Privacy Policy (EEA and UK)
Last updated [DATE 2023]
What does this Policy cover?
This Privacy Policy (“Policy”) describes how Ratta US, Inc. and Shanghai Ratta Smart Technology Co., Ltd. (also referred to as “Ratta”, “we”, “us” or “our”) collect, use, and disclose your data when you visit or interact with our website https://supernote.com/ (“Site”), the Supernote cloud https://cloud.supernote.com (the “Cloud” or “Supernote Cloud”), our Supernote Application and Mailbox Application (collectively the “Apps” or “Supernote Apps”) and the Supernote products (the “Device” or “Supernote Device”). The words “user”, “you” and “your” in this Policy refer to a visitor and/or user of the Site, the Cloud, Supernote Apps and the Device.
It also describes your data protection rights, including a right to object to some of the processing which Ratta carries out. More information about your rights, and how to exercise them, is set out in the “Your rights” section.
What information do we collect?
We collect and process personal data about you when you interact with us and the Site, and when you purchase goods from us. This includes:
- identity and contact details, including your name, email address, address, contact number;
- payment and delivery details, including billing and delivery addresses and card details, where you make purchases from us;
- communication information, including metadata, received via emails, SMS, instant messages and calls you make to us;
- technical information, including information related to the browser type or version and device type you use to access the Site, your IP address, time zone, login data, location information, network;
- Supernote Device information including device serial number and information from the Mailbox App, such as Gmail settings, Calendar, Digest and Word metadata; Note-related information such as handwriting ;
- Supernote Cloud information including username and password, shared Google Drive and Dropbox files, file lists, metadata and settings; and
- profile and usage information, including username and password, product preferences, your marketing preferences, including any consents you have given us, data about how you use the Site, your Supernote Device, Apps, Supernote Cloud or web-based properties, including the products you viewed or searched for, page response times, download errors, error reports, length of visits and page interaction information (such as scrolling, clicks, and mouse-overs), Supernote Device interaction information including number of strokes recorded, system information and user operations. To learn more about our use of cookies or similar technology, please see the ‘information about our use of cookies’ section below.
We receive information from other sources, such as updated delivery and address information from our carriers, which we use to correct our records and deliver your next purchase more easily.
How do we use your personal data, and what is the legal basis for this use?
We process personal data for the following purposes:
- To fulfil a contract, or take steps linked to a contract: this is relevant where you make a purchase from us or enter a competition or sweepstake we run. This includes:
- verifying your identity;
- taking payments;
- communicating with you;
- providing customer services and arranging the delivery or other provision of products, prizes or services;
- To conduct our business and pursue our legitimate interests, in particular:
- we will use your information to provide products and services you have requested, including responding to any comments or complaints you may send us;
- we monitor use of the Site and online services, and use your information to help us monitor, improve, troubleshoot and protect the Site, Supernote Devices, Supernote Apps, Supernote Cloud, our content and services, both online and offline;
- we use information you provide to recommend features, products, and services that might be of interest to you, identify your preferences, personalise your experience with the Site, your Supernote Device, Supernote Apps, Supernote Cloud or our services;
- if you provide a credit or debit card as payment, we also use third parties to check the validity of the sort code, account number and card number you submit in order to prevent fraud;
- we monitor customer accounts to prevent, investigate and/or report fraud, in accordance with applicable law;
- we use information you provide to investigate any complaints received from you or from others, about the Site or our products or services;
- we will use information you provide when undertaking mergers, acquisitions, reorganisations or disposals, as permitted/required in accordance with applicable law;
- we will use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation); and
- we use data of some individuals to invite them to take part in market research.
- Where you give us consent:
- we will send you direct marketing in relation to our relevant products and services, or other products and services provided by us, our affiliates and carefully selected partners;
- we will use your personal information to display interest-based ads for features, products, and services that might be of interest to you;
- we place cookies and use similar technologies in accordance with the information below (see ‘information on our use of cookies’ section below) and the information provided to you when those technologies are used; and
- on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
- For purposes which are required by law:
- in response to requests by government or law enforcement authorities conducting an investigation.
Information about our use of cookies
What are cookies?
A cookie is a very small text document, which often includes an anonymous unique identifier. Cookies are created when your browser loads a particular website. The website sends information to the browser which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server. Find out more about the use of cookies on www.allaboutcookies.org.
We also use other forms of technology which serve a similar purpose to cookies and which allow us to monitor and improve the Site and our services, such as pixels, web beacons, tags or log files. When we talk about cookies, this term includes these similar technologies.
What cookies do we use and what information do they collect?
- Functional cookies: We may use cookies that are not essential but enable various helpful features on the Site. For example, these cookies collect information about your interaction with services provided on the Site.
- Advertising cookies: we use these cookies to collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. We may share this information with other parties who help manage online advertising – please see the "Third Party" section below for more details.
- Social media cookies: These cookies are used when you share information using a social media sharing button or "like" button on our platforms, or when you engage with our content on or through a social site such as Facebook or Twitter. These cookies collect information about your social media interaction with the Site, such as whether or not you have an account with the social media site and whether you are logged into it when you interact with content on Site. This information may be linked to targeting/advertising activities.
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
|
Purpose |
Cookie |
Retention |
|
Necessary cookies |
||
|
Used in connection with access to admin. |
_ab |
2 years |
|
Used in connection with navigation through a storefront. |
_secure_session_id |
24 hours |
|
For shops where pricing currency/country set from GeoIP, that cookie stores the country we've detected. This cookie helps avoid doing GeoIP lookups after the first request. |
_shopify_country |
session |
|
Used for managing customer privacy settings. |
_shopify_m |
1 year |
|
Used for managing customer privacy settings. |
_shopify_tm |
30 min |
|
Used for managing customer privacy settings. |
_cmp_a |
1 day |
|
Used to facilitate updating customer account information. |
_storefront_u |
1 min |
|
Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region. |
_tracking_consent |
1 year |
|
Used in connection with shopping cart. |
cart |
2 weeks |
|
Used in connection with shopping cart. |
cart_ver |
2 weeks |
|
Set after a checkout is completed to ensure that new carts are in the same currency as the last checkout. |
cart_currency |
2 weeks |
|
Used in connection with checkout. |
c |
1 year |
|
Used in connection with checkout. |
cart_sig |
2 weeks |
|
Used in connection with checkout. |
cart_ts |
2 weeks |
|
Used in connection with checkout. |
checkout |
4 weeks |
|
Used in connection with checkout. |
checkout_token |
1 year |
|
Used in connection with checkout. |
dynamic_checkout_shown_on_cart |
30 min |
|
Used in connection with checkout. |
hide_shopify_pay_for_checkout |
session |
|
Used in connection with buyer localization. |
keep_alive |
2 weeks |
|
Used in connection with merchant login. |
master_device_id |
2 years |
|
Used in connection with checkout. |
previous_step |
1 year |
|
Used in connection with checkout. |
discount_code |
session |
|
Used in connection with checkout. |
remember_me |
1 year |
|
Used to identify a user after they sign into a shop as a customer so they do not need to log in again. |
secure_customer_sig |
1 year |
|
Used in connection with checkout. |
shopify_pay |
1 year |
|
Used in connection with checkout. |
shopify_pay_redirect |
1 hour, 3 weeks or 1 year, depending on value |
|
Used in combination with mobile apps to provide custom checkout behavior, when viewing a store from within a compatible mobile app. |
source_name |
session |
|
Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected. |
storefront_digest |
2 years |
|
Used in connection with checkout. |
tracked_start_checkout |
1 year |
|
Used in connection with checkout. |
checkout_session_lookup |
3 weeks |
|
Used in connection with checkout. |
checkout_prefill |
5 min |
|
Used in connection with checkout. |
checkout_queue_token |
1 year |
|
Used in connection with checkout. |
checkout_queue_checkout_token |
1 year |
|
Used in connection with checkout. |
checkout_session_token |
3 weeks |
|
Used in connection with checkout. |
checkout_session_token_<<token>> |
3 weeks |
|
Used in connection with customer authentication. |
identity-state |
24 hours |
|
Used in connection with customer authentication. |
identity-state-<<token>> |
24 hours |
|
Used in connection with customer authentication. |
identity_customer_account_number |
12 weeks |
|
Used in connection with checkout. |
card_update_verification_id |
20 min |
|
Used in connection with customer authentication. |
customer_account_new_login |
20 min |
|
Used in connection with customer authentication. |
customer_account_preview |
7 days |
|
Used in connection with checkout. |
customer_payment_method |
1 hour |
|
Used in connection with checkout. |
customer_shop_pay_agreement |
20 min |
|
Used in connection with checkout. |
pay_update_intent_id |
20 min |
|
Used in connection with checkout. |
localization |
2 weeks |
|
Used in connection with checkout. |
profile_preview_token |
5 min |
|
Used in connection with customer authentication. |
login_with_shop_finalize |
5 min |
|
Used in connection with the theme editor. |
preview_theme |
session |
|
Used in connection with the theme editor. |
shopify-editor-unconfirmed-settings |
16 hours |
|
Reporting and analytics |
||
|
Track landing pages. |
_landing_page |
2 weeks |
|
Track landing pages. |
_orig_referrer |
2 weeks |
|
Shopify analytics. |
_s |
30 min |
|
Shopify analytics. |
_shopify_d |
session |
|
Shopify analytics. |
_shopify_fs |
30 min |
|
Shopify analytics. |
_shopify_s |
30 min |
|
Shopify analytics relating to marketing & referrals. |
_shopify_sa_p |
30 min |
|
Shopify analytics relating to marketing & referrals. |
_shopify_sa_t |
30 min |
|
Shopify analytics. |
_shopify_y |
1 year |
|
Shopify analytics. |
_y |
1 year |
|
Shopify analytics. |
_shopify_evids |
session |
|
Shopify and Google Analytics. |
_shopify_ga |
session |
|
Shopify analytics. |
customer_auth_provider |
session |
|
Shopify analytics. |
customer_auth_session_created_at |
session |
Third parties
Finally, we may use web beacons or similar technologies from third-party analytics providers (like, for example, Google Analytics) that provide you with targeted advertising or marketing communications we believe may be of interest to you, as well as help us compile aggregated statistics about the effectiveness of our promotional campaigns or other operations. These technologies enable the analytics providers to set or read their own cookies or other identifiers on your device, through which they can collect information about your online activities across applications, websites or other products.
You should review the privacy and cookie policies of these services to find out how these third parties use cookies and whether your cookie data will be transferred to a third country. A list of the third parties who place cookies on the Site and services can be found here.
|
Purpose |
Third party |
Retention Period |
|
Analytics and assess site use. |
390 days |
|
|
Analytics and assess site use. |
180 days |
|
|
Analytics and assess site use. |
26 months |
|
|
Analytics and assess site use. |
365 days |
|
|
Analytics and assess site use. |
90 days |
|
|
Analytics and assess site use. |
13 months |
|
|
Analytics and assess site use. |
365 days |
|
|
For advertising. |
18 months |
Who will we share this data with, where and when?
We will share your personal data with our group companies to help provide you with products and services, and support our administration.
Personal data may be shared with auditors, regulators, government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
Personal data will also be shared with third party service providers, who will process it on behalf of Ratta for the purposes identified above. Such third parties include providers of the Site, App and Supernote Cloud hosting and maintenance, including Amazon, customer support service providers, payment providers, delivery companies and identity checking providers. We use agencies such as Shopify and Wannanote SAS to power our online store. For more information on how Shopify use your information, please see here and how Wannanote SAS use your information, please see here.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
Transfers outside of the EEA and UK
Where information is transferred outside the EEA and UK, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission or under the UK government adequacy regulations or considered adequate as determined by applicable data protection laws, we take steps to ensure your personal data is adequately protected. This includes using the EU Commission approved standard contractual clauses, the UK Information Commissioner approved standard contractual clauses or a vendor's Processor Binding Corporate Rules.
Security of your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your rights
You have various rights with respect to our use of your personal data:
- Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us using the contact details provided below.
- Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
- Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us.
- Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
- Erasure: You have the right to ask us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
- Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts. This is likely to be the Information Commissioner’s Office in the UK.
To exercise any of these rights, you can get in touch with us using the details set out below
For the purchase of our goods and fulfilment of delivery the provision of information is mandatory: if relevant data is not provided, then we will not be able to accept your offer to purchase goods nor fulfil delivery. All other provision of your information is optional, but this may affect your experience of our goods and services, as well as your ability to participate in competitions, for example.
Right to withdraw consent
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
How long we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
Updates to this Policy
We reserve the right to update and change this Policy from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Policy.
Contact details
We hope that we can satisfy queries you may have about the way we process your data. If you have any concerns about how we process your data, or would like to opt out of direct marketing, you can get in touch at privacy@Supernote.com or by writing to 5 RUE PHILIPPE LEBON DOUVRES-LA-DÉLIVRANDE 14440 FRANCE.