Dooster.net’s Privacy Policy
Your privacy is important to us, as is your trust in Dooster.net. We want you to be assured that the information and data you share with us will be kept secure, confidential and never shared with anyone else. Dooster.net is committed to ensuring that your privacy is protected.
Please note that Dooster will never sell your data, personal details or in any way allow anyone to access the app with that intent. Our business model is simply transactional. You pay for the service. We provide it. We don’t seek income any other way.
This privacy policy sets out how Dooster.net uses and protects any information that you give Dooster.net when you use this website.
Please note that Dooster.net may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
What we collect
To set up your Dooster.net account we collect some basic contact information like your name and email address (Please see the Dooster sign up form):
Plus certain personally identifiable information of those who communicate with us via e-mail. We also collect certain aggregate information regarding which pages users access or visit, and information volunteered by you.
What we do with the information we gather
We require this information to provide you with the service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. Your personal information is not shared with, or sold to, other organizations for commercial or other purposes.
Where we store your personal data
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the provision of support services.
By submitting your personal data, you agree to this transfer, storing or processing.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
How we use cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site.
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Controlling your personal information
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time. To advise us of this please contact us – see below.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee may be payable. If you would like a copy of the information held on you please contact us – see below.
US-EU Safe Harbor Privacy Principles
Dooster.net is committed to handling your personal information in line with Safe Harbor Principles and commits to resolve complaints about our collection or use of your personal information and your privacy.
Privacy Enquiries
If you have concerns or questions regarding Dooster.net’s privacy practices, please contact us by email at : privacy[at]dooster.net (please replace the [at] with @ )
GDPR
Dooster and the GDPR
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union.
The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The GDPR provides the following eight rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Why the GDPR Applies To You
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:
- A presence in an EU country.
- No presence in the EU, but it processes personal data of European residents.
- More than 250 employees.
- Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data.
What Types Of Privacy Data Does GDPR Protect?
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
Data Activity Roles and Definitions
Under GDPR Dooster in providing a service as a Task and Project Manager cloud application is defined as the Data Processor while you, the Dooster Account owner / user, own the data and are therefore defined as the Data Controller. (Please see Your Obligations as the Data Controller below).
In providing a business service to our Account Owner customers, Dooster is also definable as a Data Controller – in that we hold personal information on our Account Owner customers. In this regard we are fully GDPR compliant. (Details below).
The following lists the respective data activity obligations:
Our Obligations (Dooster) as the Data Processor
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR.
We are the Data Processor. This is defined as the legal person, or other body, which processes personal data on behalf of the Data Controller.
The following includes how we guarantee the eight rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Dooster.net must store your data securely, and provide a service that allows you to comply with the GDPR.
Under the GDPR, Dooster has a general obligation to implement technical and organisational measures to show that we have carefully considered and integrated data protection into our processing activities.
We have carried out a full audit of our activities in this regard, and implemented new procedures that adopt a ‘privacy by design’ approach.
Security and Encryption
Where Your Data is Held
Dooster.net data is held on Amazon Web Services* and Hetzner, an ISO27001 certified data center in Germany. Both are GDPR compliant and require strict access rules. (* AWS has obtained approval from EU data protection authorities, known as the Article 29 Working Party, of the AWS Data Processing Addendum and Model Clauses to enable transfer of data outside Europe, including to the U.S. https://aws.amazon.com/compliance/eu-data-protection/ )
In addition our team closely monitors any unauthorized system access, and has put in place multiple preventive measures to reduce the attack surface on our systems and services.
Dooster developers are well educated in software and network security.
Whenever Dooster develops a new feature, security is the absolute priority when designing it and / or the architecture around any such a system.
We ensure security by always using TSL protection.
We conduct a regular internal audit to determine what data we have, how we use it and where the data goes.
All our data security, handling and processing arrangements are set out in written policies and procedures which we update regularly.
GDPR Validated third parties
We have validated all our other third-party suppliers to ensure they comply with GDPR.
We have a protocol for handling user access requests. This involves our confirming the data listed in the “What Data Do We Hold” section – see below – and access to the Dooster user account – provided the account is active ie being paid for and that the account and the data within has not been deleted due to non-payment for the service.
Dooster gives account and coordinator members highly controllable permissions / access powers for their account users including quick and easy removal of user’s profile information.
You can quickly edit or delete any information in tasks and files on your Dooster account. The exact steps to do this are clearly outlined in ourUser Guide https://dooster.net/wp/knowledge-base-dooster/
Export tool. You can easily export and access all your Data.The exact steps to do this are clearly outlined in our User Guide https://dooster.net/wp/knowledge-base-dooster/
Breach Alerts: We have a security framework and an emergency preparedness plan that outlines how personal data is handled and what to do in the event of a breach; namely that if any data in Dooster is breached we will alert any individuals and relevant authorities within 72 hours of the breach being detected.
What Data Do We Hold?
Dooster holds limited account information for each Account Owner and users within their Dooster accounts, including:
- Names
- Email addresses
- Plus any ad-hoc / additional information you might give us voluntarily as part of using the service (for example if we help you create a workflow in Dooster for your business, you might give us information / data while explaining your business)
- Profile pictures of the users, if added to their Dooster accounts by users
- Occasionally; additional user payment details eg invoicing information, eg. company address and country.
User credit card details are not seen by us. Payments are made directly to the payment processor who transfers funds to us.
We don’t log user activity, except for temporary system logs that are solely used for debugging and software development purposes.
Dooster does not share, or resell, any kind of user data
Communicating Privacy Information: Please see our opening statment about your privacy, above.
Any Dooster account users’ end-users privacy are the sole responsibility of Dooster account users.
Dooster.net users’ rights in relation to GDPR include
- The right of access: Dooster users can access all their data, without restriction, from their account on the Dooster application.
- The right of correction: Simply contact us and we’ll process any corrections.
- The right to be forgotten / erased: Simply contact us and we’ll process all your personal data erasure queries.
- The right to restrict processing: we don’t process the data of our users (and our user’ end-users).
- The right to be kept informed: We clearly inform Dooster users on what use will be made of their data
- The right to object: Simply contact us and we’ll process requests on this matter from our users
- The right not to be subject to automated decision-making including profiling
Subject access requests
Dooster will respond to all access requests (positively or negatively) within 1 week. If you have not heard back from us in that time please contact us again via our Helpdesk https://dooster.tenderapp.com/discussion/new and also by email to support@dooster.net (GDPR’s legal limit is 1 month).
Please note: we may require ID proof ie to verify the communication has indeed come from you. We will let you know at the time if this is required.
Lawful basis for processing personal data
We don’t process personal data. Dooster stores user data with their consent when they use our service.
By using Dooster users are agreeing to the written contract in our terms and conditions relating to GDPR. This covers the legal requirement in Article 28 of the GDPR to complete a Data Processing Agreement (DPA).
Consent
Consent is provided by our users explicitly when proceeding an action or task (eg. when they provide user data).
Children
Dooster does not offer online services to children.
As per GDPR requirements to designate a dedicated data protection staff member who takes responsibility for data protection compliance, we offer users the following contact:
Edward Parry, Dooster’s founder. Contact via email: ed [at] Dooster
Your Obligations as the Data Controller
You own the data therefore you are the data controller and have specific obligations under GDPR.
This includes how you are using data stored in Dooster across your whole business.
This data might include customer information being stored in Dooster.
Any data that can be used to identify an individual is personal data.
Whenever a Data Controller uses a Data Processor it needs to have a written contract in place.
By using Dooster users are agreeing to the written contract in our terms and conditions relating to GDPR.
Data Controllers are liable for their compliance with the GDPR and must only appoint Data Processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.
As your Data Processor in this instance Dooster provides you with these sufficient guarantees by adhering to the approved code of conduct.
Please note; there is a limited exemption from GDPR for small and medium-sized organisations.
If you have less than 250 employees, you only need to document processing activities that:
- are not occasional; or
- could result in a risk to the rights and freedoms of individuals; or
- involve the processing of special categories of data or criminal conviction and offence data.
_/_/_/_/_/_/_/_/