Preamble

This Privacy Policy describes what kind of personal data will be collected, stored and processed with respect to the Service and how We will use and protect your personal data. This Privacy Policy has been developed in compliance with the GDPR (General Data Protection Regulation) and any matter that isn’t described here shall be subject to the terms of the GDPR.

Please be informed that We may change the Privacy Policy time to time and it is your responsibility to check the Privacy Policy regularly. In case of material changes, We will also notify You (if You’re already a customer) by sending You an email.

“We” and “us” refer to our company “Datapare”, with its registered office at 278 Langham Road, N15 3NP, London, United Kingdom, registered with the Company Registration Number: 11158083.

“You” are the individual or the entity (represented by an individual) that enters into this agreement with us, in order to use the Services.

The Services refer to the Services mentioned and described in our website available at https://datapare.com (the “Website”) provided by us.

As the data controller, We implement appropriate technical and organisational measures to safeguard your rights, freedoms and legitimate interests regarding processing of your personal data and ensure that processing of your personal data is performed in accordance with the GDPR.
1 - Legal Basis

We will collect your personal data only if (i) You have given your consent to the processing of your personal data for one or more specific purposes; or (ii) processing is necessary for the performance of a contract with You, or (iii) processing is necessary for compliance with a legal obligation, or (iv) processing is necessary for the purposes of the legitimate interests pursued by the us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
2 - What type of personal data we collect or receive?

As the data controller, We collect personal data of our customers, who subscribed to the Services and users of the Services (users appointed by our corporate customers).

We collect your personal data when You subscribe for the Services, You register an account with us, complete forms on the Website and contact us on a customer service issue.

We may collect (i) your e-mail address and postal address, (ii) contact information, (iii) IP address, (iv) information about You and/or your employees or representatives page visits such as visited pages, clicked buttons, clicked areas.

We may also automatically collect and store the information regarding your device and the browser via third parties’ software. In such case, the software will be in compliance with the applicable law. And such third parties that are in a contractual relationship with us will take the appropriate technical and organizational safeguards measures.

The Data Processing Agreement annexed to the Terms, which is available at https://datapare.com/terms, must apply where you are the data controller and instruct us to process personal data in connection with the Services.
3 - How do we use your personal data?

We use your personal data to provide and administer the Services and more specifically (i) for marketing and sales purposes, (ii) to provide support and customer services to You, when necessary, (iii) to monitor use of the Services, (iv) to send You updates, security alerts and other administrative messages, (v) to make available other offers, products or services, (vi) to make relevant statistics regarding your transactions and to gather commercial statistic and analyses regarding the use of the Services, (vii) to communicate with You, (viii) to fulfil our legal duties and/or governmental authorities’ requests.

We may share your information with third parties to the extent necessary (i) to comply with our legal obligations and requirements of governmental authorities, (ii) to protect the security of our network and (iii) to fulfill our obligations in connection with a merger or acquisition.

We will not subcontract any of our processing operations performed on behalf of You without your written authorization. You agree that this paragraph shall be considered a general written authorization in the meaning of Article 28.2 of the GDPR. We always makes sure that our business partners provide adequate data protection and security safeguards. The sub-processors that are currently engaged by us are as follows:

Amazon Web Services, Inc., 410 Terry Avenue, Seattle, WA 98109 (“AWS”); AWS cloud is used to host our platform and Services;

DigitalOcean, LLC, 101 Avenue of the Americas, 10th Floor New York, NY 10013, Digital Ocean is used to host our platform and Services;

Google Inc., headquartered at 1600 Amphitheatre Parkway Mountain View CA 94043, United States; Google Cloud Platform is used to host our platform and Services;

Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen's Green, Dublin 2, Republic of Ireland; used for outbound messaging and messages measurement, optimization and integrations;

Microsoft Corporation Inc., One Microsoft Way, Redmond, WA 98052-6399, United States; Azure is used to host our platform and Services;

Stripe, Inc., headquartered at 510 Townsend St, San Francisco, CA 94103, used for card payment processing;

Hubspot, Inc., 25 First Street, 2nd Floor Cambridge, MA 02141, United States; used for CRM, sales and marketing purposes.

Where We engage another processor We shall have a written contract that imposes the same obligations on the sub-processor as are imposed on us in the Terms of Service and this Privacy Policy.
4 - Data Retention

We will not retain your personal data longer than is necessary for the purposes for which it was processed. Where it is no more necessary to retain your personal data, We will either delete it or make it anonymous.
5 - Your rights in connection with your privacy

a. Automated individual decision making

You have the right not to be subject to a decision based solely on automated processing, including profiling, except when it is necessary for entering into, or performance of our agreement (the Terms) or the Services or is authorised by the applicable law to which We are subject.

b. Your right of access

You have the right to request us confirmation as to whether or not your personal data is being processed. If your personal data is processed, You will have access to your personal data and the following information: (i) the purposes of the processing, (ii) the categories of your personal data, (iii) the recipients or categories of recipient to whom your personal data have been or will be disclosed, (iv) where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period, (v) the existence of the right to request us rectification or erasure of your personal data, (vi) your right to lodge a complaint with a supervisory authority, (vii) where your personal data is not collected from the data subject, any available information as to their source, (viii) the existence of automated decision-making, including profiling.

c. Your right to rectification

You have the right to obtain the rectification of your inaccurate personal data that is inaccurate. You also have the right to have your incomplete personal data completed.

d. Your right to data portability

You have the right to receive your personal data You shared with us in a structured, commonly used and machine-readable format. You also have the right to have your personal data transmitted directly to another data controller, where it’s technically feasible and it does not adversely affect the rights and freedoms of others.

e. Your right to object to processing

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on (i) the necessity for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or (ii) the necessity for the purposes of our or a third party’s legitimate interests. In such case, We will cease to process your personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

f. Your right to object to direct marketing

You have the right to object at any time to processing of your personal data for direct marketing,

g. Your right to restriction of processing

You have the right to request us to restrict processing of your personal data if You contest the accuracy of your personal data or lawfulness of the processing. Upon your request, We will restrict the processing of your personal data, with the exception of storage and/or or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform You immediately if and when the restriction is lifted.

h. Your right to be forgotten

You have the right to request us to erase your personal data without undue delay where your personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed or You withdraw your consent and there is no other legal ground for the processing. In such case we will immediately delete your personal data except when the processing of your personal data is necessary for exercising the right of freedom of expression and information or for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or for the establishment, exercise or defence of legal claims.

i. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, You have the right to lodge a complaint with a supervisory authority, if You think that the processing of your personal data infringes the applicable law.
6 - Notification of a personal data breach

In the case of a personal data breach, We will notify the breach to the competent supervisory authority not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If the breach is likely to result in a high risk to the rights and freedoms of natural persons, We will communicate the personal data breach to You without undue delay, unless if;

(i) appropriate technical and organisational protection measures have been implemented, and those measures were applied to the personal data affected by the personal data breach, or

(ii) the subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize, have been implemented, or

(iii) it would involve disproportionate effort. In such a case, We will make a public communication or similar measure whereby the data subjects are informed in an equally effective manner.
7 - Transfer of personal data to third countries

We may transfer your personal data to a third country or to an international organization, provided that all the conditions laid down in the applicable law are complied with and that there will be an adequate level of protection and safeguards measures for the privacy of your personal data.

If your personal data is transferred to a third country or to an international organisation, You will have the right to be informed of the appropriate safeguards relating to the transfer.
8 - Contact us

You can contact us through our email address info@datapare.com with respect to your questions or concerns regarding this Privacy Policy.