DAPA Privacy Notice

PRIVACY NOTICE


This Privacy Notice explains how DAPA collects, uses, shares and otherwise processes your Personal Data in accordance with applicable data privacy laws and regulations, which include the General Data Protection Regulation 2016/679 (“GDPR”) which is applicable as of 25 May 2018.

The purpose of this Privacy Notice is to inform you about the information we may gather about you, how we may use that information, whether we disclose it to anyone, and the choices you have regarding our use of the information we collect.

When using the term “Personal Data” in our Privacy Notice, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold, as defined by the GDPR. From a general perspective, we base the processing of Personal Data that may be done in order for us to perform our contractual obligation(s) as the publisher of this Website (“Contractual Obligation(s)”) and to enable us to be compliant with any legal or statutory obligation(s) (“Legal Obligation(s)”).

We may also process Personal Data when we have assessed that such processing can be based on our legitimate interest(s) (“Legitimate Interest(s)”) and only when we assessed that your interests and fundamental rights do not override ours. For example, it may be of our Legitimate Interest to process certain Personal Data to continue to develop our business activities (quantitatively and qualitatively), and/or to improve our business performance etc.

Finally, please note that we may also need to process Data to respond to and to defend us against any legal claim that may arise.

 

The personal data that we collect 

We shall use the Personal Data only for the purposes for which it was collected unless we consider that we may need to use it for another purpose which is compatible with a current and original purpose. Should such a new purpose be unrelated to the existing purposes, we commit to notify you and to explain such new purpose together with the legal ground with which we intend to base that new purpose.

 

We may collect personal information through your use of our Website, when you contact or request information from us or when you subscribe to our newsletter.

 

The data category collected is the following:

Data Processing

Legal grounds

Responding to questions and requests
If you send a question or a request to us via our Website we process your personal data to respond to the question or request.

Legitimate interest.

Evaluate and follow-up the use of our Website
In order to evaluate and follow-up on the use of our Website, we process your personal data, e.g. in connection with collection of visitor statistics on our website.

Legitimate interest.

Handle and defend legal claims
We process your personal data, to the extent it is necessary, to handle and defend legal claims, e.g. in case of a dispute or litigation.

Legitimate interest.

Fulfill legal obligations
We process your personal data in order to fulfill legal obligations, e.g. bookkeeping and accounting requirements and obligations under data protection regulations.

Legal obligation.

Manage and protect IT systems and services
In order to manage and protect our IT systems and services, e.g. upon logging, troubleshooting, backup, change and problem management in systems and in connection with potential IT incidents, we process, to the extent necessary, your personal data.

Legitimate interest.

Where necessary, we share your personal data with others. The recipient is the data controller for the processing of your personal data, unless we have stated otherwise.

In order to fulfill the purposes of the processing of your personal data, we share your personal data with service providers that we have engaged. These service providers provide services to us such as operation, technical support and maintenance of IT systems. The service providers may only process your personal data for these purposes and in accordance with our instructions and not for their own purposes. We are the data controller for the processing of personal data that the service providers carry out on our behalf, acting as data processors.

In certain cases we share, if necessary, your personal data with other recipients for certain purposes (e.g. to fulfill legal obligations and to handle and defend legal claims).

Legal obligation.

Public authoritiesWe share necessary personal data with public authorities if we are obligated under law to disclose the information.

Legal obligation.

External advisorsWe share necessary information with external advisors, e.g. audit firms, and law firms if we are obligated under law to share the information or in order to manage and defend legal claims.

Legal obligation and legitimate interest.

Courts, counterparties etc.In order to manage and defend legal claims we share personal data to other parties.

Legitimate interest.

Law enforcement authorities, e.g. policeWe share personal data with law enforcement authorities, e.g. the police if we are obligated under law to disclose information

Legal obligation.

Personal identification information: name, surname, first name, postal and e-mail address, phone number, content or messages you send to us or provide otherwise directly to us such as inquiries, questions, comments, answers to questions.

 

Where we process personal data 

We always strive to store and process personal data within the EU.

However, you are informed that our Website was created and is maintained through our service provider, Webflow. Some of Webflow‘s infrastructures are located in the USA, and your personal data may thus be transferred to the USA. Further information is available in Webflow's Privacy Notice: https://webflow.com/legal/eu-privacy-policy.

 

How and why we use personal data

We may use data we obtain for purposes relating to our Website and services, including (a) providing the Website and services to you, (b) raising queries with you, and responding to issues you may raise, whether relating to our services or otherwise, (c) processing job applications and (d) generating anonymized statistics and analysing anonymized statistical usage data of our web site. We may use the following third-party service providers named below to process and store your data:

Webflow, which we use to host and manage the content of this Website. Your data may be stored through Webflow’s data storage, databases and the general Webflow applications. They store your data on secure servers behind a firewall. The Webflow privacy policy is available here:  https://webflow.com/legal/eu-privacy-policy.

Mailchimp, which we use to manage email marketing subscriber lists and send emails to our subscribers. Read their privacy policy here: https://mailchimp.com/en/legal/privacy/

Typeform, which we use to gather information on submitted projects. Read their privacy policy here: https://admin.typeform.com/to/dwk6gt/

 

The disclosure of your personal data

DAPA does not sell, rent or provide in any form any of your information to third parties for any advertising or marketing purposes.

However, we may use external services such as Google Analytics for providing statistical and analytical services and process data on our behalf, without being allowed to share it with third parties.

 

E-mail marketing

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed above. Any email marketing messages we send are done so through an EMS, email marketing service (“EMS”) provider. 

E-mail marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, IP addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

E-mail marketing messages we send are in accordance with the GDPR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time.

Our EMS provider is Mailchimp. 

The Services enable Members to, among other things, send and manage email campaigns and serve advertisements.

We hold the following information about you within our EMS system: your e-mail address. Moreover, Mailchimp may collect information about your device and interaction with an email, use cookies and other tracking technologies to collect some of this information.

Mailchimp collects information about the device and applications you use to access emails sent through our Services, such as your IP address, your operating system, your browser ID, and other information about your system and connection.

Mailchimp collects usage data about you whenever you interact with emails sent through the Services, which may include dates and times you access emails and your browsing activities (such as what pages are viewed).

Mailchimp also collects information regarding the performance of the Services, including metrics related to the deliverability of emails and other electronic communications we send through the Services. This information allows Mailchimp to improve the content and operation of the Services, and facilitate research and analysis of the Services.

 

Your rights in relation to your Personal Data

Under the GDPR you have various rights as an individual which you can exercise under certain circumstances in relation to your Personal Data that we hold. These rights are to:

  • Request access to your Personal Data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
  • Request rectification of your Personal Data; 
  • Request the erasure of your Personal Data;
  • Request the restriction of processing of your Personal Data;
  • Object to the processing of your Personal Data.

If you want to exercise one of these rights please contact us via dpo@fabric.vc.

 

Security of your Personal Data

We are committed to take appropriate technical and organisational measures to protect your Personal Data against unauthorised or unlawful processing and against accidental loss, disclosure, destruction or damage.

 

Retention period

We will only retain your Personal Data for as long as we need it in order to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

 

If you are a client, former client, interested party or prospective client or a contact person of one of the aforementioned, we store your Personal Data for marketing purposes until revocation or the revocation of your consent if the marketing measures were carried out.

 

Changes to this Notice

We may change this Notice from time to time. The latest version will be posted on our website. 

 

What if I have a question?  

Please email info@fabric.vc if you have any questions about our Notice. You may also make a complaint, in accordance with applicable Privacy Laws, to a supervisory authority in your country of residence. The Luxembourg supervisory authority is the National Commission for Data Protection (“CNPD”).