Privacy Policy
We understand the importance of protecting your personal data. This Privacy Policy outlines our commitment to safeguarding the privacy of any personal data provided to us or collected by us when you visit DayFive.eu (the Site), use our mobile or browser-based application at app.DayFive.eu (collectively, the App), contact us, or engage with any services offered through or associated with our Site or App (the Services). It also applies to any other interactions we may have with you.
It is essential that you read this Privacy Policy alongside any other detailed privacy notices we may provide when collecting or processing your personal data. Doing so ensures you fully understand our privacy practices and how we handle your information.
DayFive processes personal data in the capacities of both Data Controller and Data Processor, as defined under the Data Protection Act 2018 (UK GDPR). As a Data Controller, we manage and process client information for our own purposes. As a Data Processor, we handle data that clients upload to our systems, platforms, or software.
If you are an end user of one of our clients, please refer to that client’s privacy policy for details on how your personal data is managed. Clients who require a Data Processing Agreement (DPA) to define our processing relationship may contact us to request one.
1. The Information We Collect
Personal data refers to any information that relates to an identified or identifiable individual.
We collect, use, store, and disclose various types of personal data about you, which we have categorized as follows:
Identity Data – Includes your first name and last name.
Contact Data – Includes your billing address, email address, telephone number, Skype ID, and other social media usernames or profile links.
Financial Data – Includes credit card or bank account details collected by our third-party payment processors on our behalf.
Transaction Data – Includes details of payments made by you to us and records of the products and services you have purchased from us.
Technical and Usage Data – Includes your internet protocol (IP) address, login data, browser session details, geolocation data, device and network information, page views and session statistics, acquisition sources, search queries, and browsing behavior. It also includes information about your access and use of our website—such as interactions through cookies, communications with our website, and details of the browser and operating system you are using.
Profile Data – Includes your username and password for the App, records of support requests, content you post, send, receive, or share through our platform, as well as feedback and survey responses.
Interaction Data – Includes information you provide when participating in interactive features of our Services, such as surveys, contests, promotions, activities, or events.
Marketing and Communications Data – Includes your preferences for receiving marketing communications from us and third parties, as well as your communication preferences.
Professional Data – If you are a worker of ours or applying for a role with us, this includes details of your professional history, such as previous positions and professional experience.
2 Special Categories of Personal Data
Special categories of personal data include information related to race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, genetic and biometric data.
We do not actively request or collect special categories of data about you, nor do we collect information regarding criminal convictions or offences. However, if we ever need to collect such data, we will do so only as required or authorized by law.
3 How We Collect Personal Data
We collect personal data through various means, including:
Direct Collection – We obtain personal data directly from you when you interact with us. This includes when you register for an account, submit inquiries via the ‘Contact Us’ form on our website, request assistance through email or over the phone, or otherwise provide information to us.
Indirect Collection – We may also collect personal data indirectly as you engage with us. This can occur when you interact with our website, send emails, communicate with us over the phone, or submit online inquiries.
Third-Party Sources – We collect personal data from third parties, including:
Your employer, if they invite you to access our Services.
Any approved DayFive resellers.
Our analytics and cookie providers, as well as marketing service providers, who collect data on your website usage.
Publicly Available Sources – We gather personal data from publicly accessible sources, including official business registries such as Companies House and professional networking platforms like LinkedIn.
4 Purposes and Legal Bases for Processing
We collect and process your personal data only when we have a valid legal basis under applicable laws. Below, we provide a structured overview in table format, outlining how we use your personal data and the legal bases on which we rely. Where applicable, we also specify our legitimate interests.
In some cases, your personal data may be processed under multiple legal grounds, depending on the purpose of use. If you require further clarification regarding the specific legal basis applicable to your data in any given instance, please do not hesitate to contact us.
Types of Data We Use
The personal data we process includes, but is not limited to:
Identity Data – e.g., name, date of birth
Contact Data – e.g., phone number, email address
Profile Data – e.g., preferences, interests
Financial and Transaction Data – e.g., billing details, payment history
Technical and Usage Data – e.g., IP address, login data, browsing behavior
Marketing and Communications Data – e.g., communication preferences, responses to marketing campaigns
Professional Data – e.g., employment history, qualifications
Legal Bases for Processing
We rely on the following legal bases to process your data, including but not limited to:
Contractual Necessity – To enter into or fulfill our contractual obligations with you.
Legal Obligation & Compliance – To comply with legal requirements and regulatory obligations.
Legitimate Interests, such as:
Providing excellent customer support and responding to inquiries.
Recovering outstanding debts and sending important updates.
Improving our website, services, and marketing strategies.
Supporting business growth and development.
Evaluating and processing employment applications.
Purposes for Processing Your Data
We process your personal data for the following purposes:
Enabling access to our software, including providing you with a login.
Communicating with you about our services, including responding to inquiries and support requests made via our website.
Maintaining internal records for administrative, invoicing, and billing purposes.
Conducting analytics, including profiling, market research, and business development to enhance our services.
Executing advertising and marketing initiatives, including sending promotional materials about our events and services.
Assessing applications for job positions you have applied for.
Ensuring compliance with legal obligations and fulfilling regulatory requirements.
If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services.
5 Disclosure of Personal Data to Third Parties
We take the security of your personal data seriously and require all third parties to process it in compliance with applicable data protection laws, including the UK GDPR. To ensure your data is handled lawfully and securely, we have Data Processing Agreements (DPAs) in place with our third-party service providers.
We share personal data with third parties for specific purposes related to the provision of our services, including but not limited to:
Marketing and Communication Services – To automate and manage email communications, customer feedback collection, and chatbot interactions.
Cloud Storage and Security Providers – To securely store data and track system performance, errors, and logs.
Business Process Management and Customer Support Tools – To facilitate customer relationship management, lead tracking, customer support, and online meetings.
User Experience and Analytics Tools – To monitor user interactions and enhance service usability and performance, ensuring an optimised experience.
Upon request, we will disclose information about specific vendors if a customer or related party enquires about our use of a particular service provider.
Other Disclosures of Personal Data
We may also disclose personal data to:
Our employees, contractors, and affiliated entities.
Service providers who assist in delivering our services.
Professional advisors, including auditors, insurers, and legal consultants.
Payment processing services to facilitate transactions.
Business partners, agents, sponsors, or promoters of competitions and promotions.
Potential investors or acquirers in the event of a business transfer.
Courts, tribunals, regulatory bodies, or law enforcement agencies, as required by law or in connection with legal proceedings.
Third-party analytics and advertising partners to improve user engagement, measure performance, and optimise marketing efforts.
Any other third parties where disclosure is required or permitted by law, such as responding to legal requests or regulatory requirements.
Use of Analytics and Advertising Features
We utilise analytics and advertising tools to enhance our understanding of user interactions and improve our services. These may include:
Remarketing Features – To re-engage users with relevant content.
Advertising Reporting Features – To measure and assess ad performance.
Demographics and Interest Reports – To gain insights into audience preferences.
Google Display Network Impression Reporting – To track advertising impressions.
Store Visits and Engagement Analysis – To assess offline interactions with our services.
To achieve this, we and our third-party vendors use first-party cookies, third-party cookies, and other tracking technologies to collect relevant data. These technologies help optimise marketing strategies and enhance user experiences.
For further information on how third parties, such as Google, process data when using our services, please refer to their respective privacy policies.
6 Opt-Out Options
We respect your privacy preferences and provide several options for you to control your data:
Google Analytics Opt-Out: You can opt-out of Google Analytics Advertising Features by installing the Google Analytics Opt-out Browser Add-on.
Personalised Ads on Google Content Network: To opt-out of personalised ad delivery on the Google Content Network, please visit the Google Ads Preferences Manager.
Other Analytics and Advertising Services
In addition to Google Analytics, we utilise various other tools to analyse data and manage advertising.
These services help us understand user behaviour, track advertising effectiveness, and improve our marketing strategies. Each service adheres to its privacy policies and provides mechanisms for users to manage their privacy preferences.
7 International Data Transfers
In the course of our business operations, we may disclose personal data to third parties, some of whom may store, process, or access this data outside the United Kingdom, including within the European Union and other jurisdictions. It is important to note that data protection laws in some of these countries may not offer the same level of protection as those in the UK.
To ensure your personal data remains secure and is handled in compliance with UK GDPR and applicable data protection laws, we implement appropriate safeguards when transferring data internationally. These safeguards include:
Adequacy Decisions – We only transfer personal data to countries that have been officially recognised by the UK government as providing an adequate level of data protection.
Standard Contractual Clauses (SCCs) – Where adequacy decisions are not in place, we incorporate Standard Contractual Clauses (SCCs) into agreements with third-party service providers to ensure that your personal data receives a level of protection equivalent to UK standards.
Additional Safeguards – Where necessary, we implement supplementary measures, such as encryption and risk assessments, to further enhance data protection.
By applying these measures, we are committed to ensuring that any international transfers of personal data comply with legal requirements and align with our Privacy Policy.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, tax, accounting, and reporting obligations. Additionally, personal data may be retained for a longer period where:
A complaint has been made.
There is a reasonable prospect of litigation relating to our relationship with you.
To determine the appropriate retention period, we assess factors such as:
The nature, sensitivity, and volume of the personal data.
The potential risks associated with unauthorised access, use, or disclosure.
The purposes for processing and whether they can be achieved through other means.
Relevant legal, regulatory, tax, and accounting obligations.
9. Data Retention Policy
In compliance with UK GDPR, the Data Protection Act 2018, and applicable US data protection laws, we adhere to the following data retention principles:
Retention Periods:
Personal data associated with payment transactions will be retained for a minimum of five (5) years following the termination of our relationship, unless a longer period is required or permitted by law.
Other types of personal data are retained based on regulatory obligations, business needs, and security requirements.
Purpose Limitation:
Personal data is retained only for the original purposes for which it was collected and processed.
Further processing of personal data beyond its original purpose occurs only with your explicit consent or where legally required.
Data Minimisation:
Regular reviews ensure that personal data no longer necessary for its intended purpose is either securely deleted or anonymised.
Security Measures:
We implement technical and organisational safeguards such as encryption, access controls, and secure storage to protect retained personal data from unauthorised access, alteration, disclosure, accidental loss, or damage.
Legal Compliance:
Our retention and disposal practices align with applicable regulations, including UK GDPR, the Data Protection Act 2018, US data protection frameworks (such as the California Consumer Privacy Act (CCPA) where applicable), and any sector-specific legal requirements.
10 Your Rights and Controlling Your Personal Data
We are committed to ensuring that your personal data is processed in accordance with UK GDPR, the Data Protection Act 2018, and relevant US data protection laws, such as the California Consumer Privacy Act (CCPA) where applicable. Below, we outline your rights regarding your personal data and how you can exercise them.
Your Choice
Please read this Privacy Policy carefully. By providing us with your personal data, you acknowledge that we will collect, process, store, and disclose it as described in this policy. You are not obligated to provide personal data; however, failure to do so may limit our ability to offer our services or affect your experience when using them.
Information from Third Parties
If we receive personal data about you from a third party, we will handle it in compliance with this Privacy Policy. If you are providing personal data on behalf of someone else, you confirm that you have their explicit consent to share their information with us.
Your Rights Under Applicable Data Protection Laws
Depending on your jurisdiction, including under UK GDPR and US data protection laws, you have the following rights:
Access and Information: You may request details of the personal data we hold about you and how it is processed (a "data subject request").
Correction and Rectification: You have the right to request corrections to any inaccurate or incomplete personal data we hold about you.
Erasure ("Right to be Forgotten"): In certain circumstances, you may request that we delete your personal data.
Restriction of Processing: You may ask us to restrict the processing of your data in certain situations, such as when you contest its accuracy or object to its processing.
Objection to Processing: You have the right to object to our processing of your personal data, particularly where we rely on legitimate interests or process data for direct marketing purposes.
Automated Decision-Making and Profiling: If we use automated decision-making that produces legal or similarly significant effects on you, you can request human intervention or object to such processing.
Data Portability: In some cases, you may request that we transfer your personal data to you or another organisation in a structured, commonly used, and machine-readable format.
Opting Out of Data Transfers: You have the right to stop unauthorised transfers of your personal data to third parties.
To exercise any of these rights, please contact us using the details provided below.
Unsubscribing from Communications
If you wish to unsubscribe from our email database or opt out of marketing communications, please contact us directly using the details below.
Withdrawal of Consent
Where our processing of your personal data is based on your consent, you may withdraw your consent at any time. This will not affect the lawfulness of processing carried out before your withdrawal. However, withdrawing consent may limit our ability to provide certain products or services to you. We will inform you of any such impact at the time of your request.
Complaints and Dispute Resolution
If you have concerns about how we handle your personal data, you can file a complaint by contacting us using the details below.
We take all complaints seriously and will investigate them promptly. You will receive a written response outlining the outcome of our investigation and any steps we will take to address your concerns.
If you are based in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent regulator for data protection. You can contact the ICO via their website: www.ico.org.uk.
For individuals in the United States, complaints may be directed to the appropriate state attorney general's office or regulatory authority responsible for data protection in your jurisdiction, including the California Privacy Protection Agency (CPPA) for residents of California.
However, we encourage you to contact us first so we can resolve your concerns before you escalate them to a regulatory authority.
11 Storage and Security of Personal Data
We are committed to ensuring the security and integrity of the personal data we collect. To protect your information from unauthorised access, misuse, interference, loss, modification, or disclosure, we have implemented a range of physical, electronic, and managerial safeguards in compliance with UK GDPR, the Data Protection Act 2018, and applicable US data protection laws, including the California Consumer Privacy Act (CCPA) where relevant.
Data Storage and Server Locations
Our servers are currently located in Finland and Germany, ensuring compliance with UK and EU data protection standards. However, we reserve the right to migrate data to other secure data centres based on capacity, performance, and service efficiency to provide the best experience for our customers. Any such migration will be conducted in accordance with applicable data protection laws and with appropriate security safeguards in place.
Security Measures
To safeguard personal data, we employ the following security measures:
Data Encryption: We use encryption protocols to protect data both in transit and at rest.
Access Controls: Strict access controls are in place to ensure only authorised personnel can access sensitive data.
Network Security: Our systems are regularly monitored and protected by firewalls, intrusion detection, and prevention measures.
Regular Security Audits: We conduct security assessments to identify vulnerabilities and enhance data protection.
Incident Response: A dedicated response plan is in place to address potential data breaches promptly and effectively.
Limitations of Internet Transmission
While we take all reasonable steps to secure personal data, no method of transmission over the Internet can be guaranteed as completely secure. As such, data transmission and exchange are carried out at your own risk. We encourage users to take their own precautions, such as using secure networks, enabling multi-factor authentication, and keeping software up to date.
12 Incident Response Plan
We have implemented a comprehensive Incident Response Plan to effectively manage and mitigate data breaches involving personal data. This plan is designed in accordance with UK GDPR, the Data Protection Act 2018, and applicable US data protection laws, including the California Consumer Privacy Act (CCPA) and other relevant frameworks.
Our Incident Response Plan follows a structured approach to ensure prompt identification, containment, resolution, and prevention of security incidents.
12.1 Detection and Analysis
Continuous monitoring and alert systems to rapidly identify and assess potential data breaches.
Prompt and thorough evaluation of suspected incidents to determine the scope and severity of the breach.
Classification of incidents based on risk levels, ensuring prioritised response to high-risk breaches.
12.2 Containment and Mitigation
Immediate containment measures to limit the impact of the breach and prevent further unauthorised access.
Isolation of affected systems, accounts, or data sources to prevent further compromise.
Deployment of mitigation strategies, including security patches, access restrictions, and network segmentation.
12.3 Eradication and Recovery
Identification and elimination of the root cause of the breach to prevent recurrence.
Restoration of systems and data to full operational status while ensuring data integrity.
Implementation of additional security controls to strengthen protection post-recovery.
12.4 Post-Incident Review and Compliance
Conducting a thorough post-incident analysis to identify vulnerabilities and improve future responses.
Updating security policies, procedures, and training based on lessons learned.
Regulatory Compliance: Where legally required, we will notify the appropriate regulatory authorities, such as the UK Information Commissioner’s Office (ICO) and US regulatory bodies, as well as affected individuals, in accordance with statutory breach notification requirements.
By following this structured plan, we aim to minimise disruption, protect data integrity, and continuously enhance our security framework.
13 Notification of Personal Data Breaches
In accordance with UK GDPR, the Data Protection Act 2018, and applicable US data protection laws, including the California Consumer Privacy Act (CCPA) and relevant state regulations, we have established a structured protocol for handling and notifying personal data breaches.
13.1 Regulatory Notification
If a personal data breach occurs, we will assess its severity and impact.
Where required under UK GDPR, we will report the breach to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of it, unless it is unlikely to result in a risk to individuals' rights and freedoms.
The notification to the ICO will include all required details under Article 33 of the UK GDPR, such as:
The nature of the breach and the categories of affected personal data.
The approximate number of affected individuals and records impacted.
The potential consequences of the breach.
The measures taken or proposed to address the breach and mitigate its effects.
For US-based incidents, we will notify the appropriate regulatory authorities in compliance with state-specific data breach notification laws, including CCPA in California and other applicable federal or state laws.
13.2 Individual Notification
If a breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform affected individuals without undue delay.
Notifications to affected individuals will include:
A clear and transparent explanation of the breach.
Details about the types of data involved and potential consequences.
Steps individuals can take to protect themselves.
The measures we are taking to address the breach and prevent future occurrences.
13.3 Information Provided in Notifications
Notifications to both regulatory authorities and individuals will include:
The nature of the breach and its potential risks.
Categories of personal data involved and number of affected records.
Actions taken to contain and mitigate the breach.
Recommendations for affected individuals to minimise potential harm.
Contact information for further inquiries.
13.4 Record Keeping and Compliance
As required by Article 33(5) of the UK GDPR, we will maintain detailed records of:
The nature and impact of the breach.
Notifications made to regulatory bodies and affected individuals.
Corrective actions taken to prevent future breaches.
Internal assessments and remediation measures.
For compliance with US data protection laws, we will adhere to state-specific record-keeping requirements related to breach incidents.
By following this structured breach notification process, we ensure compliance with UK GDPR and US data protection laws, safeguarding the rights of individuals and maintaining transparency in our data security practices.
14 Cookies Policy
This Cookies Policy explains how we use cookies on our App / Site strictly for authentication purposes. It outlines your rights in accordance with UK GDPR, the Data Protection Act 2018, and applicable US data protection laws, including the California Consumer Privacy Act (CCPA) where relevant.
By continuing to use our Website, you agree to the use of cookies as described in this policy.
We use strictly necessary cookies for authentication and security purposes. These cookies:
Allow you to securely sign in and access your account.
Maintain your session to prevent the need for repeated logins.
Ensure the security of your login credentials and prevent unauthorized access.
These cookies do not track your browsing activity or collect personal data beyond what is necessary for authentication.
Under UK GDPR, we process authentication cookies based on our legitimate interest in ensuring secure access to our services.
Under US data protection laws, including CCPA, these cookies are considered essential and are not subject to opt-out requirements as they are necessary for the functioning of our application.
Because our cookies are strictly necessary for login and account security, they cannot be disabled without impacting your ability to use our services.
If you disable cookies in your browser settings, you may not be able to log in or access your account.
We may update this Cookies Policy from time to time to reflect changes in legal requirements or security measures. We encourage you to review this policy periodically for any updates.
15 Links to other websites
Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal data which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.
16 Personal data from social network accounts
If you connect your account with us to a social network account, such as Google or Microsoft, we will collect your personal data from the social network. We will do this in accordance with the privacy settings you have chosen on that social network.
The personal data that we may receive includes your name, ID, user name, handle, profile picture, gender, age, language, and any other personal data you choose to share.
We use the personal data we receive from the social network to create a profile for you on our platform.
If you agree, we may also use your personal data to give you updates on the social network which might interest you. We will not post to your social network without your permission.
17 Amendments
We may change this Privacy Policy from time to time. We will notify you if we make a significant change to this Privacy Policy, by contacting you through the contact details you have provided to us and by publishing an updated version on our website.
Appendix
App.DayFive Ltd, a company registered in England and Wales, with company number 16294573
Definitions
For the purposes of this Privacy Policy, the following definitions apply:
"DayFive", "we", "us", "our" – App.DayFive Ltd, a company registered in England and Wales, providing services through its Site, App, and related platforms.
"Site" – The website located at DayFive.eu
"App" – The browser-based application available at app.DayFive.eu
"Services" – Any services offered through or associated with our Site, App, or any interaction between DayFive and users.
"Data Controller" – DayFive in relation to client information collected and processed for its own purposes.
"Data Processor" – DayFive when processing data uploaded by clients onto its systems.
"DPA" (Data Processing Agreement) – A contractual agreement governing data processing responsibilities.
"Personal Data" – Any information related to an identified or identifiable individual.
"Special Categories of Personal Data" – Sensitive information such as race, ethnicity, religion, political opinions, health data, and biometric data.
"Technical and Usage Data" – Information such as IP address, browser session, geolocation, and browsing behavior.
"Transaction Data" – Payment details, invoices, and purchase history.
"Marketing and Communications Data" – Preferences for receiving marketing materials.
"Legal Basis" – The lawful grounds for processing personal data, such as contractual obligations, legitimate interests, or legal compliance.
"Cookies" – Small data files stored on a user’s browser to enhance website experience.
"ICO" (Information Commissioner’s Office) – The UK’s data protection regulatory authority.
For any questions or notices, please get into contact with us