Effective date: 1 October, 2020
Our nominated Data Protection Officer for the purposes of the Data Protection Act/GDPR is Rigers Cupi, who can be contacted at firstname.lastname@example.org.
What information does DIEM collect?
Information You Provide to Us:
We may collect, process and store any information you knowingly provide to us, including, for example, the following information:
Information Collected Automatically:
- Registration information. Through the registration process and/or through your account settings, we may collect and store Personal Information such as your name, email address, and club or membership numbers associated with certain retailers or resellers. Certain information may be required to register with us or to take advantage of some of our features; for example, we may collect your phone number and home address in the event that we need to arrange for the pickup of a product or shipment of a product to you.
- Technical information. Including the internet protocol (IP) address used to connect your computer to the internet, your log-in information, the browser type and version, the time-zone setting, the operating system and platform, the type of device you use, a unique device identifier (for example, your device's IMEI number, the MAC address of the device's wireless network interface, or the mobile phone number used by the device), mobile network information, your mobile operating system, the type of mobile browser you use.
- Contacts information. Information stored on your device, including if you give us access to contact information from your contacts list. The DIEM app will regularly collect this information in order to stay up to date (but only if you have given us permission).
- User Submissions. As described in the Terms www.cartediem.org/terms we may collect and store other information you provide to us, including communications with other users, feedback, questions, comments, survey responses, suggestions, or ideas, so that we can provide and improve the Services for our users, We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may email you about your use of the Services or, if you have given us explicit permission, send you promotional email offers on behalf of other businesses. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our services. If you do not want to receive communications from us, please indicate your preference by contacting us at email@example.com.
Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, device identification, “cookie” information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. “Cookies” are identifiers we may transfer to your browser or device that allow us to recognise your browser or device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features..
We may use this data to customise content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services interesting to as many users as possible.
How does DIEM use information collected about you?
We use Personal Information collected about you in the following ways:
- Information you give to us. We will use this information:
- to carry out our obligations arising from any contracts entered into between you and us, and to provide you with the information and services you request from us;
- subject to your consent on the relevant subscription form, to provide you with information about other services we offer that are similar to those you have already purchased or enquired about;
- subject to your consent on the relevant subscription form, to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous contract or negotiation with you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this.
- to notify you about changes to the Services;
- to ensure that content from our website is presented in the most effective manner for you and the device you are using to access the website.
- Information we collect about you. We will use this information:
- to administer our website and apps, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our website and apps to ensure that content is presented in the most effective manner for you and for the device you are using to access the website;
- to allow you to participate in any interactive features of our Services, when you choose to do so;
- as part of our efforts to keep our website and apps safe and secure;
- to measure or understand the effectiveness of any advertising we serve to you and others, and to deliver relevant advertising to you;
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
- Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Legal Bases for Processing your Personal Information
Generally, where we process Personal Information about you, it will be to comply with our agreement with you to provide Services. The legal basis for the processing of Personal Information for such purposes is therefore “contract”: the processing is necessary for a contract we have with you or as a precursor to entering into that contract. This applies to processing to carry out our obligations arising from contracts entered into between you and us and to provide you with the information and services that you request from us. It is also the basis for using your Personal Information to inform you about changes to the Services.
Some of our processing, such as the anonymisation of your Personal Information prior to providing aggregate usage information to retailers, product manufacturers and others, relies on the legal basis of our “legitimate interests”: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your Personal Information which overrides those legitimate interests. Our legitimate interest here is the need to sell anonymised, aggregate usage and item resale information as a means of offering you a higher price on your used items than we could without the sale of such information.
Our processing of your Personal Information to provide you with information about other services we offer that are similar to those you have already purchased or enquired about is based on our legitimate interest in keeping you informed of services that might be of interest to you, and in helping us achieve our public mission of reducing waste.
Our use of your Personal Information to ensure that content from our app and website is presented in the most effective manner for you and the device you are using to access the app or website is based on our legitimate interest in making our services as intuitive and user-friendly as possible.
Where we process your Personal Information to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you, that will be based on your consent, which can be withdrawn at any time by contacting us at firstname.lastname@example.org.
Will DIEM share any of the Personal Information it receives?
We may share your Personal Information with third parties as described in this section:Information that’s no longer personally identifiable:
We may anonymise your Personal Information so that you are not individually identified, and provide that information to our partners. We may also provide aggregate usage information to our partners, who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal customer experience. However, we never disclose aggregate usage information to a partner in a manner that would identify you personally.
We may use third party analytics services, such as Mixpanel and Google Analytics, to grow our business, to improve and develop our Services, to monitor and analyse use of our Services, to aid our technical administration, to increase the functionality and user-friendliness of our Services, and to verify that users have the authorization needed for us to process their requests. These services may collect and retain some information about you.
You can opt-out of Mixpanel’s automatic retention of data collected while using our Services by visiting https://mixpanel.com/optout/
Finally, you can opt out of Google Analytics by visiting https://tools.google.com/dlpage/gaoptout/. Supplier Businesses:
Occasionally your full legal name and IBAN might be shared with IT and delivery suppliers to help us provide our services to you. Additionally, Our banking and financial-services partners and payments networks, including Visa and Mastercard, might require this info. This includes banking and lending partners, banking intermediaries and international payment-service providers.Affiliated Businesses:
In certain situations, businesses or third party websites we’re affiliated with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognise when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service; for example, when you choose to take an action with regard to a particular item you purchased from a participating retailer, we may share that information with that participating retailer, or when you elect to resell an item through a third party resale marketplace such as eBay, we will provide that marketplace with the information they need to perform the transaction and pay you the proceeds. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to a participating retailer or an affiliated website or business, please review all such businesses’ or websites’ terms and conditions and privacy policies.Agents:
We employ other companies and people to perform tasks on our behalf as part of any contract we enter with you and need to share your information with them to provide products or services to you. For example, if you want to sell or donate products that are registered with the Services, we may share certain information with third parties that arrange such resale or donation. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.DIEM User Profiles and Submissions:
Certain user profile or account information, including your name, DIEM User ID, and any video or image content that you have uploaded to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for the Services. Please remember that any Content you upload to your public user profile, along with any Personal Information or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your DIEM User ID may also be displayed to other users if and when you transfer products to them, send messages or comments, or upload images or videos through the Services, and other users may be able to contact you through messages and comments. Additionally, if you sign into the Services through a third party social networking site or service, your list of “friends” from that site or service may be automatically imported to the Services, and such “friends,” if they are also registered users of the Services, may be able to access certain non-public information you have entered in your Services user profile or account. Again, we do not control the policies and practices of any other third party site or service.Business Transfers:
n the event we choose to buy or sell any business or assets, we may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.Protection of DIEM and Others:
Is Personal Information about me secure?
Your account is protected by a password for your privacy and security. If you access your account via a Third Party site or service, you may have additional or different sign-on protections via that Third Party site or service. You must prevent unauthorised access to your account and Personal Information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. Once we have received your Personal Information, however, we will use strict procedures and security features to try to prevent unauthorised access.
Where do we store your Personal Information?
Some of our external third parties are based outside the EEA, so their processing of your Personal Information will involve a transfer of data outside the EEA. Whenever we transfer your Personal Information out of the EEA to third parties, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your Personal Information to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or,
- where we use certain service providers, we ensure they adhere to specific contracts approved by the European Commission which give your Personal Information the same protection it has in Europe. For example, we work with Mixpanel, and they comply with the EU-US Privacy Shield Framework (you can find details here ).For further details, see European Commission: Model contracts for the transfer of personal data to third countries
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your Personal Information, we will use strict procedures and security features to try to prevent unauthorised access.
What Personal Information can I access?
You may access, delete and, in some cases edit the following information you’ve provided to us:
Mobile phone number;
Third Party retailer club or membership numbers;
Note that the password you use to access your account is stored in your Apple iCloud Keychain, and is never shared with us
User profile or account information, including images, messages and comments you have uploaded to or transmitted through the Services.
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at firstname.lastname@example.org.
Under the UK Data Protection Act and the EU General Data Protection Regulation, you have rights under certain circumstances in relation to your Personal Information. These include the rights:
- of access to information held about you without charge;
- to erasure of your Personal Information;
- to object to processing of your Personal Information;
- to request restriction of processing of your Personal information;
- to the transfer of your Personal information; and
- the right to withdraw your consent, where consent is relied upon as the legal justification for processing.
As we provide an international service, we may need to transfer your personal data outside the United Kingdom or European Economic Area (EEA) in order for us to provide our services. For example, if you ask to make an international payment, we will send funds to banks outside of the United Kingdom or EEA. We might also send your personal data outside of the United Kingdom or EEA to keep to global legal and regulatory requirements and to provide ongoing support services.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What choices do I have?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features. You have the right to ask us not to process your Personal Information for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your Personal Information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at email@example.com. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
You may be able to add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. Please note that we may be required (by law or otherwise) to retain your account information or any other information associated with it and not delete it (or to keep this information for a certain period of time, in which case we will comply with your deletion request only after we have fulfilled such requirements). Some information may remain in our records after your deletion of such information from your account. We may use any aggregated data derived from or incorporate your Personal Information after you update or delete it, but not in a manner that would identify you personally. We may also be required to keep certain Personal Information about you (such as an email address) in order to ensure we comply with a request from you not to be contacted, for example.
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to firstname.lastname@example.org, and we will try to resolve your concerns. If you have any complaints, these should be addressed to our Data Protection Officer at email@example.com or the Information Commissioner’s Office (ICO). The ICO helpline is on 0303 123 1113 or you can visit the ICO website for further information https://ico.org.uk/concerns/.