Skip to content

Delfy's Privacy Policy

Logo_colour-1

This Privacy Policy describes the information that we gather on, or through, our Services and how we use and process such information. For each processing purpose we will articulate the reason for requiring the data, what data we will process, the legal basis for processing the data and how long we will keep the data.

Where the legal basis of consent is to be used, this will be gathered freely, and we will use clear, plain language that is easy to understand, and you will be able to remove your consent at any point.

References to “Delfy” or “us” or “we” or “our” are references to Delfy Content Limited (company number 14860598) whose registered address is at Scale Space, 58 Wood Lane, London, W12 7RZ. References to “you” are references to you as the user of our product called “Delfy” (the "App") and its affiliates within the Delfy group of companies. References to “you” and “your” means each natural or legal person who uses our platform or the associated services.

  1. What Information do we collect about you and how do we use it?

We collect/process information so that we can provide the best possible experience when you utilise our Services.  This section of the policy will describe the purpose for processing your Personal Data, the legal basis to do so and how long we will keep your data.

“Personal Data” has the meaning given to it in the Data Protection Laws.

“Data Protection Laws” means any and all laws, statutes, enactments, orders or regulations or other similar instruments of general application and any other rules, instruments or provisions in force from time to time relating to the processing of personal data and privacy applicable to the performance of this Agreement, including where applicable the Data Protection Act 1998, the Data Protection Act 2018, the Regulation of Investigatory Powers Act 2000, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and the GDPR (Regulation (EU) 2016/679), as amended or superseded. 

1.1.      Our Product / Service

If you choose to use our Services, including access to the platform, email notifications, newsletters and product/service updates, you must provide us with some Personal Data so that we can provide our Services to you. The App is not intended for children and we do not knowingly collect data relating to children.

 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, middle name, last name, username or similar identifier.
  • Contact Data includes email address.
  • Technical Data includes your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use the App.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
  • Profile Data is derived from your usage data, external publicly available data and the other categories above, and may include user name, hashed password, usage data, interests, preferences, feedback and survey responses.
  • Aggregated Data such as statistical or demographic data for any purpose.

Password information necessary for creating and logging in on Delfy is hashed. We only store the hashed version. This is one-way encryption and can’t be decrypted. We don’t see the password at any point.

We don’t collect any passwords that you use for any third-party log in on Delfy - Mendeley, Zotero, ORCID iD.

Facebook, Google log-in are authenticated by the respective services and we don’t see, store or access any third party passwords.

We will process data using the following legal rationales: 

  1. Where we need to perform the contract we are about to enter into or have entered into with you.
  2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  3. Where we need to comply with a legal or regulatory obligation.

Our ability to retain the Personal Data will be determined by account activity, if the account is not used for over two (2) years we will delete your data. Accounts associated with contracted clients will be deleted on termination of the contract.

1.2.      Our use of Productivity Tools

If you choose to use our Service, Personal Data items such as name, email address, telephone number and other non-mandatory Personal Data may be stored in our corporate cloud application platform, corporate email platform and our help desk platform. 

We will process data using the following legal rationales: 

  1. Where we need to perform the contract we are about to enter into or have entered into with you.
  2. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  3. Where we need to comply with a legal or regulatory obligation.

Our ability to retain the Personal Data will be determined by account activity, if the account is not used for over two (2) years we will delete your data. Accounts associated with contracted clients will be deleted on termination of the contract.

1.4.      Our Marketing and Promotional Offers

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Delfy’s services are supported by advertising revenue and may display advertisements and promotions, and you hereby agree that Delfy may place such advertising and promotions on the Delfy Services or on, about, or in conjunction with your Content. The manner, mode and extent of such advertising and promotions are subject to change without specific notice to you.

At times we would like to send you information about new products and services of ours which may be of interest to you. You have a right at any time to stop us from contacting you for marketing purposes. To distribute our marketing information we may use personal data such as names, addresses, email addresses, employer details, job titles, telephone numbers and LinkedIn profiles.

 

We will process data using the following legal rationales: 

  1. Where you have given us consent
  2. Where we need to perform the contract we are about to enter into or have entered into with you.
  3. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  4. Where we need to comply with a legal or regulatory obligation.
  5. For business to business marketing
    1. if your role within an organisation is associated with learning and development we will use legitimate interest as the legal basis to process the data. We use this legal basis after completing a legitimate interest assessment process. The assessment states we will only send low volume, customised messages to business email addresses who, based on their job role, would have a legitimate interest in developing their employees and may find our product useful. If you do not want us to contact you we will provide an unsubscribe facility within the emails or you can contact us using the details within this privacy policy. We will retain personal data for active customer leads for a period of up to 2 years, a lead will be active under the following circumstances:
      1. An email sent by our organisation has not received an unknown account bounce back
      2. An email has been sent to our organisation from the data subject

Our ability to retain the Personal Data will be determined by account activity, if the account is not used for over two (2) years we will delete your data. Accounts associated with contracted clients will be deleted on termination of the contract.

1.4.      Our Third Party Data Sharing

We will get your express opt-in consent before we share your personal data for marketing purposes with any third party company.

1.5.      Cookies

Like many platforms and apps, we use cookies and similar technologies to collect additional platform or app usage data and to improve our Services. Platform usage information is collected using cookies to monitor aggregate site usage metrics such as total number of visitors and pages viewed. We will store the cookie values on our platform to allow us to perform our analysis, however this will not be used for any marketing analysis and is essential to deliver our reporting service. 

 

We will process data under the legitimate interest legal basis as we only use the data to perform aggregated tracking analysis and will not target individuals based upon this analysis. You will also need to accept our cookie policy to allow us to process the data.

We will retain active cookie data for a period of up to one (1) year, a cookie will remain active if a user re-visits our platform.

Learn more about how we use cookies by visiting our cookie policy on the platform. 

  1. Updating This Policy

We may change or update this Privacy Policy at any point so that it accurately reflects our Services, if we believe it does not fundamentally change your data privacy rights. If we believe your rights have been affected we will contact Users 30 days before we implement the change. If you continue to use the Service once the Privacy Policy has been updated or amended, you will be bound by the updated Privacy Policy. If you do not want to agree to any updated or amended Privacy Policy, you can request an account deletion.

  1. Your Rights

3.1.      Accessing or Rectifying your personal data

In most circumstances before we are able to invoke your rights we may need to verify you as the data subject, therefore we will request data from you and this will be checked against our records before we can proceed.

We want to make sure that your personal information is accurate and up to date and you have the right to request a copy and update the Personal Data that we hold about you. You may ask us to correct or remove information you think is inaccurate. If you would like to invoke this right, please email or write to us at dp@Delfy-app.com or DP - Delfy, Scale Space, 58 Wood Lane, London, W12 7RZ. 

3.2.      Deletion

Based upon the retention periods described above we will remove your Personal Data from our platforms.

3.3.      Object, Restrict or Withdraw Consent

You may wish to object to or restrict our ability to process your Personal Data, this can be done either via email or in writing, using the contact details below or, via our unsubscribe feature, where available. Further context may need to be requested to ensure we can carry out the relevant tasks on our platforms to perform the request.

3.4.      Portability

You may wish to port your Personal Data to another platform. If you would like to invoke this right, please email or write to us at dp@Delfy-app.com or DP - Delfy, Scale Space, 58 Wood Lane, London, W12 7RZ.

  1. Who We Are And How To Contact Us

This Privacy Policy is issued on behalf of the Delfy group of companies so when we mention “Delfy”, “we”, “us” or “our” in this Privacy Policy, we are referring to the relevant company in the group responsible for processing your data. If you are an individual and not associated with a contracted client we are the Data Controller and are responsible for defining and managing how your personal data is processed. If you are associated with a contracted client we are a Data Processor and the contracted client will be responsible for defining and managing how your personal data is processed (as the Data Controller).  

Our company name is: Delfy

Our company address is: Scale Space, 58 Wood Lane, London, W12 7RZ. 

Our email address is: dp@Delfy-app.com

  1. To Whom We Disclose Information

Except as described in this Privacy Policy, we will not intentionally disclose the Personal Data that we collect or store on the Service to third parties without the consent of the data subject. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:

Unrestricted Information

Any information that you voluntarily choose to include in a public area of the Service, such as a public profile page, will be available to any visitor or User who has access to that content.

  1. Service Providers

We work with third party service providers who provide email hosting, core corporate applications, web hosting, maintenance, and other services for us. These third parties may have access to, or process Personal Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information. An up to date list of our service providers can be found at the end of this Privacy Policy. 

6.1.      Overseas transfers

If you are a User based in the UK or the European Economic Area (EEA), the information you provide may be transferred to countries outside the UK or EEA that do not have similar protections in place regarding your data and restrictions on its use as set out in this policy. However, we will take steps to ensure adequate protections are in place to ensure the security of your information. The EEA comprises the EU member states plus Norway, Iceland and Liechtenstein. By submitting your information, you consent to these transfers for the purposes specified above.

We may transfer your personal information to our service providers located outside of the UK or EEA as specified in the list of service providers which can be found at the end of this Privacy Policy. 

All of our International service providers have each provided the information to demonstrate they have appropriate technical and organisational measures in place to safeguard Personal Data, and it shall be processed to at least the same standards as set out by the General Data Protection Regulations (GDPR). Each organisation has entered into Standard Contractual Clauses with Delfy,  which is accepted by the European Commission as evidence that an adequate level of protection exists for the Personal Data in the country, territory, or organisation where it is being transferred. 

6.2.      Non-Personally Identifiable Information

We may make non-personally-identifiable information available to third parties for various purposes. This data may be automatically-collected and would be analysed to create an aggregated view of the data, ensuring the reported information was anonymous.

6.3.      Law Enforcement, Legal Process and Compliance

We may disclose Personal Data or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.

6.4.      Change of Ownership

Information about data subjects, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the Personal Data commits to a privacy policy that has terms substantially consistent with this Privacy Policy.

  1. Our Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Password information necessary for creating and logging in on Delfy is hashed. We only store the hashed version. This is one-way encryption and can’t be decrypted. We don’t see the password at any point.

We don’t collect any passwords that you use for any third-party log in on Delfy - Mendeley, Zotero, ORCID iD.

Facebook, Google log-in are authenticated by the respective services and we don’t see, store or access any third party passwords.

  1. Complaints

If you are not happy with this privacy policy, or you wish to speak to a supervisory authority, you can contact the ICO on 0303 123 1113 or via their website www.ico.org.uk.  

  1. CCPA

In relation to the California Consumer Privacy Act (CCPA), we confirm the following

  • We do not sell any personal information
  • We do not offer any financial incentive for your personal information
  • You will not receive any discriminatory treatment by our business for exercising your privacy rights
  • We will not charge you for exercising your privacy rights
  • Upon receiving a request to know or a request to delete, we will confirm receipt of the request within 10 business days and provide information about how the business will process the request.
  • We will respond to requests to know and requests to delete within 45 calendar days.
  • We shall not disclose in response to a request to know a consumer’s Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, security questions and answers, or unique biometric data generated from measurements or technical analysis of human characteristics.
  • We are able to provide the information and classification of information when responding to a Request to Know request
  • We are able to delete the personal information in relation to a Request to Delete request

 

This Privacy Policy was last updated September 2023.

 

Service providers

Subcontractors legal name

Jurisdiction of where services are provided

Description of services provided

Transfer mechanism in place to ensure adequate level of protection for personal data where the transfer is to an entity outside the EU

Google

US

For the purpose of corporate applications

International Data Transfer Agreement

Slack

US

For the purpose of messaging tools

International Data Transfer Agreement

Fuse Mobile Technologies Limited

UK

For the purposes of development services

Not Applicable

Twilio
SendGrid
Segment

US

For the purposes of marketing and email campaigns

International Data Transfer Agreement

Salesforce Marketing Cloud

US

For the purposes of CRM, marketing and email campaigns

International Data Transfer Agreement

Fospha Limited

UK

For the purposes as our marketing analysis

Not Applicable

IntentPro

UK

For the purposes as our marketing analysis

Not Applicable

Heroku

US

For the purposes of hosting

International Data Transfer Agreement

Facebook AdsManager

US

For the purposes of obtaining feedback from clients

International Data Transfer Agreement

Google Ads

 

US

For the purposes of obtaining feedback from clients

International Data Transfer Agreement

LinkedIn Ads

US

For the purposes of obtaining feedback from clients

International Data Transfer Agreement

Twitter Ads

 

US

For the purposes of obtaining feedback from clients

International Data Transfer Agreement

Snowflake

US

For the purposes of analytics and reporting

International Data Transfer Agreement

Elastic

US

For the purposes of analytics and reporting

International Data Transfer Agreement

Adjust

EU

For the purposes of analytics and reporting

Not Applicable

Blenheim Chalcot IT Services India PVT.LTD

India

For the purpose of back-office finance and invoicing services and helpdesk queries

International Data Transfer Agreement

Blenheim Chalcot LTF Limited

UK

For the purposes of internal operations

Not Applicable

 

In order to provide the best service to our customers, this list may change.