We understand the importance of protecting your personal data. This Privacy Policy outlines our commitment to safeguarding the privacy of any personal data provided to us or collected by us when you visit DayFive.eu (the Site), use our mobile or browser-based application at app.DayFive.eu (collectively, the App), contact us, or engage with any services offered through or associated with our Site or App (the Services). It also applies to any other interactions we may have with you.
It is essential that you read this Privacy Policy alongside any other detailed privacy notices we may provide when collecting or processing your personal data. Doing so ensures you fully understand our privacy practices and how we handle your information.
DayFive processes personal data in the capacities of both Data Controller and Data Processor, as defined under the Data Protection Act 2018 (UK GDPR). As a Data Controller, we manage and process client information for our own purposes. As a Data Processor, we handle data that clients upload to our systems, platforms, or software.
If you are an end user of one of our clients, please refer to that client's privacy policy for details on how your personal data is managed. Clients who require a Data Processing Agreement (DPA) to define our processing relationship may contact us to request one.
1. The Information We Collect
Personal data refers to any information that relates to an identified or identifiable individual.
We collect, use, store, and disclose various types of personal data about you, which we have categorized as follows:
Identity Data – Includes your first name and last name.
Contact Data – Includes your billing address, email address, telephone number, Skype ID, and other social media usernames or profile links.
Financial Data – Includes credit card or bank account details collected by our third-party payment processors on our behalf.
Transaction Data – Includes details of payments made by you to us and records of the products and services you have purchased from us.
Technical and Usage Data – Includes your internet protocol (IP) address, login data, browser session details, geolocation data, device and network information, page views and session statistics, acquisition sources, search queries, and browsing behavior. It also includes information about your access and use of our website—such as interactions through cookies, communications with our website, and details of the browser and operating system you are using.
Profile Data – Includes your username and password for the App, records of support requests, content you post, send, receive, or share through our platform, as well as feedback and survey responses.
Interaction Data – Includes information you provide when participating in interactive features of our Services, such as surveys, contests, promotions, activities, or events.
Marketing and Communications Data – Includes your preferences for receiving marketing communications from us and third parties, as well as your communication preferences.
Professional Data – If you are a worker of ours or applying for a role with us, this includes details of your professional history, such as previous positions and professional experience.
2 Special Categories of Personal Data
Special categories of personal data include information related to race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health data, genetic and biometric data.
We do not actively request or collect special categories of data about you, nor do we collect information regarding criminal convictions or offences. However, if we ever need to collect such data, we will do so only as required or authorized by law.
3 How We Collect Personal Data
We collect personal data through various means, including:
Direct Collection – We obtain personal data directly from you when you interact with us. This includes when you register for an account, submit inquiries via the 'Contact Us' form on our website, request assistance through email or over the phone, or otherwise provide information to us.
Indirect Collection – We may also collect personal data indirectly as you engage with us. This can occur when you interact with our website, send emails, communicate with us over the phone, or submit online inquiries.
Third-Party Sources – We collect personal data from third parties, including:
Your employer, if they invite you to access our Services.
Any approved DayFive resellers.
Our analytics and cookie providers, as well as marketing service providers, who collect data on your website usage.
Publicly Available Sources – We gather personal data from publicly accessible sources, including official business registries such as Companies House and professional networking platforms like LinkedIn.
4 Purposes and Legal Bases for Processing
We collect and process your personal data only when we have a valid legal basis under applicable laws. Below, we provide a structured overview in table format, outlining how we use your personal data and the legal bases on which we rely. Where applicable, we also specify our legitimate interests.
In some cases, your personal data may be processed under multiple legal grounds, depending on the purpose of use. If you require further clarification regarding the specific legal basis applicable to your data in any given instance, please do not hesitate to contact us.
Types of Data We Use
The personal data we process includes, but is not limited to:
Identity Data – e.g., name, date of birth
Contact Data – e.g., phone number, email address
Profile Data – e.g., preferences, interests
Financial and Transaction Data – e.g., billing details, payment history
Technical and Usage Data – e.g., IP address, login data, browsing behavior
Marketing and Communications Data – e.g., communication preferences, responses to marketing campaigns
Professional Data – e.g., employment history, qualifications
Legal Bases for Processing
We rely on the following legal bases to process your data, including but not limited to:
Contractual Necessity – To enter into or fulfill our contractual obligations with you.
Legal Obligation & Compliance – To comply with legal requirements and regulatory obligations.
Legitimate Interests, such as:
Providing excellent customer support and responding to inquiries.
Recovering outstanding debts and sending important updates.
Improving our website, services, and marketing strategies.
Supporting business growth and development.
Evaluating and processing employment applications.
Purposes for Processing Your Data
We process your personal data for the following purposes:
Enabling access to our software, including providing you with a login.
Communicating with you about our services, including responding to inquiries and support requests made via our website.
Maintaining internal records for administrative, invoicing, and billing purposes.
Conducting analytics, including profiling, market research, and business development to enhance our services.
Executing advertising and marketing initiatives, including sending promotional materials about our events and services.
Assessing applications for job positions you have applied for.
Ensuring compliance with legal obligations and fulfilling regulatory requirements.
If you have consented to our use of data about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your data because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using our services.
5 Disclosure of Personal Data to Third Parties
We take the security of your personal data seriously and require all third parties to process it in compliance with applicable data protection laws, including the UK GDPR. To ensure your data is handled lawfully and securely, we have Data Processing Agreements (DPAs) in place with our third-party service providers.
We share personal data with third parties for specific purposes related to the provision of our services, including but not limited to:
Marketing and Communication Services – To automate and manage email communications, customer feedback collection, and chatbot interactions.
Cloud Storage and Security Providers – To securely store data and track system performance, errors, and logs.
Business Process Management and Customer Support Tools – To facilitate customer relationship management, lead tracking, customer support, and online meetings.
User Experience and Analytics Tools – To monitor user interactions and enhance service usability and performance, ensuring an optimised experience.
Upon request, we will disclose information about specific vendors if a customer or related party enquires about our use of a particular service provider.
Other Disclosures of Personal Data
We may also disclose personal data to:
Our employees, contractors, and affiliated entities.
Service providers who assist in delivering our services.
Professional advisors, including auditors, insurers, and legal consultants.
Payment processing services to facilitate transactions.
Business partners, agents, sponsors, or promoters of competitions and promotions.
Potential investors or acquirers in the event of a business transfer.
Courts, tribunals, regulatory bodies, or law enforcement agencies, as required by law or in connection with legal proceedings.
Third-party analytics and advertising partners to improve user engagement, measure performance, and optimise marketing efforts.
Any other third parties where disclosure is required or permitted by law, such as responding to legal requests or regulatory requirements.
6 Opt-Out Options
We respect your privacy preferences and provide several options for you to control your data.
7 International Data Transfers
In the course of our business operations, we may disclose personal data to third parties, some of whom may store, process, or access this data outside the United Kingdom, including within the European Union and other jurisdictions. It is important to note that data protection laws in some of these countries may not offer the same level of protection as those in the UK.
To ensure your personal data remains secure and is handled in compliance with UK GDPR and applicable data protection laws, we implement appropriate safeguards when transferring data internationally. These safeguards include:
Adequacy Decisions – We only transfer personal data to countries that have been officially recognised by the UK government as providing an adequate level of data protection.
Standard Contractual Clauses (SCCs) – Where adequacy decisions are not in place, we incorporate Standard Contractual Clauses (SCCs) into agreements with third-party service providers to ensure that your personal data receives a level of protection equivalent to UK standards.
Additional Safeguards – Where necessary, we implement supplementary measures, such as encryption and risk assessments, to further enhance data protection.
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, tax, accounting, and reporting obligations.
9. Data Retention Policy
In compliance with UK GDPR, the Data Protection Act 2018, and applicable US data protection laws, we adhere to the following data retention principles:
Retention Periods: Personal data associated with payment transactions will be retained for a minimum of five (5) years following the termination of our relationship, unless a longer period is required or permitted by law.
Purpose Limitation: Personal data is retained only for the original purposes for which it was collected and processed.
Data Minimisation: Regular reviews ensure that personal data no longer necessary for its intended purpose is either securely deleted or anonymised.
Security Measures: We implement technical and organisational safeguards such as encryption, access controls, and secure storage to protect retained personal data.
10 Your Rights and Controlling Your Personal Data
We are committed to ensuring that your personal data is processed in accordance with UK GDPR, the Data Protection Act 2018, and relevant US data protection laws. You have the right to access, correct, erase, restrict, object to, and port your personal data. To exercise any of these rights, please contact us using the details provided below.
11 Storage and Security of Personal Data
We are committed to ensuring the security and integrity of the personal data we collect. Our servers are currently located in Finland and Germany, ensuring compliance with UK and EU data protection standards.
12 Incident Response Plan
We have implemented a comprehensive Incident Response Plan to effectively manage and mitigate data breaches involving personal data, designed in accordance with UK GDPR and the Data Protection Act 2018.
13 Notification of Personal Data Breaches
In accordance with UK GDPR, where required we will report breaches to the Information Commissioner's Office (ICO) within 72 hours of becoming aware of them. Affected individuals will be notified without undue delay where a breach is likely to result in a high risk to their rights and freedoms.
14 Cookies Policy
We use strictly necessary cookies for authentication and security purposes only. These cookies allow you to securely sign in, maintain your session, and ensure the security of your login credentials. They do not track your browsing activity or collect personal data beyond what is necessary for authentication.
15 Links to other websites
Our website may contain links to other party's websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal data which you provide whilst visiting those websites.
16 Personal data from social network accounts
If you connect your account with us to a social network account, such as Google or Microsoft, we will collect your personal data from the social network in accordance with the privacy settings you have chosen on that social network.
17 Amendments
We may change this Privacy Policy from time to time. We will notify you if we make a significant change by contacting you through the contact details you have provided to us and by publishing an updated version on our website.
Appendix
App.DayFive Ltd, a company registered in England and Wales, with company number 16294573.
For any questions or notices, please contact us at info@dayfive.eu