DMALL OS PRIVACY POLICY
Updated and Effective: June 2nd , 2023
Version: 1.0
This Privacy Policy specifies how we collect, use, store, share and transfer your personal data when you use the products/services provided by DMALL DIGITAL EUROPE KFT. (Registered address: 1121 Budapest, Zugligeti út 41, Hungary) (hereinafter referred to as \"Dmall\",\"we\", \"our\" or \"us\") and the ways in which we provide you with access to, update, delete and protect such data. If you have any questions when you read this Privacy Policy, you can contact us through the contact information provided in this Privacy Policy.
Please make sure you carefully read and fully understand this Privacy Policy before you start using our products and services (hereinafter refer to as “Services”). For emphasis, we have highlighted key points in \"bold/bold underline\" to require you to pay special attention when reading this Privacy Policy. You should choose whether to agree to this Privacy Policy and whether to agree to the use of the Services after carefully reading and fully understanding this Privacy Policy. If you do not agree with this Privacy Policy, we may not be able to provide all the functions of the Services. In such cases, we recommend that you discontinue accessing or using the Services immediately.
Your consent to the Privacy Policy is deemed that you have understood the functions provided through our websites and mobile applications (hereinafter referred to as “Apps”) as well as the necessary process of minimum personal data for the operation of such functions, and that you expressly authorize us to collect and use personal data. However, your consent does not imply agreement to enable additional features or to process non-necessary personal data. We will obtain your consent individually according to your actual use of the Service before enabling additional features, processing non-necessary personal data, or processing special types of personal data.
In addition, our websites and mobile Apps may provide links to other (third-party) websites, mobile applications, or API interfaces for your convenience. These linked websites and applications have their own privacy notices or policies, which we strongly encourage you to review their privacy notices or policies before using their products and services. Please note that we are not responsible for the content, privacy practices related to personal data process, or other operational behaviors of linked websites or applications that are not controlled by us.
Table of Contents
I. What Personal Data Do We Collect and When Do We Collect
II. Why and How We Use Your Personal Data
III. How We Protect the Personal Data of Minors
IV. How We Share Your Personal Data
V. How You Exercise Your Personal Data Subject Rights
VI. How We Protect Your Personal Data
VII. How We Store Your Personal Data
VIII. Whether Your Data Will be Transmitted to a Third Country
IX. How We Use Cookies and Similar Technologies
X. Changes to Our Privacy Policy
XI. Contact Us
I. What Personal Data Do We Collect and When Do We Collect
We collect your personal data strictly based on the requirements of the General Data Protection Regulation (GDPR) and the consensus reached with merchants in the Data Processing Agreement that we made with such merchants. We collect your personal data to fulfill our service obligations and to optimize the Services. We will not collect your personal data without specified, explicit and legitimate basis.
When you use the Services, it is necessary for you, as a user, to authorize us to collect and use certain personal data of yours. The following list outlines the personal data that Dmall may collect under different scenarios. We will only collect the necessary personal data of you to ensure your normal use of certain functions and will not collect any unnecessary personal data for your utilization of our certain services.
We may collect the following personal data:
• Personal identification information: Name, Email address, Phone number;
• Network identity information: UID, Account number, Account password, Device information, IP address;
• Education and job information: Employee number, Affiliated group, Affiliated merchant, Store number, Store name;
• Personal location information: Location information;
• Behavior data: Page browsing data;
• Communication records and contents, Audio recordings, Picture information from the device's camera and photo library;
II. How We Use Your Personal Data
In accordance with the relevant requirements of the GDPR, we are entrusted by ( Merchant ) to process your personal data when providing services for you. As we only act as a data processor in this process, we may only process your various personal data based on the instructions of the Merchant as the data controller under the premise of complying with the GDPR. Any information you provide is retained and controlled by ( Merchant ) as the data controller. A merchant administrator is generally an employee of the data controller who is directly responsible for responding to your requests related to personal data subject’s rights. We will work with you to the fullest extent possible to realize your legitimate personal data rights in accordance with our agreements with data controllers, instructions from merchant administrators, applicable laws and regulations.
Dmall only uses the personal data that has been collected for the sole purpose of implementing some of the product features for your use. The details of why and how your personal data is used are as follows.
1. Data You Provide to Us
We receive and store necessary personal data you provide in relation to use certain functions of the Services. Specific personal data categories are as shown below. You are fully capable to choose not to provide certain types of personal data, but absent of certain personal data may result in limitations or inability to use certain features of the Services.
| Your Personal Data | Purpose and Use of Collection |
| Account number, Account password | For your login process to use the Services. |
| Name, Email address | In our business, we use your name and email address for identity verification and communication purposes. In addition, if you are logged in to your account, we will provide you with the ability to access your data. You can check your personal data through \"Personal Center\". |
| Phone number | When fulfilling online orders, your phone number is recorded to contact the customer and the store. |
| Location information | When you use map-related features, we will use your location information. |
| Communication records and contents, Audio recordings | When using the privacy number service, the content of your call will be recorded to protect your personal rights and interests. |
| Picture information | Used when you upload your pictures. |
In order to ensure the normal implementation of the relevant business functions, our Apps need to call the corresponding necessary permissions according to specific usage scenarios and ask for your consent via a pop-up window before calling. Please refer to the following table for a description of specific permissions to be granted:
| Description on Device Permissions | ||||
| Applications | Device Permissions | Use Purposes | When to Call Permissions | Whether Can be Shut Down |
| Dmall(Android) | Camera | Use the camera function when you scan codes and take photos | When you need to use the code scanning function, and when you need to take photos and upload pictures, we will call your camera permission. | Yes |
| Location | Use the map positioning function | When you need to use the map-related features, we will read your location information. | Yes | |
| Store | Used to apply updates, cache data, and save images | When you update your App, upload or cache images, we will get your permission to store. | Yes | |
| Phone | Used to contact customers or us | When you contact customers or us, we will get permission to make a call. | Yes | |
| Message | Used to notify new messages with sound or vibration alert | When you have a new message, we will get message notification permission. | Yes | |
| Dmall (iOS) | Camera | Use the camera function when you scan codes and take photos | When you need to use the code scanning function , and when you need to take photos and upload pictures, we will call your camera permission. | Yes |
| Photos | Used to facilitate image storage and uploading | When using the functions for uploading images, we will read your photo library. | Yes | |
| Location | Use the map positioning function | When you need to use the map-related features, we will read your location information. | Yes | |
| Microphone | Used to contact customers or us | When you contact customers or us, we will get microphone permission. | Yes | |
| Message | Used to notify new messages with sound or vibration alert | When you have a new message, we will get message notification permission. | Yes | |
| Network | Used to access the network and obtain the Wi-Fi information | When you need to connect to the network, we will get your network permission. | No |
You can choose to turn off some or all permissions in the \"Personal Center > Settings > About DMALL OS > System Authorization\" setting of the App or your device, which may result in the corresponding business functions not being implemented or not achieving the expected results.
2. Automatic Data
We automatically collect and store certain data about your use of the Services. Specific categories of automatically collected personal data are listed below. Such data are necessary for logging in your account and using our basic services. If you refuse to provide such personal data, please discontinue using the Services and contact the merchant administrator by sending an email to support.privacy@dmall.com for further deletion of such personal data.
| Your Personal Data | Purpose and Use of Collection |
| UID | Used to identify your identity and manage your accounts and permissions. |
| Device information | In order to provide you with services and page displays that better meet your needs, we will collect and use your device information when you access and use our services. Device information include Device ID, Device name, Device model, System language, etc.Such data are used to sort the corresponding service content to suit your device interface. |
| IP address | Used for security monitoring and identity authentication. If a large number of login attempts occur or geographic anomalies occur, you can discover and respond to security threats in a timely manner. |
| Behavior data | Used to operate, improve, and maintain our business, optimize product features and enhance your experience. |
3. Data from Other Sources
We may receive data about you from other sources, specific categories of personal data are as shown below.
| Your Personal Data | Data Source | Purpose and Use of Collection |
| Employee number, Affiliated group, Affiliated merchant, Store number, Store name | Merchant (data controller) | Your job information is provided by the merchant administrator. Before the merchant provides such personal data of yours to us, the processing of such information shall have been lawfully authorized by you and is managed by the merchant you work for. Based on the merchant's commitment to the legality of the source of such personal data, we make such data collection for matching purpose with the merchants in order to provide you with corresponding product functions and protect your rights and interests. |
4 Automated Decision Making
The Services will not involve the scenario of automated decision making as of now.
III. How We Protect the Personal Data of Minors
We do not collect personal data from minors (merchants are responsible for verifying the identity of minors). We attach great importance to the protection of minors' personal data, and if we become aware that certain personal data of a minor has been collected incorrectly, we will take instantaneous and reasonable steps to delete such data to the greatest operable extend. As a data subject, parent or other legitimate subject, you can also request to delete the data of such minors by contacting the merchant administrator by sending an email to support.privacy@dmall.com .
IV. How We Share Your Personal Data
In order to realize the functions of the Services, we may provide your personal data to other personal data processors, mainly including:
1. Third-party service providers: We employ other companies to perform functions on our behalf. Examples include providing location service and providing customer service. These third-party service providers have access to personal information needed to perform their functions, but may not use it for other purposes.
2. Third-party software tool development kit (SDK): In order to provide better services, we use third-party SDKs. These third-party SDKs may collect your personal data while providing you with more comprehensive services. We adopt necessary technical measures to evaluate and control the collection and use of your personal data by these third-party SDKs to ensure that your personal data is effectively protected. We conduct strict security checks on SDKs and require our partners to take strict measures to protect your personal data. When new service requirements and changes in business functions related to the SDKs we utilize, we may modify the access authority of certain third-party SDKs, and promptly inform you the latest situation of accessing third-party SDKs in this Privacy Policy. Please note that the third-party SDKs may have some changes in the data type for their collection due to version upgrades, policy adjustments, etc. Please refer to the official instructions published by the third-party SDKs. For the names and types of third-party SDKs, the types of personal data collected, the purposes of collection, and links to the privacy policies of third parties, please see the list of third-party SDKs below.
| SDK | Purpose of Using SDK | Data Collected by SDK | SDK Provider | SDK Provider Privacy Policy Link |
| Getui SDK | We use the SDK of \"Getui\" with the function of \"push \". The used permissions are \"storage permissions, read device information, read network status, read Wi-Fi status, and hover window permissions\". The user data obtained is \"personal commonly used device information\". Personal commonly used device information is sensitive data. | Network identity information, Personal location information | Getui | https://www.getui.com/privacy |
| Huawei scanning SDK | We use Huawei scanning SDK with the function of \"barcode identification & QR code identification\". | Network identity information | Huawei | https://consumei.huawei.com/cn/privacy/privacy-policy/ |
| Google Maps | We use the location function to provide you with store location display and delivery address services. | Personal location information | https://policies.google.com/privacy?gl=CN&hl=zh-CN |
In addition to the above, if we provide your personal data to other personal data processors, we will inform you of the recipient’s name or full name, contact information, purpose of processing, and manner of processing.
V. How to Exercise Your Personal Data Subject Rights
1. The right to be informed
You have the right to clearly understand and be informed of how we process your personal data, the types of personal data we process, the purposes for processing such personal data, and the information about the third parties to which your personal data is shared with. In this Privacy Policy, we have a detailed explanation of the processing of your personal data. If you have any questions, please send an email to support.privacy@dmall.com to contact the merchant administrator to further assist you.
2. The right to access your personal data
You have the right to access your account to view your personal data at any time through the websites or Apps. If you wish to access your other personal data, or encounter difficulties while exercising the aforementioned rights, you can send an email to support.privacy@dmall.com to contact the merchant administrator. The merchant administrator will respond to your request in time after confirmation of your identity.
3. The right to rectification
You have the right to ask us to rectify any incomplete or inaccurate personal data we hold about you. However, in any case, you need to ensure the authenticity and accuracy of the data you provide. If any loss is incurred due to the incorrect, inaccurate, or incomplete data provided, you need to assume responsibility for this.
If you wish to rectify your other personal data, or encounter difficulties while exercising the aforementioned rights, you can send an email to support.privacy@dmall.com to contact the merchant administrator. The merchant administrator will respond to your request in time after confirmation of your identity.
4. The right to erasure
You have the right to ask us to delete your personal data in the following cases.
(1) Our processing of your personal data violates laws or regulations;
(2) Our processing of your personal data seriously violates our agreement with you;
(3) We stop providing the Services, or the retention period of personal data has expired.
(4) Your exercise of your right to object the processing of personal data.
(5) There are no other legitimate ground for not deleting your persona data as listed in GDPR Article 17 (3).
You can send an email to support.privacy@dmall.com to contact the merchant administrator. The merchant administrator will respond to your request in time after confirmation of your identity.
5. The right to restriction of processing
In the following cases, you have the right to ask us to limit (stop any active) processing of your personal data in certain circumstances. If you have encountered any of the following situations, you can send an email to support.privacy@dmall.com to contact the merchant administrator. The merchant administrator will respond to your request in time after confirmation of your identity.
(1) The personal data we collect about you is inaccurate, and you provide us permission and certain period to verify its accuracy;
(2) You believe the processing of your personal data is unlawful, but you request to restrict the use of your personal data instead of requesting its erasure;
(3) We no longer need the personal data for the purposes of the processing, but you need the personal data in order to exercise or defend your legal rights;
(4) You have objected to the processing of your personal data based on legitimate interests and are evaluating the legal basis you proposed.
6. The right to object to processing
You have the right to object to the processing of your personal data based on your legitimate interests. Unless we can prove that there are legitimate reasons, we will no longer process your personal data.
7. The right to information portability
You have the right to copy or ask to transfer your personal data. You can send an email to support.privacy@dmall.com to contact the merchant administrator. Where technically feasible, you have right to have your personal data transferred directly from one controller to another. If your request meets the conditions specified by applicable laws and regulations, we will provide the means of transfer.
8. The right that are not fully affected by automated decisions
The Services will not involve the scenario of automated decision making as of now.
9. Responding to Your Request
When you send email to support.privacy@dmall.com to contact the merchant administrator, and request to exercise our data subject rights stated in Articles 5.1 - 5.8 of this Privacy Policy, we may ask you to submit relevant proof to verify your identity before processing your request for safety reasons. Once we have verified the legitimacy and identity of your request, we will complete the necessary processing within one month after receiving the confirmation from the merchant administrator.
VI. How We Protect Your Personal Data
To address potential risks, such as personal data breaches, damages, and losses, we have developed emergency operating procedures for security incidents and implemented security measures in the areas of data security, network security, infrastructure security, and security operations and maintenance to ensure the safety of personal data.
In the event of a personal data security incident, we will promptly inform you in accordance with the requirements of laws and regulations. When it is difficult to notify each data subject, we will issue a public announcement in a reasonable and effective manner. Meanwhile, we will also proactively report the handling of data security incidents in accordance with regulatory requirements.
If you have any questions about our personal data protection, if you believe your personal data has been compromised, please send emails to support.privacy@dmall.com to contact us. After verifying your identity, we will respond to your inquiry within one month or within the time limit required by laws and regulations.
VII. How We Store Your Personal Data
Personal data collected and generated by us in Europe are stored on servers in Europe. We may remotely access relevant data from users for the purposes of improving user experience, optimizing risk control, improving management efficiency, etc. In such cases, we will take reasonable measures according to law and regulations to ensure that your personal data is protected, including but not limited to encryption and access control of your personal data. Meanwhile, we will obtain your separate consent (when necessary), complete the necessary security assessments (when required) by applicable laws and regulations, or fulfill other data management responsibilities as required by laws and regulations.
Your personal data will be stored within a reasonable time period required to achieve the purposes stated in this Privacy Policy (unless longer retention periods are required by applicable laws). Generally, this means that we will keep your personal data as long as you have an account on our Apps.
VIII. Whether Your data will be Transmitted to a Third Country
We will not transmit your personal data outside the EU/EEA. However, in exceptional circumstances where such a transfer is necessary, we will assess the legality of the specific transfer. We will promptly notify you and obtain your explicit consent before any such transfer takes place, in compliance with applicable laws. Regarding data transfers to such recipients outside the EU/EEA, we provide appropriate security measures, in particular by signing data transfer agreements that include Standard Contractual Clauses adopted by the EU Commission and the recipients, or by taking other measures to ensure an adequate level of data protection.
IX. How Do We Use Cookies and Similar Technologies
In order to optimize the functionality of our website and enhance your browsing experience, we may store small data files known as Cookies on your device or system. Cookies enable us to remember your information for future visits to our website, streamline the process of filling in your personal data (e.g., one-click login, etc.), customize preferences for secure shopping, enhance your selection and interaction with advertisements, safeguard the security of your data, and provide additional benefits. You can refer to the Cookie Notice to know the Cookies we use and the purpose for which they are used. We do not use Cookies for any purpose other than those described in the Cookie Notice. You can manage or delete Cookies according to your preferences. You can clear all Cookies saved on your computer, and most web browsers have a feature to block Cookies. However, if you do so, you will need to change your user settings yourself each time you visit us, but you may not be able to log in or use the services or functions we provide that rely on Cookies because of such modifications. You can limit our use of Cookies by changing your browser settings.
X. Changes to Our Privacy Policy
We may update this Privacy Policy from time to time. If we decide to update our Privacy Policy, we will post the changes on our official website and Apps, and such changes will form part of this Privacy Policy. If we materially change the way in which we process your personal data, we will prompt you via pop-up or other clear and conspicuous forms and request your consent prior to implementing such changes. Without your consent, we will not reduce your rights under this policy.
Please carefully read the amended Privacy Policy. If you do not agree to this Privacy Policy or have any objection to the modified or updated content, you may choose to stop using the Services by contacting the administrator who registered your account. Please be aware that any actions and activities before the termination of using the Services are still subject to this Privacy Policy. We strongly recommend that you read our Privacy Policy and stay informed of our practices.
Starting from the effective date that this Privacy Policy is amended, your purchase and use of the Services provided by us, as well as your access to, browsing and use of our official website, Apps, and other online services shall be deemed as your full understanding and full consent to the revised Privacy Policy.
If major and substantial changes are involved, we will notify you in a noticeable manner based on the specific circumstances. The circumstances of major and substantial changes include but are not limited to:
(1) There are major changes to our service model. For example, the purpose of processing personal data, the type of personal data processed, the method of use of personal data, etc.;
(2) We have undergone major changes in the ownership structure, organizational structure, and other aspects. For example, changes in owners due to business adjustments, bankruptcy and mergers and acquisitions;
(3) Changes in the main objects of personal data sharing, transfer, or public disclosure;
(4) Significant changes in your rights and the manner in which you exercise your participation in personal data processing;
(5) When the department responsible for handling personal data security, contact information and complaint channels is changed;
(6) When the DPIA report indicates a high risk.
XI. Contact Us
We welcome questions, opinions and concerns about our Privacy Policy and privacy practices. If you wish to provide feedback, have questions or concerns, or wish to exercise your rights with respect to your personal data, please contact us by the following method: (i) “Contact Us” section of our website or App; (ii) send an email to support.privacy@dmall.com , and we will complete the review and processing within one month after receiving your comments and suggestions. If we are unable to respond to your request, we will send you a notice and explain the reason.
If you contact us regarding privacy complaints, we will assess them in order to promptly and effectively resolve the issues. If you are not satisfied with the response you receive, you may file a complaint with the relevant regulatory authority.