Privacy Policy

This Privacy Policy describes how DILAYS ("we", "us", or "our") collects, uses, stores, shares, and protects personal data when individuals interact with our services, websites, applications, and related features (collectively, the "Services").

It also explains the rights available to individuals regarding their personal data and how those rights may be exercised.

This policy applies to any person whose personal data we process in connection with the Services, including:

Depending on how the Services are used, we may process personal data for purposes such as:

We process personal data only where we have a valid legal basis to do so and limit processing to what is necessary for the relevant purpose.

We are committed to processing personal data in accordance with applicable data protection standards, including principles of:

Individuals may have rights regarding their personal data, which can include the right to request access, correction, deletion, restriction, portability, or objection to certain processing activities. Requests can be submitted using the contact information above.

We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or the Services. The "Last Updated" date above indicates when this policy was most recently revised.

We collect personal data in connection with the provision and operation of the Services. The types of data collected depend on how you interact with the Services, the features you use, and the information you choose to provide.

The categories of personal data we may collect include:

We collect personal data that you intentionally submit to us, for example when you:

We also collect certain information automatically when the Services are accessed or used. This may include technical, device, and usage-related information necessary to operate, secure, and improve the Services.

Certain features or integrations may require additional personal data to function. In such cases, the scope of collection is limited to what is relevant and necessary for that functionality.

For the processing activities described in this policy, our primary role is: Data Controller.

Depending on the specific service context, we may act as a data controller, processor, or joint controller. Role allocation is determined by the purpose of processing, contractual arrangements, and applicable law.

Where we act as a processor on behalf of a customer, we process personal data only on documented instructions and under applicable data processing terms.

We implement reasonable technical and organizational safeguards designed to protect personal data against unauthorized access, loss, alteration, or disclosure. These safeguards are selected based on the nature of the data, the processing activities involved, and the risks associated with the Services.

The measures we apply may include:

You also play an important role in protecting personal data. You should maintain the confidentiality of your credentials, use strong passwords, restrict device access, and promptly notify us of any suspected unauthorized use of your account.

While we strive to protect personal data using appropriate safeguards, no system or transmission method can be guaranteed to be completely secure. Accordingly, we cannot ensure or warrant absolute security, and there remains a residual risk inherent in any online service.

We continuously review and update our security practices as appropriate to address evolving risks and operational requirements.

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, including providing the Services, maintaining operational records, complying with legal obligations, resolving disputes, and enforcing agreements.

The typical retention periods applicable to different categories of data are summarized below:

We determine retention periods based on factors such as:

When personal data is no longer required for the purposes for which it was collected, we take reasonable steps to delete, anonymize, or securely isolate the data. In certain cases, we may retain information for a longer period where necessary to comply with legal obligations, establish or defend legal claims, perform audits, or maintain security and integrity of our systems.

Backup systems and archives may retain residual copies for a limited time until overwritten in accordance with normal lifecycle processes.

Our services are not directed to children unless explicitly stated otherwise, and we do not knowingly collect children's personal data in contexts where parental authorization is required under applicable law.

We do not carry out solely automated decision-making or profiling that produces legal effects or similarly significant effects on individuals unless explicitly disclosed.

Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we process personal data only where a valid legal basis exists. The applicable legal basis depends on the specific processing activity, the context in which personal data is collected, and the relationship between the parties.

The table below links each processing purpose to the legal basis we rely on for that purpose. Where legitimate interests are used, the table identifies the specific legitimate interest pursued by us or by a third party:

For context, the legal bases reflected in the processing table are:

Different processing activities rely on different legal bases. For example, certain processing may be necessary to provide the Services, while other processing may occur to comply with legal obligations, protect legitimate interests, or where consent has been provided. Not every legal basis applies to every type of processing.

Where consent is used as a legal basis, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Where legitimate interests are relied upon, we consider and balance any potential impact on individuals before processing the data.

Further details about specific processing activities and purposes are described in the relevant sections of this policy.

We have designated a contact point for data protection and privacy-related inquiries. Depending on applicable legal requirements, this contact may act as a formally appointed Data Protection Officer or as our privacy compliance representative.

You may contact us regarding data protection matters, including the exercise of your rights or questions about this policy, at:

Email: legal@dilays.com

We do not perform direct transfers of personal data outside the EEA or the United Kingdom as part of our own processing.

Our service providers, infrastructure locations, and operational processes may evolve. As a result, transfer destinations and safeguards may change periodically, and this policy may be updated where appropriate to reflect material updates.

Where the General Data Protection Regulation (GDPR) or UK GDPR applies, we follow a risk-based approach to assessing the impact of certain processing activities on individuals’ rights and freedoms.

We perform a Data Protection Impact Assessment (DPIA) when processing is likely to result in a high risk, taking into account factors such as the nature, scope, context, and purposes of the processing. This may include, for example, large-scale processing of sensitive data, systematic monitoring, or the use of new or innovative technologies.

A DPIA typically evaluates the necessity and proportionality of the processing, identifies potential risks to individuals, and considers appropriate measures to mitigate those risks. Where relevant, we review and update assessments as processing activities or associated risks evolve.

Not all processing activities require a DPIA, and assessments are conducted only where applicable under relevant data protection law or regulatory guidance.

Depending on your location and applicable data protection laws, you may have certain rights regarding your personal data. These rights may include:

These rights are not absolute and may be subject to legal limitations, verification requirements, and exceptions permitted by applicable law.

You can submit a request using one of the following methods:

Email

Rights Request Email: legal@dilays.com

Web Form: https://www.dilays.com/contact

We may need to verify your identity before responding to your request in order to protect personal data and prevent unauthorized disclosures. The verification method may vary depending on the nature and sensitivity of the request.

We will evaluate and respond to requests within the timeframe required by applicable law.

Response Timeframe: Within 7 days

Where permitted by law, we may decline or limit a request if an exemption applies, if the request is manifestly unfounded or excessive, or if fulfilling it would adversely affect the rights and freedoms of others.