EddySoftGlobal OU, registration number: 14082438, VAT: EE102769414, legal address: Harju maakond, Tallinn, Lasnamäe linnaosa, Pae tn 25-47, 11414 Estonia (hereinafter referred to as the "Company"), prioritizes information security in the course of its operations.
The Company implements a comprehensive set of legal, organizational, and technical measures aimed at protecting information about clients, counterparties, and other personal data subjects.
This Personal Data Processing Policy (hereinafter referred to as the "Policy") outlines the key provisions regarding the processing of personal data (hereinafter referred to as "PD") implemented by the Company during PD processing.
The legal basis for processing personal data is a set of legal acts, pursuant to and in accordance with which the Company carries out the processing of personal data.
This Policy applies to any action (operation) or set of actions (operations) performed with personal data, whether using automated means or not, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, provision, access), blocking, deletion, and destruction of personal data.
The following key terms and concepts are used in this Policy:
This Privacy Policy may be amended and/or supplemented by the Company unilaterally at any time without prior notice to Users. Such changes take effect and become binding from the date of their posting (publication) on the Company’s official website.
The processing of personal data is carried out with confidentiality in mind. The Company does not disclose personal data to third parties or disseminate it without the consent of the personal data subject.
The purpose of processing personal data of PD subjects is to ensure the performance of work and provision of services as defined by the Company’s Charter, communication with the Company, provision of reference information, promotion of the Company’s work and services through direct contacts with users, fulfillment of the Company’s contractual obligations to clients, enabling employees and counterparties of the Company to perform duties stipulated in contracts between the Company and clients, as well as other purposes outlined in the User Agreement or other agreements signed or accepted by the personal data subject. This includes responding to inquiries received from visitors to the website https://daodesk.ai and fulfilling the requirements of applicable laws.
Processing (collection, systematization, accumulation, storage, clarification (updating, modification), use, dissemination (including transfer), anonymization, blocking, and destruction) of personal data is divided into:
Categories and types of processed personal data.
The processed personal data includes:
The Company reserves the right to request additional personal or other data from the User.
To improve service quality and resolve disputes, telephone conversations between the User and Company employees are recorded and may be reviewed.
By calling us or receiving a call from the Company, the User consents to the recording and potential review of the telephone conversation.
The Company may process personal data using automated means or without such means through collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access, dissemination), blocking, deletion, and destruction.
The Company may transfer personal data to third parties or entrust the processing of personal data to third parties if necessary to achieve the purposes of processing in accordance with this Policy.
The Company will process personal data only for as long as required to achieve the purposes of processing.
The processing of personal data in the Company is based on the following principles:
The Company does not disclose personal data to third parties or disseminate it without the consent of the personal data subject, unless otherwise required by law.
The processing of special categories of personal data by the Company, such as those concerning race, nationality, political opinions, religious or philosophical beliefs, health, or intimate life, is permitted in the following cases:
The Company must ensure that the foreign state to which personal data is to be transferred provides adequate protection of the rights of personal data subjects prior to initiating such a transfer.
The personal data subject decides to provide their personal data and consents to its processing freely, of their own will, and in their own interest. Consent to the processing of personal data may be given by the personal data subject or their representative in any form that allows confirmation of receipt, unless otherwise stipulated by law.
The personal data subject has the right to obtain information from the Company regarding the processing of their personal data, unless such right is restricted by law. The personal data subject may demand clarification, blocking, or destruction of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing, and take legal measures to protect their rights.
The Company’s processing of personal data for the purpose of promoting goods, works, or services through direct contact with potential consumers via communication means is permitted only with the prior consent of the personal data subject. The Company must immediately cease processing the personal data subject’s data for these purposes upon their request.
Decisions that produce legal consequences for the personal data subject or otherwise affect their rights and legitimate interests may be based solely on automated processing of their personal data only with their written consent or in cases provided by law that also establish measures to ensure compliance with the rights and legitimate interests of the personal data subject.
If the provision of personal data is mandatory under law, the Operator must explain to the personal data subject the legal consequences of refusing to provide their personal data.
The Operator is exempt from the obligation to provide the personal data subject with the information specified in clause 8.3 of this Policy in the following cases:
The Website User freely, of their own will, and in their own interest provides their personal data to the Company.
By accepting the terms of this Policy, the Website User confirms that the personal data they provide is accurate. The Company assumes that the Website User provides accurate personal data and keeps it up to date.
By filling out the data fields provided on the Website, the Website User accepts this Policy and consents to the processing of their personal data in the manner and under the conditions specified in this Policy.
By accepting the terms of this Policy, the Website User confirms awareness of their rights and obligations, including the right to access their personal data and to withdraw consent.
The processing of personal data ceases upon achieving the purposes of processing, expiration of the consent period, withdrawal of consent by the personal data subject, or detection of unlawful processing. The personal data subject may withdraw consent by sending a written notification to the email address listed on the Website under the "Support and Technical Issues" section.
If the Website User does not intend to provide personal data or does not accept this Policy, they must stop using the Website, in which case the Company cannot ensure the User’s ability to use the Website.
The Company may collect information about Website visits by users without the users providing such information themselves. This information may be obtained using various methods, tools, and internet statistics and configuration tools. The Company may use these methods and tools to promote its work and services, provide information about upcoming events through targeted advertising, and enhance Website usability by creating profiles for registered users. These methods and tools are not used to identify unregistered users.
If the Website User does not agree to cookies being stored on their device, they may independently disable this option in their browser settings. Stored cookies can also be deleted at any time via the browser’s system settings. The Website User may adjust browser settings to accept or reject all cookies by default or cookies from specific websites, including the Website.
Disabling certain cookies may result in the inability to use specific sections or functions of the Website.
If the Website User does not agree with the use of internet statistics and configuration methods, tools, and instruments, they must stop using the Website, in which case the Company cannot ensure the User’s ability to use the Website.
The security of personal data processed by the Company is ensured through the implementation of legal, organizational, and technical measures necessary to comply with legal requirements in the field of personal data protection.
To prevent unauthorized access to personal data, the Company employs the following organizational and technical measures:
Personal data shall be destroyed upon achieving the processing purposes or when the need to achieve these purposes is lost, unless otherwise provided by law, or in the event of unlawful actions with personal data and the inability to rectify violations within the legally established timeframe.
Personal data of visitors to the website https://daodesk.ai, DaoDesk service users, and other personal data subjects of the Company are stored in personal data information systems.
Access to their personal data is provided to the personal data subject (or their legal representative) upon request. The request must include the number of the primary identity document of the personal data subject or their legal representative, details of the document’s issuance date and issuing authority, and the handwritten signature of the personal data subject or their legal representative.
The Company ensures the confidentiality of personal data and is obliged not to transfer it to third parties without the consent of personal data subjects, unless otherwise required by law. The transfer of personal data to third parties is carried out by the Company based on a relevant agreement, a key condition of which is the third party’s obligation to ensure the confidentiality of personal data.
In the event that inaccuracies in personal data or unlawful processing are confirmed, the personal data must be updated by the Company, and processing must cease.
Upon achieving the purposes of personal data processing or upon withdrawal of consent by the personal data subject, personal data shall be destroyed unless otherwise provided by a contract in which the personal data subject is a party, beneficiary, or guarantor.
The destruction of personal data after the processing period ends on electronic media is carried out by mechanically damaging the integrity of the medium, preventing the reading or restoration of personal data, or by deleting it from electronic media using methods and tools ensuring the guaranteed removal of residual information.
The destruction of personal data after the processing period ends on paper media is carried out in accordance with the Company’s rules established for document management and archiving. The Company’s structural unit responsible for document management and archiving systematically monitors and identifies documents containing personal data with expired retention periods that are subject to destruction.
The Company is obliged to provide the personal data subject or their representative with information about the processing of their personal data upon request.
The website https://daodesk.ai uses technologies such as cookies and web beacons to enhance the experience of personal data subjects and improve website efficiency. When a personal data subject visits https://daodesk.ai, cookies are stored by the browser on the subject’s hard drive, and the Operator receives information sent by the browser and the subject’s computer to the Operator’s website. The Company uses this information solely for statistical purposes and to improve the website https://daodesk.ai in accordance with visitor requirements.
Information obtained in this manner is not transferred or disclosed to third parties. Cookies do not contain information that allows visitor identification and are automatically deleted a few weeks after the site visit. Cookies can be removed from the visitor’s browser at their discretion.
Visitors can view most of the website https://daodesk.ai without accepting cookies; however, some site functions may be lost if cookies are disabled on the personal data subject’s computer. For other webpages on https://daodesk.ai, particularly those requiring a username (login) and password, cookies are necessary, and these pages cannot be used if cookies are disabled in the browser.
The Company may also use link tracking or similar technologies to monitor email links clicked by the personal data subject. The Company may correlate this information with the subject’s personal data to provide more tailored messages or information about purchases or services. Each email includes an unsubscribe link, allowing the cessation of such message deliveries.
Cookies used on the website https://daodesk.ai are categorized as follows. The Company uses the following categories on its website and other online services:
If the personal data subject prefers not to receive cookies while browsing https://daodesk.ai or via HTML emails, they can configure their browser to warn them before accepting cookies or block cookies when the browser alerts their presence. The subject may also disable all cookies in their browser.
The current version of this Policy is publicly available on the Operator’s website at: https://daodesk.ai/privacy_policy.pdf.
The Policy is approved and enacted by an order of the Company’s management and remains in effect until its cancellation.
The Operator reserves the right to amend the Policy. Amendments are approved by an order of the Operator’s management.
The Policy is reviewed as necessary, but at least once every three years from the date of the previous review.
The Policy may be reviewed earlier than the timeframe specified in clause 17.3 due to changes in:
DaoDesk has developed functionality allowing users to connect their Gmail account to our product via OAuth. Connecting a Gmail account to a DaoDesk account enables DaoDesk to link your account with your personal information in Google, view your personal information (including any information you have made available), access your email address, and retrieve your emails to create them as requests in our product. This connection also allows you to respond to emails directly from our product and delete them after they are received in our product.
Google Workspace APIs are not used for developing, improving, or training generalized artificial intelligence and/or machine learning models.
DaoDesk’s use of information obtained from Google APIs will comply with the Google API Services User Data Policy Appendix, including the Limited Use requirement.
Other rights and obligations of the Company related to personal data processing are determined by applicable personal data legislation.
Company officials found guilty of violating regulations governing the processing and protection of personal data bear liability as stipulated by the Company’s internal regulations.