Last updated: 16/04/2024
Welcome to CanDecide. This Privacy Policy details how we collect, use, share, and safeguard your information when you use our analytics and marketing automation SaaS platform and services.
We collect data such as identifiers, names, emails, device details, location, ip and activity information through SDKs integrated by our clients. It's our clients' responsibility to get consent from their users for any identifiable information they choose to send to us.
Our clients must ensure they've obtained the necessary consent from their users for data collection. Our SDKs provide mechanisms for clients to manage consent as per legal requirements.
Clients can manage their users' data through our dashboard, which includes functionalities for data deletion and updates. We're here to help our clients meet their users' data rights requests.
We take data security seriously, using encryption and other measures to protect your information from unauthorized access and breaches.
In case of a data breach, we'll act quickly to inform our clients and help mitigate any potential harm.
We comply with regulations on international data transfers, processing data primarily in AWS EU-West-2 (London) and ensuring compliance with data protection laws.
Our infrastructure is hosted on AWS, with operational logging provided by Grafana Cloud. No other sub-processors are used.
We may update this policy to reflect changes in our practices. We encourage you to review it periodically.
Our Services may link to other sites not operated by us. We advise reviewing their privacy policies as we don't control them.
We retain data as needed to provide our Services and comply with our legal obligations. Clients can manage and delete this data as needed.
Within the scope of providing analytics and marketing automation services, CanDecide acts as a data processor. Our organizational clients, who utilize CanDecide's services to collect and analyze data from their end-users, are considered data controllers. As data controllers, our clients have the primary responsibility for ensuring that the data they collect is processed in compliance with applicable data protection laws, including but not limited to obtaining necessary consents and facilitating end-users' data rights.
To formalize the data processing relationship between CanDecide and our organizational clients, a Data Processing Agreement (DPA) must be in place. The DPA outlines the legal obligations and data protection responsibilities of both parties. It ensures that all data processing conducted by CanDecide on behalf of our clients is secure, lawful, and in accordance with the GDPR and other relevant data protection regulations. The DPA covers aspects such as data processing purposes, data subject rights, data security measures, sub-processing agreements, and incident response protocols.
CanDecide is committed to assisting our clients in fulfilling their data protection obligations. This includes providing necessary tools and functionalities within our Services for data management and facilitating compliance with data subject requests, such as access, rectification, erasure, and data portability. Furthermore, CanDecide will cooperate with our clients in the event of data protection impact assessments or regulatory inquiries related to data processed on their behalf.
For questions about this policy, please contact us on our support page.