Privacy Statement
In Brief
- Our core interest is keeping our customers safe with our services.
- To do that, we need to process data on you and on your devices.
- We have a culture of respecting your privacy.
Structure
This privacy statement is given by Apni Dukan, a ——— with Business ID 12345 (“Apni Dukan”, “AD”, “we”, “our”, “us”). All our subsidiaries also apply this policy. Our data collection can be grouped as follows:- Client relationship data; the data that we need to manage our relationship with our clients and to market and sell our services to you or to the legal entity that you represent.
- Service data; the data that we automatically process to provide you with the services that you have requested. This also includes the data that you actively submit to us when requesting to subscribe/subscribing to our services.
- Security data; the data that we need to collect to keep you secure.
- Analytics data; additional anonymous or pseudonymous data that we collect to learn when and how our services are found and used.
Definintions
This is what we mean when we make certain references within this policy. “Client”, “you”, refers to a private or corporate user or any other data subjects who buy, register for use, or use our services, whose devices and data traffic are protected by our services, or who may have submitted personally identifiable information to us. This information may have been submitted through the use of our services, website, telephone, email, registration forms, or other similar channels. “Personal data” refers to any information on private individuals that is identifiable to them or their family or household members. This information may include names, email and mailing addresses, telephone numbers, billing and account information, and other, more technical information that can be linked to you, your device, or the behavior of either, that we process while providing our services. “Services” refer to any services or products that are manufactured or distributed by Apni Dukan, including software, web solutions, tools, and related support services. “Website” refers to the Apni Dukan website, including subsites.What do we collect?
The service and interaction-specific policies set out the personal data collected per service type and interaction. The interaction and service-specific privacy policies and notices set out the specific purposes for using the personal data collected by each service or processed in such activity. In addition to such specific purposes, the following general purposes of personal data use apply across all of our services: To deliver our services to you, we process the data for the following purposes:- Customer journey. Tracking consumer journey throughout the website to implement acquired data to improve the overall website flow
- Deliver, fix, and enhance. Delivering, maintaining, and developing our services and website, and to provide help and support for the services.
- Analyze. To track that our services are taken into use and how they are used so that we can improve the services, manage your customer relationship, and approach you with relevant messages.
- Communicate. To send you information relating to the services, conduct customer surveys, and market our services to you. The actual communication may be handled either by Apni Dukan or by our partners.
- Regulatory. To prevent fraudulent, illegal, or infringing activities and to comply with legal or regulatory requirements.
Other uses and disclosures
There are circumstances not covered by this privacy policy where the use or disclosure of personal data may be justified or permitted, or where we may be obligated by applicable laws to disclose information without acquiring your consent or independent of service provisioning.
One example includes complying with a court order or a warrant issued by the authorities in the relevant jurisdiction to compel the production of information.
Similarly, there may be other circumstances where there is a justifiable legitimate interest to disclose limited sets of information to a third party. Examples of such disclosures include cases where we need to protect ourselves against liability or to prevent fraudulent activity, where we analyze your use of our services to ensure that our services are working the way you would expect them to and that we are able to react to adverse experiences, where it is necessary to solve or contain an ongoing problem, or where we need to meet the legitimate information requirements of our insurers or governmental regulatory agencies. In any such action, we will act according to the applicable laws.
We weigh each disclosure requirement carefully and take the possibility of such disclosure requests into account when deciding where and how we store your personal data.
Sources
While we collect the majority of the above-mentioned data directly from you or your device, we also receive data from our affiliates, distribution partners (such as operators and retailers), and corporate entities through whom you have used our services. We do this to create a seamless customer experience and to have the necessary information for solving support cases. Typical examples of third-party sources are:- we acquire your credentials from previous sign-in data from our operator reseller partner, so that we can provide our service to you directly,
- we acquire your contact data from corporate decision-maker registries for marketing purposes, and
- when you use your social media account to register to our services, we collect the email address from your account to enable us to authenticate your registration and to contact you.
Third Parties
Our services are provided in conjunction with our partners and our services and websites may embed or interoperate with third-party services. This privacy document only applies to personal data as long as that data is within AD’s realm of influence. Where your personal data is processed by other entities for their independent purposes, such other party is responsible for processing your personal data in a justified manner in accordance to their policies as well as for fulfilling your rights under data protection laws.
Data Retention
This text complements the service-specific retention times. The default rule under the law is that personal data should be deleted or anonymized once it is no longer needed for its purpose. However, some personal data needs to be nonetheless stored for longer periods of varying lengths due to varying reasons. Typical reasons why we deviate from the primary retention times include the following examples:- grace periods and backups (e.g. keeping your personal data stored for a designated time after the end of your subscription, so that we can safeguard the data against erroneous deletion);
- applicable laws require us to store the data
- to pursue available remedies or to limit any damages that we may sustain (e.g. due to an ongoing dispute or investigation);
- to solve or contain a recurring problem or to have enough information to respond to future issues
- other similar circumstances, where there continues to be a legitimate need for the ongoing storage of personal data.