Privacy Policy

We respect the privacy of your personal and corporate information. This Privacy Policy describes how ERPLY collects, uses and discloses information, and what choices you have with respect to the information. ERPLY Privacy Policy also reflects changes in the new data protection law (GDPR). Under “ERPLY” this Privacy Policy refers to ERPLY entity that acts as controller or processor of your information, as explained in more detail in the “Identifying the Data Controller and Processor” section below.

Applicability Of This Privacy Policy

This Privacy Policy applies to ERPLY’s retail ERP software, including the associated ERPLY Point-Of-Sale solutions (collectively, the “Services”), Erply.com and other ERPLY websites (collectively, the “Websites”) and other interactions with ERPLY (e.g., customer inquiries, conferences, etc.). If you do not agree with the terms, do not access or use the Services, Websites or any other aspect of ERPLY’s business.

This Privacy Policy does not apply to any third party applications or software that integrate with the Services through the ERPLY platform (“Third Party Services”), or any other third party products, services or businesses. In addition, a separate agreement governs the delivery, access and use of the Services (the “Customer Agreement”) or other content submitted through Services accounts (collectively, “Customer Data”). The organization (e.g., your employer or another entity or person) that entered into the Customer Agreement (“Customer”) controls their instance of the Services (their “Workspace”) and any associated Customer Data. If you have any questions about specific Workspace settings and privacy practices, please contact the Customer whose Workspace you use.

Information We Collect And Receive

ERPLY may collect and receive Customer Data, other information and data (“Other Information”) in a variety of ways. When you visit or use our Website or Services in any way, we collect and process different types of information about you:

Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Workspace setup details, is not provided, we may be unable to provide the Services. Moreover, certain information provided by Customer to ERPLY can vary depending on the agreed-upon contractual obligations of both parties and hence this list of data being processed by ERPLY can differ. ERPLY is not obligated to know about the data which the Customer inserts into the ERPLY Services and Websites, and Customer is 100% owner of their data, hence Controller to their data and obligated to follow the current Data Protection Law.

Links to Other Websites

Our Websites and Services may, from time to time, contain links to third-party websites. If you follow a link to any of those third party websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those practices. Please check those policies before you submit any personal data to those websites.

Age Limitations

To the extent prohibited by applicable law, ERPLY does not allow the use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information. Insertion of Customer Data containing personal data of individuals younger than 16 years old into ERPLY is prohibited without parental or another guardian lawful permission.

How We Use The Information

Customer Data will be used by ERPLY in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by Data Protection Law or other applicable law. ERPLY is a processor of Customer Data and Customer is the controller.

ERPLY uses Other Information in furtherance of our legitimate interests in operating our Services, Websites, and business. More specifically, ERPLY uses Other Information:

If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, ERPLY may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable Data Protection Law, it is referred to in this Privacy Policy as “Personal Data.”

Data Retention

ERPLY will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Other Information. For more detail, please contact Customer or ERPLY support which contact can be found at the bottom of this privacy policy. ERPLY may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information after you have deactivated your account for the period of time needed for ERPLY to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

How We Share And Disclose Information

This section describes how ERPLY may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and ERPLY does not control how they or any other third parties choose to share or disclose Information.

 

Security

ERPLY takes security of data very seriously. ERPLY works hard to protect Other Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Other Information we collect, process and store, and the current state of technology. ERPLY has signed confidentiality agreements with our personnel. The personnel will receive training when onboarding and as well as on an ongoing basis. ERPLY transfers your data over secure protocols and data is kept only on dedicated environments which ERPLY fully owns at our hosting partners. The environment that hosts the ERPLY services maintains multiple certifications, including ISO 27001 compliance. To learn more about current practices and policies regarding security and confidentiality of the Services, please see our Security Practices. Given the nature of communications and information processing technology, ERPLY cannot guarantee that Information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others.

How Long Do We Store Your Data?

We store your personal data during the time that you are a Customer of the ERPLY Services, and for up to ten years after you cease to be a Customer or User. If you have never been a Customer or registered User of ERPLY, but have consented to receive marketing inquiries or other information from ERPLY, we may store your data until you have opted-out from marketing subscription. We reserve the right to store or delete your personal data earlier or later than set forth herein if required to do so by an applicable law or regulation, including the current Data Protection Law and for the exercise or defense of legal claims.

Your Rights

ERPLY is committed to ensuring that you have control and visibility to your personal data and it´s processing. Below is a summary of your rights and additional commitments from ERPLY. You may exercise your rights by contacting us at dpo(@)erply.com. ERPLY will only process requests from individuals directly associated to ERPLY Services, hence will only process requests about Personal Data for which ERPLY is controller party. It is your responsibility to ensure that any information you have provided to us is accurate and up-to-date.

The right of Access. You can request a copy of the personal data we hold about you.

Right to Erasure (‘Right to be Forgotten’). You have the right to request that your personal data be deleted in certain circumstances including:

Right to Restriction of Processing. You can ask us to restrict the use of your personal data where:

We can continue to use your personal data:

Right to Data Portability. Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format, and to have those data transmitted to a third-party data controller without hindrance but in each case only where:

Right to Object. You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests. In such a case we will stop processing your personal data unless we can demonstrate compelling legitimate interests which override your interests. You also have the right to object where we are processing your personal data for direct marketing purposes.

If you do not want to receive newsletters, announcements, or other communications and/or services from the ERPLY, please do not opt-in for those communications or services at the time of registration. ERPLY only exercises two types of consents which of first is required for us to provide Services to Customer and such consent can be only opted-out once legal agreement and obligations between ERPLY and the Customer has ended. If Customer has opted-in to direct marketing consent, the Customer is given the option to discontinue receiving future communications (i.e., unsubscribe) from ERPLY via e-mail. Simply follow the unsubscribe process or directions provided at the bottom of the e-mail.

Automated Decision-Making. In ERPLY no such functionality exists in our standard Services and we do not exercise any automated decision-making for our business or other processes. If any of our Customers exercises such decision-making to process the individual´s personal data, such individual should contact the Customer with such requests.

Right to Complain. You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you are unhappy with how we are processing your personal data. We will respond to your request in writing, or orally if requested, as soon as practicable and in any event not more than one month after receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. All requests should be addressed to dpo(@)erply.com.

International Data Transfers Privacy Shield And Contractual Terms

ERPLY keeps all European Customer data in EU data centers only. ERPLY may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if ERPLY transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:

Data Protection Officer

To communicate with our Data Protection Officer, please email dpo(@)erply.com.

Identifying The Data Controller And Processor

Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. In general, Customer is the controller of Customer Data. In general, ERPLY is the processor of Customer Data and the controller of Other Information. Different ERPLY entities provide the Services in different parts of the world.

Cookies

CHANGE COOKIE SETTINGS

Cookies are small text files sent by us to your computer or mobile device. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. ERPLY uses use both session-based and persistent cookies, of which some may be third-party cookies.

To find out more about cookies, visit this site.

How ERPLY uses cookies?

Some cookies are associated with your account and personal information in order to remember that you are logged in and other cookies are not tied to your account but are unique and allow us to carry out analytics and customization, among other similar things. Cookies can be used to recognize you when you visit a Site or use our Services, remember your preferences, and give you a personalized experience that’s consistent with your settings. Cookies also make your interactions faster and more secure.

Categories of UseDescription
AuthenticationThese cookies help us show you the right information and personalize your experience.
SecuritySome cookies enable and support our security features, and to detect malicious activity.
Preferences, Features, and ServicesCookies can tell us which language you prefer, your communications preferences, features, insights, and other customized content.
Performance, Analytics, and ResearchSome cookies tell us how our Sites and Services perform. We also use cookies to understand, improve, and research products, features, and services, including creating logs and records when you access our Sites and Services.
MarketingWe may use cookies to help us deliver marketing campaigns, track their performance, and help us market more effectively to users that we and our partners believe may be interested in ERPLY. Similarly, our partners may use cookies to provide us with information about your interactions with their services, but the use of those third-party cookies would be subject to the service provider’s policies.

Erply cookies

Cookie NameCookie PurposeExpires
Cookie preferences:gdpr[allowed_cookies], gdpr[consent_types]The cookie preferences are stored to retain visitor choices in the main cookie banner. This means that the main cookie banner can be minimised on future visits.One year
Cloudflare:_cfduid, _cfduidSet by the Cloudflare service. It is used to improve site speed and performance and does not record any personal information.6 months
Google reCAPTCHA
CONSENTUsed by Google for cookie consent settings20 years
NIDUnique ID used to remember preferences.6 months
SIDCCSecurity cookie to protect users data from unauthorised access3 months
SSIDUsed by Google to store user preferences and information.2 years
1P_JARUsed by Google to store user preferences and information.1 month
1P_JARUsed by Google to store user preferences and information.1 month
APISIDUsed by Google to store user preferences and information.2 years
HSIDUsed by Google to store user preferences and information.2 years
SAPISIDUsed by Google to store user preferences and information.2 years
Google Analytics:Google’s privacy policy Opt out of Google Analytics_gat_gtag, _gat, _gid, _gaGoogle Analytics is a web analytics service provided by Google, Inc. (“Google”), to help us see how our website is used. The data collected by Google Analytics is used to analyse how frequently people visit the Erply website, how the website is found, and which pages are most frequently viewed. This information is used to create an overall picture of website use, and is anonymized before processing and is not linked to any other information we store about you.The longest lasting cookie expires 2 years after your last visit to the website. Others are deleted 6 months, 30 minutes and the moment you close your browser.
Chatlio:Chatlio Privacy Policychatlio_at, chatlio_rt, chatlio_uuidChatlio cookie for chat support 
How to opt-out from cookies?

In some browsers, you can set up cookie management rules. This means is that you can disallow cookies from sites that you don´t trust. If you limit the ability of websites and applications to set cookies, you may worsen your user experience, stop having customized settings, and lose the ability to access the services. Browser manufacturers provide help relating to cookie management in their products. Such information can be found at:

For other browsers, please consult the documentation that your browser manufacturer provides. Some cookies can be opted-out on the third party sites, for example, Google Analytics. For mobile platforms, you can change your device settings to control whether you see interest-based marketing ads.

Changes To This Privacy Policy

ERPLY may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If you disagree with the changes to this Privacy Policy, you should end your Services Subscription. Contact the Customer if you wish to request the removal of Personal Data under their control.

Contacting ERPLY

Please also feel free to contact ERPLY if you have any questions about this Privacy Policy or ERPLY’s practices, or if you are seeking to exercise any of your statutory rights. You may contact us at support(@)erply.com for English, abi(@)erply.com for Estonian or tuki(@)erply.com for Finnish support.