Hours of Operation
The cookies we use are not used to identify you personally. We will not sell your information to any third parties.
If you don’t want cookies, you don’t have to have them! Here’s how to disable cookies in Chrome. You can also use free third-party programs.
If you do block cookies, some elements of our site might not work so well.
- Remember your orders and inquiries;
- Offer live chat support;
- See which of our pages you visit;
- Enable ads;
- Allow to share our pages through social platforms.
We collect personal data when you use our website. Some of the personal data is freely provided by users, while some of it is collected automatically.
The data that we collect includes the following: Usage data, email , first and last name, phone number, company name, ip address.
We use this data to do the following:
- Improve our website by analyzing user behavior
- Contact our users
- Interact with our users on external social networks and platforms
If any other data collection occurs, it will be described at that point. Lopi.Ai is not and will not be responsible for any third-party data submitted by users.
How and where your data is stored
At Lopi.Ai, we use and store your data according to the GDPR and take reasonable security measures to prevent your data from being accessed by unauthorized individuals.
Keeping the data you provide safe
The internet is not 100% free from security risks.
We take security very seriously and train our people on protecting user data, but we cannot guarantee that your data is secure. Any data that is sent to us is done at the user’s own risk.
Your data and the government
We may be legally obligated to hand over your data to public authorities.
You have the right to ask us what information we are storing about you and ask to be forgotten (have your data erased). Should you send any requests, please do so to email@example.com. We will comply with all requests within one month.
Links to other websites
GDPR Data and Information Policy
We are transparent about how we hold and use data.
The information we hold is:
- Information enabling us to run their technology strategy. Including names, phone numbers, email addresses, business addresses (or home address, if working from home).
- Website logins (where supplied)
- Social media logins (where supplied)
- Domain and hosting logins (where supplied)
- Advertising account logins (where supplied)
- Analytics logins (where supplied)
All the information is gathered from the client in a form. The form is sent to the client at the start of the strategy. It is hosted inside various spreadsheets in Google Drive, which the campaign staff has access to.
Elements are also kept inside our CRM, our accounting software, our Project Management software, and our chat software. Their data processing terms and conditions are available on their websites.
Leads and Contacts
If you request a tech review from us, sign up for free updates, register to join the newsletter and receive our tech training, or enquire about using our services, we will retain some or all of the following data:
- Address (if purchased)
- Email address
- Phone number (if provided)
- Declared business information.
This information is collected through:
- Our website:
- The free tech review form asks visitors for the information necessary for us to carry out the review;
- Book update forms allow people to sign up with their name and email address to receive future book updates;
- Join the Lopi.Ai Club allows people to sign up for our email list to receive tips and advice.
Lead information is shared between staff members responsible for sales, marketing, and accounting.
We always clarify email capture forms that the data we collect will be used for follow-up marketing (“Join the Lopi.Ai Newsletter”). On Forms, we specify how the data submitted will be used.
On all forms, we make it clear that you can withdraw consent at any time by contacting us.
The basis for processing client data is a Contract. The basis for processing lead/contact data is Consent and/or Legitimate Interest.
Data and Privacy Notice
We store the data you submit to us in our email marketing software to send you relevant information and training to help you with your technology.
You can remove your consent to receive this information at any time by clicking the link at the bottom of the email. If you would like to be ‘forgotten’ and have your data erased, reply to any email from us requesting this, and we will handle this for you within one month.
Lopi.Ai only collects and stores information from clients necessary to carry out the tech work that we are required to carry out. This information is available to the team working on the campaign and other staff in the company who might need it for accounting, administration, or marketing work.
We also collect and store information from contacts and leads to provide relevant tech training, recommendations, and offers. This information is available to staff across the company.
The information we store about each client or contact is available to that client or contact on request, and we will delete any data when requested by them.
All client or contact information is held only in the designated cloud software applications (such as Google Drive, Gmail, Slack, and others). Information and data should never be stored locally on staff computers.
Risks and Impact Assessment
- Risk: Staff computer or account hacked, and contact information accessed
- Impact: client data leaked and shared online. Potentially websites were hacked, and personal data revealed.
- Mitigation: where possible, data is stored in cloud services like Google Drive, which have login protection and two-step verification when accessed from new locations or IP addresses. Staff required to change all passwords every three months.
- Risk: Staff member leaves and takes personal data with them
- Impact: client data leaked and shared online. Potentially websites are hacked and personal data sold.
- Mitigation: the offboarding process quickly removes access once a staff member is no longer part of the company.
All staff is trained on the following:
- Password and account security
- Data handling (including data storage methods and types of data to never store)
- Device security
A data breach can be something that leads to the destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
If any staff members notice that this has happened, they are required to notify their manager immediately. Following notification of a breach, we will:
- Assess the impact of the breach
- Notify the relevant parties immediately
- Investigate the cause of the breach
- Rectify any security vulnerabilities or processes to minimize the chance of this happening again
Right of Access
If an individual requests access to their data, this request is to be immediately passed to the Data Protection Officer (Cristina), who will:
- Confirm the data being processed
- Provide full access to their data stored in our various software via email.
We will respond to all such requests within one month.
Individuals have the right to be forgotten and can request that their data is erased. We will erase all records held for that individual/company, including:
- CRM records
- Campaign documents and files
- Slack channel
Data Processor Contracts
We have written contracts with our data processors governing the processing of personal data.
Information Security Policy
Every staff member is required to adhere to this policy and to abide by our data guidelines:
- Personal data must not be stored on your personal devices.
- Passwords must be changed on the three-monthly cycle and at any other time when management requests.
- No data should be collected and retained other than what is necessary to carry out the work that has been requested of us.
- Any requests for access to data, requests to be forgotten, reports of a breach, or any other matter relating to the management of or access to personal data should be immediately passed to firstname.lastname@example.org.