Privacy policy
Last Revised Sep 23rd, 2024
This Privacy Policy (“Privacy Policy”) explains how information is collected and used by DoControl, Inc. (“DoControl” or “we”, “us”, “our”).
This Privacy Policy applies to the following:
- The data practices on the DoControl website at docontrol.io (“Website”).
- DoControl’s practices with respect certain types of personal data associated with the SaaS (the “Service”) that DoControl provides its customers (“Businesses”). As background, the Service offers Businesses a modern security layer enforcing advanced security features on the multiple SaaS applications they use, regardless of each SaaS application’s underlying capabilities.
We are committed to protecting and respecting data privacy. Please read this Privacy Policy carefully.
PERSONAL DATA PROCESSED
As part of the operation of our Website and provision of our Service, we will collect and process information which relates to an identified or identifiable individual ("Personal Information"), as further detailed below.
We collect and process your contact information when you send us an inquiry or engage us to use our Service.
You may contact us through email: contact@docontrol.io. When a representative of a Business wishes to use our Service, we collect that person’s contact details such as full name, email address, and information relating to the engagement between us and the Business. We refer to this as “Contact Information”.
You do not have a legal obligation to provide us with your Contact Information. However, if you choose to not share this information with us we may not be able to respond to your inquiry or provide you the Service.
We process information associated with the use of the Service
In order to provide the Service to a Business, we process personal information of the Business’s users using the Service. This includes your full name, email address and account user name.
The Service also processes personal data regarding the usage behavior and usage patterns in relation to the SaaS applications that the Business’s users use. This includes the end-user’s IP address and approximate location derived from the IP address.
We refer to this overall data as “Usage Information”.
We also collect analytics information about your use of the Website
When you visit the Website, we record and collect certain information about your interaction with the Website, including the IP address from which you access the Website or Service, time and date of access, type of browser used, language used, links clicked, and actions taken while using the Website or Service. We refer to this data as "Website Analytics Information".
If Usage Information or Website Analytics Information that is not Personal Information is combined with Personal Information, we will treat the combined information as Personal Information.
DATA CONTROLLER AND PROCESSOR
The Business is the data controller of the Contextual Data like file names and sender and recipient information; DoControl is the data processor of this data.
Each Business is the data controller of its own Contextual Data (as defined below). DoControl may process the Contextual Data only for the provision of the Service to you.
For that matter, "Contextual Data" means information: (a) that identifies or depicts the Business’s content that is controlled or monitored through the Service, such as, by way of example only, file names; or (b) that identifies individuals who have a bearing to the Business’s content, such as, for example, sender or recipient name and email address.
DoControl is the data controller of the other information described in this Privacy Policy, as detailed in the previous section.
HOW AND WHY WE PROCESS PERSONAL DATA
To respond to and handle your inquiry and manage our relationship with the Business
We process your Contact Information to contact you about your inquiry and handle your inquiry, to bill for the Service and manage our engagement with the Business.
To provide you with the Service
We process Usage Information in order to give you access to use the Service.
To understand user behavior and assess security risks
We also process Usage Information in order to detect and assess security threats and calculate security risk scores which in turn helps us to improve the Business’s security posture regarding the SaaS applications that you and your fellow co-workers use.
We also aggregate data on how you and your fellow co-workers use SaaS applications and use that to detect threats and calculate risk scores on an organization-level (Business-specific), app-level, and user-level basis.
We refer to this overall data as "Risk Assessment Information".
To maintain the Service
We process the Website Analytics Information to provide, maintain and improve your user experience when accessing our Service. We also will use the Analytics Information for quality assurance and for development and enhancement of the Service.
Compliance and enforcement
We will use Personal Information to prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, enforce our terms of use and take other actions otherwise permitted by law.
WHO PROCESSES YOUR DATA
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
We will share Risk Assessment Information associated with your account with the representatives of the Business you work at.
We will share Usage Information and Risk Assessment Information associated with your account with representatives of the Business you work at, for their visibility into the organization-level, app-level, and user-level security risks.
We will process information with our service providers helping us to operate our business.
We will process personal data with the assistance of our service providers who assist us with the internal operations of the Service. These companies are authorized to use your personal data in this context only as necessary to provide these services to us and not for their own promotional purposes. These service providers include storage and analytics.
We will share information with competent authorities, if you abuse your right to use the Service, or violate any applicable law.
If you have abused your rights to use the Website or Service, or violated any applicable law, we will share information with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling of the violation or breach.
We will share your information if we are legally required.
We will share information if we are required to do so by a judicial, governmental or regulatory authority.
We will share your Information with third-parties in any event of change in our structure.
If the operation of our business is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition), we will share information only as required to enable the structural change in the operation of the business.
We will also share your Personal Information in any of the following: if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our agreements), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our affiliates, our Users, yourself or any third-party; (vi) for the purpose of collaborating with law enforcement agencies; and (vii) in case we find it necessary in order to enforce intellectual property or other legal rights.
COOKIES
Cookies are small data files that are placed on users’ devices to monitor how users interact with websites and other online services.
Cookies can be used to identify your IP address, browser type, domain name, and specific web pages through which you click.
You can learn more about our use of cookies and manage your preferences through our consent management tool.
SECURITY AND DATA RETENTION
We will retain your Personal Information for as long as necessary to provide our Service, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.
We implement measures to secure your Information
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. These include encryption for data in transit and at rest. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure personal data, it is not guaranteed, and you cannot expect that the Service will be immune from information security risks.
INTERNATIONAL DATA TRANSFERS
We will internationally transfer information in accordance with applicable data protection laws.
If we transfer your personal data for processing at locations outside your jurisdiction, we will abide by data transfer rules applicable to these situations.
LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
The legal basis under EU law for processing your Contact Information for the purpose of responding to and handling your inquiry, is our legitimate interests in responding to your inquiry.
The legal basis for processing Contact Information to bill for the Service and manage our engagement with the Business is the performance of our contractual obligations towards your, our legitimate interests in receiving the payments due for the Service and administering our relationship with the Business, and our compliance with our legal obligations.
The legal basis for processing Usage Information to give you access to the Service is your and our legitimate interests in providing and improving the Service you’ve signed up for.
The legal basis under EU law for processing Risk Assessment Information in order to detect and assess security threats and calculate security risk scores, is the legitimate interest of the Business in improving their information security.
The legal basis for processing Website Analytics Information, including for the purpose of handling instances of abusive use of the Website is our legitimate interest in maintaining, developing and enhancing the Website, as well as defending and enforcing against violations and breaches that are harmful to our business.
The legal basis under EU law for processing your information with authorities or where we are legally required to share it, is our compliance with mandatory legal requirements imposed on us.
YOUR RIGHTS WITH REGARD TO YOUR PERSONAL DATA
Based on your jurisdiction, you have certain rights to access, update or delete information, obtain a copy of your Personal Information, and object or restrict certain data processing activities.
The rights set out below shall apply to anyone regardless of residence or applicable laws:
Right to Access your Personal Information that we process and receive a copy of it.
Right to Rectify inaccurate Personal Information we have concerning you and to have incomplete Personal Information completed.
Right to Data Portability, that is, to receive the Personal Information that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your Personal Information be transmitted directly from us to the service provider you designate.
Right to Object, based on your particular situation, to using your Personal Information on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to the use of your Personal Information for direct marketing purposes.
Right to Restrict the processing your Personal Information (except for storing it) if you contest the accuracy of your Personal Information, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the Personal Information and request instead to restrict its use; if we no longer need the Personal Information for the purposes outlined in this Privacy Policy, but you require them to establish, exercise or defense relating to legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.
Right to be Forgotten. Under certain circumstances, such as when you object to us processing your data and we have no compelling legitimate grounds to override your objection, you have the right to ask us to erase your Personal Information. However, we may still process your Personal Information if it is necessary to comply with a legal obligation we are subject to under applicable laws or for the establishment, exercise or defense of legal claims.
Please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements, in compliance with data protection legislation. Users, including those outside the EU, are welcome to contact us for any questions or requests through our contact details below.
If you wish to exercise any of your rights, please contact us at: contact@docontrol.io.
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you the information that you have asked for, we will explain the reason for this.
You have a right to submit a complaint to the relevant supervisory data protection authority.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
CHANGES TO THIS PRIVACY NOTICE
If we change this Privacy Policy, we will make efforts to proactively notify you of such changes.
From time to time and in our sole discretion, we may change this Privacy Policy. The most current version will be posted on the Website, as reflected in the "Last Revised" heading.
DOCONTROL'S CONTACT INFORMATION
The following is the contact information of DoControl:
DoControl, Inc.
1460 Broadway Unit 12020,, New York, NY 10036
Email: contact@docontrol.io
If you reside in the EU, you may also approach our EU representative via the following contact information:
- By writing to European Data Protection Office ("EDPO") at Avenue Huart Hamoir 71, 1030 Brussels, Belgium; or
- By using EDPO’s online request form: https://edpo.com/gdpr-data-request/.
If you reside in the UK, you may also approach our UK representative via the following contact information:
- By writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom; or
- By using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/.