Doit has been built and designed with privacy in mind from the very beginning, and is fully GDPR compliant.
Effective date: August 19, 2020
1. GENERAL INFORMATION
1.2 We do not own your personal data or content, nor do we sell it to others or use it for external advertising. It is your data.
2. Data Processed
2.1 We will process the following personal data when you are signing up for the Services and using the Services:
- email address;
- account information/credentials;
- address and company name (only for paid accounts);
- IP address
- picture of the data subject;
- information about how you interact with the Services, including the frequency and duration of your activities, and other information about how you use the Services; and
- technical data, which may include your IP address, unique device ID, pages that you visit before, during and after using the Services, details about your browser, operating system or device, and language;
2.3 We may obtain information about you from other sources, including through third-party services and organizations. For example, if you access our Services through a third-party application, such as a social networking site or a third-party login service, we may collect information about you from that third party that you have made available via your privacy settings.
2.4 You are solely responsible and the controller for the personal data which may be included in the content that you post, upload and/or contribute to the Services. We have the capability to access the personal data but will only do so if there is any suspicion about a breach of the Terms of service or any illegal activity. We will not be able to access end-to-end encryption.
2.5We are unable to provide you with the Services and you will not be able to create and login to your account unless you provide us with some of the personal data mentioned above. For example, the processing of the personal data in 2.1 a) - c) is necessary to maintain the contractual relationship between you and us.
3. PURPOSES OF PROCESSING
3.1 We will process the following categories of personal data: your name, e-mail address, account credentials, pictures of you and other content that you post, upload and/or contribute to the Services set out above for the following purposes:
- to administer your account, to enable and provide the Services and integration with third party services, and to provide, personalize and improve your experience with the Services, and to otherwise provide the Services according to the Terms of service;
- to send you alerts or messages by email or otherwise, including to provide you with information, newsletters and marketing or promotional material regarding updates about our products and Services. You can at any time opt out from marketing communication from us;
- to inform you about updates of the Services or the Terms of service; and
- to enforce the Terms of service, including to protect our rights, property and safety and also the rights, property and safety of third parties if necessary;
3.2 We will process the following categories of personal data: your IP address, information about your use of the Services, technical data for the following purposes:
- to improve and develop the Services or new services and products and to analyse your use of the Services; and
- to ensure the technical functioning of the Services and to prevent use of the Services in breach of the Terms of service;
3.3 We will process the following categories of personal data: company name and address for billing purposes, when you are using our premium accounts for the purpose of providing payment services.
4. LEGAL GROUND
4.2 Legitimate Interest. The processing of your personal data for the purposes in 3.1 b), d) and 3.2 a) is processed on the basis of the legitimate interest of us. Our legitimate interest is to improve the Service, stay in touch with you regarding updates in the Service and marketing of our products and services. We also need to log data when you visit our Website and how you use it to be able to maintain a sufficient level of IT-security, to evade fraud and protect the App, Website and Service from cyber threats. If you are using the Service as a Company, we base the purposes in 3.1 a), c) and 3.2 d) on our legitimate interest if the User of the Service is a company and not a private person.
5. DISCLOSURE OF PERSONAL DATA
5.1 We may share and disclose your personal data to our service providers hosting the website and for authentication of users credentials, payment service providers and analytics service providers to be able to store the personal data, authenticate the personal data used within the Services, provide payments and analysing the use of the Services.
5.2 The main processing of the personal data is done within the EU. However, we may transfer personal data outside the EU/EEA and we are therefore applying specific safeguards for the data transfers as set forth in the table below. You can acquire further information regarding the transfer by contacting us at email@example.com
Google Firebase - US - EU-US Privacy Shield
Google Analytics - US - EU-US Privacy Shield
6. RESPONDING TO LEGAL REQUESTS AND PREVENTING HARM
We may access, preserve and share your personal data in response to a legal request (like a search warrant, court order or a subpoena or the like), or when necessary to detect, prevent and address fraud and other illegal activity, to protect ourselves, you and other users, including as part of investigations.
7. COOKIES, PIXELS AND OTHER SYSTEM TECHNOLOGIES
We store your personal data until you as a user decides to delete your account or have deleted certain information on the account that you have posted or uploaded to your account. However, if your account is inactive for a period of 365 consecutive days, we will delete your information automatically after reminding you about inactivity leading to automatic deletion. We may store some personal data longer if there are legal requirements or obligations such as bookkeeping legislation, and to protect ourselves in the event of legal claims.
The Services are not directed to persons under the age of thirteen (13). If you are a parent or guardian of a person under the age of 13 and you become aware that the child has provided personal data to us without your consent, please contact firstname.lastname@example.org to exercise your access, rectification, erasure, limiting of processing and objection rights.
10. YOUR RIGHTS
10.1 You have an absolute right to object and opt-out to the processing of your personal data for direct marketing and communication from us as described in point 3.1 above.
10.2 You have the right to request access and further information concerning the processing of your personal data, or request that we correct, rectify, complete, erase or restrict the processing of your personal data. You have the right to access and obtain a copy of the personal data we process relating to you free of charge. For repetitive access requests we may charge an additional fee based on administrative costs.
10.3 If the processing is based on the legal grounds consent or fulfillment of contract you have the right to data portability. Data portability means that you can receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and have the right to transfer such data to other data controllers.
11. CONTACT INFORMATION
11.1 To exercise your rights, or if you have any questions regarding our processing of your personal data, please contact us at the following address: email@example.com or Yxagon AB, c/o Conlega Box 160 101 23 STOCKHOLM Sweden. In your letter/email please state your full name, [insert any other information the Company needs in order to process the request]. Note that you should sign the request to receive information of the processing of your personal data yourself.
11.2 If you have any complaints regarding our processing of your personal data, you may file a complaint to the competent data protection authority. You can find out more about the local data protection authorities under the following link http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
12. CHANGE OF CONTROL