Privacy Policy
Your Data, Your Rights

1. Introduction

Posable Ltd ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our POS system and related services.

We are a UK-based company registered in England and Wales (Company Registration Number: 16705417) with our registered office at 5 Beach Road, Perranporth, Cornwall, TR6 0JL.

2. Who We Are

Data Controller: Posable Ltd

Registered in: United Kingdom

Company Registration Number: 16705417

Registered Address: 5 Beach Road, Perranporth, Cornwall, TR6 0JL

Contact Email: privacy@posable.co.uk

Website: https://posable.co.uk

3. Information We Collect

3.1 Personal Information

We may collect the following types of personal information:

• Account Information: Name, email address, phone number, business name, and billing address
• Payment Information: Credit card details, billing information (processed securely through third-party payment processors)
• Business Information: Business type, industry, number of employees, and business address
• Communication Data: Records of your communications with us, including support requests and feedback

3.2 Business Data

Through your use of our POS system, we may process:

• Sales transactions and payment records
• Product and inventory information
• Customer information (with your consent)
• Employee data and access logs
• Analytics and usage data

3.3 Technical Information

We automatically collect certain technical information, including:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, session duration)
• Log data (access times, error logs, performance data)
• Cookies and similar tracking technologies

4. How We Use Your Information

We use your information for the following purposes:

4.1 Service Provision

• To provide, maintain, and improve our POS services
• To process transactions and payments
• To sync data across your devices
• To provide customer support and technical assistance

4.2 To Improve and Secure the Service

We use your data to:

• Monitor and analyze Service performance
• Identify and fix technical issues
• Develop new features and improvements
• Conduct security monitoring and fraud prevention
• Ensure Service stability and reliability
• Create aggregated and anonymized analytics for service improvement and industry benchmarking (see Section 4.5)

4.3 Communication

• To respond to your inquiries and support requests
• To send marketing communications (with your consent)
• To notify you of changes to our services or policies

4.5 Aggregated and Anonymized Data Usage

4.5.1 What We Do

We may aggregate and anonymize data from across all users of the Service to:

• Analyze usage patterns and trends
• Generate industry benchmarks and insights
• Improve Service features and functionality
• Develop new products and services
• Conduct research and statistical analysis
• Create anonymized reports and analytics

4.5.2 Anonymization Process

When we aggregate and anonymize data:

• All personally identifiable information is removed
• Individual businesses cannot be identified from the aggregated data
• Data is combined across multiple users to prevent identification
• We apply technical and organizational measures to ensure anonymization is irreversible

4.5.3 Types of Aggregated Data

Aggregated data may include (but is not limited to):

• Transaction volumes and patterns (without customer names or identifiable information)
• Product categories and sales trends
• Usage statistics and feature adoption rates
• Performance metrics and system usage patterns
• Industry-wide trends and benchmarking data
• Loyalty program engagement metrics (anonymized)

4.5.4 Important Clarifications

• No Individual Identification: Aggregated data cannot be used to identify you, your business, or your customers
• No Selling: We do not sell aggregated data to third parties for marketing purposes
• Commercial Use: We may use aggregated insights internally or share anonymized industry trends in reports, presentations, or publications
• GDPR Compliance: Once data is truly anonymized, it is no longer considered personal data under GDPR and is not subject to data protection regulations

4.5.5 Your Rights

You cannot opt out of aggregated data usage as anonymized data is not personal data under GDPR. However:

• You retain full control over your raw data
• You can delete your account and data as described in Section 8
• Anonymized data cannot be traced back to you after aggregation

5. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Performance of Contract (Art. 6(1)(b)): To provide our services you subscribe to
• Legitimate Interests (Art. 6(1)(f)): To improve services, prevent fraud, and ensure security
• Legal Obligation (Art. 6(1)(c)): To comply with financial, tax, and legal requirements
• Consent (Art. 6(1)(a)): For marketing communications and optional features

5.5 Processing of Aggregated and Anonymized Data

Legitimate Interests (Article 6(1)(f)): To create aggregated, anonymized analytics and benchmarking data that cannot identify individual businesses or persons, for the purposes of:

• Improving and developing the Service
• Industry benchmarking and trend analysis
• Product development and innovation
• Service optimization and performance improvements

6. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

6.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating our business, including:

• Payment processors (Stripe, myPOS)
• Cloud hosting providers
• Customer support tools
• Analytics services

6.2 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or security threats
• Protect the safety of our users

6.3 Business Transfers

If Posable Ltd is acquired, merged, or sells assets, your personal data may be transferred to the acquiring entity. You will be notified of any such change.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL encryption for data transmission
• Encrypted data storage
• Regular security audits and updates
• Access controls and authentication
• Staff training on data protection

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but we continuously work to improve our security measures.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Account & Service Data: Retained while your subscription is active; after cancellation retained up to 90 days then permanently deleted (you may request earlier deletion)
• Billing & Payment Records: Retained for 6 years (UK) or up to 10 years (EU) for legal compliance
• Marketing Data: Retained until you withdraw consent or for 3 years of inactivity
• Support Data: Retained for 3 years after the last interaction

9. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, please contact us at privacy@posable.co.uk. We will respond to your request within one month.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze usage. You can control cookie settings through your browser preferences.

10.1 Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly
• Analytics Cookies: Help us understand how visitors use our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements

10.2 Third-Party Cookies

We use third‑party services that may set their own cookies (e.g., Google Analytics, payment processors, and live chat tools). You can control cookies via your browser settings.

11. International Data Transfers

Your personal data is primarily processed within the UK and European Economic Area (EEA). Where transfers occur outside the UK/EEA, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission/UK ICO
• Adequacy decisions recognizing equivalent data protection standards
• Binding Corporate Rules
• Other appropriate safeguards

Our primary data storage and processing occurs in the United Kingdom and European Economic Area.

12. If You Process Customer Data Using Our Service

Important: If you use POSable to process personal data of your customers, employees, or other individuals, you are the data controller and we act as your data processor.

12.1 Your Responsibilities

• Have a lawful basis for processing personal data
• Provide your own privacy policy to your customers
• Obtain necessary consents where required
• Respond to data subject requests (access, deletion, etc.)
• Notify authorities of data breaches where required

12.2 Customer Loyalty Schemes

If you operate a customer loyalty scheme using our Service, your privacy notices should inform customers that you will use their purchase history, loyalty points, and product preferences to operate and improve the scheme. Usual lawful bases are Legitimate Interests and/or Performance of Contract.

Our detailed Data Processing Agreement (DPA) is available upon request.

Note on POSable's Use of Anonymized Data: While you are the data controller for your customer data, POSable may aggregate and anonymize transaction and usage data across all clients for service improvement and benchmarking purposes as described in Section 4.5. This aggregated data cannot identify your business or your customers and is used solely to enhance the Service and provide industry insights.

13. Data Breaches

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you without undue delay (within 72 hours where feasible) and provide details of the breach and the measures we are taking. Where you are the data controller (e.g., for your customers’ data), you remain responsible for notifying supervisory authorities and affected individuals as required by law.

14. Third‑Party Links

Our website or Service may contain links to third‑party websites or services. We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any personal data.

15. Children's Privacy

Our services are intended for business use and are not directed at children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will delete such information promptly.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Sending you an email notification
• Updating the "Last updated" date

We encourage you to review this Privacy Policy periodically for any changes.

17. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the UK's data protection authority, the Information Commissioner's Office (ICO), if you believe your data protection rights have been violated.