Mobile App Privacy Policy

Last updated June 2023

For private end users in contact with Keepit A/S, and all of Keepit’s affiliates, as a customer.

In connection with our administration, operation, and provision of the Keepit Phone Backup Service (the “Service”), we, Keepit A/S (“we”, “our” or “Keepit”), collect and process, in the role of data controller, personal data on our customers. This Privacy Policy provides information to you about our processing of your personal data.

KEEPIT CUSTOMERS THAT ARE PRIVATE END USERS

When Keepit provides the Service to private end users for the user’s own benefit, Keepit cannot enter a data processing agreement with the private end user as this fall outside the scope of the GDPR, cf. Art 2(2)(c).

Please note that the content of backup data is subject to the end users right of disposal and ownership and subject to the terms agreed between Keepit and such private end user. Backup data stored within the services may consist of any types of data. It is entirely dependent of the customer’s type of data and its use of the services. The customer can choose to back up e.g., photos, videos, contacts, calendars, messages etc. of their device.

KEEPIT CUSTOMERS THAT ARE LEGAL ENTITIES

Where Keepit customers are legal entities such as businesses and other types of organizations, information on how we process personal data is described in the respective data processing agreements with our customers as well as the following link /privacy-policy/. Our most recent data processing agreement can be found at /data-processing-agreement/. Where Keepit customers are legal entities, we act as a data processor and process data on behalf of and in accordance with instructions given by our customers. For more information on how we process personal data as a data processor, please refer to our data processing agreement or contact us using the contact information in section 7 of this Privacy Policy.

1. DISCRIPTION OF THE PROCESSING

WE PROCESS YOUR PERSONAL DATA FOR THE FOLLOWING PURPOSES:

  • to improve and provide our Service.
  • for customer administration, e.g., to process and handle orders, invoices, agreements, payments, maintain our business relationships, including user account administration, and handling support requests in connection with the Service we provide.

KEEPIT PROCESSES YOUR PERSONAL DATA ON VARIOUS LEGAL BASES, INCLUDING:

  • on the basis of your prior consent, cf. the GDPR article 6(1)(a)
  • to fulfill an agreement with you, cf. the GDPR article 6(1)(b)
  • because the processing is necessary in order to comply with a legal obligation incumbent on Keepit as the data controller, cf. the GDPR article 6(1)(c)
  • under specific circumstances to pursue a legitimate interest, cf. the GDPR article 6(1)(f). The legitimate interests that justify the processing may include improving our Service, answering your inquiries, etc.

KEEPIT PROCESSES A NUMBER OF GENERAL PERSONAL DATA ABOUT YOU SUCH AS:

  • login information and contact information, including name, e-mail address, address
  • information that you have entered yourself into our systems, e.g., payment information and information in connection with requests for support assistance/general correspondence with Keepit
  • information collected in the audit-log
  • (approximate) geo-locations
  • device ID, advertising ID
  • information about the operating system of your computer and/or your mobile device, including the selected browser, IP-address etc.

2. SOURCES

The personal data is collected directly from you or the business partner reselling Keepit’s Service to you. Personal data is e.g., provided by you when you:

  • register as a user of the Service,
  • request support
  • participate in user surveys,
  • communicate with Keepit, and
  • submit information for Keepit’s administrative purposes.

3. DATA PROVIDED ON A VOLUNTARY BASIS

When we collect personal data directly from you, you either provide us with the personal data on a voluntary basis or in order for us to comply with the law. It will depend on the specific circumstances whether you are under an obligation to provide us with such personal data.

The consequence of not providing us with the personal data mentioned above will be that we cannot pursue the specific purposes set out above, which for example means that we cannot process and handle orders, provide you with our Service, etc.

If you have provided us with your consent to a specific processing activity, you have the right to withdraw such consent without any consequences for you. However, if you withdraw your consent, the withdrawal will not affect any processing based on your consent given before the withdrawal. If you wish to withdraw your consent, please contact us using the contact information in section 7 of this Privacy Policy.

4. DISCLOSURE AND TRANSFERS OF PERSONAL DATA

We may disclose non-sensitive personal data to third parties, e.g., our business partners, provided that the disclosure is necessary and in compliance with the GDPR and Danish Data Protection Act. Furthermore, we use different service providers and suppliers who process personal data on our behalf and, thus, acts as our data processors, e.g., information technology suppliers.

Some of our business partners, service providers and suppliers are located in countries outside the EU/EEA. In such cases, we only transfer personal data in compliance with GDPR chapter V and the European Data Protection Board’s (EDPB) recommendations on supplementary measures. If we transfer personal data to countries which are not deemed to have an adequate level of security, we enter into the EU standard contractual clauses and, if deemed necessary, apply supplementary measures in accordance with the European Data Protection Board’s recommendations.

You may request more information regarding our use of data processors and/or our documentation on our legal basis and legal grounds for any transfers to countries located outside the EU/EEA. To make such request, please contact us using the contact information in section 7 of this Privacy Policy.

5. STORAGE PERIOD

We store personal data for as long as it is necessary to fulfil the purposes set out in this Privacy Policy and to be able to document our right to process the personal data and compliance with data protection legislation and any other relevant legislation, and after this for a limited time due to our purposely determined back-up and deletion routines.

Your personal data may, therefore, be subject to different retention policies based on the personal data in question and the purposes to which the personal data is collected. Below are a few examples of our retention periods:

  • As a general rule, we store personal data for the duration of our business relationship with you and until five (5) years after the termination of such business relationship.
  • Correspondence with you as a potential customer will in general be deleted two (2) years after the time of such correspondence.

6. YOUR RIGHTS

Subject to the applicable restrictions in the Danish Data Protection Act and General Data Protection Regulation, you have the following rights:

  • The right of access to personal data
  • The right to rectification of inaccurate and inadequate personal data
  • The right to erasure of personal data
  • The right to restriction of processing of personal data
  • The right to object
  • The right to data portability

The right to object

You have the right to object – on grounds relating to your particular situation – to processing of personal data where the legal basis for our processing is legitimate interests, as stated above. If you exercise your right to object, we may no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.

You also have the right at any time to object to the processing of your personal data for marketing purposes, which includes the right to object to profiling in so far as it relates to direct marketing. If you object to our processing for the purpose of direct marketing, your personal data may no longer be processed for this purpose.

Right to submit a complaint

You also have a right to submit a complaint to the competent supervisory authority, including the Danish Data Protection Agency. You will find the contact information of the Danish Data Protection Agency on www.datatilsynet.dk. You can also read more about your rights on www.datatilsynet.dk.

7. CONTACT

Please contact our Data Protection Officer if you have any questions about the processing of your personal data or how to exercise your rights.

Contact details:

Keepit A/S

Per Henrik Lings Allé 4, 7. Sal

2100 Copenhagen

Denmark

CVR No.: 30806883

Email address: dpo@keepit.com

8. CHANGES TO THE PRIVACY POLICY

This Privacy Policy may be subject to periodical changes in the future due to external reasons (e.g., changes to the relevant laws) or internal reasons (e.g., technical alterations). Keepit therefore reserves the right, at its sole discretion, to amend this Privacy Policy whenever it is deemed beneficial and/or necessary.