Privacy Policy

Effective date: 10/01/2020

Table of Contents

  1. Intro
  2. What Information DCOYA Collects about You
  3. How DCOYA Collects Information
  4. How DCOYA Uses Personal Data
  5. How DCOYA Shares Personal Data
  6. How DCOYA Secures Personal Data
  7. Accessing and Correcting Your Personal Data
  8. How Long DCOYA Retains Personal Data
  9. Your Choices
  10. Children Under the Age of 18
  11. Third-Party Websites
  12. Sensitive Information
  13. Changes to this Privacy Policy
  14. EU-US Privacy Shield Framework
  15. Questions, Concerns, or Complaints
  16. Information for European Users Only

 

Intro

DCOYA Ltd. (“DCOYA“, “us“, “we“, or “our“) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

 

This Privacy Policy describes DCOYA’s privacy practices with respect to Personal Data (as defined below) that we collect through websites operated by us from which you access this Privacy Policy, including www.dcoya.com and other services provided by us both online and offline, as well as through email messages or other interactions that link to this Privacy Policy (collectively, the “Sites“). “You“, “your“, or “user” refers to any individual who visits or otherwise uses the Sites.

 

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Sites. By accessing or using our Sites, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see the Section entitled “Changes to this Privacy Policy”). Your continued use of the Sites after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

 

Please note that we participate in and comply with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from European Economic Area (“EEA”) member countries. You can find out more about our commitment to the EU-U.S. Privacy Shield Framework in the Section entitled “EU-US Privacy Shield Framework”.

 

What Information DCOYA Collects about You

We collect the following types of information from and about users of our Sites:

 

Personal Data: to the extent that any information we collect is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, such information will be referred to as “Personal Data” under this Privacy Policy. Personal Data may include a person’s name, email address, postal address and telephone number, demographic information such as age and gender, employment information such as title and company name, browser and device information (including IP address), and information collected through cookies, web beacons, flash cookies, and other similar technologies (for more information on cookies, please visit our Cookie Policy http://www.dcoya.com/cookie-policy. If you submit any Personal Data to us that relates to other people, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

Non-Personal Data.We also collect information that does not relate to a person and/or cannot be used to identify a person, such as information which has been fully and permanently anonymized and aggregated (“Non-Personal Data”). The limitations and requirements of this Privacy Policy on our collection, use, disclosure, transfer, and storage/retention of Personal Data do not apply to Non-Personal Data.

How DCOYA Collects Information

We collect information in a variety of ways, including:

 

Information you voluntarily provide to us.  We may collect Personal Data when you use or interact with us through the Sites, including when you register on one of the Sites, when you subscribe for a print magazine or an email newsletter, when you download content, when you register for one of our conferences or webinars, when you complete a survey, or when you register to use certain services like white papers. In some cases, we may also collect your credit card information, some of which may constitute Personal Data, to secure certain payments.

We may also collect Personal Data from you offline, such as when you attend one of our events, during phone calls with representatives, when you complete paper forms, or when you contact a DCOYA representative.

 

Information we automatically collect.  We may also automatically collect certain technical data that is sent to us from the computer, mobile device, and/or browser through which you access the Sites. This may include, without limitation, a unique identifier associated with your access device and/or browser (including, for example, your IP address), characteristics about your access device and/or browser, statistics on your activities on the Sites, information about how you came to the Sites and data collected through cookies, web beacons, flash cookies, and other similar technologies. You can find out more information about how we use cookies and other similar tracking technologies in our Cookie Policy.

Information from other sources.  We may also collect or receive Personal Data from third-party sources, such as third-party websites or integrations, our service providers, our business partners, and other third parties.

Please not that when you register for the Sites or otherwise submit Personal Data to us, we may associate other Non-Personal Data (including Non-Personal Data we collect from third parties) with your Personal Data. Upon doing so, we will treat any such combined data as your Personal Data until such time as it can no longer be associated with you or used to identify you.

 

How DCOYA Uses Personal Data

We use Personal Data:

To fulfill your requests, such as to send you requested materials and newsletters, information and materials regarding our products and services, and to allow you to participate in paid services, message boards, and auctions.

To send administrative information to you, for example, information regarding the Sites and changes to our terms, conditions, and policies.

To allow you to participate in sweepstakes, contests and similar promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your Personal Data, so we suggest that you read these rules carefully.

For internal business purposes, including without limitation, to help us improve the content and functionality of the Sites, to better understand our users, to improve the Sites, to protect against, identify, or address wrongdoing, to enforce our Terms and Conditions, to manage your account and provide you with customer service, and to generally manage the Sites and our business.

Where it is in accordance with your marketing preferences, we may use your Personal Data for marketing purposes, including without limitation, to inform you about our own and third-parties’ services or products that may be of interest to you. If you do not want us to use your Personal Data in this way, please adjust your user preferences on your account page or email us at admin@dcoya.com. Please see the Section entitled “Your Choices” for more information.

If we intend to use any Personal Data in any manner that is not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time the Personal Data is collected, or we will obtain your consent subsequent to such collection but prior to such use.

We may use Personal Data as we believe to be necessary or appropriate: (i) under applicable law, including laws outside your country of residence; (ii) to comply with legal processes; (iii) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (iv) to enforce our Terms and Conditions; (iv) to protect our operations; (v) to protect our, your, and/or others’ rights, privacy, safety or property; and (vi) to allow us to pursue available remedies or limit the damages that we may sustain.

We may use aggregated or de-identified information for any purpose. Once Personal Data is in an aggregated form, for purposes of this Privacy Policy, it becomes Non-Personal Data.

How DCOYA Shares Personal Data

Your instructions.  DCOYA will share your Personal Data to fulfill the purpose for which you provide it, subject to applicable law.

Parent companies, subsidiaries, and affiliates.  We may share your Personal Data with our parent companies, subsidiaries, and/or affiliates for purposes consistent with this Privacy Policy. Our parent companies, subsidiaries, and affiliates will be bound to maintain that Personal Data in accordance with this Privacy Policy.

Agents, consultants, and service providers.  We may share your Personal Data with our contractors and service providers who process Personal Data on behalf of DCOYA to perform certain business-related functions. These companies may include our marketing agencies, database service providers, backup and disaster recovery service providers, email service providers, and others. When we engage another company to perform such functions, we may provide them with information, including Personal Data, in connection with their performance of such functions.

Business transfers.  As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution, or similar event, Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of DCOYA (or our assets) will continue to have the right to use your Personal Data and other information in accordance with the terms of this Privacy Policy.

Legal requirements.  We may disclose your Personal Data if required to do so by law in order to, for example, respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements), or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect or defend our rights, interests or property or that of third parties, (iii) prevent or investigate possible wrongdoing in connection with the Sites, (iv) act in urgent circumstances to protect the personal safety of users of the Sites or the public, or (v) protect against legal liability.

Marketing purposes.  Where it is in accordance with your marketing preferences, we may share your Personal Data for marketing purposes, including without limitation, to inform you about our own and third-parties’ services or products that may be of interest to you. You may opt out of us using your Personal Data in this way by adjusting your user preferences on your account page or emailing us at admin@dcoya.com. Please see the Section entitled “Your Choices” for more information.

With your consent.  We may share your Personal Data with third parties when we have obtained your consent to do so.

Aggregated or de-identified data.  We may disclose aggregated or de-identified information for any purpose. For example, we may share aggregated or de-identified information with prospects or partners for business or research purposes. Once Personal Data is in an aggregated form, for purposes of this Privacy Policy, it becomes Non-Personal Data.

How DCOYA Secures Personal Data

We have implemented appropriate organizational, technical, and administrative measures to protect Personal Data within our organization, including security controls to prevent unauthorized access to our systems. While we take reasonable steps to secure your Personal Data from loss, misuse, interference and unauthorized access, modification and disclosure, you should be aware no security procedures or protocols are ever guaranteed to be completely secure from intrusion or hacking, and there is therefore always some risk assumed by sharing Personal Data online. If you have reason to believe that your account has been compromised, please immediately notify us at admin@dcoya.com.

 

Accessing and Correcting Your Personal Data

You can review and change your Personal Data by visiting your account page. You may also send us an email at admin@dcoya.com to request access to, correct or delete any Personal Data that you have provided to us. We may not be able to delete your Personal Data except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

 

How Long DCOYA Retains Personal Data

We may retain your Personal Data as long as you are registered to use the Site(s). You may close your account by contacting us at admin@dcoya.com. However, we may retain Personal Data for an additional period as is permitted or required under applicable laws. Even if we delete your Personal Data, it may persist on backup or archival media for an additional period of time for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.

 

Your Choices

You have several choices available when it comes to your Personal Data.

 

You can browse the Sites without providing any Personal Data (other than data collected automatically to the extent it is considered Personal Data under applicable laws) or you may decide to simply limit the Personal Data you provide. If you choose not to provide any Personal Data or limit the Personal Data you provide, you may not be able to use certain functionality of the Sites.

 

Where it is in accordance with your marketing preferences, DCOYA may send you electronic communications marketing or advertising the Sites themselves, products or services on the Sites, and/or third-party products or services that may be of interest to you. You can opt out of receiving these electronic communications by clicking on the “unsubscribe” link at the bottom of any such electronic communication. In addition, you may also manage your preferences at any time by visiting your account page or emailing us at admin@dcoya.com.

 

Certain electronic communications from DCOYA are responsive to your requests. Notwithstanding any unsubscribe election that you have made, you may still receive transactional or responsive emails. You can only stop receiving these types of communications by contacting us at admin@dcoya.com.

 

It may take up to forty-eight (48) hours for us to process an unsubscribe request. Even after you opt out of all electronic communications, we will retain your Personal Data in accordance with this Privacy Policy; however, we will no longer use it to contact you.

 

Your California Privacy Rights

 

California Civil Code Section § 1798.83 permits users of our Sites that are California residents to request certain information regarding our disclosure of Personal Data to third parties for direct marketing purposes. To make such a request, please send an email to admin@dcoya.com.

 

Do Not Track Disclosures

 

Do Not Track is a privacy preference that users can set in their web browsers. When a user turns on the Do Not Track signal, the browser sends a message to websites requesting them not to track the user. At this time, DCOYA does not respond to Do Not Track browser settings or signals. In addition, we deploy cookies on our Sites. Cookies may be used by us to collect information about you and your Internet activity, even if you have turned on the Do Not Track signal.

 

Children Under the Age of 18

Our Sites are not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Sites. We do not knowingly collect Personal Data from children under 18. If you are under 18, do not use or provide any information on the Sites or on or through any of its features, register on the Sites, make any purchases through the Sites, use any of the interactive or public comment features of the Sites, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at admin@dcoya.com.

 

Third-Party Websites

The Sites may contain links to other websites on the Internet, and other websites may likewise contain links to the Sites. The information practices or content of such other websites is governed by the privacy policies of those websites and not by this Privacy Policy. We encourage you to review the privacy policies found on such other websites, services, and applications to understand how your information is collected and used by them.

 

Similarly, please note that we are not responsible for the collection, use, and disclosure policies and practices (including the data security practices) of other organizations, such as other app developers, app providers, social media platform providers, operating system providers, wireless service providers, or device manufacturers.

 

Sensitive Information

Please do not send or disclose to us, on or through the Sites or via other means, any sensitive Personal Data, including information related to racial or ethnic origin, political opinions or affiliations, religious or philosophical beliefs or affiliations, trade union membership, genetic data, biometric data, sex life or sexual orientation, social security numbers, or criminal background.

 

Changes to this Privacy Policy

The Sites and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right, in our sole discretion, to update or modify this Privacy Policy at any time. Modifications to this Privacy Policy will be posted to the Sites with a change to the “Last modified” date at the top of this Privacy Policy. In certain circumstances DCOYA may, but need not, provide you with additional notice of such modifications, such as via email or with in-Site notifications. Modifications will be effective thirty (30) days following the “Last modified” date or such other date as communicated in any other notice to you.

 

Please review this Privacy Policy periodically, and especially before you provide any Personal Data. This Privacy Policy was updated on the date indicated above. Your continued use of the Sites following the effectiveness of any modifications to this Privacy Policy constitutes acceptance of those modifications. If any modification to this Privacy Policy is not acceptable to you, you should cease accessing, browsing and otherwise using the Sites.

 

EU-US Privacy Shield Framework

To provide adequate protection for certain EEA Personal Data received in the United States, we have elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce (“Privacy Shield”). DCOYA adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.

 

For purposes of enforcing compliance with the Privacy Shield, DCOYA is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, please see the US Department of Commerce’s Privacy Shield website located at https://www.privacyshield.gov. To review DCOYA’s representation on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at: https://www.privacyshield.gov/list.

 

This Privacy Policy describes the categories of EEA Personal Data that we may receive in the United States as well as the purposes for which we use that EEA Personal Data. DCOYA will only process EEA Personal Data in ways that are compatible with the purpose that we collected it for, or for purposes the individual later authorizes. Before we use your EEA Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt out. DCOYA maintains reasonable procedures to help ensure that EEA Personal Data is reliable for its intended use, accurate, complete, and current.

 

EEA Personal Data Transfers to Third Parties

 

We may transfer EEA Personal Data to our third-party agents or service providers who perform functions on our behalf as described in this Privacy Policy. Where required by the Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the Privacy Shield requires and limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EEA Personal Data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of EEA Personal Data that we transfer to them.

 

We may transfer EEA Personal Data to unaffiliated third-party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your EEA Personal Data to third-party data controllers for the purposes described in this Privacy Policy. We will only provide your EEA Personal Data to third-party data controllers where you have not opted-out of such disclosures. We enter into written contracts with any unaffiliated third-party data controllers requiring them to provide the same level of protection for EEA Personal Data the Privacy Shield requires. We also limit their use of your EEA Personal Data so that it is consistent with any consent you have provided and with the notices you have received. If we transfer your EEA Personal Data to one of our affiliated entities within our corporate group, we will take steps to ensure that your EEA Personal Data is protected with the same level of protection the Privacy Shield requires.

 

Under certain circumstances, we may be required to disclose your EEA Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

 

Security

 

We maintain reasonable and appropriate security measures to protect EEA Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.

 

Access Rights

 

You may have the right to access the EEA Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EEA Personal Data, you can submit a written request to admin@dcoya.com. We may request specific information from you to confirm your identity. In some circumstances, we may charge a reasonable fee for access to your information.

 

Enforcement; Independent Recourse for Complaints

 

We use a self-assessment approach to assure compliance with this Privacy Policy and periodically verify that it is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Privacy Shield Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data. If a complaint or dispute cannot be resolved through our internal process, we agree to dispute resolution using an independent recourse mechanism as a third-party resolution provider.

 

In compliance with the Privacy Shield, we commit to resolve complaints about our collection or use of your Personal Data. European individuals with inquiries or complaints regarding our Privacy Policy should first contact admin@dcoya.com

 

DCOYA has further committed to cooperate with EU data protection authorities (“DPAs”) with regard to unresolved Privacy Shield complaints. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you. As a last resort, EU individuals may seek redress through binding arbitration.

 

Questions, Concerns, or Complaints

Your privacy is important to us. If you have any questions, concerns, or complaints regarding the way we collect and handle your information, please contact us by email at admin@dcoya.com.

 

DCOYA will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.

 

Information for European Users Only

In May 2018, a new data privacy law known as the EU General Data Protection Regulation (or the “GDPR”) becomes effective. The GDPR requires DCOYA to provide some users with more information about the processing of their Personal Data, including the following:

 

Lawful Basis for Processing Personal Data

 

The GDPR requires us to explain the lawful basis we rely on to process Personal Data. The lawful basis we rely on to process Personal Data for the purposes set out in the Section entitled “How DCOYA Uses Personal Data” will typically be the following:

 

You provided your consent.

It is necessary for our contractual relationship.

The processing is necessary for us to comply with our legal or regulatory obligations.

The processing is necessary for our legitimate interest as a marketing services company (for example, to monitor and improve our Sites and services, to properly administer our Sites, business and communications with users, to properly manage our customer relationships, to protect the security and integrity of our systems, to send you direct marketing communications (subject to your ability to opt out), to provide you with customer service, etc.).

International Data Transfers

 

DCOYA may transfer your Personal Data to countries other than the one in which you live. To comply with European Union data protection laws, DCOYA has self-certified under the EU-US Privacy Shield. This framework was developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and to the United States. For more information, please see the Section in our Privacy Policy entitled “EU-US Privacy Shield Framework”. To learn more about the Privacy Shield Program, please see http://www.privacyshield.gov/welcome.

 

EU Representative

 

You may contact DCOYA’s representative to the European Union, Verasafe EU, at Zahradníčkova 1220/20A, Prague 15000 Czech Republic, or at +1-617-398-7067.

 

Data Protection Authority

 

You may have the right to complain to a data protection authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA, Switzerland, and certain non-European countries (including the United States and Canada) are available here.

 

Personal Data Retention

 

We retain your Personal Data for as long as necessary to provide you with the Sites, or for other important purposes such as complying with legal obligations, resolving disputes, and enforcing our agreements.

 

If you have an account with us, we will typically retain your Personal Data for a period of 30 days after you have requested that we close your account or if it’s been inactive for two years.

 

Your Rights

 

Your principal rights under the GDPR are: (i) the right to be informed, (ii) the right of access, (iii) the right to rectification, (iv) the right to erasure, (v) the right to restrict processing, (vi) the right to data portability, (vii) the right to object, and (viii) rights in relation to automated decision-making and profiling.

 

You have the right to confirmation as to whether or not we process your Personal Data and, where we do, to access such Personal Data, together with certain additional information, such as the purposes of the processing, the categories of Personal Data concerned, and the recipients of the Personal Data. Providing the rights and freedoms of others are not affected, we will supply you with a copy of your Personal Data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

 

You also have the right to have any inaccurate Personal Data about you rectified and, taking into account the purposes of the processing, to have any incomplete Personal Data about you completed.

 

You may also have the right to the erasure of your Personal Data, such as when the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, you withdraw consent to consent-based processing, you object to the processing under certain rules of applicable data protection law, or the processing is for direct marketing purposes. However, there are exclusions to this right, including where processing is necessary for compliance with legal obligations or for the establishment, exercise or defense of legal claims.

 

You also have the right to object to our processing of your Personal Data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your Personal Data for this purpose.

 

To the extent that the lawful basis for our processing of your Personal Data is consent, that the processing is necessary for the performance of a contract to which you are party, or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you may have the right to receive your Personal Data from us in a structured, commonly used and machine-readable format.

 

To the extent that the lawful basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

 

How to Exercise Your Rights

 

For the most part, you can you can exercise these rights, and others, by visiting your account page if you are a user, and/or changing the “cookie settings” in your browser (see our Cookie Policy for more information). If you can’t find what you’re looking for on your account page, please email us at admin@dcoya.com.

 

Please note that requests to exercise data protection rights will be assessed by us on a case-by-case basis. There may be circumstances where we are not legally required to comply with your request because of the laws in your jurisdiction or because of exemptions provided for in data protection legislation.

 

If you have a complaint about how we handle your Personal Data, please email us at admin@dcoya.com. If you are not satisfied with how we attempt to resolve your complaint, you may contact the relevant DPA.