Data Protection & Security on DOYOU
We consider consent, data privacy, and transparency a top priority. Global initiatives such as the EU’s General Data Protection Regulation (GDPR) are important steps to bring them to the center. Bringing the power to control personal information that we and other businesses store into the hands of you, the user, are an important pillar in building a service and community like DOYOU.
Protecting your data is built into the core of our service. We only gather and store information that is absolutely necessary to offer our service, and we only do this with your consent. That’s why we are committed to complying with the privacy, security, and data protection goals of GDPR and beyond.
To accomplish full GDPR compliance, we have set up an internal compliance team that has been working with external specialists to assess our requirements and roll out the required changes.
Here’s an overview of what the steps we have taken to ensure your data is safe and in your hands.
- We have created and sustain awareness within the company regarding the Privacy by Default and Privacy by Design principles that need to be kept in mind for ongoing development.
- We are continuously bringing together our internal and external product, marketing, compliance, and security specialists to oversee DOYOU’s GDPR compliance initiatives.
- We continuously analyze all the areas of our product and service that GDPR has an effect on and created a data retention policy including an automated process to adhere to it.
- We only work with third-party technology and vendors that are absolutely aligned with our privacy and transparency commitment and comply with GDPR.
We recognize our responsibilities as a data controller towards you, our users. Below, you’ll find all the steps we’re taking towards fulfilling all legal obligations under GDRP as a data controller.
Data Categorization and Analysis
- We constantly carry out data mapping exercises to track the flow of personal data through our systems.
- We established and are maintaining a clean data repository that is constantly updated. This gives us control over the data flowing through our systems, with clear processes for handling, securing, and storing this data.
To avoid storing and processing any of your data beyond the necessary period, we have established an automated data retention mechanism. Here’s how our data retention process works, when you as a customer close your account with us:
- We delete your Personally Identifiable Information (PII) and all end-user data from our databases within a period of 120 days.
- This includes deleting your profile and all your end-user information from our systems.
- The only data we keep, is the data needed for further compliance, for example invoices, subscription information, and audit logs.
- We actively collect consent from your, wherever it’s applicable — especially in the case of any marketing communication.
- We want you to have complete control over the communication you receive from us. To give you the option to withdraw your consent at any given time, all our emails feature a one-click unsubscribe link. We’re furthermore adding an easy way for you to manage your email preferences within the app.
Feature Development and Privacy Principles
We have a process in place which is built to guarantee all our features meet the standards of GDPR and beyond. Our product and engineering teams are following a Privacy by Design and Privacy by Default approach.
Exercising your rights under GDPR
If you’d like to exercise your rights under GDPR or simply request your account (and all related data) to be deleted please email us at [email protected] from your account email address.
Note: This section is continuously being updated with our latest information and updates.