Data Protection & Security on DOYOU

We consider consent, data privacy, and transparency a top priority. Global initiatives such as the EU's General Data Protection Regulation (GDPR) are important steps to bring them to the center. Bringing the power to control personal information that we and other businesses store into the hands of you, the user, are an important pillar in building a service and community like DOYOU.

Our Commitment

Protecting your data is built into the core of our service. We only gather and store information that is absolutely necessary to offer our service, and we only do this with your consent. That’s why we are committed to complying with the privacy, security, and data protection goals of GDPR and beyond.

Along with a highly secure and robust system architecture, we have a variety of security measures in place to prevent unauthorized access and processing of personal data. To find out more about the data that we collect, check out our privacy policy and terms.

To accomplish full GDPR compliance, we have set up an internal compliance team that has been working with external specialists to assess our requirements and roll out the required changes.

Here’s an overview of what the steps we have taken to ensure your data is safe and in your hands.

GDPR Compliance

  1. We have created and sustain awareness within the company regarding the Privacy by Default and Privacy by Design principles that need to be kept in mind for ongoing development.
  2. We are continuously bringing together our internal and external product, marketing, compliance, and security specialists to oversee DOYOU’s GDPR compliance initiatives.
  3. We continuously analyze all the areas of our product and service that GDPR has an effect on and created a data retention policy including an automated process to adhere to it.
  4. To make our use of your data transparent, we continuously update our privacy policy in accordance with GDPR and communicate the changes to you.
  5. We only work with third-party technology and vendors that are absolutely aligned with our privacy and transparency commitment and comply with GDPR.

Controlling Data

We recognize our responsibilities as a data controller towards you, our users. Below, you’ll find all the steps we’re taking towards fulfilling all legal obligations under GDRP as a data controller.

Data Categorization and Analysis

  • We constantly carry out data mapping exercises to track the flow of personal data through our systems.
  • We established and are maintaining a clean data repository that is constantly updated. This gives us control over the data flowing through our systems, with clear processes for handling, securing, and storing this data.

Data Retention

To avoid storing and processing any of your data beyond the necessary period, we have established an automated data retention mechanism. Here’s how our data retention process works, when you as a customer close your account with us:

  • We delete your Personally Identifiable Information (PII) and all end-user data from our databases within a period of 120 days.
  • This includes deleting your profile and all your end-user information from our systems.
  • The only data we keep, is the data needed for further compliance, for example invoices, subscription information, and audit logs.

Consent Mechanism

  • We actively collect consent from your, wherever it’s applicable — especially in the case of any marketing communication.
  • We want you to have complete control over the communication you receive from us. To give you the option to withdraw your consent at any given time, all our emails feature a one-click unsubscribe link. We’re furthermore adding an easy way for you to manage your email preferences within the app.

Feature Development and Privacy Principles

We have a process in place which is built to guarantee all our features meet the standards of GDPR and beyond. Our product and engineering teams are following a Privacy by Design and Privacy by Default approach.

Exercising your rights under GDPR

We’ve added a dedicated privacy section to your profile settings to help you exercise your rights under GDPR or simply request your account (and all related data) to be deleted. Click here to check it out (you’ll need to login to your account to be able to access this link).

Note: This section is continuously being updated with our latest information and updates.