DOJO APP PRIVACY POLICY STATEMENT

Scope of this Policy

We are TheTriangleLab Limited (Dojo, we, us, our), the company behind the Dojo service (Service). The Service is designed as an online and Smartphone application (App) providing location-based recommendations for services, products and venues including restaurants, bars and events. The individual or organisation that subscribes to the Service will be referred to as the “Subscriber” or “you”.

This privacy policy (Privacy Policy) sets out the ways in which we collect and use your personal data (your Personal Information) in connection with our business. It also explains what rights you have to access or change your personal data.

For the purposes of the General Data Protection Regulation, we are the data controller.

Contacting Dojo about privacy questions or concerns

If you have any questions about this Privacy Policy, or any queries, requests or complaints in regard to the Service or the use of your Personal Information, please contact Dojo by sending an email to the following address (indicating “PRIVACY REQUEST” in the message line): [email protected].

If you contact Dojo by e-mail, we may keep a record of your correspondence or comments. We may ask for your name, e-mail address and contact information in order to send you a reply.

Third party information and links

Information may be sourced from third parties by Dojo and/or you in compiling the Service. Where such third party information forms or may form part of the Service, we have relied on the information provided to us by third parties. We do not guarantee the correctness or completeness of the information provided on the Service.

The Service may contain advertisements (which may be directed to Subscribers based on information you include in your personal profile when using the Service), plug-ins and links to other websites that are owned and operated by third parties. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. The information practices of those websites linking from or to the website are not covered by this Privacy Policy or the Terms of Use, and Dojo is not responsible and cannot be held liable for the content or practices of any third party website. Please consult each website’s privacy policy. The provision of a link on the Service does not constitute an endorsement of that website or related any products or services. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Sharing directly with third parties

You and other Subscribers may share content on the Service via a number of social media platforms (including, without limitation, Facebook, Twitter, Google+) and email. When content is shared in this way a link to that content is sent out via the relevant social media channel.

When you share Personal Information through the Service with third parties (including other Subscribers) and via other online services (such as Facebook), that information will remain under the control of the third party or other service in question. Dojo has no control over the use of Personal Information which has been shared with third parties and this Privacy Policy Statement does not relate to such use of the Subscriber’s Personal Information. We recommend that you review the privacy policies of third parties to whom you share Personal Information with via the App.

Please be responsible with personal information of others when using Service. We are not responsible for your misuse of Personal Information, or for the direct relationship between you and others when takes place outside of the Service.

“Personal Information”

The Dojo Privacy Policy concerns the use by Dojo of Personal Information. Personal Information, or “personally identifiable information”, as it is sometimes known, is a reference to data that can be linked to or identified with a living individual.

This Privacy Policy does not apply to any data insofar as it is held, processed, disclosed or published in a form which cannot be linked to a living individual (such as anonymised data, aggregated data, or coded data which, in a given form, cannot effectively be used to extract Personal Information) (“Generic Data”). Dojo reserves the right to generate Generic Data out of any databases containing Personal Information and to make such use as it sees fit of any such Generic Data.

Personal Information we may collect about you

We will collect any information that you provide to us when you:

are making an enquiry, provide feedback or make a complaint on the App;
submit correspondence to us by post, email or via our website or App;
book services, products and venues via the App;
create an account to use the App;
update your profile and other account details;
subscribe to our newsletter and mailing lists;
fill in a form, conduct a search, post content on the App, respond to surveys, participate in promotions or use any other features of the App;
submit reviews and comments on the App; and/or
submit an application to a job vacancy.

The information you provide to us will include (depending on the circumstances):

Identity and contact data: title, names, addresses, email addresses and phone numbers;
Account profile data: if you’re registering for an account you may also provide a username, password, language preferences;
Financial Data: if you are using the App to make a reservation or book a sservice, you will also provide payment details, which may include billing addresses, credit/debit card details and bank account details;
Employment and background data: if you are submitting a job application, you may also provide additional information about your academic and work history, projects and research that you are involved in, references and any other such similar information that you may provide us; and
Survey data: from time to time we might ask if you would be willing to participate in our surveys; if you agree, we will also collect information provided in such survey.

We also collect the following information about you when you use the Service:

Location Data: the Service accesses your location via the GPS ability of your Smartphone or other device for the purpose of locating convenient services, products and venues;
Google Analytics: the Service uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies” to help an app analyse how users use the app. The information generated by the cookie about your use of the app (including your IP address) may be transmitted to and stored by Google on servers outside the EEA. Google will use this information for the purpose of evaluating your use of the Service, compiling reports on in-app activity for app operators and providing other services relating to app activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this app, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
URL, internet protocol and website usage information: when you use the Service your IP address is recorded to guard against possible abuses. This information is not used by us to track your movement outside the Service. We may also collect information about users of the app through preference choices you make and information on your usage of the Service. We use your IP address to diagnose problems with and administer the Service and to gather demographic information, and to help prevent abuse or fraudulent use of the Service or your account.

Purposes for which Dojo uses Personal Information and Recipients of your Personal Information

We will use your information for the purposes listed below either on the basis of:

performance of your contract with us and the provision of our services to you;
your consent (where we request it);
where we need to comply with a legal or regulatory obligation; or
our legitimate interests – by this we mean our legitimate business interests in conducting and managing our business and our relationship with you, including the legitimate interest we have in personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you.

Where we use your information for our “legitimate interests”, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights to your Personal Information”

Dojo uses Personal Information provided by Subscribers and accessed by the Service for the purposes of:

Providing access to our Service: administering, delivering, improving and personalising the Service (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner).
Subscriber support and relationship management: to provide customer service and support (on the basis of our contract with you) and to manage our relationship with you, which will including notifying you about changes to our terms of use or privacy policy, and asking you to leave a review or take a survey (on the basis of performing our contract with you, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated and study how our website and services are used);
Prize draws, competitions and surveys: to enable you to take part in prize draws, competitions and surveys (on the basis of performing our contract with you and our legitimate interest in studying how our website and services are used, to develop them and grow our business);
Marketing: to keep in contact with you about our news, events, new website features products or services that we believe may interest you, provided that we have the requisite permission to do so (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);
Advertising: to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (on the basis of our legitimate interests in studying how our website/services are used, to develop them, to grow our business and to inform our marketing strategy);
Recruitment: to process any job applications you submit to us including sharing this with our third party recruitment agency;
Research: to carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of products and services to our website users); and
Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).

Except in relation to certain selected partner websites, Dojo will not permit your Personal Information to be used for direct marketing purposes.

In connection with the purposes and on the lawful grounds described above, we will share your Personal Information when relevant with third parties such as:

Other Subscribers: other Subscribers who you use the Service and with whom you communicate via the Service;
Partners and collaborators: these are the restaurants, bars and events companies accessible to you via the Service ;
Our service providers: service providers we work with to deliver our business, who are acting as processors and provide us with:

website development and hosting services;
IT, system administration and security services;
marketing and advertising services (including the Google Adwords service), analytics providers (including Google Analytics and Mixpanel);
maps services (including Google Maps API);
social media plugin services including Facebook;

Marketing parties: any selected third party that you consent to our sharing your information with for marketing purposes;
Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and
Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

Other forms in which Personal Information may be used

We may disclose Personal Information to third parties if we believe that such disclosure is reasonably necessary to enforce or apply the Terms of Use that a Subscriber has accepted in relation to the Service or to protect the rights, property, safety and integrity of Dojo or the Service, or otherwise as provided by law or required by any court of competent jurisdiction or any regulatory authority acting under statutory powers.

There may be limited circumstances in which Dojo is obliged to disclose Personal Information to unrelated third parties such as:

· In response to the following: (1) to satisfy a legitimate government request or direction or in response to a court order or in connection with legal proceedings; (2) in response to a third-party subpoena, if on legal advice such response is required; or (3) if necessary to defend Dojo, or its partners or other Subscribers (for example, in a lawsuit).

· If you request a specific service or product which is administered by a third party who is working with Dojo, your Personal Information may be shared with such third party in order to respond to the request. The third party in question may also transmit back to Dojo any new information obtained from you.

Dojo will fully co-operate with law enforcement, investigation and security agencies and regulators to identify anyone who uses the Service or software for illegal activities. Dojo reserves the right to report to law enforcement, investigation and security agencies and to regulators any activities that are believed to be unlawful.

Storage (including international transfers outside of the EEA), Security and Retention of Personal Information

Storage

Personal Information that Dojo collects is stored on its servers (which may be cloud-based and located outside the EEA). We implement and maintain adequate security measures to protect such information stored on our servers and seek to comply with all local rules in respect of storage of data.

Whenever we transfer Personal Information out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implemented:

We will only transfer your Personal Information to countries that have been deemed to provide an adequate level of protection for Personal Information by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, European Commission: Model contracts for the transfer of personal data to third countries; and
Where we use service providers based in the USA, we may transfer Personal Information to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us using the contact details at the top of this Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Security

We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use such as:

ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption;
maintaining a data protection policy for, and delivering data protection training to, our employees; and
limiting access to your personal information to those in our company who need to use it in the course of their work.

Retention

Dojo also strives to collect no more Personal Information from end-users than is required for the purpose for which it is collected. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it, For example,

we archive our email and paper correspondence regularly and destroy information older than 5 years;
we retain information relating to reservations and bookings and Subscriber queries for approximately 5 years;
we maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes we must store this information permanently; and
Personal Information may be stored on our back-up media for limited periods of time and we permanently delete all data help on back-up media after a period of [X years]; and
we also retain Generic Data obtained from your Personal Information.

Help keep your information safe

You can also play a part in keeping your information safe by:

choosing a strong account password and changing it regularly;
using different passwords for different online accounts;
keeping your booking references and passwords confidential and avoiding sharing your login with others;
making sure you log out of the Service each time you have finished using it. This is particularly important when using shared devices;
letting us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission;
keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software; and
being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in ‘@[insert company email domain here e.g. @example.com]’.

“Sensitive” information

Dojo does not seek to collect “sensitive” Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) Dojo does not wish to receive any such data and will not request it. If Subscribers voluntarily post such information on the Service or share it with other Subscribers, the Subscriber assumes the risk of such information being accessed, used or distributed by others as such information has been manifestly made public by the Subscriber.

Data on children Persons under the age of 16 should not transfer Personal Information to us unless they have the consent of their parent(s) or guardian(s). We do not knowingly collect, nor do we want to receive, personal information about individuals who are under 13 years of age. If you are under the age of 13, please do not access our Service at any time or in any manner. We will take appropriate steps to delete the Personal Information of persons under the age of 13.

Your Rights to your Personal Information

You have certain rights in respect of the Personal Information that we hold about you, including:

the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Policy;
the right to ask us not to process your personal data for marketing purposes;
the right to request access to the information that we hold about you;
the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
in certain circumstances, the right to ask us to stop processing information about you; and
the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/).

Some upcoming new rights…

From 25 May 2018, in accordance with new data protection laws which will be in force from that date, you will have certain additional rights in respect of the information that we hold about you, including:

in addition to your right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/), you will also be able to lodge a complaint with the relevant authority in your country of work or residence;
the right to withdraw your consent for our use of your information in reliance of your consent, which you can do by contacting us using any of the details at the top of this Privacy Notice;
the right to object to our using your information on the basis of our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground; and
the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances; and
the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances.

How to exercise your rights

You may exercise your rights above by contacting us using the details at the top of this Privacy Policy, or in the case of preventing processing for marketing activities also by checking certain boxes on forms that we use to collect your data to tell us that you don’t want to be involved in marketing or by updating your marketing preferences via your account with us.

What we need from you to process your requests

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will need to have created an account in order for us to provide you with your information because without an account, we are not able to connect your data to a verifiable email address.

From 25 May 2018, you will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Changes to your Personal Information and unsubscribing from the Service

It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your use of the Service. You may change the Personal Information that Dojo retains about you by accessing the Service and following the instructions.

You may unsubscribe from the Service at any time. When you unsubscribe from the Service (or when it is otherwise terminated) we will permanently and irretrievably delete all Personal Information we hold on your behalf, save that:

(1) copies of your Personal Information may remain stored for limited periods of time on back-up media which shall be cleansed from time to time;

(2) Dojo reserves the right to retain records of your Personal Information if we reasonably require to maintain such records for legal purposes, to investigate and respond to complaints, to enforce our Terms of Use or to defend ourselves against any claim or allegation, or if we require to retain such data for other legitimate reasons; and

(3) Dojo shall be entitled to retain any data in Generic Data obtained from your Personal Information.

Privacy Policy changes

This Privacy Policy was last changed on 25th May 2018. If Dojo makes changes to the Privacy Policy, the new version will be posted on the Service. If material changes are made to the Privacy Policy we will notify you by email. Dojo may change, modify, add or remove portions of this Privacy Policy at any time, and any changes will become effective immediately upon being posted unless stated otherwise.