DatViz Ai Data Privacy and Security Policy
Introduction
Deepdata Inc., the developers of DatViz Ai, have strong commitment to protecting data privacy and security of our users.
Information Collection
2.1. Types of Data Collected
We collect the following personal information to identify you as a legitimate user of the software which includes your name, email address and payment details. From time-to-time we may conduct online surveys to get your feedback so we can improve the software.
Due to the nature of the software, you will be uploading your own datasets that will be temporarily stored on our server until you delete your file or logout. Prompt histories are also collected for your convenience while using the software but are cleared when you log out.
2.2. Methods of Collection
We collect your data through your registration form, survey forms, your own data upload, cookies and third-party services.
Use of Information
3.1. Purpose: We collect data to provide you secure access, protect your identity, improve software performance and for occasional online marketing purposes.
3.2. Legal Basis: Our reasons for collecting and processing your personal data are:
3.3. Contractual Necessity, as when we engage you by providing you our services, managing payments and compensation, for registrations purposes to events and the like;
3.4. Our Legitimate Interest, as when we operate and administer our systems, improve and protect our systems, perform and promote business operations, aggregate our data, establishment, exercise and defense of our legal claims and the like;
3.5. Legal Obligation, so as to comply with regulatory agencies, government authorities and relevant laws the Philippine Data Privacy Act of 2012, in particular, among others.
4. Data Sharing
4.1 Third Parties: We will be using third parties:
4.1.1. If you create or log into your Account using your Google, Facebook/Meta, LinkedIn, YouTube, Instagram and X (former Twitter) account credentials, and
4.1.2. For secured payment processing purposes such as through PayPal, Credit Card companies, Banks,GCASH, and the like.
4.2. Service Providers: The DatViz Ai is a web application using Javascript Library, Python framework and OpenAI Large Language Model (LLM). An OpenAI LLM-based advanced system is accessed as a service through our own Application Programming Interface (API). OpenAI's Data Privacy Policy https://openai.com/consumer-privacy applies to data that is uploaded to DatViz Ai. The policy explains how and why the data may be used by OpenAI. Google LLC provides the cloud service platform on which the application runs and where the database or user information and logs are located. Google LLC also collects user’s information through logins and survey forms. Google's Privacy Policy detailed in https://policies.google.com/privacy?hl=en-US#infocollect explains what types of information are being collected and how they are kept secure and how they are being used.
Data Retention
We will retain your personal information only for as long as it is necessary to fulfill the purposes set out in Section 3 (” Use of Information”) of this Data Privacy and Security Policy and to the extent necessary to comply with applicable laws, to resolve disputes, or enforce our legal agreements and policies.
Data Security
We take protective measures to prevent your personal data from unauthorized access, disclosure, or destruction. We do this under the following circumstances:
6.1. While using Google cloud; Google has an alert system when someone unauthorized is trying to access the system,
6.2. Uploaded datasets are stored temporarily to user specific temporary workspaces which are deleted when the user logs out,
6.3. Each individual user's data is secured and protected from sight and access by other users,
6.4. Database is backed-up daily,
6.5. In as much as all data sources uploaded to DatViz Ai are saved in Google server and database, they are protected by advanced encryption by Google as detailed here https://safety.google/security/built-in-protection/.
User Rights
Under the Philippines Data Privacy Act of 2012 and its Implementing Rules and Regulations, the following are the User Rights:
7.1. Right to be informed.
7.1.1. On whether the personal data pertaining to you shall be, are being, or have been processed, including the existence of automated decision-making and profiling;
7.1.2. And notified about the following information before the entry thereof into the processing system of the personal information controller (as defined under Philippine Data Privacy Act of 2012) or at the next practical opportunity:
7.1.2.1. Description of the personal data to be entered into the system;
7.1.2.2. Purposes for which they are being or will be processed;
7.1.2.3. Basis of processing, when processing is not based on your consent;
7.1.2.4. Scope and method of the personal data processing;
7.1.2.5. The recipients or classes of recipients to whom the personal data are or may be disclosed;
7.1.2.6. Methods utilized for automated access, if the same is allowed by data subject, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;
7.1.2.7. The identity and contact details of the personal data controller or its representative;
7.1.2.8. The period for which the information will be stored; and
7.1.2.9. The existence of your rights as data subjects, including the right to access, correction, and object to the processing, as well as the right to lodge a Complaint before the Commission.
7.2. Right to object.
7.2.1. As the data subject, you shall have the right to object to the processing of your personal data, including processing for direct marketing, automated processing or profiling. You shall also be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subject in the preceding paragraph.
7.2.2. When you object or withhold consent, the personal information controller, shall no longer process the data, unless:
7.2.2.1. The personal data is pursuant to a subpoena;
7.2.2.2. The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which you are a party, or when necessary or desirable in the context of an employer-employee relationship between the collector and the data subject; or
7.2.2.3. The information is being collected and processed as a result of a legal obligation.
7.3. Right to access.
As the data subject, you have the right to reasonable access to, upon demand, the following:
7.3.1. Contents of your personal data that were processed;
7.3.2. Sources from which personal data were obtained;
7.3.3. Names and addresses of recipients of the personal data;
7.3.4. Manner by which such data were processed;
7.3.5. Reasons for the disclosure of the personal data to recipients, if any
7.3.6. Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the data subject;
7.3.7. Date when your personal data concerning the data subject were last accessed and modified; and
7.3.8. The designation, name or identity, and address of the personal information controller.
7.4. Right to rectification.
As the data subject, you have the right to dispute the inaccuracy or error in the personal data and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal data has been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof: Provided, that recipients or third parties who have previously received such processed personal data shall be informed of its inaccuracy and its rectification, upon your reasonable request.
7.5. Right to erasure or blocking.
As the data subject, you shall have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data from the personal information controller’s filing system. This right may be exercised upon discovery and substantial proof of any of the following:
7.5.1. The personal data is incomplete, outdated, false, or unlawfully obtained;
7.5.2. The personal data is being used for purpose without your authorization;
7.5.3. The personal data is no longer necessary for the purposes for which they were collected;
7.5.4. You have withdrawn consent or objects to the processing, and there is no other legal ground or overriding legitimate interest for the processing;
7.5.5. The personal data concerns private information that is prejudicial to you, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
7.5.6. The processing is unlawful;
7.5.7. The personal information controller or personal information processor violated your rights.
7.5.8. The personal information controller may notify third parties who have previously received such processed personal information.
7.6. Right to damages.
As the data subject, you shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal data, taking into account any violation of your rights and freedoms as data subject.
7.7. Right to data portability
Where your personal data is processed by electronic means and in a structured and commonly used format, you shall have the right to obtain from the personal information controller a copy of such data in an electronic or structured format that is commonly used and allows for further use by the data subject. The exercise of this right shall primarily take into account your right to have control over your personal data being processed based on consent or contract, for commercial purpose, or through automated means. The Commission may specify the electronic format referred to above, as well as the technical standards, modalities, procedures and other rules for their transfer.
To exercise above rights, you may contact us at support@deepdatainc.com where you can communicate your rights and choices.
Cookies and Tracking Technologies
You have the flexibility to manage your preferences in relation to cookies and other tracking technologies that we apply with the use of our software.
Children’s Privacy
Our software is not directed to individuals under Legal Age (18 years old in the Philippines), or under “Required Age” in other jurisdictions. We will strictly implement this unless parental consent is given in case you are a student who would like avail of our software. If we become aware that a child under the Legal/Required Age has submitted information to us without parental consent, we will delete the information. For any concern or violation of this provision, please contact us at support@deepdatainc.com.
International Data Transfers
Our collection, processing, use and storage of your personal information will be governed by this Data Privacy and Security Policy, and our Terms of Reference (“TOR”) in accordance with the Philippine Data Privacy Act of 2012 and its Implementing Rules and Regulations. For data transfers from the Philippines to other jurisdictions, and vice-versa, we will transfer personal information in accordance with the applicable requirements of said jurisdiction/s without prejudice to our compliance with the Philippine Data Privacy Act of 2012.
Changes to Privacy and Security Policy
We will notify you of any changes to this Data Privacy and Security Policy, by email and via the DatViz Ai website.
Contact Information
For any questions and/or concerns, you may contact us at support@deepdatainc.com.