1.1. We are committed to protecting your privacy rights as a consumer of our services. Our policy is to respect and protect your rights to privacy.
1.2. Deppy means Deppy Ltd.
1.3. All information you provide to us will be held by Deppy on UK based servers. Unless otherwise specified in point 9. Deppy will not hold, transfer or use your data outside the European Economic Area (EEA), nor will we share it with other, within or outside of the EEA (except when we believe in good faith that the law requires it).
1.4. We collect data on all our users in order to continually improve the services and products we offer. We also collect data to enter commercial arrangements which can include the sale of advertising space. Deppy adheres to UK Data Protection Legislation which, from 25th May 2018, includes EU Regulation 2016/679 General Data Protection Regulation (“GDPR”).
1.5. This privacy notice only relates to Deppy’s website and does not extend to your use of the internet outside of the Deppy site.
2. Company information
2.1. Deppy Ltd. is registered at 12 Helmet Row, London, EC1V 3QJ under company number 12347126.
3.1. Before using our services and purchasing of our products, we may require that each user undertakes checks for the purposes of verifying your identity and preventing fraud and money laundering. These checks require Deppy to collect and store personal data about you.
3.2. Details of personal data we may need to collect to process these checks include, but are not limited to: name, address, date of birth, contact details and device identifiers including IP addresses.
3.3. Deppy may need to enable law enforcement agencies access to your personal data to detect, investigate and/or prevent crime.
3.4. Fraud prevention agencies can hold your personal data for different time periods, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
3.5. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
3.6. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below.
3.7. Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
4. Data collected by Deppy
4.1. We will collect personal data as provided to us during the registration or purchase process, which you agree to supply us as accurate.
4.2. We do not monitor your use of the Internet, but we do use cookie technology to monitor your use of Deppy. This information is not stored alongside your personal data and will only be used on an anonymous, aggregated basis. We may process your personal data in conjunction with the documents and forms downloaded in order to maintain and improve the facilities we offer and to send you alerts about important updates to such content.
4.3. Information on the type of cookie technology we use can be found at point 6.1. they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
5. How we use your data
5.1. We use your data for the following purposes: 5.1.1. Creating and managing your account.
5.1.2. Supplying you with information, documents, forms, and other content either through the Deppy site or by email. Email preferences can be changed using the link at the foot of any emails you receive from us. Please note that some emails are an integral part of the Deppy’s service you sign up for when registering with Deppy and cannot be opted out of, and that by registering, you are consenting to us using your personal data to send such emails. We will never send you any spam.
5.1.3. Communicating with you. This may include responding to emails or calls from you.
5.1.4. Building up a profile of your interests and preferences based on your interactions with us.
5.2. Processing your personal data is in both our legitimate interests and is necessary to provide our services to you at the highest standard and to continually evolve and improve our products and services.
6. Cookie technology
6.1. We use the following cookies:
6.1.1. Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. They do not gather information about you that could be used for marketing purposes or remembering where you have been on the Internet.
6.1.2. Analytical/Performance cookies: They allow us to collect information about how you use our website, such as how you move around our website and if you experience any errors. These cookies do not collect any information that could identify you; all the information collected is anonymous and is only used to help us improve the way our website works, understand what interests our users and measure how effective our advertising is.
6.1.3. Functionality cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences and improve your visit.
6.2. Generally, cookies which are strictly necessary for the operation of the website will expire when you leave the website. Other cookies may be more permanent or not expire unless you actively delete them.
7. Personal data retention
7.1. We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will delete it. The retention period will vary depending on the purposes for which the information was collected. We are sometimes legally obliged to retain the information, for example, for tax and accounting purposes. In the absence of a specific legal or regulatory requirement to retain your data we typically retain it for the applicable legal limitation period for bringing legal claims. This is six years where the claim arises from a simple contract.
8. Storing personal data
8.1. We only store your personal data in the UK. This means that it will be fully protected under the GDPR.
8.2. As explained below, certain personal data will be made accessible to our third-party IT contractor, based outside of the European Economic Area. Additional steps have therefore been taken to ensure that your personal data will be treated just as securely and safely as it would be in the UK and under the GDPR, as embodied in a data processing agreement between us and our contractor based on model contractual clauses provided by the European Commission, which impose suitable data protection standards on a contractual basis.
9. Sharing your personal data
9.1. We may share your information with any member of the Deppy Group and with some of our business partners, service providers and subcontractors in connection with the performance of any contract we enter into with you or them.
9.2. We may also disclose your information to third parties where you have consented for us to do so, where we are under a legal, regulatory or professional obligation to do so, where we need to enforce or apply our various terms, policies and other agreements, or if it becomes necessary to protect the rights, property or safety of Deppy, our customers or any other person.
9.3. If we merge, reorganise or transfer all or part of our business, we may disclose information we hold about you to successors (and potential successors) of the business.
9.4. If we refer any dispute between us to the ODR Platform http://ec.europa.eu/consumers/odr , and/or we agree to engage in any alternative dispute resolution (“ADR”) procedure with you through the ODR Platform, then to the extent that your personal data is relevant to the dispute we may disclose it to the European Commission, as operator of the ODR Platform, and to any ADR provider appointed to deal with the dispute.
10. Your rights as a data subject
10.1. Individual data subjects have the following rights under the GDPR which we will always work to uphold:
10.1.2. The right to access your personal data by means of a subject access request (see point 11.1)
10.1.3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. You can do this by contacting us at firstname.lastname@example.org
10.1.4. The right to erasure (also known as the right to be forgotten). You can exercise this right by contacting us at email@example.com
10.1.5. The right to restrict or object to our processing of your personal data for particular purposes. Email preferences can be changed using the link at the foot of any emails you receive from us. For further information, please contact us.
10.1.6. The right to data portability. This means that you can ask us for a copy of your personal data to re-use with another service or business. Please note, however, that this right applies only if you have provided personal data to us directly, we are using it with your consent or for performance with a contract, and your data is processed using automated means.
10.1.7. Rights relating to automated decision-making and profiling. We do not, however, use your personal data in this way.
10.2. For more information about our use of your personal data or exercising your rights as outlined above, please contact us on firstname.lastname@example.org.
10.3. Further information about your rights can be obtained from the Information Commissioner’s Office. You also have the right to lodge a complaint with the Information Commissioner’s Office if you feel that your rights have been breached.
11. Accessing your data
11.1. If you wish to make a data subject access request, please do so in writing, sent to the email or postal address shown below, clearly marking your correspondence as a subject access request.
11.2. We do not normally charge for subject access requests unless they are ‘manifestly unfounded or excessive’ (e.g. repetitive). We will respond to your subject access request within one month of receiving it. In the unlikely event that your request is particularly complex, a further two months may be required but we will keep you informed if this is the case.
12. Contacting us