Data Privacy Notice

1. Dropsuite

In this Data Privacy Notice, ‘Dropsuite’ means Dropsuite Limited, Dropmysite Pte Ltd (trading under its own name and trading as Dropsuite) and Dropmysite, Inc. We at Dropsuite respect the privacy and confidentiality of personal data in our possession or under our control. We have implemented policies and practices to safeguard the collection, use, disclosure, storage and other processing of personal data provided to us as a controller.1 We will not process personal data provided to us as a controller unless:
  • we process it for a lawful purpose directly related to our business activity and the processing is necessary for, or directly related to, that purpose and
  • the personal data is adequate but not excessive in relation to that purpose
(An end user of our data backup service might provide personal data to us when we provide that backup service to them. If so, the end user provides it to us under a processing contract within the meaning of the General Data Protection Regulation (GDPR). Any such personal data is outside the scope of this Data Privacy Notice. For information about how it is processed by the controller, please refer to the Data Privacy Notice published by the relevant controller.)

2. Collecting, using and disclosing personal data about you

We collect and use the following personal data about you in the following circumstances: if you sign up for our data backup service:
  • we collect your IP Address, domain name, email address, business name, user-name, passwords, account access and name
  • use that personal data for the purpose of enabling you to log into your account with us and manage the purchased service
  • we do not disclose that personal data to anyone
if we meet you (for example, at a trade show) or you disclose it in a business, industry or similar publication:
  • we collect your name, job title, business address, business contact numbers and any other personal data on your business name card and
  • use that personal data to contact you when we market our business services to you and, if you or the business you represent becomes a Dropsuite partner, to contact you for ongoing business purposes and
  • we do not disclose that personal data to anyone
if you visit one of our websites and register with us:
  • we collect the above information together with your user-name, passwords and accounts access
  • use that personal data for the purpose of enabling you to log into your account with us
  • we do not disclose that personal data to anyone
if you contact us by telephone or email:
  • we collect your telephone number or email address, respectively, and the information about you that you voluntarily provide to us during that conversation or email exchange and
  • use that personal data only to respond to your specific enquiry, except where you decide subsequently to become one of our partners and we continue to use such information for ongoing business purposes and
  • do not disclose that personal data to anyone, except to the extent that it is reasonably necessary for us to do so if you decide subsequently to become one of our partners
if you apply for a job with us, click here for information about how we collect, use and disclose personal data that you provide to us and if you are an employee or an ex employee click here for such information

Collecting, using and disclosing personal data about you for recruitment purposes

If you apply for a job with us, we collect your:
  • name, address and contact details
  • professional experience and qualifications
  • work/job history
  • current and past remunerations
We use such personal data only for the purposes of making a decision about whether to hire you or not. We may disclose it to a related corporation, but we do not otherwise disclose it to anyone unless we hire you and disclose it for employment purposes as set out here.

Collecting, using and disclosing personal data about employees/ex-employees

If we offer you a job and you accept it, we collect:
  • bank account details
  • marital status
  • spouse’s name and identification number
  • children’s name and identification number
We use such personal data, together with the personal data you provide to us during the recruitment process, for the purpose of managing (and, where relevant, terminating) your employment relationship with us. Collecting, using and disclosing personal data about employees/ex-employees If we offer you a job and you accept it, we collect:
  • bank account details
  • marital status
  • spouse’s name and identification number
  • children’s name and identification number
We use such personal data, together with the personal data you provide to us during the recruitment process, for the purpose of managing (and, where relevant, terminating) your employment relationship with us. We disclose such personal data to our: outsourced payroll services provider our external auditors and our insurance company for corporate insurance coverage
  • outsourced payroll services provider
  • our external auditors and
  • our insurance company for corporate insurance coverage

3. How we manage the collection, use, disclosure and storage of your personal data

3.1 Processing Personal Data Generally

We may process personal data about you if the processing is necessary:
  • for the performance of a contract between you and us
  • for taking steps at your request with a view to entering into a contract
  • for compliance with any legal obligation to which we are subject (other than an obligation imposed by contract)
  • to protect your vital interests (which means matters relating to your life, death or security)
  • for the administration of justice and for the exercise of functions conferred on any person or under any law
Otherwise, we will obtain your consent prior to collection or processing.

3.2 Obtaining consent

Personal data about you that we process may or may not be sensitive personal data, such as information your race, ethnic original, political opinions, your religious beliefs or other beliefs of a similar nature, about your physical or mental health or condition, the commission or alleged commission by you of any offence as well as any government issued identification such as social security numbers, licenses, etc.

We will not process any sensitive personal data about you unless we get your express consent to do so and the processing is necessary for a purpose permitted by law. Please contact us if you would like information about these purposes.

Where we obtain consent from you, whether or not the personal data is sensitive personal data, we will tell you whether it is obligatory or voluntary for you to supply the personal data, and where it is obligatory, the consequences for you if you fail to supply the personal data.

4. How you can limit the processing of personal data about you

4.1 Withdrawal of consent

If you have given us consent to collect, use, disclose, store and otherwise process personal data about you, you may withdraw that consent at any time. This includes any circumstances where we have relied on you being deemed to have given us such consent.

You should give us reasonable advance notice of your withdrawal of consent. We will inform you of the likely consequences of withdrawing your consent. For example, if we need your consent so that we can provide a service to you and you decide to withdraw your consent we may not be able to continue to provide that service to you.

Your request for the withdrawal of consent can take the form of an email or letter to us, or through the UNSUB feature in an online service. Where relevant, we may need you to provide proof of your identity.

4.2 Restricting the processing of personal data

You may give us notice in writing at any time telling us to restrict the processing of your personal data:
  • for a period enabling us to verify the accuracy of personal data where you contest the accuracy of that personal data
  • if the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead
  • if we no longer need the personal data for the purposes of the processing, but the personal data are required by you for establishing, exercising or defending legal claims
  • you have objected to us processing the personal data based on our legitimate grounds overriding your legitimate interests
Do note that where you restrict processing in such circumstances we will still be able to store the personal data, but with some exceptions will only be able to otherwise process it with your consent. Please contact us if you would like to know about the exceptions. Your request to restrict any processing of your personal data can take the form of an email or letter to us. We may need you to provide proof of your identity.

5. Accessing and correcting your personal data

You may ask us (in writing) to inform you what personal data we hold and information about how we may have used and/or disclosed it in the previous one year.

You may ask us (in writing) for details about what is being processed by us or by a service provider on our behalf for a particular purpose and, if you say that you would like to receive it, to give you a copy of that personal data in an intelligible form and in a form that is easily portable.

You need to ask us separately for such access to personal data that we hold for each different purpose. We may charge you a reasonable fee for each access request you make to us if there is a cost involved.

We will respond to your request for access to personal data about you as soon as reasonably possible and, in any event, within 30 days after we receive the request from you. If we are not able to fulfil your request fully within 30 days, we will let you know the reasons, comply with the access request to the extent that we are able to do so within that period and comply with it fully as soon as we are able to do so.

When you make such a request, we may need to verify your identity

6. Accuracy of your personal data

We will take reasonable steps to ensure that the personal data we collect about you is accurate, complete, not misleading and kept up-to-date by having regard to the purpose, including any indirectly related purpose, for which we collect the personal data and further process it.

You may ask us to correct personal data about you where the personal data is inaccurate, incomplete, misleading or not up-to-date. Where we are satisfied that the correction should be made, we will make it within a reasonable time framework from the date we receive your request and give you a copy of the corrected personal data.

From time to time, we may do a verification exercise for you to update us on us on any changes to the personal data we hold about you. If we are in an ongoing relationship with you, it is important that you update us if there are any changes in the personal data we hold about you (such as a change in your personal address).

7. Protection of personal data

We have implemented an Information Security Policy that governs how we protect personal data. We take practical steps to protect personal data from any loss, misuse, modification, unauthorised or accidental access or disclosure, alteration or destruction having regard to:
  • the nature of the personal data and the harm that would result from any such thing happening
  • the place or location where we store the personal data
  • any security measures incorporated into any equipment in which the personal data is stored
  • the measures taken for ensuring the reliability, integrity and competence of the personnel having access to the personal data and
  • the measures taken for ensuring the secure transfer of the personal data
Entities that provide services to us to process personal data on our behalf will be bound by contracts with us that require them to provide sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out and to take reasonable steps to ensure compliance with those measures.

8. Retention of personal data

We have a Storage Limitation Policy / Document Retention Policy that spells out when we must cease to retain personal data and that requires documents and personal data to be destroyed (paper documents) or deleted (electronic documents and data stored in databases) securely. Certain retention periods are based on statutory or regulatory requirements.

9. Transfer of personal data

If you are located in Singapore or in the Americas, we ordinarily keep your personal data in servers located in Singapore and the United States, respectively, but there are exceptions where it may be kept in servers in the European Union. In all other cases, we keep your personal data in servers located in the European Union.

We are allowed to transfer personal data about you across borders in various circumstances permitted by law (for example, for the purpose of a contract between you and us or in an emergency concerning you). If you would like more information about these circumstances, please let us know.

10. Cookies

We use cookies on our site (www.dropsuite.com) because they help us to provide you with a good experience when you browse our website and they enable us to improve our site by giving us information about how you use it. By continuing to browse our website, you are agreeing to our use of cookies. A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive. We use cookies for the following purposes:
  • operating our website
  • recognising and counting the number of visitors to our website and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users find what they are looking for easily
  • recognising you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region) and
  • recording your visit to our website, the pages you have visited and the links you have followed
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

11. Compliance With Laws

Where required to do so by law, we will disclose personal data about you to the relevant authorities or to law enforcement agencies.

12. Links To Other Sites

Our website may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s website. It is important that you review the Privacy Policy of every site you visit. We have no control over, and are unable to assume any responsibility for, the content, privacy policies or practices of any third party sites or services.

13. Changes to this Data Privacy Notice

We may update the Data Privacy Notice from time to time. We will notify you of any changes by posting the policy on this page. Please revisit this page periodically for any changes.

Changes to this Policy are effective when they are posted on this page.

14. Contacting Us

If you have any questions about our collection, use, and/or disclosure of personal data about you; feedback regarding this Data Privacy Notice, or any complaint you have relating to how we collect, use, disclose and store personal data about you, you may contact us as follows:

  • dpo@dropsuite.com
  • +65 6813 2090
  • 10 Anson Road, 14-07, International Plaza, Singapore 079903

Any query or complaint should include, at least, the following details:

  • Your full name and contact information
  • A brief description of your query or complaint

You have the right to lodge a complaint with a supervisory authority, in particular:

  • if you are in Singapore, with the Personal Data Protection Commission (PDPC) or
  • if you are in the European Economic Area (EEA), with the supervisory authority in the country of your habitual residence, place of work or place of the alleged infringement.

General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Dropsuite has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

UK General Data Protection Regulation (GDPR) - UK Representative

Pursuant to Article 27 of the General Pursuant to Article 27 of the UK GDPR, Dropsuite has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

15. Google API usage

Dropsuite’s Email Backup and Archiving solution’s use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Gmail

If you are a Gmail user and you have subscribed to our solution to backup your emails. We will use Google’s APIs to access your mailbox, emails, contacts and calendar details (collectively “Gmail Data”). Pull them to our backup solution and store them encrypted in our cloud storage.

If you are to use the restore function, we will retrieve your Gmail Data and push it to your mailbox through Google’s APIs. Your data will not be shared with any third party unless there is a legal requirement to do so.

For more information about OAuth consent please visit https://console.developers.google.com/getting-started

G Suite

Only G Suite Administrators can subscribe to our G Suite solution, and the administrators must allow Domain-Wide Delegation of Authority on the user consent to subscribe the solution. Once the G Suite Administrator has accepted the consent and granted the Domain-Wide Delegation of Authority, we will use Google’s APIs to access user list in the G Suite subscription. We will use Google’s API to access G Suite’s mailbox and emails (collectively “GSuite Data”) of each user that the G Suite Administrator has selected for the backup. We will pull GSuite Data to our backup solution and store them encrypted in our cloud storage.

If you are to use the restore function, we will retrieve GSuite Data backed up and push it to your mailbox through Google’s APIs. If you specify a new label in the restore function, we will be creating a new label under your mailbox through Google’s APIs before pushing to your emails.

If you are to use the migration function, we will retrieve Gsuite Data backed up and push it to the mailbox you have specified through the protocol you have requested.

Your data will not be shared with any third party unless there is a legal requirement to do so.

1 ‘Controller’ means the person (which includes a company, for example) that determines the purposes and means of the processing of personal data.