Privacy Notice
Dalza strives to put the Child at the centre and to create a trustful environment for the whole team. Ensuring that privacy is protected is central to this, so we take it seriously.
This Privacy Notice gives you information about how Dalza collects and processes personal data and cookies, and about individual privacy rights. If you have any questions about it, please contact privacy@dalza.com or click "Ask Dalza" on the Platform.
Last updated 27 April 2024
Learn more at majoto.io
Content map
This map explains the key parts of this Privacy Notice and what they are about.
1. Orientation
Who we are, and what data we collect and process.
2. How we process
How Dalza collects and processes your data.
Security, retention, deletion
How we secure your data, what we delete, what we keep and for how long.
4. Your rights
Your rights in relation to the data that Dalza processes.
Part 1 .
Orientation .
Who we are, and what data we collect and process. .
1. Who we are
We are Just Fair Terms, Unipessoal Limitada (Dalza or we), a Portuguese company with number 517162385. Dalza's address is Rua Bernardino Machado r/c esq. 236, Sao Domingos de Rana, Portugal 2785-095.
If you have any questions about this privacy notice or our privacy practices, or if you want to exercise your legal rights or the rights of a Child, please contact us at our address or send us an email to privacy@dalza.com.
* Definitions used in this document
* Personal data: information that identifies an individual such as name or contact details, or information that can be linked to an individual. For users in South Africa, information identifying an organisation can also be "personal data". * Parent: a parent or guardian who has the legal authority to make decisions for the Child. The Parent who creates the Child Space on the Platform is called the Team Organiser.
* Child: an individual under 18 years or such age where consent is needed (from the individual’s legal guardian or another responsible person) for the processing of personal data in their country of residence. * Team Member: a person given access to the Child Space by a Team Organiser. A Team Member could include a parent or guardian, friends and family, or a Specialist such as a teacher, therapist or healthcare professional.
* Child Space: an area on the Platform dedicated to the Child and containing information relating to the Child. * Platform: the Dalza website at www.dalza.com, the Dalza mobile applications and the content, services, functions and features accessible through them.
* Words like controller, processor, data subject, personal data and supervisory authority, may have different meanings or names in applicable data protection laws.
We always apply the meanings and equivalent names and requirements in the applicable laws.
2. Dalza's role in relation to your data
Dalza acts as a data controller of some types of information, such as the account and registration data of Team Organisers and Team Members, and Transaction Data. More about this in Part 2 section 1 below.
Dalza acts as a data processor of information relating to the Child, and any feedback given and chats sent via the Child Space in the Platform. Dalza processes such data as a result of your use of the Platform.
3. How it works
Information relating to the Child is provided to the Platform by the Team Organiser (during and after registering the Child) and by Team Members. All that information can be accessed in the Child Space.
What Dalza collects and at what point, is illustrated below. It also explains how a Team Organiser controls the access and permissions of other Team Members.
Create account The Team Organiser creates an account on Dalza.
Register Child The Team Organiser registers their Child on the Platform.
Child Space
created 		Dalza creates an area on the Platform dedicated to the Child and containing the information relating to the Child. This space is restricted to and controlled by the Team Organiser
Invite Team
Members 		The Team Organiser can invite Team Members to have access to the Child Space.
Team Members register For a Team Member to have access to a Child Space, they must register on the Platform and accept the invitation sent by the Team Organiser to join the Child Space.
Set Team Member permissions The Team Organiser controls what each Team Member can do in the Child Space: what information each Team Member can see, whether they can upload/download information, participate in discussions, or give feedback.
Removing Team Members A Team Organiser may remove a Team Member from the Child Space at any time.
.
Part 2. How we process
1. What we collect and process
The information Dalza collects in relation to different users. Dalza collects a given set of information in relation to each type of user. Definitions and additional detail are provided after this summary grid:
as a data controller
as a data processor
Parent Organiser Team Members Specialists Child
1 Identity Data
2 Contact Data
3 Transaction Data
4 Child Space Data
5 Team Data
6 Specialist Data
7 Usage Data
8 Marketing Data
9 Technical Data
* What these categories of data include:
1 Identity Data name, country, identifying symbol (avatar), user device, user ID, login details.
2 Contact Data email address.
3 Transaction Data
(details about, or required for, payments by or on behalf of the Team Organiser) 		name of card holder/account holder, billing address, card number, expiration date, CVV, bank name, transaction amount, transaction date and time, payment method, payment references, payment history, transaction logs, invoices, refund records, promotional offers. These are all details about, or required for, payments made by or on behalf of the Team Organiser.
4 Child Space Data

 		Information relating to the Child, uploaded or inserted on the Platform. Full details of what this includes are provided below.
5 Team Data details of which teams they form part of, date of joining and leaving the team. Relationship to child (in case of Team Members who are not Specialists).
6 Specialist Data
(users registered as Specialists such as teachers or therapists) 		details on specialisation or expertise, link to their website, information on their employer, languages. Selection of whether they want their information to be public on the Dalza database on the Platform (the ‘Specialist Database’)
7 Usage Data
(data about the User's use of the Platform) 		activity logs, timing, frequency and pattern of use of the Platform and of the features used. Analytics of transactional and functional communications (email address, delivered, opened, clicked, etc) provided by Dalza's email service provider.
8 Marketing Data whether user has opted in to receive communications. Analytics of non transactional / non-functional communications (email address, delivered, opened, clicked, device type etc) provided by Dalza's email services provider.
9 Technical Data
(data collected by cookies) 		may include IP address, log in data, browser type etc.
What is included in Child Space Data (information about the Child, uploaded or inserted on the Platform by the Team Organiser or Team Members).
 		Biographical information about the Child, such as their name, photo, age, gender, school, city, and country
Medical, therapy and educational information about the Child, such as their learning and thinking differences, accommodations, any medical or therapeutic diagnoses, medical or therapeutic or educational reports, questionnaires, assessments, plans or interventions, and medications.
Expressions of opinions about the Child, such as descriptions of the Child's personality, likes & dislikes, what they find difficult, things that can support them, and other information of this type.
Third party information relevant to the Child, such as family member identity, family relationships, and family information such as family events, history, and medical, educational, therapeutic and other personal information of family members.
Historical biographical information about the Child, such as life and school history, medical history, and therapy history.
Feedback on the Child, such as comments, notes, opinions or observations from the Team Organiser or Team Members (using the Feedback or Chat feature) which relate to events, interactions involving the Child, or on the diet, health, sleep, mood and behaviour of the Child.
Feedback from the Child, (using the Feedback feature, always with the involvement of a Team Member) such as observations on events, their progress, or their diet, health, sleep, mood and behaviour of the Child.
Chat content, such as messages between the Team Organiser and Team Members, or between Team Members themselves, using the chat features of the Platform.
Additional notes regarding the above data categories *
 Identity Data (1): where requested by Dalza, this may also include supporting information (such as copies of official documents) to verify your identity or your authority, such as your rights to use the Platform for the Child.
*
 Transaction data (3): we do not store card details on our servers. If you have subscribed on the web, your credit and debit card payments are processed by Stripe (www.stripe.com) on their secure payments server. If you have subscribed on the Apple or Android app, your payments and card details are processed by Apple or Google using their secure payment systems. All card details are encrypted and stored by the applicable payment processor.
2. How we collect it
Direct interactions (forms and correspondence). You may give us Identity Data, Contact Data and other information by filling in forms or by corresponding with us by email or otherwise.
This includes personal data provided during: (a) registration with us; (b) accessing and using the Platform; (c) sending and receiving an invitation from a Team Organiser to a Team Member; (d) interacting with the Child Space; or (e) giving us feedback or contacting us in relation to support, complaints or legal notices.
We are sometimes provided the name and contact details of Team Members by the Team Organiser, so we can send the Team Member an invitation.
Automated technologies and interactions. As users interact with the Platform, we will automatically collect Technical and Usage Data.
3. How we use the data
What we use it for: What we process, and lawful basis:
To register you and provide access to the Platform Identity and Contact Data
Performance of contract
To process payments for the Platform Transaction Data
Performance of contract with Team Organiser
To include teachers or specialists on our Specialist Database Specialist Data
Consent of teacher or specialist
To send invitations from the Team Organiser to prospective Team Members Identity and Contact Data
Performance of contract with Team Organiser
To operate the Platform Identity Data, Specialist Data, Child Space Data, Technical Data, Usage Data, Team Data
Performance of contract with Team Organiser
Legitimate interests
To manage our relationship with users including support, complaints and notices. Identity and Contact Data
Performance of contract
Compliance with legal obligations
Legitimate interests
To operate, administer and protect our business and the Platform.

Includes troubleshooting, data compilation and analysis, testing, product improvement and customisation, system maintenance, support, hosting of data, compliance with legal obligations, and enforcing our agreements. 		Identity Data, Contact Data, Specialist Data, Child Space Data, Usage Data, Technical Data and Team Data
Performance of contract
Compliance with legal obligations
Legitimate interests
To deliver marketing communications to you in accordance with your preferences and to measure the effectiveness of marketing that we send to you
 		Identity Data, Contact Data
Consent
Legitimate interests
We consider and balance the potential privacy impact on you and other people before we process personal data for our legitimate interests. We do not use personal data on the basis of legitimate interests if our interests are overridden by the impact on individuals' privacy. * Consent
means express consent.
* Performance of contract
means the performance of our agreement with a user to make the Platform available.
* Legitimate Interest
means Dalza's interest in conducting our business to enable us to give customers the best and most secure product experience.
* Compliance with a legal obligation
means processing personal data where it is necessary for compliance with a legal obligation.
4. Who we disclose it to
Category: Specific entities or types of providers:
Service Providers
 Service providers acting as processors such as those who provide our IT, system administration, development, maintenance and support services.
Providers of our cloud services (currently AWS), the privacy information of which can be accessed here. AWS securely stores and encrypts your data.
Payment service providers (Stripe, Apple or Google depending on whether you have subscribed on the web or an Apple or Android app).
Email service provided by Mailjet, the privacy notice of which can be accessed here (or any replacement email services provider).
Online chat service provided by Stream.io, the privacy notice of which can be accessed here (or any replacement chat services provider). Note that Stream.io cannot view the chat contents as they are encrypted.
Other Third Parties Team Organiser and other Team Members with access to the Child Space.
Users choosing to participate in the Specialist Database.
Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
Regulators and other public authorities, including law enforcement agencies, where required by law or policy.
Dalza group companies.
Advisers, investors and transaction partners, in connection with any financing, merger, sale or acquisition deal.
5. Cookies
Cookies are small text files that can be used to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of the Platform.
For all other types of cookies we need your permission. The Platform currently uses only strictly necessary cookies which can’t be deactivated.
Name Provider Purpose Expiry
_dalza_session_ Dalza Administer the Platform and manage operational tasks Session, Http only
api_refresh_token Dalza To re-validate a user and manage user access Persistent, 1 day, Http only
6. Aggregate Data
You grant to Dalza the right to create anonymised data and statistical data called Aggregated Data, from the Child Data, Specialist Data, Usage Data and Technical Data.

* Aggregated Data does not contain any personally identifiable information.
Dalza retains all intellectual property rights in Aggregated Data. Dalza may use and share Aggregated Data to improve the Dalza Platform, develop new services, understand usage and performance, analyse industry trends, and for any other purpose related to Dalza's business.
7. International transfers
We may transfer personal data of users outside of their country of residence and, in the case of Child Space Data, outside of the country in which the Team Organiser is located. We call this country of residence or, in the case of Child Space Data, the location of the Team Organiser, the Home Country. We would do this transfer outside of the Home Country in order to operate the Platform and provide you with associated services.
We will only do these transfers if it is lawful. We will take measures to ensure your data is protected, which may include these safeguards:
Approved countries: transferring personal data to countries that provide an adequate level of protection, according to the applicable data protection authority or laws of the Home Country.
Non-approved countries: where we use providers in countries that do not provide an adequate level of protection, transferring data to them under a binding agreement with provisions required by applicable laws, or other lawful data transfer mechanisms, which require them to provide protection to the standard expected within the Home Country.
Part 3 .
Security, retention, deletion .
How we secure your data, what we delete, what we keep and for how long. .
1. Data security
We have put in place appropriate technical and organisational security measures to prevent personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorized way.
These measures are aimed at ensuring the ongoing integrity and confidentiality of personal data and are evaluated periodically.
In addition, we limit access to personal data to those employees, agents, contractors and third parties who have a need to know. They will process the data only on our instructions.
No method of electronic transmission, processing or storage is 100% secure and Dalza cannot guarantee absolute security.
2. Data retention: general principles
We will always retain personal data for as long as reasonably necessary, satisfying any legal, regulatory, tax, accounting or reporting requirements, and good management practices.
In determining the retention period, we consider the amount, nature and sensitivity of the personal data, and the risk of harm from unauthorized use or disclosure. We will also consider the purposes for which we process your data and whether we can achieve them by other means.
3. Data retention after account deletion
When you stop using Dalza and your account is deleted as a result, all your personal data is deleted except the data listed in the below table. This might happen because you have unsuscribed or Dalza has terminated your use of the Platform. The data listed in the below table will be retained for 5 years.
Based on the general retention principles above, data may be retained for longer than 5 years, or for a shorter period.

There may be other categories of data that we will retain, in the event of a complaint or dispute, or if we believe there is a prospect of litigation with you, or others.
Parent Organiser Team
Member		 Specialist Child
1 Identity Data Name, country, Dalza user ID, supporting information Name, country, physical address, Dalza user ID, official documents Name, country, physical address, Dalza user ID Child's first and last name
2 Contact Data Email address Email address Email address -
3 Transaction Data All - - -
4 Child Space Data - - - Name, Dalza Child Profile ID
5 Team Data Which child profiles they registered and when Which teams, date joined and left, relationship to child Which teams they formed part of, date joined and left team Which team members were part of their team, date joined and left
6 Specialist Data - - Specialisation expertise -
7 Usage Data Data about use of the platform, activity logs Data about use of the platform, activity logs Data about use of the platform, activity logs -
8 Marketing Data - - - -
9 Technical Data - - - -
10 Correspondence All All All -
4. Account deletion process
When a user stops using the Platform (due to an account deletion request, cancellation of all subscriptions, or termination), the user's account will be deleted in line with the following process.
This process is designed to give users the ability to access and download data they want (and are permitted) to keep.
Day 1:
account terminated
During this period, access to the user's account is switched off, except view-only. User can request download of data (as permitted under Dalza's Terms of Use).
End of next calendar month: view-only window ends
During this period, the user can no longer view their account. Dalza will review any download requests.
+30 days:
download period starts
During this period, Dalza will deliver data downloads (unless more time is needed for technical or practical reasons).
+60 days:
data deletion starts
Dalza will delete your data (once downloads are completed). Some data is retained, see above.
The above process applies equally to a Team Member who leaves the team of a Child. After they leave a team or during the view-only window, the Team Member can request a download of data uploaded by them in the Child Space, or data the Team Organiser had permitted them to view. Dalza may provide the data but is not obliged to do so.
If you are the Team Organiser for more than one Child, and the subscription for only one Child ends, the above process will apply to only the information relevant to that subscription and that Child. Note that Dalza does not maintain back-ups of data deleted by users. So if a Team Organiser or Team Member has previously deleted data from the Child Space, it can no longer be downloaded during the account deletion process.
.
Part 4. Your rights .
You rights in relation to the data that Dalza processes. If you wish to exercise any of these rights, please contact us at our address (see above) or send an email to privacy@dalza.com. .
1 Request access Request access to your personal data (commonly known as a subject access request). This enables you to receive a copy of the personal data we hold about you and information to check that we are lawfully processing it.
2 Request correction You may request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data corrected, though we may need to verify the accuracy of the new data you provide to us.
3 Request erasure You may request erasure of your personal data. This enables you to ask us to delete or remove personal data where there are valid and lawful grounds for doing so.
4 Request restriction You may request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

(a) If you want us to establish the data’s accuracy;

(b) if our use of the data is unlawful but you do not want us to erase it;

(c) if you need us to hold the data even if we no longer require it, because you need it to establish, exercise or defend legal claims.

(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
5 Right to data portability You may have the right to receive some of your data in a structured, commonly used and machine-readable format and to transmit it to another controller.
6 Object to processing You may object to processing of your personal data where we process your data based on legitimate interest. We will assess your objection and determine whether we have any legitimate grounds/legal justification for continued processing.
7 Withdraw consent You may withdraw consent at any time, if we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
8 Right to complain You have the right to make a complaint to your local data protection authority.
Dalza will always follow the law where it may be different to this Privacy Notice or varies between countries.
Thank you for your trust and support, and enjoy using Dalza.

Please rotate your device