Privacy Policy – Dropon (version October 20, 2021)
1. Why this Privacy Policy?
This Privacy Policy applies to the website www.dropon.io, and the related online platform and mobile application (“Dropon”).
We value the protection of your privacy and personal data. We only use and process your personal data in accordance with the applicable data protection legislation, including the GDPR. Every reference to the ‘GDPR’ is a reference to the Regulation of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data (General Data Protection Regulation).
With this Privacy Policy, we want to point out to the person concerned, namely the natural person whose data is being processed and who can directly or indirectly be identified (including “Visitors” and “Users”, as hereinafter defined), any possible processing operations performed with his or her personal data and the legal rights at his or her disposal. By using Dropon, Visitors and Users agree to the collecting and processing of their personal data in accordance with the terms of this Privacy Policy.
Our Privacy Policy may be subject to future amendment or modification. Any such changes will be clearly indicated in the Privacy Policy. It is up to you to consult this document regularly. Every substantial change will however be clearly and separately communicated to you at all times.
2. Who is responsible for the processing of your personal data?
The website www.dropon.io (the “Website”) is an initiative of:
Dropon BV (hereinafter “we” or “us”)
Oktrooiplein 1, bus 201
B-9000, Ghent
Company number (VAT-BE): 0703.998.977 E-mail: info@dropon.io
This privacy policy is only available in English, if you have any question related to this privacy policy and its interpretation, please contact us.
Dropon BV is the “data controller” within the meaning of the GDPR and decides alone which personal data are being collected, and the goal and the means for the processing of those personal data. We rely on carefully selected data processors for the processing of the personal data. A processor is the natural or legal person who processes your personal data upon request and on behalf of the data controller (e.g. hosting service providers). The processor is required to ensure the security and confidentiality of the data. The processor shall always act on the instructions of the data controller.
3. Which personal data are being processed?
a) Visitors
“Visitors” are all natural persons visiting our Website through the Internet, browsing on our Website, and possibly completing a web form on our Website.
The personal data of Visitors is collected (i) through cookies when they browse on our Website (see also Section 5 below), and (ii) when they fill out a form on our Website. Anytime certain information is mandatory and other information is optional, this shall be clearly indicated as such in the web form (mandatory information shall be accompanied by an “*”), so that you can choose whether or not to provide us with optional information.
We commit to only collect and process personal data that are useful and necessary for the goals for which they are being processed. A non-exhaustive list of personal data of Visitors that might be processed can be found here:
● Your electronic identification data (IP-address) and other cookie details such as your probable location of consultation, hour and day of the consultation, the pages that are being consulted;
● Your personal identification data (name, first name, gender);
● Your contact details (e-mail, address details, telephone number);
● Your language preference; and
● The content of the message you send us through the web form.
We also use both technical and non-technical (i.e. tracking or analytical) cookies in order to recognise returning Visitors and to offer the Visitor a personalised Visitor experience, to remember technical choices, and to detect and correct any errors which might be present on the Website. For more information concerning the use of cookies, we kindly refer you to Section 5 hereof and to our Cookie Policy.
b) Users
“Users” are all natural persons setting-up a Dropon user account and having authorised access to Dropon (the online platform and/or the mobile application).
Data provided by users. This includes:
– User profile
The personal data of Users is collected (i) when they create their user account, and (ii) when they further complete their user account information at any later stage. Anytime certain information is mandatory and other information is optional, this shall be clearly indicated as such in the account registration form (mandatory information shall be accompanied by an “*”), so that you can choose whether or not to provide us optional information.
We commit to only collect and process personal data that are useful and necessary for the goals for which they are being processed. A non-exhaustive list of personal data of Users that might be processed can be found here:
● Your electronic identification data (IP-address);
● Your personal identification data (name, first name, gender);
● Your contact details (e-mail, address details, telephone number);
● Your language preference; and
– The company you work for (our customer or a customer or supplier of our own customer)
and related billing/invoicing details, where relevant.
– User content: Data related to deliveries and pickups
This information is collected and initially processed by us in our capacity of “data processor” engaged by our customers (acting themselves as “data controllers”).
Through our online platform and software, our customers can plan and manage deliveries and delivery routes and related communications between different Users. They may use Dropon for planning and route-optimisation purposes, and access and user rights can be granted by our customers to their own employees, their subcontractors and their own customers (e.g. to follow deliveries via the platform).
Some of the information that is inputted by Users in this context is data relating to deliveries and delivery routes, including GPS coordinates. Such GPS coordinates may qualify as personal data, insofar as they could be linked to an identified or identified driver or recipient of a delivery.
Essentially, we process these data as a “data processor” pursuant to a Data Processing Agreement entered into with our customers and we do not use these data for our own purposes, with one exception: we may process (including by way of anonymisation) data relating to deliveries and delivery routes, including GPS coordinates, for our own purposes as “data controller”, as further explained under Section 4 below.
Data created during use of our services:
Location data of the user – driver – using the mobile application: We collect drivers’ precise or approximate location data, to enable trip, delivery or pickup tracking features. Dropon collects this data when the application is running in the foreground (app open and on-screen) or background (app open but not on-screen) of their mobile device. We collect such data if the user approved the permission for us to do so on the mobile device. The application can be used without enabling Dropon to collect location data, but this might affect certain features such as ETA calculation.
Communications data between users with driver profiles, users with planner profiles and recipients. The registration of delivery and pickup specific actions, such as comments on delivery and pickups, status of deliveries and pickups, pictures related to the delivery or pickup services are stored in Dropon. These data are used to ensure a smooth operational process and only shared with the beneficiaries of this information.
4. What goals are my personal data being used for and on which legal ground?
Personal data are primarily processed for internal use within Dropon. We can assure you that personal data won’t be sold, passed on or communicated to any third parties connected to us against payment. Dropon has taken reasonable legal and technical precautions to avoid unauthorized access to and misuse of your personal data.
a) Visitors
We collect your personal data to offer every Visitor of our platform a safe, optimized and personal Visitor experience. This collection of personal data will become more extensive the more intensive the Visitor uses the platform and our online service. When visiting the website, some data are also being collected (by cookies) for statistical purposes. Such data is necessary to optimize the use of our Website. These data are: IP-address, probable location of consultation, hour and day of the consultation, the pages that are being consulted. When you visit the Website, you are offered the choice to agree with this collection of data for statistical purposes (through our Cookie Consent Banner), or to configure your browser setting in order to prevent these cookies from collecting such data.
In addition, we collect Visitors’ personal data (as described in Section 3 above) for the handling of inquiries and complaints and to be able to contact them when they have contacted us through the contact form on our Website.
Moreover, whenever Visitors actively subscribe to our newsletters and promotional mailings, we also process their personal data for these purposes. Note that you have the right to withdraw your consent at any time, free of charge, and without this having any negative implications for you. You may do so by e-mail (see below) or via the opt-out link included in each of our marketing mailings.
Legal ground:
● consent for non-technical (tracking or analytical) cookies and explicit consent for direct marketing mailings: and
● our legitimate interests to handle and respond to inquiries and complaints and to be able to contact Visitors when they have contacted us through the contact form on our Website.
b) Users
Data protection is essential for the operation of the Dropon platform and the related services. Processing of User’s data happens solely for the following specific purposes:
● To offer and improve a general and personalized service; including billing purposes, providing information, newsletters and offers that are useful and/or necessary for the User, obtaining User reviews and providing support;
● To detect and protect against fraud, mistakes and/or criminal behaviours; and
● Marketing purposes (newsletters and promotional mailings) sent to Users whenever they
actively subscriber hereto.
● Enabling communication between users.
● For customer support.
● Providing the service Dropon is designed for: delivery management including optimizing and monitoring logistic tasks,
● Location services are used to monitor the drivers location and inform recipients of upcoming deliveries or pickups, as well as performance reviews.
● as a data controller for our own R&D and machine learning purposes, product development and optimisation.
The User always provides his/her personal data to Dropon and thus retains some control. If some data are incomplete or seemingly incorrect, Dropon retains the right to postpone certain expected actions temporarily or permanently.
Legal ground:
● execution of our contract with Users that have created a user account and accepted our General Terms & Conditions to provide support, services/billing, and other relevant information;
● our legitimate interests to detect and protect against fraud, mistakes and/or criminal behaviour; and
● consent for non-technical (tracking or analytical) cookies and explicit consent for direct marketing mailings.
● our legitimate interests as an IT developer to continuously improve the software and algorithms we use and to conduct R&D activities.
Note that you have the right to withdraw your consent at any time, free of charge, and without this having any negative implications for you. You may do so by e-mail (see below) or via the opt-out link included in each of our marketing mailings.
5. We also use cookies
During a visit to our Website cookies can be placed on the hard drive of your computer and this solely to better match the needs of the returning Visitor. Non-functional cookies help us optimize your visit to the website, remember technical choices (for example, language choices, newsletters, etc.), and to show you more relevant services and offers.
For more information concerning the use of cookies, we kindly refer to our Cookie policy.
Of course you are free to disable cookies in your internet web browser. If you would like to know
how to disable cookies, please consult our Cookie policy.
6. Guarantee of a legitimate and secure process of your personal data
We will process your personal data in an honest and fair manner. This includes the following guarantees:
– Your personal are only collected and processed according to the described and justified purposes of this privacy policy.
– Your personal data are only collected and processed to the extent that this is sufficient, and not excessive.
The risks of an accidental or unlawful destruction, accidental loss, modification of or access to every other not allowed process are reduced to a minimum. In the event of a break-in in its informatics system, we will immediately take every possible measure to limit the damage to a minimum. We also seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
7. With whom do we share your personal data?
In the context of our activities as described above, we share your personal data with service providers (IT service or cloud storage providers, PR/marketing agencies who organise mailing campaigns for us, sales service providers or creative agencies) that act as our “data processors”.
Further, we may share your personal data with our legal advisers in case of (threatened) litigation, or with the government, police authorities or the judiciary in case we have a legal obligation to do so.
Finally, we may also share your personal data with third parties in the context of a (contemplated) acquisition by such third party of our business assets or shares. Personal data can in this context for example be included in a secured data room, with limited access and subject to strict contractual arrangements with a (potential) buyer.
We will implement appropriate safeguards when transferring your personal data to third parties. If necessary, we will for example conclude a data transfer or a processing agreement specifying the limitations to the use of your personal data and the obligations with respect to the security of your personal data.
8. How long do we keep your personal data?
Your personal data will not be kept for longer than is necessary in relation to the purposes for which we process them (as listed in Section 4 above). More specifically, personal data included in accounting, financial or other official documents will be retained for as long as such documents legally need to be kept. Personal data required for the execution and follow-up of a contractual relationship will be kept for the entire duration of that relationship and for 10 years following termination thereof, and personal data obtained in the context of complaint handling will be deleted (or anonymised) as soon as the complaint is closed. Finally, any personal data used for marketing purposes will be retained for as long as we are sending you relevant mailings and for a maximum of 1,5 years thereafter. As soon as we note that your contact details are no longer accurate or active, or whenever you decide to use your unsubscribe right, we will no longer keep your personal data for these purposes.
Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed in a file, except where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.
9. What are your rights?
a. Right to access/rectification/erasure of your personal data
If you can prove your identity, you are the holder of the right to get an answer from us about whether or not your personal data is being processed. When we process your personal data, you have moreover the right to access your personal data. You have the right to receive information about the purposes of the processing, the categories of personal data that are being processed, the recipients of the personal data, the criteria to determine the time period during which your personal data will be stored and the rights you can exercise in accordance with the GDPR.
Inaccurate or incomplete personal data can always be rectified or erased. It is up to you in the first place to edit inaccuracies in your personal profile.
You have the right, in certain well-defined cases, to let your personal data be erased by us without any unreasonable delay. You can exercise this right in the below mentioned cases:
– When your personal data are no longer needed for the purposes for what they have been collected or processed;
– When you revoke your permission and there is no longer any other legal ground for the processing;
– When the processing is objected and there are no longer any prevailing and compelling justified grounds for the processing;
– When the personal data are unlawfully processed;
– When your personal data have to be erased in accordance with a legal obligation.
We examine the presence of one of these above mentioned cases before complying with any request.
b. Right to limitation of/objection against the processing of your personal data
You have the right to limit the processing of your personal data:
– During the period that we need to control the accuracy of the personal data, in the case of
an objection; or
– When the processing of personal data is unlawful and you request a limitation of the
processing instead of the erasure of the personal data; or
– When we no longer need your personal data for the purposes of processing, but you need
the personal data for a legal action; or
– During the period that we need to assess the presence of grounds for the erasure of
personal data.
Moreover, you have the right to object against the processing of your personal data at all times because of specific, personal reasons. We will then cease the processing of your personal data, unless we can submit compelling justified grounds for the processing of your personal data that are more imperative than your right to objection. You can moreover always object to the processing of your personal data for direct marketing purposes (‘opt-out’), even without justification.
c. Right to data portability
You have the right to receive the provided personal data in a structured, prevailing, and machine-readable form. You also have the right to transfer these personal data to another controller when the processing of your personal data exclusively relies on your permission.
d. Right right to file a complaint
You have the right to file a complaint concerning the processing of your personal data by us with the Belgian Data Protection Authority (www.dataprotectionauthority.be).
10. How do you exercise your rights?
If you wish to exercise your right, we will strive to comply within one (1) month after the reception of the application. The application can take place through registered mail or through a contact form on www.dropon.io. We might request a proof of identity in advance in order to double-check your request.
In principle you may exercise your GDPR rights free of charge. Only where requests are manifestly unfounded or excessive we may charge a reasonable fee.
Further information and advice about your rights can also be obtained on www.dataprotectionauthority.be.
