Privacy Policy
SAAS-BASED CRE PLATFORM
Privacy Policy
dottid is committed to respecting your privacy. This Privacy Policy describes how dottid (“dottid”, “we”, “us” or “our”) collects, protects and uses information, including personally identifiable information (“Personal Information”), you (“User”, “you” or “your”) may provide in, or is otherwise available through, the application (“Application”) and/or in connection with any of the services available on or through the Application (the “Services”). It also describes the options available to you regarding our use of your information and how you can access and update this information. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
a. Collection of Personal Information
We receive and store any personally identifiable information you provide to us when you register to use the Application, receive or otherwise participate in any Services, and/or otherwise provide data, materials, content or any other information to or through us or the Application. You can choose not to provide us with certain information, but you acknowledge that such information may be required to access the Application and/or needed to take full advantage of the Application's features and functionality and the Services.
b. Collection of Non-Personal Information
When you access the Application, our servers automatically record certain information – e.g., from your device, a mobile application and/or via the website. This information may include information about your device, app or web visit, such as your IP address and location, device name and version, operating system type and version, language preferences, information you search for in the Application, access times and dates, and other data and statistics. Dottid may capture not only Site activity metrics but also any data captured, derived or otherwise gleaned from any document or other material uploaded to the Site together with generalized data metrics.
c. Use of Collected Information
Any of the information we collect from you may be used to update, augment, improve and otherwise modify the Application; the Services; our customer service; and our businesses, including the analysis, restatement and sale of information and data. Non-personal information collected is used to identify potential cases of misuse, fraud or establish statistical information regarding the Application, site traffic and usage. Additionally, the statistical information is not otherwise aggregated in such a way that would identify you or any particular user of the Application. We intend to collect and analyze such data and provide our conclusions to other users and interested parties. We may also disclose your information as part of a legal disclosure.
Dottid only discloses potentially personally-identifying and personally-identifying information to those of its employees, contractors, and affiliated organizations that (i) need to know that information in order to process it on Dottid's behalf or to provide services available on the Website, and (ii) that have agreed not to disclose it to others.
Dottid will not knowingly rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors, and affiliated organizations, as described above, Dottid discloses potentially personally-identifying and personally-identifying information only when required to do so by law (see below), or when Dottid believes in good faith that disclosure is reasonably necessary to protect the property or rights of Dottid, third parties, or the public at large.
Dottid takes reasonable measures standard in the industry reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of potentially personally-identifying and personally-identifying information.
d. Information Security
Unless otherwise expressly set forth in the Master Agreement, the following terms shall apply to Information Security. We secure information you provide to us on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We may also use third party vendors and other service providers to perform services (e.g., cloud storage) for us or on our behalf, which may include Amazon Web Services, Google [and ?]. Any such third party service providers will provide industry-leading data and security protection measures. However, the security and privacy of data transmitted over the Internet or wireless network cannot be guaranteed because of the cloud-based hosting. Therefore, while we strive to protect your personal information, if any, you acknowledge and agree that (i) there are security and privacy limitations of the Internet, including with service providers, which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and the Application cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with despite our reasonable efforts, including by a third party during transmission. If you maintain a Dottid account that you access through our website or Application, you are responsible for protecting and maintaining the confidentiality of your account and password and restricting access to your computer or other devices used to connect with that account.
e. Use of Sub-Processors
We engage third-party data processors, known as Sub-Processors, within our organization that will or potentially will have access to or will process all accessible data and usage data collected by our platform and services (“Services Data”), including personal and non-personal information. You will see different types of such Sub-Processors below.
We employ commercially reasonable best practices with a commercially reasonable selection process to evaluate the security, privacy and confidentiality practices of sub-processors that may have access to Service Data.
Dottid generally requires its sub-processors to satisfy equivalent obligations as those required from Dottid, including but not limited to, the requirements to:
Process Personal Data in accordance with documented instructions;
In connection with their sub-processing activities, use only personnel who are reliable and subject to a contractually binding obligation to observe data privacy and security, to the extent applicable, pursuant to applicable data protection laws;
Provide regular training in security and data protection to personnel to whom they grant access to Personal Data;
Implement and maintain appropriate technical and organizational measures (including measures consistent with those to which Dottid is contractually committed) to adhere to insofar as they are equally relevant to the sub-processor’s processing of Personal Data on Dottid’s behalf) and provide an annual certification that evidences compliance with this obligation. In the absence of such certification Dottid reserves the right to audit the sub-processor;
and to promptly inform Dottid about any actual or potential security breach; and
Cooperate with Dottid in order to deal with requests from data controllers, data subjects, or data protection authorities, as applicable.
This Sub-Processor selection policy does not give you any additional rights or remedies and should not be construed as a binding agreement. The information herein is only provided to illustrate Dottid’s engagement process for Sub-Processors as well as to provide the actual list of third-party Sub-Processors used by Dottid as of the date of this policy (which Dottid may use in the delivery and support of its Services).
Dottid owns or controls access to the infrastructure that it uses to host and process Service Data. Currently, the Dottid production systems used for hosting Service Data for provided Services are located in the infrastructure Sub-Processors listed below. Subscriber accounts are typically established in one of these regions based on where the Subscriber is located but may be shifted among locations to ensure performance and availability of the Services. The table below describes the countries and legal entities engaged by Dottid in the storage of Service Data. Dottid uses additional services provided by these Sub-Processors to process Service Data as needed.
Dottid works with certain third parties to provide specific functionality within the Services. These providers are the Sub-Processors set forth below. In order to provide the relevant functionality, these Sub-Processors access Service Data. Their use is limited to only the indicated Services. If a User has purchased the Dottid access and Services, then the Sub-Processors used will be in accordance with the Sub-Processors listed for the underlying Services that make up the Dottid Application as applicable and detailed in this policy.
Subprocessor: Google Cloud Platform
Description: Cloud Provider
Location: USA
Subprocessor: Amazon Web Services
Description: Cloud Provider
Location: USA
Subprocessor: Full Story
Description: Analytics
Location: USA
Subprocessor: HubSpot
Description: CRE, Marketing, Automation
Location: USA
Subprocessor: Sendgrid
Description: Email Delivery
Location: USA
Subprocessor: Courier
Description: Notification Delivery
Location: USA
Subprocessor: Flagsmith
Description: Feature Flag Management
Location: USA
Subprocessor: Apollo Studio
Description: GrpahQL API Management
Location: USA
f. Data Breach
Unless otherwise expressly set forth in the Master Agreement, the following terms shall apply to Data Breach. In the event we become aware that the security of the Application has been compromised or an Authorized User’s Personal Information has been disclosed in an unauthorized manner, including, but not limited to, via security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will contact you, including, but not limited to, by sending you an email.
g. Data Protection
Oversight of Data Security is handled by Dottid's respective Data Protection Officers. Should you wish to make modifications, deletions, or additions to any personal data you believe to be captured by Dottid, or if you have any general security concerns, please contact the Data Protection Office (DPO) for your respective territory at the following email address:
h. Data Retention & Deletion
If you already have an account on the Website, you may access, update, alter, or delete your basic user profile information by logging into your account and updating profile settings. Dottid will retain your information for as long as your account is active or as needed to perform our contractual obligations, provide you services through the Website, to comply with legal obligations, resolve disputes, preserve legal rights, or enforce our agreements. We will delete inactive accounts after a period of twelve (12) months. We will also erase information once it is no longer necessary to fulfill the purposes for which it was collected and processed.
Please note that due to the nature of our products, services, and community, we may retain limited personally-identifiable information indefinitely in order to ensure transactional integrity and nonrepudiation. For example, if you provide your information in connection with a post or comment, we may display that information even if you have deleted your account as we do not automatically delete community posts. We will continue to adhere to the privacy policies and practices outlined here for inactive accounts, up until an inactive account is deleted and/or its information is erased.
i.Global Privacy Practices
Information we collect will be stored and processed in the United States in accordance with this Privacy Policy, but we understand that users from other countries may have different expectations and rights with regard to their privacy. For all Website visitors and users, no matter their country of location, we will:
provide clear methods of unambiguous, informed consent when we do collect your personal information;
only collect the minimum amount of personal data necessary for the purpose it is collected for, unless you choose to provide us more;
offer you simple methods of accessing, correcting, or deleting your information that we have collected, with the exception of information you voluntarily provide that is necessary to retain as is for the integrity of our project code as described further below; and
provide Website users notice, choice, accountability, security, and access, and we limit the purpose for processing. We also provide our users a method of recourse and enforcement.
If you are located in the European Union, you are entitled to the following rights with regard to your personal information and data:
Right of access to your personal data, to know what information about you we hold
Right to correct any incorrect or incomplete personal data about yourself that we hold
Right to restrict/suspend our processing of your personal data
Right to complain to a supervisory authority if you believe your privacy rights are being violated
Additional rights that may apply to you in certain instances:
Right of data portability (if our processing is based on consent and automated means)
Right to withdraw consent at any time (if processing is based on consent)
Right to object to processing (if processing is based on legitimate interests)
Right to object to processing of personal data for direct marketing purposes
Right of erasure of your personal data from our system (“right to be forgotten”) if certain grounds are met
To exercise your privacy rights, you can email us at the address given below in the ‘Contacting Dottid About Your Privacy’ section of this Privacy Policy.
Legal Disclosure
We will also disclose any information we collect, use or receive if required or permitted by applicable law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Changes and Amendments
We reserve the right to update and modify this Policy relating to the Application and/or the Services at any time, effective upon posting of an updated version of this Policy via the Application and/or sending you an email. When we do we will revise the updated date at the bottom of this page. Continued use of the Application and/or Services after any such changes shall constitute your consent to such changes and your continued consent to the full Policy.
Contacting Us
If you have questions or concerns about the way we are handling your information, or would like to exercise your privacy rights, please email us with the subject line "Privacy Concern" at Dottid Legal.
This document was last updated on April 1, 2022.