Data Protection And Privacy Policy

Updated 6/30/2021

1.   Preamble

DUKKA INC respects your privacy and is committed to protecting your data. We know you care about how your personal information is being used and we take your privacy very seriously. By using our app, you acknowledge that you accept the practices and policies outlined in this Data Protection and Privacy Policy.

2.   Introduction

This Data Protection and Privacy Policy (the “Privacy Policy”) describes your privacy rights regarding DUKKA INC’s (“Dukka App” “Dukka Software” “we”, “us” or “our”) collection, use, storage, sharing, and protection of your personal information. It applies to our website and all related sites, applications, services, and tools (“Services”) regardless of how you access or use them.

This Privacy Policy applies to all forms of systems, operations, and processes within our environment that involve the collection, storage, use, transmission, and disposal of Personal Information (described below). It is provided to help you understand what information we collect from you, how the information collected is used, how we protect it, and your rights to it, amongst others. This Privacy policy also forms part of our Terms of Use and Service.

This Privacy Policy is strictly restricted to only our Services and therefore does not apply to services that are not owned or controlled by us, including third-party websites. We are committed to handling all personal data provided to us in compliance with both applicable and model data privacy and protection laws.

3.   Consent

To use our Services in any manner, you indicate to us that you have read and accepted this Privacy Policy and consent to the data practices described in this Privacy Policy. If you do not accept this Privacy Policy and do not meet or comply with the provisions set forth herein, then you may not use our Services.

4.   The Information We Collect

1.  Personal Information we collect

As part of our operations, we collect and processes certain types of information (such as name, telephone numbers, address etc.) of individuals that makes them easily identifiable. These individuals include current, past and prospective employees, merchants, suppliers/vendors, customers of merchants, registered users (“Users”) and other individuals whom we communicate or deals with, jointly and/or severally (“Data Subject(s)”).

To use our Services, you will voluntarily provide us with certain Personal Information. Personal Information refers to information relating to an identified person or information that can be used to identify you. These include:

  1. full name
  2. phone number
  3. email
  4. password
  5. business name
  6. business address
  7. business category
  8. state of business
  9. country of business
  10. currency type
  11. customer Information (optional)

2.  Personal Information we Need to Access

Dukka Software will also require access to certain features of the user’s smartphone or device and user information that will be stored on its database. Phone features Dukka will require access/permission to be granted will include:

  1. Camera (read and write access)
  2. Calendar (read and write access)
  3. Contacts (read access)
  4. SMS (read access)
  5. Location (read access)
  6. Storage (read and write access)
  7. Telephone

3.  Additional Personal Information we collect

We may retrieve additional Personal Information about you from third parties and other identification/verification services such as your financial institution and payment processor. With your consent, we may also collect additional Personal Information in other ways including emails, surveys, and other forms of communication. Once you begin using our Services, we will keep records of your transactions and collect information of your other activities related to our Services. We will not share or disclose your Personal Information with a third party without your consent except as may be required for the purpose of providing you with our Services or under applicable legislations.

In providing you with the Services, we may rely on third-party servers located in foreign jurisdictions from time to time, which as a result, may require the transfer or maintenance of your personally identifiable information on computers or servers in foreign jurisdictions. We will endeavor to ensure that such foreign jurisdictions have data protection legislation that is no less than the existing data protection regulations in force and your personally identifiable information is treated in a safe and secure manner.

4.   Company’s Information

In servicing your clients (that are companies) and to digitize ledger books, confirm invoices for and receive payments on your behalf, we will require some information which you will voluntarily provide. These may include name of the company, address, books of account of the company, bank details and other documents, bank details. This information will only be accessible to our employee for the provision of the aforementioned services to the company and only on a need-to-know basis.

5.   Information That We Collect From Website Visitors

We do not collect your Personal Information when you visit the website. However, so we can monitor and improve our website and services we may collect non-personally identifiable information. We will not share or disclose this information with third parties except as a necessary part of providing our Services. We may where applicable, use the information to target advertisements to you.

6.   Purpose Limitation

We collect Personal Information only for identified purposes and for which consent has been obtained. Such Personal Information cannot be reused for another purpose that is incompatible with the original purpose, except consent is obtained for such purpose

7.   Data Minimization

We limit Personal Information collection and usage to data that is relevant, adequate, and absolutely necessary for carrying out the purpose for which the data is processed. We will evaluate whether and to what extent the processing of Personal Information is necessary and where the purpose allows, anonymized data will be used.

8.   Cookies

We use cookies to identify you as a user and make your user experience easier, customise our Services, content and advertising and where applicable help you ensure that your account security is not compromised. We also use cookies to mitigate risk and prevent fraud and promote trust and safety on our website. Cookies allow our servers to remember IP addresses, date and time of visits, monitor web traffic and prevent fraudulent activities.

Our cookies never store personal or sensitive information. They simply hold a unique random reference to you so that once you visit our website, we can recognize who you are and provide certain content to you. If your browser or browser add-on permits, you have the choice to disable cookies on our website, however this may impact your experience using our website.

9.   How We Protect Your Information

We shall establish adequate controls in order to protect the integrity and confidentiality of your Personal Information, both in digital and physical format and to prevent your Personal Information from being accidentally or deliberately compromised.

We are committed to managing your Personal Information in line with global industry best practices. We protect your Personal Information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration, we also use industry recommended security protocols to safeguard your Personal Information. Other security safeguards include but are not limited to data encryption, firewalls, and physical access controls to our building and files and only granting access to your Personal Information to only employees who require it to fulfil their job responsibilities. No Personal Information processing will be undertaken by an employee who has not been authorized to carry such out as part of their legitimate duties.

Employees may have access to your Personal Information only as is appropriate for the type and scope of the task in question and are forbidden to use your Personal Information for their own private or commercial purposes or to disclose them to unauthorized persons, or to make them available in any other way.

10.   How We Share The Information That You Provide

We do not sell, trade or rent personal information to anyone. However, to enable us render our Services to you on our website, we may share your information with trusted third parties, such third parties include financial institutions, payment processors verification services, sanctions screening and identity verification services as well as any third parties that you have directly authorized to receive your Personal Information. Your Personal Information may be stored in locations outside our direct control, for instance, on servers or databases co-located with hosting providers.

We may disclose your Personal Information in compliance with applicable law or a legal obligation to which we are bound. Please note that third-party sites you engage with through our Services will have their privacy policies, and we are therefore not responsible for their actions, including their information protection practices. The use of your information by such third party will be subject to their applicable privacy policy, which you should carefully review.

11.   Transfer Of Personal Information

We may engage the services of third parties in order to process the Personal Information of Data Subjects we collect. The processing by such third parties shall be governed by a written contract with us to ensure adequate protection and security measures are put in place by the third party for the protection of Personal Information in accordance with the terms of this Privacy Policy.

12.   Ground For Processing Personal Information

Our processing of Personal Information shall be lawful if at least one of the following applies:

  1. You, as the Data Subject has given consent to the processing of your Personal Information for one or more specific purposes as contained in this Privacy Policy or otherwise.
  2. the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract,
  3. processing is necessary for compliance with a legal obligation to which we are a subject,
  4. processing is necessary in order to protect your vital interests or of another natural person; and
  5. processing is necessary for the performance of a task carried out in the public interest or in exercise of official public mandate vested in us.
  6. For the purpose of this Privacy Policy, consent means any freely given, specific, informed and unambiguous indication of your wishes by which you, through a statement or a clear affirmative action, signify your agreement to the processing of Personal Information relating to you. This would be satisfied where you agree to be bound by this Privacy Policy.

13.   The Data That We Retain

We will retain your Personal Information for as long as is needed to provide our Services to you, comply with our legal and statutory obligations or verify your information with the required verification authorities.

We are statutorily obligated to retain the Personal Information and data you provide us with in order to process transactions, ensure settlements, make refunds, identify fraud, holistically carry out our Services and in compliance with laws and regulatory guidelines applicable to us and our service partners. Therefore, even after discontinuance of our Services, we will retain certain Personal Information and transaction data to comply with these obligations. All Personal Information shall be destroyed by us where possible. For all Personal Information and records obtained, used and stored by us, we shall perform periodical reviews of the data retained to confirm the accuracy, purpose, validity and requirement to retain.

The length of storage of your Personal Information shall, amongst other things, be determined by:

  1. the contract terms agreed between us and the Data Subject or as long as it is needed for the purpose for which it was obtained; or
  2. whether the transaction or relationship has statutory implication or a required retention period; or
  3. whether there is an express request for deletion of the Personal Information by the Data Subject, provided that such request will only be treated where the Data Subject is not under any investigation which may require us to retain such Personal Information or there is no subsisting contractual arrangement with the Data Subject that would require the processing of the Personal Information; or
  4. whether we have another lawful basis for retaining that information beyond the period for which it is necessary to serve the original purpose.

14.   Choices And Rights

Once your Personal Information is held by us, you are entitled to reach out to us to exercise the following rights:

The length of storage of your Personal Information shall, amongst other things, be determined by:

  1. right to request for and access your Personal Information collected and stored. Where data is held electronically in a structured form, such as in a Database, as the Data Subject, you have a right to receive that data in a common electronic format,
  2. right to information on your Personal Information collected and stored;
  3. right to objection or request for restriction,
  4. right to object to automated decision making,
  5. right to request rectification and modification of your Personal Information which we keep,
  6. right to request for the deletion of your data,
  7. right to request the movement of your data from us to a third party; this is the right to the portability of data, and
  8. right to object to, and to request that we restrict the processing of your Personal Information

Your request will be reviewed by us and carried out except as restricted by law or our statutory obligations. You may decline to provide your Personal Information when it is requested by us, however, certain Services or all the Services may be unavailable to you. You may review and update your Personal Information directly or by contacting us.

Our Services are not directed to children under 18. We do not knowingly collect information from children under 18. If as a parent or guardian, you become aware that your child or ward child has provided us with any information without your consent, please contact us through the details provided in this Privacy Policy.

15.   Compliance With Local And International Regulatory Best Practices

We confirm that we comply with all applicable data protection laws on data collection, transmission, usage and protection. We also, for best practices, adopt pertinent best practices per the General Data Protection Regulation (2016/679) (GDPR).

16.   Updates, Modifications And Amendment

We reserve the right to update, modify, change or revise this Privacy Policy from time to time. The changes will not be retroactive, and the most current version of this Privacy Policy which will always be on this page and will continue to govern our relationship with you. We advise that you check this page often, referring to the date of the last modification on the page. We will also try to notify you of any material changes which could be done via email associated with your account or service notification. By continuing to use our Services after the changes become effective, you agree to be bound by the revised Privacy Policy.

17.   Contact Us

You may contact us upon becoming aware of any breach of Personal Information or if your access to our Services have been compromised, to enable us to take the necessary steps towards ensuring the security of your Personal Information. You may also contact us if you have any questions relating to this Privacy Policy or would like to find out more about exercising your data protection rights. All questions and inquiries may be sent to help@dukka.com