Privacy Policy
1. Introduction
Welcome to DealDeck. Your privacy is critically important to us. This Privacy Policy outlines how DealDeck ApS ("DealDeck", "we", "us", or "our") collects, uses, protects, and shares your personal data when you visit our website, dealdeck.ai, or use our application (the "Application").
This policy explains our role as both a Data Controller (for data we collect for our own purposes) and a Data Processor (for data we process on behalf of our customers).
2. The Data We Collect and Process
We process different categories of personal data depending on your interaction with us.
Our Application is a flexible tool. You may choose to include non-sensitive or sensitive personal data within the content you create. As the Data Controller, you are responsible for ensuring you have a legal basis to process this data.
When you browse our website, we may collect technical information such as IP address, browser type, operating system, device information, and usage data.
3. Purpose and Legal Basis for Processing
We are committed to processing your data lawfully, fairly, and transparently.
To Provide Our Service
We process the data you provide as a customer to fulfill our contractual agreement with you, allowing you to create, manage, and share content through our Application.Legal Basis: Performance of a contract.
For Security and Operations
We use data to monitor and protect the security, integrity, and availability of our Application.Legal Basis: Legitimate interest in maintaining a secure and robust service.
To Improve Our Services
We analyze usage data from our website and Application to understand user needs and improve our offerings.Legal Basis: Legitimate interest in business development.
To Communicate With You
We may use your contact information to send you service updates, security alerts, and administrative messages.Legal Basis: Performance of a contract or our legitimate interest.
4. Data Security
We take the security of your data very seriously. We have implemented a comprehensive Information Security Management System (ISMS) with robust technical and organizational measures to protect your data against accidental or unlawful destruction, loss, alteration, and unauthorized access
Our security measures include:
- Encryption (AES-256 at rest, TLS 1.2+ in transit)
- Role-based access controls & MFA
- Daily backups & Vulnerability management
- Employee data-security and compliance training (conducted annually).
In the event of a security breach, we will notify customers without undue delay, and where feasible, within 36 hours of being aware of it.
5. Data Retention and Deletion
Data remains accessible during your subscription and is permanently deleted sixty (60) days after the termination of your agreement with us.
6. Data Sharing and Subprocessors
We do not sell, rent, or trade your personal data. To operate and provide our services effectively, we may share personal data with carefully selected third-party service providers ("Subprocessors") who perform services on our behalf.
We have your general approval to use subprocessors. We conduct due diligence on all subprocessors and have written agreements in place that require them to provide at least the same level of data protection as set out in this policy and required by EU law.
Our Primary Subprocessor
Amazon Web Services (AWS)
Service: Cloud Hosting
Location: Germany / Ireland (European Economic Area)
We will notify our customers in writing at least thirty (30) days in advance of any planned changes to our list of subprocessors.
7. International Data Transfers
We primarily store and process your data within the European Economic Area (EEA). Any transfer of personal data to countries outside the EEA will only be done in full compliance with Chapter V of the GDPR, ensuring that appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data.
8. Your Data Protection Rights
Under GDPR, you have several rights concerning your personal data.
Right to Access
You have the right to request copies of your personal data.
Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure
You have the right to request that we erase your personal data, under certain conditions (Right to be Forgotten).
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Data Portability
You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Right to Object
You have the right to object to our processing of your personal data, under certain conditions.
How to Exercise Your Rights
- •If you are a DealDeck customer, you can exercise many of these rights directly through your account settings.
- •If you are a viewer of a DealDeck created by one of our customers, please direct your request to the customer (the Data Controller) who shared the DealDeck with you. We will assist our customers in responding to your requests.
- •For any other requests, please contact us at the details below.
You also have the right to lodge a complaint with a supervisory authority, such as the Danish Data Protection Agency (Datatilsynet), if you believe our processing of your personal data infringes data protection laws.
9. Auditing and Compliance
We are committed to demonstrating our compliance with the GDPR. We will provide our customers with all necessary information to verify our compliance and will allow for and contribute to audits as required by our agreement.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and, where appropriate, notifying our customers directly via email. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions or concerns about this Privacy Policy or our data protection practices, please do not hesitate to contact us.