Part I – Information we collect and control
What we Collect
We may collect information about you only if we need the information for some legitimate purpose. YapCRM will have information about you only if (a) you have provided the information yourself, (b) YapCRM has automatically collected the information, or (c) YapCRM has obtained the information from a third party.
Legal bases for collecting and using information
Legal processing bases applicable to YapCRM: Our legal basis for information collection and use depends on the personal information concerned and the context in which we collect it. Most of our information collection and processing activities are typically based on (i) contractual necessity, (ii) one or more legitimate interests of YapCRM that are not overridden by your data protection interests, or (iii) your consent. Sometimes, we may be legally required to collect your information, or may need your personal information to protect your vital interests or those of another person.
Withdrawal of consent: Where we rely on your consent as the legal basis, you have the right to withdraw your consent at any time, but this will not affect any processing that has already taken place.
Your choice in information use
Opt out of non-essential electronic communications: You may opt out of receiving newsletters and other non-essential messages by using the ‘manage communication preferences’ function included in all such messages. However, you will continue to receive notices and essential transactional emails.
Disable cookies: You can disable browser cookies before visiting our websites, however to use our CRM services and some other services, cookies are required.
Who we share your information with
Third-party service providers: We may need to share your selected personal information and aggregated or de-identified information with third-party service providers that we engage, such as telecommunication companies, cloud data and web analytics providers. These service providers are authorised to use your personal information only as necessary to provide these services to us.
Other cases: Other scenarios in which we may share the same information covered under Parts I and II are described in Part III.
Your rights with respect to information we hold about you as a controller
You have the following rights with respect to information that YapCRM holds about you:
Right to access: You have the right to access the categories of personal information that we hold about you, including the information's source, purpose and period of processing, and the persons to whom the information is shared
Right to rectification: You have the right to update the information we hold about you or to rectify any inaccuracies. Based on the purpose for which we use your information, you can instruct us to add supplemental information about you in our database.
Right to erasure: You have the right to request that we delete your personal information in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected.
Right to restriction of processing: You may also have the right to request to restrict the use of your information in certain circumstances, such as when you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to data portability: You have the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means.
Right to object: You have the right to object to the use of your information in certain circumstances, such as the use of your personal information for direct marketing.
Retention of information
Part II – Information that YapCRM processes on your behalf
Information entrusted to YapCRM and purpose
You may entrust information that you or your organisation (“you”) control, to YapCRM in connection with use of our services or for requesting technical support for our services. This includes information regarding your customers and your employees (if you are a controller) or data that you hold and use on behalf of another person for a specific purpose, such as a customer to whom you provide services (if you are a processor).
Ownership and control of your service data
We recognise that you own your service data. We provide you complete control of your service data by providing you the ability to access your service data, and request export or deletion of your service data.
How we use service data
We process your service data when you provide us instructions through our services. For example, when you use YapCRM for email marketing, the email addresses of the persons on your mailing list will be used for sending the emails.
Who we share service data with
We may provide access to your service data to our employees so that they can identify, analyse and resolve errors. Access by our employees to your service data is logged and audited where technically feasible. Our employees will also have access to data that you knowingly share with us for technical support or to import data into our services. We communicate our privacy and security guidelines to our employees.
Retention of information
We hold the data in your account as long as you choose to use YapCRM Limited. Once you terminate your YapCRM user account, your data will get deleted from active database within 90 days. The data deleted from active database will be deleted from backups after 1 year.
Data subject requests
Please contact the customer of YapCRM if you would like to access, rectify, erase, restrict or object to processing, or export your personal data. We will extend our support to our customer in responding to your request within a reasonable timeframe.
Part III – General
How secure is your information
We have taken steps to implement appropriate administrative, technical & physical safeguards to prevent unauthorised access, use, modification, disclosure or destruction of the information you entrust to us. If you have any concerns regarding the security of your data, write to us at email@example.com with any questions.
Data processing agreement
To enable you to be compliant with the data protection obligations under the General Data Protection Regulation, we have a Data Processing Agreement (DPA) that is based on Standard Contractual Clauses. You can request a DPA by emailing us at firstname.lastname@example.org. Once we get your request, we'll forward the DPA to you for your signature.
Use of this website by children
YapCRM's websites are not intended for children under the age of 16 and YapCRM does not target our websites to children under 16. Also, YapCRM's policy is to not knowingly collect personal data from children under the age of 16.
External links on our websites
Social media widgets
Our services may include social media widgets such as Facebook "like" buttons and Twitter "tweet" buttons that let you share articles and other information. These widgets may collect information such as your IP address and the pages you navigate in the website and may set a cookie to enable the widgets to function properly. Your interactions with these widgets are governed by the privacy policies of the companies providing them.
Disclosures in compliance with legal obligations
We may be required by law to preserve or disclose your personal information and service data to comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements.
Enforcement of our rights
We may disclose personal information and service data to a third party if we believe that such disclosure is necessary for preventing fraud, investigating any suspected illegal activity, enforcing our agreements or policies, or protecting the safety of our users.
Notification of changes
YapCRM Limited may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
This policy is effective from 25th May 2018.