Privacy Policy

Introduction

Welcome to Papaya's privacy policy.

We respect your privacy and are committed to protecting your Personal Data. This privacy policy will inform you how we look after your Personal Data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

Definitions

“Applicable Data Protection Law” shall mean the laws and regulations of the United States, the European Union, the European Economic Area and/or their member states, and Switzerland and/or the United Kingdom and/or all and any applicable jurisdictions relevant as applicable to the Processing of the categories of Personal Data set forth in Section 4.7 of this DPA, including but not limited to, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the Swiss Federal Data Protection Act (“FDPA”), and the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100-.199 (“CCPA”).

“Personal Data” means any data relating to an identified or identifiable person that is uploaded by you.

“Process” or “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, rePapayaing, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

“Services” means the Papaya service provided to you by us in accordance with the terms of the Service Agreement.

About us

We are Papaya (www.papayadash.com). Our full company name is Papaya Technologies Ltd and our registered office is located in the UK. Papaya Technologies Ltd is the controller of the data and responsible for this policy.

About our third-party service integration

Using Papaya’s Services may entail mandatory or discretionary integration with third-party applications or software, such as (but not limited to) communication, chat and/or e-mail providers, task and project management software, and other providers. When users log-in with these methods or opt-in to integrate these Services, Papaya collects these providers’ identifiers (for instance, e-mail addresses) and saves them securely in our databases. We use them to link your identity across the third-party applications or software you chose to integrate with, for example so that when you are assigned a task in Papaya, that task will be assigned to you in your project management software and vice versa. You may always choose to revoke the integration you’ve opted-in to in Papaya at any time in your Papaya settings.

Our privacy policy does not apply to any third-party applications or software that integrate with the Papaya platform, or any other third-party products, services or businesses. Please be sure to check the privacy policies of those third parties.

The data we collect and receive from you

We may collect, use, store and transfer the following different kinds of Personal Data about you:

Identity Data which includes first name, last name, username or similar identifier.
Contact Data which includes billing address, email address and telephone numbers.
Object Data which is uploaded onto the platform and or added, amended, edited by users as part of their use of the platform, including vehicle specific data, tickets and other interactions through the platform that require the upload of data
Biometric Data such as pictures or photos of you.
Employment Data such as job title and company name.
Financial Data which includes billing details such as bank account and payment card details.
Transaction Data which includes details about payments to and from you and other details of products and Services you have purchased from us.
Technical Data which includes internet protocol (IP) address, your login data, browser type and version, details of the webpage visited before you access or use our website, time zone setting and location, browser plug-in types and versions, operating system and platform, and other information about the devices you use to access this website such as type of device, device settings and unique device identifiers.
Profile Data which includes your username and email your preferences, feedback and survey responses.
Usage Data which includes information about how you use our website, products and Services. For example, when a user interacts with the Services, metadata is generated that provides information about the way that user works, e.g. we log the Workspaces, channels, people, features, content and links you view or interact with, the types of files shared, and which Third Party Services are used.
Data collected via Third Party Services. As described above, our Services may involve integration with third party applications or software. When such a third-party service is enabled, Papaya is authorized to connect and access information in accordance with our agreement with the third-party provider and any permissions granted by the user. For example, if a cloud storage application is enabled to allow files to be imported to the tool in which you are working, we may receive the username and email address of authorised users, and other information (such as log data, content, and device information) that the third-party provider makes available to Papaya to facilitate the integration. We do not receive or store your passwords for any of these third-party services when connecting you to them. Please check the third-party provider’s privacy notice and settings governing its own collection of your data to understand what information it may provide to Papaya.
Marketing and Communications Data such as your preferences in receiving marketing from us and your communication preferences.
Other Personal Data that you choose to upload. We also receive from you any other Personal Data that you choose to upload or input whilst using the Services. By voluntarily providing such Personal Data you acknowledge and agree that it may be transferred from your current location to our servers in the EU, UK and US (see below for more detail) and to the authorised third parties referred to below.

We also collect, use and share aggregated data such as statistical or demographic data. Aggregated data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy policy.

We do not collect any special categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Legal bases for collecting your Personal Data

We will only use your Personal Data when the Applicable Data Protection Law allows us to. Most commonly, we will use your Personal Data in the following circumstances:

Where you have clearly consented. This will be the case where you have voluntarily chosen to submit your Personal Data to the platform. You can withdraw your consent at any time by contacting us at [privacy@papayadash.com] (but this will not affect the legitimacy of our Processing prior to its withdrawal).

Where we need to in order to perform the contract we are about to enter into or have entered into with you.

Where we need to comply with a legal obligation.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, to enable us to conduct and manage our business in order to give you the best service/product and the best and most secure experience.

How do we collect and receive your Personal Data?

We obtain your Personal Data when you provide it to us, such as when you contact us by email or telephone or by any other means). For example, you directly provide your Personal Data to us through your submissions or requests made via www.papayadash.com, including via forms you complete in order to contact us, to create an account on our website, respond to a survey or to subscribe to our Services.

You will also submit data of your choice when working within your tool in Papaya, and third-party application and software providers may provide us with access to your Personal Data to facilitate integration as described above.

We also receive information indirectly when you navigate www.papayadash.com, as personal information about you and usage details are automatically observed and collected along with technical data about your equipment, browsing actions and patterns. This includes information such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connecting to www.papayadash.com and other technical communications information. We collect this Personal Data by using cookies, server logs and other similar technologies. Please see our cookie policy [LINK] for further details.

How do we use your Personal Data?

We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:

To enable user to user communication.
To enable us to communicate with you by responding to your requests and questions and by sending service-related, administrative and technical emails and other communications including information about updates to our products and Services, promotional offers and changes in our policies or terms.
To provide the Services to you under the contract we have entered into with you.
To undertake internal research for technical development as well as for constant verification and improvement of the quality and security of Papaya and the Services.
To investigate security issues and help prevent abuse, including the detection and eradication of malicious deceptive, fraudulent or illegal use.
To respond to law enforcement requests as required by the law, court orders or other governmental requests or regulatory requirements.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Who do we share your Personal Data with?

We may share your Personal Data in accordance with your instructions and based on your use of the functionality of the Services, for example with your teammates, account administrators, billing and technical account users. We may also share your information with third-party application and software providers as described above.

In order to provide our website and Services we may share your information with the following service providers:

Analytics and UX Providers
Authentication Providers
Cloud Hosting Providers
CRM Software
Email Marketing Platforms
Website Optimization Platforms
Customer Support Platforms
Communication Platforms
Form Builders

We may share your information with any buyer of our business if we choose to sell it or any third parties with whom we merge parts of our business or our assets. We may also share your information if we believe it to be necessary to comply with any court order, law, legal obligation, or legal process, including to respond to any government or regulatory request, to prevent fraud or to protect our rights of safety or those of our customers or other third parties.

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to Process your Personal Data for specified purposes and in accordance with our instructions.

Where is your data stored and for how long do we keep it?

We store your data in the UK, EU and in the United States of America.

We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if there is a prospect of litigation in respect to our relationship with you.

We consider the nature and sensitivity and purpose for which we collected your date when deciding when it’s time to delete it.

Transfers outside the UK

Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data.
In respect of transfer to certain service providers in other countries, we will use a lawful transfer mechanism such as the Standard Contractual Clauses approved for use in the UK which give Personal Data the same protection it has in the UK. For further details please contact us at [privacy@papayadash.com].

Please get in touch with us at privacy@Papaya.com if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK.

How do we protect your data?

Papaya takes data security very seriously and we have put in place appropriate security measures to protect your Personal Data from being accidentally lost or used, accessed, altered or disclosed in an unauthorised way. We also make sure that only our employees, agents, contractors and other third parties with a business need to know your Personal Data have access to it. They will only Process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

What are my rights?

You have the right to:

Access your Personal Data (commonly known as a "data subject access request"). You can receive a copy of the Personal Data we hold about you and to check that we are lawfully Processing it.
Ask for correction of your Personal Data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Ask us to erase your Personal Data. You have the right to request the erasure of your Personal Data at any time, if you don’t think that we have the right to hold it. However, we may retain certain information about you as required by law and for legitimate business purposes permitted by law.
Ask us to restrict our Processing of your Personal Data. ask us to suspend the Processing of your Personal Data in several scenarios, including if you want us to verify the accuracy of the data, and where our use of the data is unlawful but you do not want us to erase it.
Object to our Processing of your Personal Data for a particular purpose or to request that we stop using your Personal Data.
Ask us to transfer your Personal Data to a third party. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw your consent to us Processing your Personal Data where we are relying on consent to Process your Personal Data. However, this won’t affect the lawfulness of any Processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or Services to you. We will advise you if this is the case at the time you withdraw your consent.

Ask us to stop or to start sending marking messages at any time. If you want to exercise these rights you should contact us by email at privacy@papayadash.com.

Our contact details

If you have any questions about this privacy policy or our privacy practices, please contact us at [privacy@papayadash.com].

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).

Changes to the privacy policy and your duty to inform us of changes

We may change this privacy policy from time to time, for example to comply with updated laws and regulations or because of a change in our terms and conditions. We will post the changes to this page so that you can stay informed. If we make any changes that materially affect your privacy rights we will also contact you, for example by email.

It is important that the Personal Data we hold about you is accurate and current so please keep us informed of any changes to your Personal Data.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.