Updated and Effective: June 2nd, 2023
Version: 1.0
This Privacy Policy specifies how we collect, use, store, share and transfer your personal data when you use the products/services provided by DMALL DIGITAL EUROPE KFT. (Registered address: 1121 Budapest, Zugligeti Ășt 41, Hungary) (hereinafter referred to as "Dmall","we", "our" or "us") and the ways in which we provide you with access to, update, delete and protect such data. If you have any questions when you read this Privacy Policy, you can contact us through the contact information provided in this Privacy Policy.
Please make sure you carefully read and fully understand this Privacy Policy before you start using our products and services (hereinafter refer to as "Services"). For emphasis, we have highlighted key points in bold/bold underline to require you to pay special attention when reading this Privacy Policy. You should choose whether to agree to this Privacy Policy and whether to agree to the use of the Services after carefully reading and fully understanding this Privacy Policy. If you do not agree with this Privacy Policy, we may not be able to provide all the functions of the Services. In such cases, we recommend that you discontinue accessing or using the Services immediately.
Your consent to the Privacy Policy is deemed that you have understood the functions provided through our websites and mobile applications (hereinafter referred to as "Apps") as well as the necessary process of minimum personal data for the operation of such functions, and that you expressly authorize us to collect and use personal data. However, your consent does not imply agreement to enable additional features or to process non-necessary personal data. We will obtain your consent individually according to your actual use of the Service before enabling additional features, processing non-necessary personal data, or processing special types of personal data.
In addition, our websites and mobile Apps may provide links to other (third-party) websites, mobile applications, or API interfaces for your convenience. These linked websites and applications have their own privacy notices or policies, which we strongly encourage you to review their privacy notices or policies before using their products and services. Please note that we are not responsible for the content, privacy practices related to personal data process, or other operational behaviors of linked websites or applications that are not controlled by us.
We collect your personal data strictly based on the requirements of the General Data Protection Regulation (GDPR) and the consensus reached with merchants in the Data Processing Agreement that we made with such merchants. We collect your personal data to fulfill our service obligations and to optimize the Services. We will not collect your personal data without specified, explicit and legitimate basis.
When you use the Services, it is necessary for you, as a user, to authorize us to collect and use certain personal data of yours. The following list outlines the personal data that Dmall may collect under different scenarios. We will only collect the necessary personal data of you to ensure your normal use of certain functions and will not collect any unnecessary personal data for your utilization of our certain services.
We may collect the following personal data:
In accordance with the relevant requirements of the GDPR, we are entrusted by (Merchant) to process your personal data when providing services for you. As we only act as a data processor in this process, we may only process your various personal data based on the instructions of the Merchant as the data controller under the premise of complying with the GDPR. Any information you provide is retained and controlled by (Merchant) as the data controller. A merchant administrator is generally an employee of the data controller who is directly responsible for responding to your requests related to personal data subject's rights. We will work with you to the fullest extent possible to realize your legitimate personal data rights in accordance with our agreements with data controllers, instructions from merchant administrators, applicable laws and regulations.
Dmall only uses the personal data that has been collected for the sole purpose of implementing some of the product features for your use. The details of why and how your personal data is used are as follows.
We receive and store necessary personal data you provide in relation to use certain functions of the Services. Specific personal data categories are as shown below. You are fully capable to choose not to provide certain types of personal data, but absent of certain personal data may result in limitations or inability to use certain features of the Services.
| Your Personal Data | Purpose and Use of Collection |
|---|---|
| Account number, Account password | For your login process to use the Services. |
| Name, Email address | In our business, we use your name and email address for identity verification and communication purposes. In addition, if you are logged in to your account, we will provide you with the ability to access your data. You can check your personal data through "Personal Center". |
| Phone number | When fulfilling online orders, your phone number is recorded to contact the customer and the store. |
| Location information | When you use map-related features, we will use your location information. |
| Communication records and contents, Audio recordings | When using the privacy number service, the content of your call will be recorded to protect your personal rights and interests. |
| Picture information | Used when you upload your pictures. |
In order to ensure the normal implementation of the relevant business functions, our Apps need to call the corresponding necessary permissions according to specific usage scenarios and ask for your consent via a pop-up window before calling. Please refer to the following table for a description of specific permissions to be granted:
| Description on Device Permissions | ||||
|---|---|---|---|---|
| Applications | Device Permissions | Use Purposes | When to Call Permissions | Whether Can be Shut Down |
| Dmall (Android) | Camera | Use the camera function when you scan codes and take photos | When you need to use the code scanning function, and when you need to take photos and upload pictures, we will call your camera permission. | Yes |
| Location | Use the map positioning function | When you need to use the map-related features, we will read your location information. | Yes | |
| Store | Used to apply updates, cache data, and save images | When you update your App, upload or cache images, we will get your permission to store. | Yes | |
| Phone | Used to contact customers or us | When you contact customers or us, we will get permission to make a call. | Yes | |
| Message | Used to notify new messages with sound or vibration alert | When you have a new message, we will get message notification permission. | Yes | |
| Dmall (iOS) | Camera | Use the camera function when you scan codes and take photos | When you need to use the code scanning function, and when you need to take photos and upload pictures, we will call your camera permission. | Yes |
| Photos | Used to facilitate image storage and uploading | When using the functions for uploading images, we will read your photo library. | Yes | |
| Location | Use the map positioning function | When you need to use the map-related features, we will read your location information. | Yes | |
| Microphone | Used to contact customers or us | When you contact customers or us, we will get microphone permission. | Yes | |
| Message | Used to notify new messages with sound or vibration alert | When you have a new message, we will get message notification permission. | Yes | |
| Network | Used to access the network and obtain the Wi-Fi information | When you need to connect to the network, we will get your network permission. | No | |
You can choose to turn off some or all permissions in the "Personal Center > Settings > About DMALL OS > System Authorization" setting of the App or your device, which may result in the corresponding business functions not being implemented or not achieving the expected results.
We automatically collect and store certain data about your use of the Services. Specific categories of automatically collected personal data are listed below. Such data are necessary for logging in your account and using our basic services. If you refuse to provide such personal data, please discontinue using the Services and contact the merchant administrator by sending an email to info@dmall.com for further deletion of such personal data.
| Your Personal Data | Purpose and Use of Collection |
|---|---|
| UID | Used to identify your identity and manage your accounts and permissions. |
| Device information | In order to provide you with services and page displays that better meet your needs, we will collect and use your device information when you access and use our services. Device information include Device ID, Device name, Device model, System language, etc. Such data are used to sort the corresponding service content to suit your device interface. |
| IP address | Used for security monitoring and identity authentication. If a large number of login attempts occur or geographic anomalies occur, you can discover and respond to security threats in a timely manner. |
| Behavior data | Used to operate, improve, and maintain our business, optimize product features and enhance your experience. |
We may receive data about you from other sources, specific categories of personal data are as shown below.
| Your Personal Data | Data Source | Purpose and Use of Collection |
|---|---|---|
| Employee number, Affiliated group, Affiliated merchant, Store number, Store name | Merchant (data controller) | Your job information is provided by the merchant administrator. Before the merchant provides such personal data of yours to us, the processing of such information shall have been lawfully authorized by you and is managed by the merchant you work for. Based on the merchant's commitment to the legality of the source of such personal data, we make such data collection for matching purpose with the merchants in order to provide you with corresponding product functions and protect your rights and interests. |
The Services will not involve the scenario of automated decision making as of now.
We do not collect personal data from minors (merchants are responsible for verifying the identity of minors). We attach great importance to the protection of minors' personal data, and if we become aware that certain personal data of a minor has been collected incorrectly, we will take instantaneous and reasonable steps to delete such data to the greatest operable extend. As a data subject, parent or other legitimate subject, you can also request to delete the data of such minors by contacting the merchant administrator by sending an email to info@dmall.com.
In order to realize the functions of the Services, we may provide your personal data to other personal data processors, mainly including:
| SDK | Purpose of Using SDK | Data Collected by SDK | SDK Provider | SDK Provider Privacy Policy Link |
|---|---|---|---|---|
| Getui SDK | We use the SDK of "Getui" with the function of "push". The used permissions are "storage permissions, read device information, read network status, read Wi-Fi status, and hover window permissions". The user data obtained is "personal commonly used device information". Personal commonly used device information is sensitive data. | Network identity information, Personal location information | Getui | https://www.getui.com/privacy |
| Huawei scanning SDK | We use Huawei scanning SDK with the function of "barcode identification & QR code identification". | Network identity information | Huawei | https://consumei.huawei.com/cn/privacy/privacy-policy/ |
| Google Maps | We use the location function to provide you with store location display and delivery address services. | Personal location information | https://policies.google.com/privacy?gl=CN&hl=zh-CN |
In addition to the above, if we provide your personal data to other personal data processors, we will inform you of the recipient's name or full name, contact information, purpose of processing, and manner of processing.
To address potential risks, such as personal data breaches, damages, and losses, we have developed emergency operating procedures for security incidents and implemented security measures in the areas of data security, network security, infrastructure security, and security operations and maintenance to ensure the safety of personal data.
In the event of a personal data security incident, we will promptly inform you in accordance with the requirements of laws and regulations. When it is difficult to notify each data subject, we will issue a public announcement in a reasonable and effective manner. Meanwhile, we will also proactively report the handling of data security incidents in accordance with regulatory requirements.
If you have any questions about our personal data protection, if you believe your personal data has been compromised, please send emails to info@dmall.com to contact us. After verifying your identity, we will respond to your inquiry within one month or within the time limit required by laws and regulations.
Personal data collected and generated by us in Europe are stored on servers in Europe. We may remotely access relevant data from users for the purposes of improving user experience, optimizing risk control, improving management efficiency, etc. In such cases, we will take reasonable measures according to law and regulations to ensure that your personal data is protected, including but not limited to encryption and access control of your personal data. Meanwhile, we will obtain your separate consent (when necessary), complete the necessary security assessments (when required) by applicable laws and regulations, or fulfill other data management responsibilities as required by laws and regulations.
Your personal data will be stored within a reasonable time period required to achieve the purposes stated in this Privacy Policy (unless longer retention periods are required by applicable laws). Generally, this means that we will keep your personal data as long as you have an account on our Apps.
We will not transmit your personal data outside the EU/EEA. However, in exceptional circumstances where such a transfer is necessary, we will assess the legality of the specific transfer. We will promptly notify you and obtain your explicit consent before any such transfer takes place, in compliance with applicable laws. Regarding data transfers to such recipients outside the EU/EEA, we provide appropriate security measures, in particular by signing data transfer agreements that include Standard Contractual Clauses adopted by the EU Commission and the recipients, or by taking other measures to ensure an adequate level of data protection.
In order to optimize the functionality of our website and enhance your browsing experience, we may store small data files known as Cookies on your device or system. Cookies enable us to remember your information for future visits to our website, streamline the process of filling in your personal data (e.g., one-click login, etc.), customize preferences for secure shopping, enhance your selection and interaction with advertisements, safeguard the security of your data, and provide additional benefits. You can refer to the Cookie Notice to know the Cookies we use and the purpose for which they are used. We do not use Cookies for any purpose other than those described in the Cookie Notice. You can manage or delete Cookies according to your preferences. You can clear all Cookies saved on your computer, and most web browsers have a feature to block Cookies. However, if you do so, you will need to change your user settings yourself each time you visit us, but you may not be able to log in or use the services or functions we provide that rely on Cookies because of such modifications. You can limit our use of Cookies by changing your browser settings.
We may update this Privacy Policy from time to time. If we decide to update our Privacy Policy, we will post the changes on our official website and Apps, and such changes will form part of this Privacy Policy. If we materially change the way in which we process your personal data, we will prompt you via pop-up or other clear and conspicuous forms and request your consent prior to implementing such changes. Without your consent, we will not reduce your rights under this policy.
Please carefully read the amended Privacy Policy. If you do not agree to this Privacy Policy or have any objection to the modified or updated content, you may choose to stop using the Services by contacting the administrator who registered your account. Please be aware that any actions and activities before the termination of using the Services are still subject to this Privacy Policy. We strongly recommend that you read our Privacy Policy and stay informed of our practices.
Starting from the effective date that this Privacy Policy is amended, your purchase and use of the Services provided by us, as well as your access to, browsing and use of our official website, Apps, and other online services shall be deemed as your full understanding and full consent to the revised Privacy Policy.
If major and substantial changes are involved, we will notify you in a noticeable manner based on the specific circumstances. The circumstances of major and substantial changes include but are not limited to:
We welcome questions, opinions and concerns about our Privacy Policy and privacy practices. If you wish to provide feedback, have questions or concerns, or wish to exercise your rights with respect to your personal data, please contact us by the following method: (i) "Contact Us" section of our website or App; (ii) send an email to info@dmall.com, and we will complete the review and processing within one month after receiving your comments and suggestions. If we are unable to respond to your request, we will send you a notice and explain the reason.
If you contact us regarding privacy complaints, we will assess them in order to promptly and effectively resolve the issues. If you are not satisfied with the response you receive, you may file a complaint with the relevant regulatory authority.