This policy applies to you and us Dappl Applications & Products Private Limited, (hereinafter "Dappl" or "we" or “us”) regardless of the country in which you reside or are located. This policy describes our privacy practices in plain language, keeping legal and technical jargon to a minimum, to ensure that you understand what information we collect, why we collect it, how it is used and what choices you have about your information.
Who we are
The person who is responsible for your information under this Privacy Policy (the "Data Controller") is:
Dappl Applications & Products Private Limited
1200 Thorpe Park, Century Way, Leeds,
West Yorkshire, United Kingdom, LS15 8ZA
Contact:+44 7474303816
and
Dappl Applications & Products Private Limited
Level 8 & 9, Olympia Teknos,
No 28, SIDCO Industrial Estate,
Guindy, Chennai 600032, Tamil Nadu, India
Contact:+91 8903622136
Email: info@dappl.co
Web: www.dappl.co
Where this privacy policy applies
This Privacy Policy applies to our App and website. For simplicity, we refer to these as our "Services" in this privacy policy. Please note that this Privacy Policy also applies to our mobile device App, which you can use to access our Service. As a result, you will find specifics on the use of the app as well as additional, supplementary information in this policy.
What is personal data?
Personal Data is information by which you can be directly or indirectly identified ("Personal Data"). This generally includes information such as your name, address, email address and telephone number; however, it may also include other information such as your IP address, shopping habits, lifestyle habits or preferences such as interests.
What is processing?
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and covers virtually any handling of data.
What is the applicable data protection law?
As a UK based Company we are bound to follow the UK's Data Protection Act (“DPA”). Since we are however a company that operates globally we have also adopted the principles set out in the EU's General Data Protection Regulation (“GDPR”). Given the similarity of both provisions no conflict should arise, but if it does we will follow the most stringent provision in order to ensure the highest data protection standard available.
Who is the supervisory authority?
The Information Commissioner's Office (ICO) provides advice and information for individuals about protecting personal information. They also enforce federal privacy laws and are the for us relevant data protection authority. You can find the ICO's contact details on their website at www.ico.org.uk.
Types of data processed
- Inventory data (customer master data: Company name, contact person, address, UID number, email address).
- User and account data (name, email address, cryptographic hash of the password).
- Payment data (account data and/or credit card data).
- Contract data (type of service, fee, term, contract history, payment history).
- Content data entered into by customers/users themselves.
- Usage data/ metadata (server logging: IP address, user agent, request parameters, timestamp).
Processing of special categories of data (Art. 9 para. 1 GDPR)
In principle, no special categories of data are processed unless they are supplied for processing by users, e.g. entered in lead landing pages.
Categories of data subjects
- Customers, test users, business partners.
- Visitors and users of the online offer.
In the following, we also refer to the data subjects collectively as users.
Purpose of the processing
- Provision of the online offer, its contents and functions.
- Offering and operating the services and associated services (computing capacities, databases, software, maintenance and development).
- Security measures.
- Answering contact requests and communication with users.
- Marketing, advertising and market research.
- Automated decision-making in individual cases (Art. 22 GDPR).
- No automated decisions are made..
What are the legal bases of processing personal data?
The legal bases for processing are listed below and at least one of these must apply whenever we process personal data:
- Consent: the individual has given clear consent to process personal data for a specific purpose.
- Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for us to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
What are your rights?
You have the following rights with respect to us processing your personal data:
You have the right to obtain information about whether and which of your personal data is processed by us. In this case, we will also inform you about:
- the purpose of processing;
- the categories of data;
- the recipients of your personal data;
- the planned storage period or the criteria for the planned storage period;
- Your further rights;
Unless we have been provided with your personal data by you: Any available information about its origin
if available: the existence of automated decision-making and information about the logic involved, the scope and the intended effects of the processing.
You have a right to rectification and/or completion if your personal data processed by us is inaccurate or incomplete.
- Right to restriction of processing
You have a right to restriction of processing, provided that
- we verify the accuracy of your personal data processed by us;
- the processing of your personal data is unlawful;
- you need your personal data processed by us for legal prosecution after the purpose has ceased to exist;
- you have objected to the processing of your personal data and we are reviewing this objection.
You have a right to erasure if
- we no longer need your personal data for its original purpose;
- You withdraw your consent and there is no further legal basis for processing your personal data;
- you object to the processing of your personal data and - unless it is direct marketing - there are no overriding reasons for further processing;
- the processing of your personal data is unlawful;
- the erasure of your personal data is required by law;
- your personal data was collected as a minor for information society services.
If you have exercised your right to rectification, erasure or restriction of processing, we will inform all recipients of your personal data, of this rectification, erasure of data or restriction of processing.
- Right to data portability
You have a right to receive your personal data processed by us on the basis of consent or for the performance of a contract in a structured, common and machine-readable format and to transfer it to another controller. If technically feasible, you have the right to have us transfer this data directly to another controller.
You have the right to object to the processing of your personal data in case of special reasons. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing. In case of processing of your personal data for direct marketing purposes, you have the right to object at any time.
You have the right to revoke any consent given to us at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
- Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data by us violates the law.
Provision of the website and creation of log files
The legal basis for the processing of your personal data in the context of the provision of the website and the creation of log files is our legitimate interest. The temporary storage of your personal data by us is necessary to enable delivery of the website to your computer or device. For this purpose, your personal data must be stored for the duration of the session. The storage of your personal data in log files is done to ensure the functionality of the website. In addition, we use your personal data to optimise the website and to ensure the security of our information technology systems. Your personal data is not processed in any other way.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of your personal data for the provision of the website, this is given as soon as you have left the website. In the case of storage of your personal data in log files, these are deleted after 7 days at the latest. If the data is stored beyond this period, your personal data will be anonymised so that it can no longer be assigned. The collection of your personal data for the provision of the website and the storage of your personal data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility for you to object.
Provision of the app and creation of log files
The legal basis for the processing of your personal data in the context of the provision of the app and the creation of log files is our legitimate interest. The temporary storage of your personal data by us is necessary to enable delivery of the App's functionality. For this purpose, your personal data must be stored for the duration of the session. Data that may be collected when using the App, i.e. IP address, IP location, Geolocation, type and version of the end device used, information on the mobile network used, time zone settings, operating system and platform. The storage of your personal data in log files is done to ensure the functionality of the App. In addition, we use your personal data to optimise the App and to ensure the security of our information technology systems. Your personal data is not processed in any other way.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of your personal data for the provision of the App, this is given as soon as you close the App. In the case of storage of your personal data in log files, these are deleted after 30 days at the latest. If the data is stored beyond this period, your personal data will be anonymised so that it can no longer be assigned. The collection of your personal data for the provision of the App and the storage of your personal data in log files is absolutely necessary for the operation of the App. Consequently, there is no possibility for you to object.
Use of technically necessary cookies
The legal basis for the processing of your personal data in the context of the use of technically necessary cookies is our legitimate interest. The use of technically necessary cookies serves to simplify the use of our website for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that your internet browser is recognised even after a page change. Your personal data will not be processed in any other way.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected; this is particularly the case when you leave the website. Cookies are stored on your computer or device in the case of permission and are transmitted from this to our website. Therefore, you have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. You can delete cookies that have already been stored at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
To learn more about cookies please visit
All About Cookies and to learn more about the cookies we use please refer to our Cookie Policy.
Account registration
The legal basis for the processing of your personal data in the context of customer account registration is the performance of a contract. Your registration enables in particular the conclusion of contracts as well as the maintenance of our customer relationship. We collect data when you create or update your account and this may include your name, email, phone number, login name and password, payment or banking information. The processing of your personal data within the scope of registration is therefore necessary for the fulfilment of a contract or the implementation of pre-contractual measures as well as the successful maintenance of our relationship.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case at the latest in the event of the termination of your customer account. You have the option to cancel your customer account registration at any time. In this case, your personal data will be deleted unless legal retention periods prevent deletion.
Processing of data (customer and contract data)
We collect, process and use personal data only to the extent that it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our Internet pages (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user.
The collected customer data is deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Commercial and business services
We process data of our contractual and business partners, e.g. customers and interested parties in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g. to answer enquiries.
We process this data to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organisation. We only disclose the data of the contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g. to participating telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities).
We inform the contractual partners which data is required for the aforementioned purposes before or in the course of data collection, e.g. in online forms, by means of special labelling (e.g. colours) or symbols (e.g. asterisks or similar), or in person.
Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organisational procedures, administration and response to requests, visit action evaluation, interest-based and behavioural marketing, profiling (creating profiles of users). And, the
Legal bases are Contractual performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR), and our Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).
Offering software and platform services
We process the data of our users, registered users and any test users in order to be able to provide our contractual services to them as well as on the basis of legitimate interests in order to ensure the security of our offer and to be able to develop it further. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.
Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organisational procedures, administration and response to requests, visit action evaluation, interest-based and behavioural marketing, profiling (creating profiles of users). And, the
Legal bases are Contractual performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR), and our Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).
Technical services
We process the data of our customers and clients in order to enable them to select, purchase or commission the selected services or works as well as associated activities and to pay for and deliver them or to execute or provide them. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.
Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organisational procedures, administration and response to requests, visit action evaluation, interest-based and behavioural marketing, profiling (creating profiles of users). And, the
Legal bases are Contractual performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR), and our Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).
Commercial services
We process the data of our customers and clients in order to enable them to select, purchase or commission the selected services or works and associated activities as well as their payment and delivery or execution or performance. The required information is identified as such in the context of the order, purchase order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information.
Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organisational procedures, administration and response to requests, visit action evaluation, interest-based and behavioural marketing, profiling (creating profiles of users). And, the
Legal bases are Contractual performance and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), Legal obligation (Art. 6 para. 1 p. 1 lit. c. GDPR), and our Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR).
Newsletter and pre-alerts
The legal basis for the processing of your personal data in the context of sending the newsletter and pre-alerts is your consent. The purpose of collecting your personal data is to send the newsletter and pre-alerts to you. The purpose of processing your personal data in the context of sending the newsletter and pre-alerts is to send you information, offers and, if applicable, to promote sales.
Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. Accordingly, your personal data will be stored until you have unsubscribed from our newsletter and pre-alerts. You can revoke your consent to receive the newsletter and pre-alerts at any time or use the unsubscribe link contained in each newsletter and pre-alert to object to further receipt of the newsletter and pre-alerts.
Contact form, feedback, e-mail and social media contact
The legal basis for the processing of your personal data transmitted in the course of you contacting us is our legitimate interest. If the contact aims at the conclusion of a contract, the performance of a contract is an additional legal basis for the processing of your personal data. The processing of your personal data in the event of a contact serves us solely to process your request.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the personal data sent in the course of contacting us when your request has been processed and legal retention periods do not prevent deletion. You have the option at any time to object to the processing of your personal data in the context of contacting us for the future. In this case, however, we will not be able to process your request any further. All personal data stored in the course of contacting you will be deleted in this case, unless legal retention periods prevent deletion.
Direct marketing
The legal basis for the processing of your personal data in the context of direct marketing measures is either your consent or our legitimate interest in marketing and promoting our courses and services. The purpose of processing your personal data in the context of direct marketing measures is to send information, offers and, if applicable, to promote sales.
Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected; this is the case in particular upon receipt of the revocation or objection. You can revoke your consent at any time for the future or object to the processing of your personal data in the context of direct marketing measures at any time for the future.
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of the data subject access request is both our legitimate interest and our legal obligation. The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfil the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process. You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Legal defence and enforcement of our rights
The legal basis for the processing of your personal data in the context of legal defence and enforcement of our rights is our legitimate interest. The purpose of processing your personal data in the context of legal defence and enforcement of our rights is the defence against unjustified claims and the legal enforcement and assertion of claims and rights.
Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The processing of your personal data in the context of legal defence and enforcement is mandatory for legal defence and enforcement of our rights. Consequently, there is no possibility for you to object.
Receiving messages (push notification)
For individual areas, the app offers the option of being informed via push notification (push technology or Server Push describes a type of communication in which data is transmitted even though the receiving app is running in the background).
You can configure this function via the settings of your smartphone settings and activate/deactivate the notifications there. For the delivery of the messages, it is necessary to store a push token of your mobile end device.
QR code scanner
In the app you have the option to use the QR scanner. With the help of the scanner you can scan a specific QR code. To do this, the camera of your end device for this purpose. Access only takes place if you have expressly consented to this.
Authorisations and Access
We may request access or permission to certain functions from your mobile device, including a mobile device including camera, contacts, microphone, reminders, SMS messages, social media accounts, storage, etc.
The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can deactivate push notifications at any time via Settings/Messages (iOS) or Settings/Notifications/ (Android).
Push notifications for advertising purposes will only be sent to you if you have given your prior consent. The legal basis for sending promotional push notifications is consent. Deactivation is also possible via Settings/Messages (iOS) or Settings/Apps/ (Android).
Exclusively automated data processing
In accordance with Article 22 of the GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. We do not carry out any exclusively automated data processing.
Deletion of data and archiving obligations
The data we process will be deleted or its processing restricted in accordance with the DPA and the GDPR. Unless expressly stated within the scope of this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.
Security of data processing
We take appropriate technical and organisational measures in accordance with the DPA and the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk; the measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, entry into, disclosure of, assurance of availability of, and separation of, the data relating to them. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development or selection of hardware and software as well as procedures in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
Security measures include in particular the encrypted transmission of data between your browser and our servers or the encryption of your passwords in the database.
Disclosure and transmission of data
If, in the course of our processing, we disclose data to other persons and companies as highlighted above (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, hosting providers, etc.). If we commission third parties with the processing of data on the basis of a so-called order processing agreement, this is done on the basis of Art. 28 GDPR.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or have data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU or compliance with officially recognised special contractual obligations.
Economic analyses and market research
For business reasons and in order to be able to recognise market trends, wishes of contractual partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our online offer.
The analyses are carried out for the purpose of business evaluations, marketing and market research (e.g. to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g. regarding services used. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with summarised, i.e. anonymised values. Furthermore, we take the privacy of users into consideration and process the data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g. as summarised data).
Integration Of Services And Contents Of Third Parties
We use within our online offer on the basis of our legitimate interests (Art. 6 para. 1 lit. f. GDPR), content or services offered by third-party providers in order to integrate their content and services.
This always requires that the third-party providers of this content are aware of your IP address, since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content and we endeavour to use providers that only use your IP address for the delivery of the content or services. However, Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
Children Data
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
Accuracy
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Online Payment, Secure data transmission and Credit card information
The transmission of your personal information during an order transaction is encrypted using industry standard Secure Socket Layer ("SSL") technology, (SSL encryption version 3). Any credit card information you provide will not be stored by us, but will be encrypted and collected directly from our payment service provider via hypertext transfer protocol secure ("https").
We may share information with our payment service provider, and you may need to provide credit or debit card information directly to the provider in order to process payment details and authorise payment following a secure link. The information which you supply to in such cases is not within our control and is subject to our payment service provider’s own Privacy Policy and Terms and Conditions.
Security measures
For security reasons and to protect the transmission of content, that you send to us, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Obligation to provide personal data
You are not obliged to provide us with personal data. However, depending on the individual case, the provision of certain personal data may be necessary for the provision of the above services. If you do not provide us with this personal data, we may not be able to provide the service.
Do Not Sell My Personal Information
We do not sell information that directly identifies you, like your name, address or phone records.
Hosting
The services for hosting and displaying the website are partly provided by our service provider as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our relationship with them, please contact us.
Content Delivery Network
For the purpose of a shorter loading time, we use a so-called Content Delivery Network ("CDN") for some offers. With this service, content, e.g. large media files, are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service providers work for us within the framework of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please contact us.
Changes and updates to the privacy policy
We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.