1. Privacy Policy of Doodlytics

This Website collects some Personal Data from its Users.

This document can be printed for reference by using the print command in the settings of any browser.

1.1. Owner and Data Controller

Company Name: SocialChamps Media Pvt Ltd.

Office Address: Fortune Plaza, Patil Nagar, 406, NDA Pashan Rd, opp. to Bank of Maharashtra, Above Chinjabi Hotel, Sagar Co-Operative Housing Society, Bavdhan, Pune, Maharashtra 411021

Owner contact email: admin@doodlytics.com

2. PROCESSING OF PERSONAL DATA BY THE CONTROLLER

2.1. The information regarding the different processing carried out by the Company as controller is expanded below.

Data provided in the application form “Sign Up”

Who is the controller for the processing of your data? The Company (more information in owner & data controller section).

Which is the purpose of the processing of your personal data? We will process the information you provide, or authorize access, in order to provide the requested service.

How long will we keep your data? We will keep the personal data that you provide us, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations.

What is the legitimization for the processing of your data? The legal basis for the processing of your data is the execution of the contract.

To which recipients will your data be communicated? No data will be transferred to third parties, except legal obligation or prior authorization.

What are your rights when you provide us with your data? You have the right to request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, or he right to lodge a complaint with a supervisory authority (more information in point 6).

What data should be mandatory? All the data in the application form is compulsory, if you do not provide us with such data, you will not be allowed to contact the Company.

Data provided in the application form “Billing information”

Who is the controller for the processing of your data? The Company (more information in owner & data controller section).

 

Which is the purpose of the processing of your personal data? We will process the information you provide, or authorize access, in order to provide the requested service, and make the invoicing of it.

How long will we keep your data? We will keep the personal data that you provide us, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations.

What is the legitimization for the processing of your data? The legal basis for the processing of your data is the execution of the contract.

To which recipients will your data be communicated? No data will be transferred to third parties, except legal obligation or prior authorization.

What are your rights when you provide us with your data? You have the right to request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, or he right to lodge a complaint with a supervisory authority (more information in point 6).

What data should be mandatory? All the data in the application form is compulsory, if you do not provide us with such data, you will not be allowed to contact the Company.

Data provided in the application form “Contact”

Who is the controller for the processing of your data? The Company(more information in owner & data controller section).

Which is the purpose of the processing of your personal data? We will process the information you provide, or authorize access, in order to manage what is indicated in your communication.

How long will we keep your data? We will keep the personal data that you provide us, while your communication is being handled, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations.

What is the legitimization for the processing of your data? The legal basis for the processing of your data is your freely granted consent.

To which recipients will your data be communicated? No data will be transferred to third parties, except legal obligation or prior authorization.

What are your rights when you provide us with your data? You have the right to request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, the right to withdraw consent at any time, or he right to lodge a complaint with a supervisory authority (more information in point 6).

What data should be mandatory? All the data in the application form is compulsory, if you do not provide us with such data, you will not be allowed to contact the Company.

Contact by email

Who is the controller for the processing of your data? The Company(more information in owner & data controller section).

Which is the purpose of the processing of your personal data? We will process the information you provide, or authorize access, in order to arrange and reply the communications addressed to our email.

How long will we keep your data? We will keep the personal data that you provide us, while your communication is being handled, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations.

What is the legitimization for the processing of your data? The legal basis for the processing of your data is your freely granted consent.

To which recipients will your data be communicated? No data will be transferred to third parties, except legal obligation or prior authorization.

What are your rights when you provide us with your data? You have the right to request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, the right to withdraw consent at any time, or he right to lodge a complaint with a supervisory authority. What data should be mandatory? You are not required to provide any information to contact the Company through email.

Contact through social networks

Who is the controller for the processing of your data? The Company(more information in owner & data controller section).

Which is the purpose of the processing of your personal data? We will process the information you provide, or authorize access, for the purpose of managing contacts in social networks.

How long will we keep your data? We will keep the personal data that you provide us, while your communication is being handled, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations.

What is the legitimization for the processing of your data? The legal basis for the processing of your data is your freely granted consent.

To which recipients will your data be communicated? No data will be transferred to third parties, except legal obligation or prior authorization.

What are your rights when you provide us with your data? You have the right to request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, the right to withdraw consent at any time, or he right to lodge a complaint with a supervisory authority (more information in point 6).

What data should be mandatory? You are not requested to provide any information to contact the Company through social networks.

3. PROCESSING OF PERSONAL DATA AS PROCESSOR

3.1. The User who signs a contract for the provision of services with the Company as processors, authorizes him to process the personal data necessary to provide the requested service.

3.2. For the execution of the services related to the fulfilment of the object of this assignment, the controller will make available to the Company, the personal data necessary to provide the requested service.

3.3. This agreement will last as long as the commercial relationship is maintained. Once this contractual relationship ends, the Company must return to the controller the personal data, or transmit it to another processor designated by the controller, and delete any copy in their possession. However, the data may be kept blocked to address possible administrative or jurisdictional responsibilities.

3.4 The Company and all his personnel are obliged to:

• Use the personal data object of processing, or those collected for inclusion, only for the purpose of this assignment. In any case it may be used data for other purposes.
• To process the data according to the instructions of the controller.
• Keep, in writing, a record of all the categories of processing activities carried out on behalf of the controller, which contains:
• The name and contact information of the processor or processors and each controller for which the processors acts.
• The processing categories carried out by each controller.
• A general description of the appropriate technical and organizational safety measures that you are applying.
• Do not communicate the data to third parties, unless you have the express authorization of the controller, in the legally admissible cases. If the processor wants to outsource, he has to inform the controller and request his prior authorization.
• Maintain the duty of secrecy regarding personal data to which you have had access under this order, even after the end of the contract.
• Guarantee that the authorized persons to process personal data commit, expressly and by writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be informed conveniently.
• Maintain at the disposal of the controller the documentation proving compliance with the obligation established in the previous section.
• Guarantee the necessary training regarding the protection of personal data of the persons authorized to process personal data.
• When the affected users exercise the rights of access, rectification, erasure and object, limitation of the processing and portability of data to the Company, this must be communicated by email to the controller’s address. The communication must be made immediately and in no case beyond the working day following the reception of the request, together with, when appropriate, other information that might be relevant to resolve the request.
• Notification of data security breaches: The Company will notify the data controller, without undue delay and through his email address, of the security breaches in relation to the personal data in his charge which he has knowledge of, together with all the relevant information for the documentation and communication of the incident. At least the following information must be provided:
• Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and the approximate number of personal data records affected.
• Information of the contact person to obtain more information.
• Description of the possible consequences of the violation of the security of personal data.
• Description of the measures adopted or proposed to remedy the violation of the security regarding personal data, including, if applicable, the measures adopted to mitigate the possible negative effects. If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay.
• The Company, at the request of the controller, will communicate those breaches of data security to the controller as soon as possible, when it is likely that the violation implies a high risk to the rights and freedoms of natural persons. The communication must be done in a clear and simple language and must include the elements indicated in each case by the controller, at least:
• The nature of the data breach.
• Data of the contact of the controller where more information can be obtained.
• Describe the possible consequences of the violation of the security of personal data.
• Describe the measures adopted or proposed by the controller to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
• Provide the controller with all the information necessary to demonstrate compliance with their obligations, as well as for the performance of audits or inspections carried out by the person in charge or by another auditor authorized by him.
• Implement the necessary technical and organizational security measures to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.
• Return to the controller the personal data and, if applicable, the media where they appear, once the service has been completed.
• The return must involve the total deletion of the existing data in the computer equipment used by the Company. However, the Company may keep a copy, with the data duly blocked, as long as responsibilities for the execution of the provision can be derived.

3.5 Duties the controller:

• Provide the processor with the necessary data so that he can provide the service.
• Ensure, prior to and throughout the processing, compliance with the General Data Protection Regulations of the Company.
• Supervise the processing.

4. SOCIAL NETWORKS AND WEB ANALYTICS

4.1. When the User accesses the accounts of the Company on social networks, they accept the processing of their personal data by them according to their privacy policies:

• Facebook.
• LinkedIn.
• Twitter.

4.2. We use Google Analytics to monitor and analyze the use of our website:

• Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
• You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
• For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: http://www.google.com/intl/en/policies/privacy/1

 

5. GUARANTEE

5.1. The User guarantees that the information provided is truthful, accurate, complete and up-to-date, and is responsible for any damage or loss, direct or indirect, that may be caused as a result of breach of this obligation.

5.2. If the data provided belonged to a third party, the User guarantees that he has informed that third party and obtained has authorization to provide his personal data to the Company.

6. RIGHTS

6.1. Right of access: The User shall have the right to obtain from the Company confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.

6.2. Right to rectification: The User shall have the right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the User shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

6.3. Right to erasure: The User shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay.

6.4. Right to restriction of processing: The User has the right to obtain from the Company restriction of processing.

6.5. Right to data portability: The User has the right to receive the personal data concerning him or her, which he or she has provided to the Company, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided.

6.6. Right to object: The User has the right to object, on grounds relating to his or her particular situation, at any time regarding the processing of personal data concerning him or her. the Company shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

6.7. Automated individual decision-making, including profiling: The User has the right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or affects him or her similarly.

6.8. Right to withdraw his or her consent: The User shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. It shall be as easy to withdraw as to give consent.

6.9. The User may exercise the rights of access, rectification, erasure, restriction of processing, object and portability at any time, by writing addressed to SocialChamps Media Pvt ltd, Fortune Plaza, Patil Nagar, 406, NDA Pashan Rd, opp. to Bank of Maharashtra, Above Chinjabi Hotel, Sagar Co-Operative Housing Society, Bavdhan, Pune, Maharashtra 411021

 or through the e-mail address admin@doodlytics.com.

6.10. More information about these rights here.

7. LOOKER STUDIO CONNECTORS

Looker Studio connectors are basically Google Apps Script projects that need to define a set of functions, particularly getAuthType(), getConfig(), getSchema() and getData(). The last 3 functions need to make https requests to our servers to pull certain data from the associated integrations (TikTok, Pinterest, LinkedIn, etc).

Looker Studio requires authorization to use our community connectors, so any customer creating a new data source for the first time for a given connector, needs to select his appropriate Google account, sign in to our Reporting Ninja connector and explicitly allow our connector to “Connect to an external service” on his behalf.

Our Looker Studio connectors use the sensitive scope /auth/script.external_request to make the required UrlFetch requests in the last 3 functions mentioned before. That is why our customers need to allow our connectors to “Connect to an external service” with their Google accounts.

Additionally, and less importantly, our connectors use the non-sensitive scope /auth/userinfo.email to verify the current user’s email address. If the email address matches one of our development or test accounts, certain information can be logged to the Google Apps Script project log for debugging purposes.

In summary:

• Google User Data Collection: Our Looker Studio connectors only access the email address of the connected accounts within user-created Looker Studio data sources. These data sources are managed by Google. We do not store or persist this email address in any Reporting Ninja data repository.
• Usage of Google User Data: As mentioned earlier, our connectors use the current user’s email address solely to determine if it belongs to a development or test account. If it does, certain information may be pushed to the Google Apps Script project log files for debugging purposes.
• Data Privacy: Our Looker Studio connectors do not share, transfer, or disclose any Google user data to third parties.

In general, Reporting Ninja’s use and transfer of information received from Google APIs to any other app will always adhere to Google API Services User Data Policy, including the Limited Use requirements.