Docuvamp Privacy Policy
Docuvamp Ltd ("we", "us", "our") is a company registered in England and Wales with company number [Insert Company Number] and registered office at [Insert Address], London, England.
This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with the Docuvamp platform and services ("Services") — provided exclusively to business customers.
This Policy complies with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws. As this is a B2B service (business-to-business only), we process personal data primarily in a professional/business context (e.g., business contact details of authorised representatives). No personal/consumer use is permitted.
We act as both data controller (for our own account and usage data) and data processor (for Customer-uploaded Content that may contain personal data). Our role as processor is governed by our Terms of Service.
By using the Services, you (on behalf of your business) acknowledge this Policy. If you do not agree, do not use the Services.
1. Information We Collect
We collect the following categories of personal data:
From you (as Customer representative):
- Account and contact information: name, business email address, phone number, job title, company name.
- Billing and payment details: company billing address, payment method information (processed by third-party providers; we do not store full card details).
- Usage and technical data: IP address, browser type, device information, login times, pages visited, features used (for analytics and security).
From Customer Content:
- Any personal data included in Publications/flipbooks you upload/create (e.g., names, emails, photos in documents). You (Customer) are the controller of this data; we process it only as instructed to provide the Services.
We do not intentionally collect special category data (e.g., health, race) unless you include it in Content (in which case, you warrant compliance).
2. How We Collect Information
- Directly from you: during registration, Order Form submission, support requests, or communications.
- Automatically: via cookies, logs, analytics tools (e.g., Google Analytics), and Platform usage.
- From third parties: payment processors, identity verification (if applicable), or integrations you authorise.
3. Purposes and Lawful Bases for Processing
We process personal data for the following purposes, relying on UK GDPR lawful bases:
| Purpose | Categories of Data | Lawful Basis |
|---|---|---|
| Provide, maintain, and improve the Services (including account management, support) | Account/contact, usage/technical | Performance of contract (Art. 6(1)(b)) |
| Process payments and billing | Billing/contact | Performance of contract (Art. 6(1)(b)) |
| Communicate with you (e.g., updates, support) | Contact | Legitimate interests (Art. 6(1)(f)) – our interest in service delivery and relationship management |
| Analytics, security, fraud prevention, debugging | Usage/technical | Legitimate interests (Art. 6(1)(f)) – balanced against your rights |
| Comply with legal obligations (e.g., tax, audits) | All relevant | Legal obligation (Art. 6(1)(c)) |
| As processor: host/process Customer Content | Content personal data | Processor obligations under contract with you (controller) |
We conduct legitimate interests assessments where applicable to ensure balance.
4. Sharing Your Personal Data
We share personal data only as necessary:
- With service providers/processors (e.g., cloud hosting (AWS/Azure), payment processors, analytics (Google), support tools – bound by DPA-equivalent terms.
- With Flipsnack (underlying provider) for core functionality – subject to their GDPR-compliant terms.
- To comply with law, respond to legal requests, or protect rights/safety.
- In business transfers (e.g., merger) – with confidentiality.
We do not sell personal data.
5. International Transfers
Data may be transferred outside the UK (e.g., to US/EU-based providers). We use appropriate safeguards:
- UK International Data Transfer Agreement (IDTA) or Addendum.
- Adequacy decisions where applicable.
- Standard Contractual Clauses (SCCs) or equivalent.
Details available on request.
6. Data Retention
We retain personal data only as long as necessary:
- Account data: during active Subscription + up to 6 years post-termination (for legal/tax reasons).
- Usage logs: up to 12 months (or longer for security incidents).
- Content: as long as your Account is active; deleted [30] days post-termination unless required by law.
Criteria: purpose achieved, legal requirements, dispute resolution.
7. Security
We implement appropriate technical and organisational measures (e.g., encryption in transit/rest, access controls, regular testing) to protect data, aligned with risk level.
8. Your Rights
Under UK GDPR, you (or individuals whose data we process) may have rights including:
- Access, rectification, erasure.
- Restriction, objection (including to legitimate interests processing).
- Portability.
- Withdraw consent (where applicable).
As B2B, most processing is contractual/legitimate interest-based, so objection/erasure may be limited if it prevents Service provision.
Contact us to exercise rights. We respond within one month (extendable).
9. Cookies and Tracking
We use essential cookies for functionality. Analytics/marketing cookies require consent (via banner where applicable). See our Cookie Policy [link if separate].
10. Changes to This Policy
We may update this Policy. Changes will be posted here with updated date. Material changes notified via email or Platform.
11. Contact Us
For questions, rights requests, or complaints:
Data Protection Contact: P.Jacobs dpo@docuvamp.com]
You may complain to the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint