Privacy Policy

1. Important Information and Who We Are

Purpose of this privacy policy: This privacy policy describes how Proap Ltd. collects and uses your personal data when you interact with our website and use our services. It also explains your rights and how the law protects you.

Data Controller: Proap Ltd. is the controller and responsible for your personal data (collectively referred to as "we", "us" or "our" in this privacy policy). For all data matters, please contact us at support@proap.co.uk.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

2. The Data We Collect About You

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data includes your email address.

• Contact Data includes your email address.

• Financial Data: We do not collect or store any Financial Data. All payments are processed by our third-party provider, Stripe.

• Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

• Profile Data includes your username (email) and password (hashed), purchases or orders made by you, and your preferences.

• Usage Data includes information about how you use our website, products and services.

• User Content Data includes the data you upload to the Service, such as plans, swimlanes, and items.

3. How is Your Personal Data Collected?

We use different methods to collect data from and about you including through direct interactions when you create an account, use our Service, or contact us. We also collect Technical Data automatically as you interact with our website.

4. How We Use Your Personal Data

We will only use your personal data when the law allows us to. We have set out below a description of the ways we plan to use your personal data and the legal bases we rely on to do so.

• To register you as a new customer
  We use your Identity and Contact data to perform the contract we are about to enter into or have entered into with you.

• To provide and manage your account and our services
  This includes managing payments and collecting fees. To do this, we use your Identity, Contact, Transaction, and User Content data. This is necessary for the performance of our contract with you and for our legitimate interest in recovering debts.

• To manage our relationship with you
  This involves notifying you about changes to our terms or privacy policy. We use your Identity, Contact, and Profile data, which is necessary to perform our contract with you and to comply with legal obligations.

• To administer and protect our business and website
  This includes troubleshooting, data analysis, and system security. We process your Identity, Contact, and Technical data for our legitimate interests in running our business and to comply with legal obligations.

5. Disclosures of Your Personal Data

We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above:

• Service providers acting as processors who provide IT and system administration services (e.g., Google Firebase for hosting and authentication).

• Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

• HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.

6. International Transfers

Many of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK. Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK.

• Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (known as Standard Contractual Clauses or SCCs).

7. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.

9. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to: Request access, correction, erasure, object to processing, request restriction of processing, request transfer, and withdraw consent. If you wish to exercise any of the rights set out above, please contact us.