specific Workspace settings and privacy practices, please contact the Customer whose Workspace you use.

ERPLY may collect and receive Customer Data, other information and data (“Other Information”) in a variety of ways. When you visit or use our Website or Services in any way, we collect and process different types of information about you:

• Customer Data. Customers or individuals granted access to a Workspace by a Customer (“Authorized Users”) routinely submit Customer Data to ERPLY when using the Services. Such information can vary depending on your use of the Website or Services. Such information may include your customers or employees personal data such as:
  • Identity Data including first name, last name, gender, birthday, username or similar identifier, and titles.
  • Identification Data including loyalty card number and national ID code.
  • Contact Data including billing address, delivery address, email address, webpage, social media identification, fax, and telephone numbers. Such information can also include contact persons and representatives data.
  • Professional Data including your authorization level, job title, company information, workplace, and other management and sales related data and goals.
  • Financial Data including bank, bank account, additional payer person, deadlines, penalties, and credit details. Other financial information can include reward points, coupons, and gift cards.
  • Transaction Data including details about payments and sales documents to and from you and other details of products and services you have purchased from us.
  • Marketing and Communications Data including your preferences in receiving marketing from us and our third parties and your communication preferences with your Customers.
  • Custom information which the Authorized User can add to the person via attributes, extra parameters or attached files.



• Other Information. ERPLY also collects, generates and/or receives Other Information:
  • Log Data may include the Internet Protocol (IP) address, the date and time the Services were used, User identification, and what processing was done. Our servers automatically collect information when you access or use our Websites or Services and record it.
  • Services Metadata may include logs about features, content, and links you interact with and what Third Party Services are used (if any). When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way Authorized Users work.
  • Technical Data includes internet protocol (IP) address, time zone setting, and location, Services extension (“Plug-ins”) types and versions, and other technology you use to access for processing purposes of Services.
  • Profile Data includes account purchases or orders made by you, your preferences, feedback, communications and survey responses, and your login username and password.
  • Custom information which can vary depending on extra developed functionalities, active Plug-ins or other Customer self-made Plug-Ins and functionalities.
• Cookie Information. ERPLY uses cookies and similar technologies in our Websites and Services that help us collect Other Information. The Websites and Services may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Websites and Services and across other websites and online services.
• Third Party Services. The customer can choose to permit or restrict Third Party Services. Typically, Third Party Services are software that integrates with our Services, and Customer can permit its Authorized Users to enable and disable these integrations for their Workspace. Once enabled, the provider of a Third Party Service may share certain information with ERPLY. Authorized Users should check the privacy settings and notices in these Third Party Services to understand what data may be disclosed to ERPLY. When a Third Party Service is enabled, ERPLY is authorized to connect and access Other Information made available to ERPLY in accordance with our agreement with the Third Party Provider.
• Third Party Data. ERPLY may receive data about organizations, industries, Website visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information we collect and might include aggregate level data.
• Additional Information Provided to ERPLY. We receive Other Information when submitted to our Websites or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with ERPLY.

Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Workspace setup details, is not provided, we may be unable to provide the Services. Moreover, certain information provided by Customer to ERPLY can vary depending on the agreed-upon contractual obligations of both parties and hence this list of data being processed by ERPLY can differ. ERPLY is not obligated to know about the data which the Customer inserts into the ERPLY Services and Websites, and Customer is 100% owner of their data, hence Controller to their data and obligated to follow the current Data Protection Law.

Our Websites and Services may, from time to time, contain links to third-party websites. If you follow a link to any of those third party websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those practices. Please check those policies before you submit any personal data to those websites.

To the extent prohibited by applicable law, ERPLY does not allow the use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information. Insertion of Customer Data containing personal data of individuals younger than 16 years old into ERPLY is prohibited without parental or another guardian lawful permission.

Customer Data will be used by ERPLY in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by Data Protection Law or other applicable law. ERPLY is a processor of Customer Data and Customer is the controller.

ERPLY uses Other Information in furtherance of our legitimate interests in operating our Services, Websites, and business. More specifically, ERPLY uses Other Information:

• To provide, update, maintain and protect our Services, Websites, and business. This includes the use of Other Information to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User’s request.
• As required by applicable law, legal process or regulation.
• To communicate with you by responding to your requests, comments, and questions. If you contact us, we may use your Other Information to respond.
• To develop and provide additional features. ERPLY tries to make the Services as useful as possible for specific Workspaces and Authorized Users. For example, we may identify organizational trends and insights, to customize a Services experience or create new productivity features and products.
• To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about ERPLY. These are marketing messages so you can control whether you receive them.
• For billing, account management, and other administrative matters. ERPLY may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
• To investigate and help prevent security issues and abuse.

If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, ERPLY may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable Data Protection Law, it is referred to in this Privacy Policy as “Personal Data.”

ERPLY will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Other Information. For more detail, please contact Customer or ERPLY support which contact can be found at the bottom of this privacy policy. ERPLY may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information after you have deactivated your account for the period of time needed for ERPLY to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

This section describes how ERPLY may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and ERPLY does not control how they or any other third parties choose to share or disclose Information.

• Customer’s Instructions. ERPLY will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
• Displaying the Services. When an Authorized User submits Other Information, it may be displayed to other Authorized Users.
• Customer Access. Owners, administrators, Authorized Users and other Customer representatives and personnel may be able to access, modify or restrict access to Other Information.
• Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business.
• Third Party Services. Customer may enable or permit Authorized Users to enable Third Party Services. When enabled, ERPLY may share Other Information with Third Party Services. Third Party Services are not owned or controlled by ERPLY and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
• Corporate Affiliates. ERPLY may share Other Information with its corporate affiliates, parents and/or subsidiaries.
• During a Change to ERPLY’s Business. If ERPLY engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of ERPLY’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements.
• Aggregated or De-identified Data.
We may disclose or use aggregated or de-identified Other Information for any purpose.
• To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
• To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of ERPLY or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
• With Consent. ERPLY may share Other Information with third parties when we have consent to do so.

ERPLY takes security of data very seriously. ERPLY works hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology. ERPLY has signed confidentiality agreements with our personnel. The personnel will receive training when onboarding and as well as on an ongoing basis. ERPLY transfers your data over secure protocols and data is kept only on dedicated environments which ERPLY fully owns at our hosting partners. The environment that hosts the ERPLY services maintains multiple certifications, including ISO 27001 compliance. To learn more about current practices and policies regarding security and confidentiality of the Services, please see our Security Practices. Given the nature of communications and information processing technology, ERPLY cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.

We store your personal data during the time that you are a Customer of the ERPLY Services, and for up to ten years after you cease to be a Customer or User. If you have never been a Customer or registered User of ERPLY, but have consented to receive marketing inquiries or other information from ERPLY, we may store your data until you have opted-out from marketing subscription. We reserve the right to store or delete your personal data earlier or later than set forth herein if required to do so by an applicable law or regulation, including the current Data Protection Law and for the exercise or defense of legal claims.

ERPLY is committed to ensuring that you have control and visibility to your personal data and it´s processing. Below is a summary of your rights and additional commitments from ERPLY. You may exercise your rights by contacting us at dpo(@)erply.com. ERPLY will only process requests from individuals directly associated to ERPLY Services, hence will only process requests about Personal Data for which ERPLY is controller party. It is your responsibility to ensure that any information you have provided to us is accurate and up-to-date.

The right of Access. You can request a copy of the personal data we hold about you.

Right to Erasure (‘Right to be Forgotten’). You have the right to request that your personal data be deleted in certain circumstances including:

• The personal data are no longer needed for the purpose for which they were initially collected;
• You withdraw your provided consent for processing (Only applicable for processing where consent was required);
• You object to the processing and there are no overriding legitimate grounds justifying us processing the personal data;
• The personal data have been unlawfully processed; or
• To comply with a legal obligation.

Right to Restriction of Processing. You can ask us to restrict the use of your personal data where:

• The accuracy of the personal data is contested;
• The processing is unlawful but you do not want it erased;
• We no longer need the personal data but you require it for the establishment, exercise or defense of legal claims; or
• The personal data have been unlawfully processed; or
• You have objected to the processing and verification as to our overriding legitimate grounds is pending.

We can continue to use your personal data:

• Where we have your consent to do so;
• For the establishment, exercise or defense of legal claims;
• To protect the rights of another; or
• The personal data have been unlawfully processed; or
• For reasons of important public interest.

Right to Data Portability. Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:

• The processing is carried out by automated means; and
• The processing is based on your consent or on the performance of a contract with you.

Right to Object. You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate interests which override your interests. You also have the right to object where we are processing your personal data for direct marketing purposes.

If you do not want to receive newsletters, announcements, or other communications and/or services from the ERPLY, please do not opt-in for those communications or services at the time of registration. ERPLY only exercises two types of consents which of first is required for us to provide Services to Customer and such consent can be only opted-out once legal agreement and obligations between ERPLY and the Customer has ended. If Customer has opted-in to direct marketing consent, the Customer is given the option to discontinue receiving future communications (i.e., unsubscribe) from ERPLY via e-mail. Simply follow the unsubscribe process or directions provided at the bottom of the e-mail.

Automated Decision-Making. In ERPLY no such functionality exists in our standard Services and we do not exercise any automated decision-making for our business or other processes. If any of our Customers exercises such decision-making to process the individual´s personal data, such individual should contact the Customer with such requests.

Right to Complain. You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you are unhappy with how we are processing your personal data. We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than one month after receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. All requests should be addressed to dpo(@)erply.com.

ERPLY keeps all European Customer data in EU data centers only. ERPLY may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if ERPLY transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:

• E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. To comply with European Union and Swiss data protection laws, ERPLY only discloses your data to partners who are certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. To learn more about the Privacy Shield Program, please see https://www.privacyshield.gov/welcome
• European Union Model Clauses. ERPLY utilizes European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data to third-party entities that process your data in countries that don´t have implemented same data protection standards with EEA region and hence don´t provide adequate level of protection by it´s local legislation.

To communicate with our Data Protection Officer, please email dpo(@)erply.com.

Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, Customer is the controller of Customer Data. In general, ERPLY is the processor of Customer Data and the controller of Other Information. Different ERPLY entities provide the Services in different parts of the world.

CHANGE COOKIE SETTINGS

Cookies are small text files sent by us to your computer or mobile device. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. ERPLY uses use both session-based and persistent cookies, of which some may be third-party cookies.

To find out more about cookies, visit this site.

Some cookies are associated with your account and personal information in order to remember that you are logged in and other cookies are not tied to your account but are unique and allow us to carry out analytics and customization, among other similar things. Cookies can be used to recognize you when you visit a Site or use our Services, remember your preferences, and give you a personalized experience that’s consistent with your settings. Cookies also make your interactions faster and more secure.

In some browsers, you can set up cookie management rules. This means is that you can disallow cookies from sites that you don´t trust. If you limit the ability of websites and applications to set cookies, you may worsen your user experience, stop having customized settings, and lose the ability to access the services. Browser manufacturers provide help relating to cookie management in their products. Such information can be found at:

• Google Chrome
• Internet Explorer
• Mozilla Firefox
• Safari (Desktop)
• Safari (Mobile)
• Android Browser
• Opera
• Opera Mobile

For other browsers, please consult the documentation that your browser manufacturer provides. Some cookies can be opted-out on the third party sites, for example, Google Analytics. For mobile platforms, you can change your device settings to control whether you see interest-based marketing ads.

ERPLY may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If you disagree with the changes to this Privacy Policy, you should end your Services Subscription. Contact the Customer if you wish to request the removal of Personal Data under their control.

Please also feel free to contact ERPLY if you have any questions about this Privacy Policy or ERPLY’s practices, or if you are seeking to exercise any of your statutory rights. You may contact us at support(@)erply.com for English, abi(@)erply.com for Estonian or tuki(@)erply.com for Finnish support.