Data and Protection Policy

Introduction

Ydoca (hereafter referred to as "Ydoca," "we," "us," or "our") is committed to protecting the privacy and security of personal data collected through our SaaS and AI services. This Data Privacy and Protection Policy outlines how we collect, use, store, and protect personal data, particularly in relation to our Google Workspace integration, and how we comply with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

Definitions

For the purposes of this policy:

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Data Subject" means an identified or identifiable natural person to whom personal data relates.
  • "Processing" means any operation performed on personal data, including but not limited to collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, combination, restriction, erasure, or destruction.
  • "Data Controller" means the entity that determines the purposes and means of processing personal data.
  • "Data Processor" means the entity that processes personal data on behalf of the Data Controller.

Legal Basis for Processing

Ydoca processes personal data only when we have a valid legal basis to do so. Our legal bases for processing include:

  1. Consent: Where the Data Subject has given clear consent for us to process their personal data for a specific purpose.
  2. Contractual Necessity: Where processing is necessary for the performance of a contract with the Data Subject or to take steps at the request of the Data Subject prior to entering into a contract.
  3. Legal Obligation: Where processing is necessary for compliance with a legal obligation to which Ydoca is subject.
  4. Legitimate Interests: Where processing is necessary for the purposes of the legitimate interests pursued by Ydoca or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject.

Data Collection and Processing

Types of Personal Data Collected

Through our Google Workspace integration, we may collect and process the following categories of personal data:

  1. Account Information: Name, email address, and other profile information from Google Workspace accounts.
  2. Usage Data: Information about how users interact with our services, including time spent, features used, and other analytics.
  3. Content Data: Information contained in documents, emails, or other files accessed through our integration with Google Workspace.
  4. Technical Data: IP addresses, browser type, device information, and other technical identifiers.

Purpose of Processing

We process personal data for the following purposes:

  1. Providing and maintaining our services
  2. Improving and personalizing user experience
  3. Communicating with users about our services
  4. Ensuring the security and proper functioning of our platform
  5. Complying with legal obligations

Data Subject Rights

Under the GDPR, Data Subjects have the following rights:

  1. Right to Access: Data Subjects have the right to request access to their personal data.
  2. Right to Rectification: Data Subjects have the right to request correction of inaccurate personal data.
  3. Right to Erasure: Data Subjects have the right to request deletion of their personal data under certain circumstances.
  4. Right to Restrict Processing: Data Subjects have the right to request restriction of processing of their personal data.
  5. Right to Data Portability: Data Subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format.
  6. Right to Object: Data Subjects have the right to object to processing of their personal data based on legitimate interests or for direct marketing purposes.
  7. Rights Related to Automated Decision-Making: Data Subjects have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them.

To exercise these rights, Data Subjects should contact our Data Protection Officer at dpo@ydoca.com.

Data Security Measures

Ydoca implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  1. Encryption of personal data in transit and at rest
  2. Regular testing and evaluation of security measures
  3. Processes for regularly testing, assessing, and evaluating the effectiveness of security measures
  4. Ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident
  5. Access controls and authentication procedures
  6. Regular security awareness training for employees

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider:

  1. The amount, nature, and sensitivity of the personal data
  2. The potential risk of harm from unauthorized use or disclosure
  3. The purposes for which we process the data
  4. Whether we can achieve those purposes through other means
  5. The applicable legal requirements

Data Transfers

Ydoca may transfer personal data to countries outside the European Economic Area (EEA). When transferring personal data outside the EEA, we ensure that appropriate safeguards are implemented, such as:

  1. Standard Contractual Clauses approved by the European Commission
  2. Binding Corporate Rules
  3. Adequacy decisions by the European Commission
  4. Other lawful transfer mechanisms as permitted under the GDPR

Google Workspace Integration Specifics

For our Google Workspace integration, we adhere to the following principles:

  1. We only access Google Workspace data with explicit user consent
  2. We limit our access to only the data necessary for providing our services
  3. We comply with Google's API Services User Data Policy
  4. We maintain appropriate technical and organizational security measures
  5. We do not sell Google Workspace data or use it for advertising purposes
  6. Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models

Data Protection Officer

Ydoca has appointed a Data Protection Officer (DPO) who can be contacted at:

Email: dpo@ydoca.com

Data Breach Notification

In the event of a personal data breach, Ydoca will:

  1. Notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach
  2. Notify affected Data Subjects without undue delay when the breach is likely to result in a high risk to their rights and freedoms
  3. Document all breaches, including facts relating to the breach, its effects, and remedial action taken

Policy Updates

Ydoca reserves the right to update this Data Privacy and Protection Policy from time to time. When we make significant changes, we will notify users through our website or by email.

Compliance Monitoring and Audits

Ydoca conducts regular audits and assessments to ensure compliance with this policy and relevant data protection regulations. These audits include:

  1. Regular reviews of data processing activities
  2. Assessments of third-party data processors
  3. Verification of security measures
  4. Evaluation of staff training and awareness

Contact Information

For any questions or concerns about this policy or our data protection practices, please contact us at:

Email: privacy@ydoca.com

RFP, RFI, RFQ

Sales Proposals

Sec. Questionnaires