“Applicable Data Protection Law” shall mean the laws and regulations of the United States, the European Union, the European Economic Area and/or their member states, and Switzerland and/or the United Kingdom and/or all and any applicable jurisdictions relevant as applicable to the Processing of the categories of Personal Data set forth in Section 4.7 of this DPA, including but not limited to, the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the Swiss Federal Data Protection Act (“FDPA”), and the California Consumer Privacy Act of 2018, Cal. Civ. Code § 1798.100-.199 (“CCPA”).
“Personal Data” means any data relating to an identified or identifiable person that is uploaded by you.
“Process” or “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, rePapayaing, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
“Services” means the Papaya service provided to you by us in accordance with the terms of the Service Agreement.
We are Papaya (www.papayadash.com). Our full company name is Papaya Technologies Ltd and our registered office is located in the UK. Papaya Technologies Ltd is the controller of the data and responsible for this policy.
About our third-party service integration
Using Papaya’s Services may entail mandatory or discretionary integration with third-party applications or software, such as (but not limited to) communication, chat and/or e-mail providers, task and project management software, and other providers. When users log-in with these methods or opt-in to integrate these Services, Papaya collects these providers’ identifiers (for instance, e-mail addresses) and saves them securely in our databases. We use them to link your identity across the third-party applications or software you chose to integrate with, for example so that when you are assigned a task in Papaya, that task will be assigned to you in your project management software and vice versa. You may always choose to revoke the integration you’ve opted-in to in Papaya at any time in your Papaya settings.
The data we collect and receive from you
We may collect, use, store and transfer the following different kinds of Personal Data about you:
We do not collect any special categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Legal bases for collecting your Personal Data
We will only use your Personal Data when the Applicable Data Protection Law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
How do we collect and receive your Personal Data?
We obtain your Personal Data when you provide it to us, such as when you contact us by email or telephone or by any other means). For example, you directly provide your Personal Data to us through your submissions or requests made via www.papayadash.com, including via forms you complete in order to contact us, to create an account on our website, respond to a survey or to subscribe to our Services.
You will also submit data of your choice when working within your tool in Papaya, and third-party application and software providers may provide us with access to your Personal Data to facilitate integration as described above.
How do we use your Personal Data?
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
Who do we share your Personal Data with?
We may share your Personal Data in accordance with your instructions and based on your use of the functionality of the Services, for example with your teammates, account administrators, billing and technical account users. We may also share your information with third-party application and software providers as described above.
In order to provide our website and Services we may share your information with the following service providers:
We may share your information with any buyer of our business if we choose to sell it or any third parties with whom we merge parts of our business or our assets. We may also share your information if we believe it to be necessary to comply with any court order, law, legal obligation, or legal process, including to respond to any government or regulatory request, to prevent fraud or to protect our rights of safety or those of our customers or other third parties.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to Process your Personal Data for specified purposes and in accordance with our instructions.
Where is your data stored and for how long do we keep it?
We store your data in the UK, EU and in the United States of America.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if there is a prospect of litigation in respect to our relationship with you.
We consider the nature and sensitivity and purpose for which we collected your date when deciding when it’s time to delete it.
Transfers outside the UK
Whenever we transfer your Personal Data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please get in touch with us at privacy@Papaya.com if you want further information on the specific mechanism used by us when transferring your Personal Data out of the UK.
How do we protect your data?
Papaya takes data security very seriously and we have put in place appropriate security measures to protect your Personal Data from being accidentally lost or used, accessed, altered or disclosed in an unauthorised way. We also make sure that only our employees, agents, contractors and other third parties with a business need to know your Personal Data have access to it. They will only Process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
What are my rights?
You have the right to:
Ask us to stop or to start sending marking messages at any time. If you want to exercise these rights you should contact us by email at email@example.com.
Our contact details
You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).
It is important that the Personal Data we hold about you is accurate and current so please keep us informed of any changes to your Personal Data.