Privacy Policy

  1. Introduction

1.1. The respect of your privacy and the protection of your personal data is a priority for us. To make sure that your data is treated according to the data protection legislation (Regulation 2016/679/EU, General Data Protection Regulation – GDPR, Law 3471/2006 on the processing of personal data for communication purposes, the decisions and guidelines of the competent Authorities and any other applicable laws),  and that you are properly informed about the purposes and ways in which we, the company under the name “DOTTELY SINGLE MEMBER PRIVATE COMPANY”, 144, 3rd September str., 11251, Athens Greece, and the distinctive title “Dottely” (company registration number 162625001000) (“Dottely”, “Company”, “we”), process your personal data, we have adopted the following Privacy Policy (“Privacy Policy”) for the website www.dottely.com (“Platform”) and the services provided therein (“Services”, see also our Platform Terms & Conditions and Vendor T&Cs) or through other communication channels that we use (e.g. social media, e-mails), which is addressed to:
(a)  the end-users of the Platform that browse its web pages and the content;
(b) 
the Vendors, i.e. the providers of Marketing Software Tools listed in the Dottely directory (Platform); and
(c)  the users that operate the Vendor Accounts, who are authorized in that regard (Authorized Users)
(collectively referred to as the “Users”, or “you”).

1.2. Below you will find information on the terms under which your data collected through the Platform is processed by us, including:
(a) information about us, the Data Controller, and the relevant contact details for any issue related to your personal data;
(b)
the types of personal data we collect, store, disclose and use;
(c) 
the purpose and legal basis for the processing;
(d)
security measures for the protection and storage of your data and retention policies;
(e) recipients of your personal data;
(f) 
your rights and the ways to exercise them.

1. 3. Data Controller: We, the Company under the name Dottely, are the Data Controller of your personal data.
        Contact Email: privacy@dottely.com 

1.4. Questions & inquiries: You may communicate with us using the contact details above and submit any comments, inquiries, observations, or complaints regarding this Privacy Policy and generally the collection and processing of your personal data. For further information on how to handle issues relating to your personal data, please see Article 8.

1.5. This Privacy Policy should be read together with our Cookie Policy, our Platform Terms & Conditions, the Vendor T&Cs, and any Company or Platform policies that we issue from time to time and refer to the use of the Platform and the Services, that constitute an integral part of this Policy. By visiting the Platform, or making use of its Services, including providing any of your personal data, you accept this Privacy Policy, under which processing, collection, storage, use, and disclosure of your personal data and information are carried out. If you do not agree with the practices described in this Privacy Policy, please do not interact with the Platform.

  1. Collection & Processing of Personal Data

2.1. We will only collect data that are adequate, relevant, and limited to what is necessary in relation to the purpose for which they are processed. Collection of data is for specified, explicit, and legitimate purposes; data is not further processed in a manner that is non-compatible to these purposes.

2.2. We take all reasonable care to ensure that the data we collect is accurate, and where necessary, kept up to date. We do not knowingly collect or process the personal data of persons under the age of 18. If you are under 18, please do not use the Platform, do not request the provision of Services, and do not provide us with any personal data.

2.3. The management and protection of your personal data by us is governed by the terms of this Privacy Policy and the relevant provisions of European law relating to the protection of individuals from the processing of personal data. Any possible future change to the above regulatory framework will be incorporated into this Privacy Policy.

  1. WHAT data we collect about you

3.1. Via the use of the Services and the Platform, we collect different types of personal data, either directly from you such us (indicatively):

(a) Identity data (first name, last name, e-mail, company name – when a name is included in your company name)
(b) Credentials
(c) Professional Data (CV details, such as your field of expertise, your position within your organization, relationship with the organization)
(d) Communication Data (email address, business email)
(e) Fiscal & Payment Data (spending, budget, payment methods, invoicing details)
(f) Data you deliberately share with us (information you communicate to us, reviews, requests for the provision of Services, interactions in social media)

3.2. We collect personal data about you from third parties: 

(a) when you voluntarily share your data to or via our social media pages
(b)
to verify your professional Data (CV details, such as your field of expertise, and your position within your organization).

3.3. We collect personal data about you by automated means such as technical infrastructure data (IP address, browser type and version, operating system and platform, etc.) and data collected through cookies that you accept (see Cookie Policy).

3.4. Personal data means any information relating to an identified or identifiable natural person. including names, surnames, personal e-mails and credentials, but also nicknames, names of personal companies that carry the name of their owner, or business emails in the name of their attributed user and payment data. The terms set forth in this Policy refer to personal data of all kinds, irrespective of their use in the context of a business relationship or otherwise. We undertake the responsibility to process your personal data fairly, lawfully, and in a transparent manner.

  1. HOW and WHY we use your personal data

4.1 Any personal data that you provide us with, either mandatorily or optionally through the Platform or we collect from third parties, is being processed for the legal purposes and under the legal bases described in the table below:

Purpose of processing

Data we process

Legal basis

VENDORS

a) To verify your identity and relationship with the organization you represent to enter into a contract with you and open your Vendor Account;

 

 

Identity Data

Credentials

Fiscal & Payment Data

Demographic Data

Communication Data

Professional Data

a) Precontractual steps taken in the context of the performance of a contract for the provision of our Services to you

b)To grant you access to your Account; To send you the relevant material for the onboarding process and generally communicate for the Services; To understand your campaign targets and assist you with your Listing(s); To process payments and issue invoices

b) The performance of a contract to which you are a party for the provision of our Services, once you become a Vendor, following the acceptance of the Vendor T&Cs

c) The security of your account, your personal data, and our systems

c) Our legitimate interest for the security of our systems, your personal data, and your account

d) Retention of fiscal and/or tax-related data

d) Our legal obligation deriving from applicable tax-related legislation

Marketing

a) To communicate with you directly to promote our Services to you on a case-by-case basis

 

Communication Data

Cookie Data

Technical Data

Or a combination thereof

 

 

a) Our legitimate interest (a) to contact you via the use of publicly available information for business communication or (b) when you have already purchased Services, by accepting the Vendor T&Cs

b) To promote third-party services to you in the environment of our Platform

b) Your consent, when you have accepted marketing cookies and have already logged in to your Vendor Account

USERS

Reviews

a) To publish your Review

Identity Data

Communication Data

Other data you may communicate with us

a) Your consent, for the publication of the content of the review and your specified name/nickname

b) To verify your e-mail; To communicate with you regarding the content of a review, when necessary.

b) Our legitimate interest, to verify your e-mail and professional details, and communicate with you regarding the content of a review

ALL USERS

Communication initiated by You
We process your data to inform you about our Services and the Platform (when you submit your data to learn about our Services and fees, wish to get in touch with us, interact with us on social media, etc.)

Identity Data

Demographic Data

Communication Data

Professional Data

Other data you may communicate with us

Your consent, when you directly communicate with us through our contact form or otherwise (e.g. via e-mail, Linkedin, etc.)

Statistical & business analysis
a) to improve our Platform, our Services, and processes (based on technical data analysis and feedback analysis), adopt new business models, and extract reports

Demographic Data

Technical data

Cookie Data

Other data on a case-by-case basis

a) Our legitimate interest is for the further processing of aggregated data for statistical and business analysis. We use aggregated data to (a) improve our Platform, by analyzing the choices of visitors (which pages they visit most, how much time they spend, etc.), and (b) optimize Vendor campaigns, by providing them with statistical information on their progress (which Listings are most frequently visited by users, their location, etc.). Such data processing is fairly balanced against your rights and the protection of your privacy.

b) To improve user experience and update our commercial practices

b) Your consent, where we directly prompt you to provide answers to questionnaires, surveys, etc.

4.2. Additional notes and clarifications on the use of your personal data:

4.2.1. When our legitimate interest is the basis for the processing, you may oppose to such processing (opt-out) by contacting us. It should be noted, however, that the Company is entitled to demonstrate legal reasons for the processing for which data processing is fairly balanced against your rights and the protection of your privacy.

4.2.2. When consent is the legal basis for the processing, you may withdraw it at any time, so that we cease processing your data for that particular purpose. To withdraw your consent from receiving commercial communication or other processing based on consent, please contact us at our contact details. Please note that when you interact with us through social media (e.g. leave a comment, react to a post, etc.) we process your data according to this Policy; however, access and use of the respective social media are subject to the terms and policies of their providers regarding the processing of your personal data, which you should also consult.

4.2.3. Dottely marketing is restricted within the Dottely Platform and is only addressed to Vendors. We use marketing cookies to provide better advertising in the Platform. For more information, please visit our Cookie Policy.

  1. WHO do we share your information with and for what purposes?

5.1. We transfer personal data submitted to us through our Platform to our suppliers such as subcontractors we use to perform certain Services (e.g. our hosting service provider, our website development team, our marketing team, cookie software provider, etc.).

5.2 We may also extract aggregated data from your navigation in the Platform to improve our Services, by providing Vendors with such aggregated information. For example, we might collect the location of the server from which Users visit the Platform to advise Vendors on the targeting of their campaigns.

5.3. We reserve the right to disclose your personal data to a third party that we choose to transfer all or part of our business. In addition, in the event of a merger or acquisition or other event that might trigger a change in our business and/or corporate structure, the new owners, Platform administrators, employees, representatives, or persons otherwise related to our Company, shall have the right to use your personal data according to this Privacy Policy, i.e. in the same way that we did till the triggering event.

5.4. Your data may be communicated to competent judicial, police, and other administrative authorities upon their request and in accordance with the applicable laws. Moreover, in case of a statutory provision, a service order, or a formal preliminary examination, our Company has the right to render all relevant information available to a competent authority.

5.5. The Company generally keeps and processes your personal data within the European Economic Area (“EEA”). We do not regularly transfer data outside the EEA. When your data is to be transmitted to third countries outside the EEA or International Organizations for which no European Commission adequacy decision is available, we take all the appropriate safeguards provided for in the applicable data protection legislation on the transfers to third countries to be adopted prior to such transmission.      

  1. SECURITY of your personal data

We take appropriate technical and organizational measures to protect your personal data from unauthorized disclosure, use, conversion, or destruction. Where appropriate, we use encryption and other technologies that can help secure any information you provide us. We also ask our service providers to comply with privacy and data protection requirements. To conduct the processing, the Company selects individuals or third parties with corresponding professional qualifications that provide sufficient guarantees in terms of technical knowledge and personal integrity to maintain confidentiality and always act according to the Company’s instructions. Dottely, through its respective contractual commitments and its partners, takes all necessary security measures to protect and secure the confidentiality and integrity of personal data. In any case, the security of your personal data is subject to reasons beyond Dottely’s influence, as well as to reasons resulting from technical problems of the network that are not controlled by the Company or reasons of force majeure events. When extracting reports for statistical analysis, we anonymize the respective data upon which the research is based before creating the reports.

  1. HOW LONG will information about you be kept?

7.1. We will retain information about you for the period necessary to fulfill the purposes for which the information was collected. After that, we will delete it. Data retention periods may vary depending on the purposes for which the information was collected. Please note that in some circumstances, you have the right to request a deletion of the information. Yet, we are sometimes legally obliged to retain the information, for example, for tax and accounting purposes.

7.2. To determine the data retention time of your personal data, we take into account the nature of your data, its quantity, purpose, security, etc. You have the right to request that we delete your data. To exercise your rights, please see Article 8 of this Policy.

Purpose of processing

Retention Timeframes

Delivering our Services

We will retain the personal data of Vendors and their authorized users for as long as the Vendor holds an account with us and/or for as long as they receive our Services. Following the deactivation of an Account or the termination of our contract, we will retain any personal data for an additional period of 2 years. Following that period, we might rely on our legal obligation to retain certain data or information, mainly in pseudonymized form, for longer periods of time, if this is indicated by law (for example for tax purposes, as indicated by law from time to time).

Marketing Purposes  

When you provide personal data to receive marketing communication, your data will be kept for 2 years since your last interaction with said communication; for example, if you do not respond to any of our commercial communication for 2 years, we will delete your e-mail from said mailing lists immediately following the end of that period.

If you accept any cookies, the cookies will remain active for their indicated duration (see more details in our Cookie Policy).

Communication by you

Data received to communicate with you and present you with information about our Services are kept until said communication is conducted and for 2 years following that, based on our legitimate interest to retain proof of the communication. If you show an interest in our Services or if we eventually cooperate with you, the data will be kept for the duration of our cooperation or for as long as you interact with us; after your last interaction with us, we will only keep your data for as long as is necessary, subject to tax and other laws by which we must abide. On the occasion that we do not get in touch, your data is kept for a total of 2 years.

Reviews

User Reviews stay published for as long as a Listing is active on the Platform. Communication in the context of a Review (for example, e-mail verification or relevant inquiries initiated either by the User or by Dottely) is retained for as long as the Review is active in our Platform and/or as long as is necessary for the pursuit and or handling of any complaints/legal actions brought in that context. Following the de-listing of a Listing, Reviews and any relevant communication are retained for a period of 2 years or for longer periods of time, if indicated by purposes that serve our legitimate interest (e.g. providing evidence in the context of court proceedings).

Statistical & business analysis

We have the right in certain circumstances to anonymize some sets of data for research or statistical purposes, in a way that it cannot be associated with an identifiable person; we reserve the right to use this anonymized information for an indefinite period of time, for the purposes specified in this Policy.

  1. Your Rights And Your Options

Right (articles below refer to GDPR)

Explanation

Right of Access
(article 15)

You can request to:
-  Confirm that Dottely processes your personal data.
-  Provide you with access to any personal data that you do not already have at your disposal
-  Provide you with other information about your personal data, such as what data Dottely has, what it uses it for, to whom it might transfer it, whether it transfers it abroad, how it protects it, how long it retains it, what are your rights as a data subject, the process to submit a complaint, the sources of your data (to the extent such information has not already been provided in this Privacy Policy).

Right to Rectification
(article 16)

You can request to rectify inaccurate personal data.
Dottely may seek to verify the accuracy of the data before it rectifies it.

Right to Deletion/Right to Erasure
(article 17)

You can request Dottely to erase your Personal Data in case:
-  you have withdrawn your consent
-  at any time when they are no longer needed for the purposes of the Programme
-  if they have been illegally collected
-  when you object to the processing (or opt-out)

Dottely is not obliged to comply with a request to erase such data if the processing is necessary:
-  for compliance with a legal obligation
-  for the fulfillment of another legitimate purpose or another legitimate legal basis
-  for the establishment, exercise, or defense of legal claims

Restriction of processing
(article 18)

You can ask us to restrict the processing of your personal data when:
-  their accuracy is contested (see rectification), so that we can verify the accuracy of the personal data or
-  the personal data have been unlawfully processed but you oppose the erasure of the personal data or
-  they are no longer necessary for the purposes, which they were collected for, but you still need them for the establishment, exercise, or defense of legal claims or there is another legitimate purpose of processing or other legal basis.
-  you have exercised your right to object and you are waiting for its verification

Right to Data Portability
(article 20)

When processing is based on your consent and is carried out by automated means, you may request that we provide your personal data in a structured, commonly used, and machine-readable format, or you may request to be transferred directly to another controller. However, this right concerns only the data provided by the data subject and not any data produced by the controller based on already collected data.

Right to Object
(article 21)

You may at any time object to any processing of your personal data, which is based on the legitimate interest of Dottely or the performance of a task carried out for reasons of public interest.

If you exercise your right to object, Dottely has the right to demonstrate compelling legitimate grounds for the processing which override the rights and freedoms of the data subject, however, your fundamental rights and freedoms will not be affected.

Right not to be subject to automated individual decision-making, including profiling
(article 22)

Dottely doesn’t make decisions based solely on the automated processing of your personal data for the purposes of the Services. In any case, we inform you that you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Right to file a complaint before the competent Supervisory Authority

You have the right to lodge a complaint with the local competent Supervisory Authority that may occur in relation to all processing activities undertaken by Dottely. You may find more information on how to exercise your right to lodge a complaint here (Hellenic Data Protection Authority, 1-3 Kifisias Ave. 11523, 210 6475600, [email protected]). You can find a list of all the EU Authorities here.  

However, since your privacy is a top priority for us, we urge you to first reach out to us for any issues you may be facing regarding our use of your personal data. We would gladly try to find a solution to manage your requests, so we encourage you to contact us by any means.  

How to exercise your rights:

  • True & accurate data: You must always provide specific, accurate, and true data and/or facts so that we can answer and/or satisfy your request. Otherwise, Dottely shall not be held liable for any faults that are outside of its control. Additionally, we have the right to reject requests that are unfounded, excessive, abusive, made in bad faith, or illegitimate in the framework of the legal provisions. We may also ask for clarifications to understand your concerns and expectations to address your request more effectively.
  • Identity verification: We are entitled to ask you for proof of identity to fulfill your rights.
  • Cost: You will not have to pay to exercise your rights in relation to personal data unless otherwise provided by law or in cases where the request is unfounded or excessive. In that case, we may charge a reasonable fee. We will inform you of any possible charge before we carry out your request.  
  • Timeframes: Dottely aims at answering all valid requests the latest within one (1) month from their receipt unless the request is extremely complicated or the data subject has submitted multiple requests, in which case we aim at answering them within three (3) months. In case we need more than one month to carry out the request for the reasons mentioned above, we will inform you accordingly.  
  1. Amendments

9.1. This Privacy Policy was last updated on October 2023. We will routinely update this Privacy Policy to clarify our practices and to reflect new or different privacy practices, such as when we add new services, products, functionality, or features to the Platform. When the law, the competent Authorities, or other legally binding acts mandate a change to our privacy practices or the application or interpretation of personal data-related issues, we will update this Policy to reflect the necessary changes.

9.2. You acknowledge and agree that any use of the Services herein following any amendments, constitutes a confirmation of your acceptance of this Privacy Policy. Please read this Privacy Policy carefully and review it regularly for the latest information about our privacy practices.

9.3. If you wish to be provided with any clarification or information regarding the changes or have any reservations or questions about them (changes), you may reach out to us at our contact details listed above. Please note that any information/clarification about changes to this Policy given to you the way described above does not constitute a substitution, or any modification of this Policy.

  1. Applicable Law & Jurisdiction

This policy is governed by and construed according to the laws of Greece. Any dispute that may arise regarding the enforcement or interpretation of this Policy shall be subject to the exclusive jurisdiction of the courts of Athens, Greece.