1. Introduction
Welcome to DealDeck. Your privacy is critically important to us. This Privacy Policy outlines how DealDeck ApS ("DealDeck", "we", "us", or "our") collects, uses, protects, and shares your personal data when you visit our website, dealdeck.ai, or use our application (the "Application").
DealDeck ApS is a company registered in Denmark with the following details:
Company Name: DealDeck ApS
Registration Number: DK45314340
Address: Rævegade 2, 1315 Copenhagen K, Denmark
This policy explains our role as both a Data Controller (for data we collect for our own purposes) and a Data Processor (for data we process on behalf of our customers).
2. The Data We Collect and Process
We process different categories of personal data depending on your interaction with us.
A. When you are a DealDeck Customer (User of the Application):
If you sign up and use our Application, you are the Data Controller for the data you upload. We act as the Data Processor on your behalf. The data we process for you includes:
Your User Data:
- Name
- Email address
- User profile picture
Your Viewer Data: Data related to the individuals you share your DealDecks with.
- Email address
- Behavioural data on the DealDeck you created (e.g., opens, clicks, time spent).
Other Data You Provide: Our Application is a flexible tool. You may choose to include non-sensitive or sensitive personal data within the content you create. As the Data Controller, you are responsible for ensuring you have a legal basis to process this data.
B. When you visit our website (dealdeck.ai):
When you browse our website, we may collect information automatically from your device.
- Technical Information: IP address, browser type and version, operating system, and device information.
- Usage Information: Information about how you navigate our website, such as pages viewed and links clicked. This is typically collected using cookies and similar technologies.
3. Purpose and Legal Basis for Processing
We are committed to processing your data lawfully, fairly, and transparently.
- To Provide Our Service: We process the data you provide as a customer to fulfill our contractual agreement with you, allowing you to create, manage, and share content through our Application. The legal basis for this is the performance of a contract.
- For Security and Operations: We use data to monitor and protect the security, integrity, and availability of our Application. The legal basis is our legitimate interest in maintaining a secure and robust service.
- To Improve Our Services: We analyze usage data from our website and Application to understand user needs and improve our offerings. The legal basis is our legitimate interest in business development.
- To Communicate With You: We may use your contact information to send you service updates, security alerts, and administrative messages. The legal basis is the performance of a contract or our legitimate interest.
4. Data Security
We take the security of your data very seriously. We have implemented a comprehensive Information Security Management System (ISMS) with robust technical and organizational measures to protect your data against accidental or unlawful destruction, loss, alteration, and unauthorized access.
Our minimum security measures include:
- Encryption: Data is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher.
- Access Control: We use role-based access controls and multi-factor authentication to ensure that only authorized personnel can access your data. Access rights are reviewed annually.
- Vulnerability Management: We continuously monitor our systems for vulnerabilities and address them in a timely manner.
- Backup and Recovery: We perform daily backups and maintain business continuity plans to ensure the availability of your data.
- Employee Training: All our employees undergo annual security and compliance training.
- Incident Response: In the event of a security breach affecting your personal data, we will notify our customers without undue delay, and where feasible, within 36 hours of becoming aware of it. We will provide all necessary assistance to help our customers meet their notification obligations.
5. Data Retention and Deletion
- During Your Subscription: As a customer, you can access, rectify, and delete data directly within the Application at any time.
- After Your Subscription Ends: We will permanently delete all of your data, including all personal data, from our systems sixty (60) days after the termination of your agreement with us.
6. Data Sharing and Subprocessors
We do not sell your personal data. To provide our service, we may share data with third-party service providers, known as subprocessors, who perform services on our behalf.
We have your general approval to use subprocessors. We conduct due diligence on all subprocessors and have written agreements in place that require them to provide at least the same level of data protection as set out in this policy and required by EU law.
Our primary subprocessor for cloud hosting is:
- Subprocessor: Amazon Web Services (AWS)
- Service: Cloud Hosting
- Country: Germany / Ireland (European Economic Area)We will notify our customers in writing at least thirty (30) days in advance of any planned changes to our list of subprocessors.
7. International Data Transfers
We primarily store and process your data within the European Economic Area (EEA). Any transfer of personal data to countries outside the EEA will only be done in full compliance with Chapter V of the GDPR, ensuring that appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data.
8. Your Data Protection Rights
Under GDPR, you have several rights concerning your personal data.
- Right to Access: You have the right to request copies of your personal data.
- Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
- Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions.
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
- Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
- Right to Object: You have the right to object to our processing of your personal data, under certain conditions.
How to Exercise Your Rights:
- If you are a DealDeck customer, you can exercise many of these rights directly through your account settings.
- If you are a viewer of a DealDeck created by one of our customers, please direct your request to the customer (the Data Controller) who shared the DealDeck with you. We will assist our customers in responding to your requests.
- For any other requests, please contact us at the details below.
You also have the right to lodge a complaint with a supervisory authority, such as the Danish Data Protection Agency (Datatilsynet), if you believe our processing of your personal data infringes data protection laws.
9. Auditing and Compliance
We are committed to demonstrating our compliance with the GDPR. We will provide our customers with all necessary information to verify our compliance and will allow for and contribute to audits as required by our agreement.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and, where appropriate, notifying our customers directly via email. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or our data protection practices, please do not hesitate to contact us.
DealDeck ApS
Rævegade 2, 1315
Copenhagen K, Denmark
Email: info@dealdeck.ai
