DumaCarts- Privacy Policy
We IP TECH SOLUTION (DumaCart”) are committed to protecting the privacy and security of your personal information.
Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use your personal data we are regulated under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. We are responsible as ‘controller’ of that personal data for the purposes of data protection legislation.
This privacy notice applies to any individual whose data we process, including (but not limited to) visitors to our website, Therapy Providers and Clients (please see definitions below).
We may change this policy by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective as of may 2023.
Key terms
We, us, our, Dumacars | IP TECH SOLUTION (REGISTERED NO Z0000190615 ) (trading as “Dumacarts”), a Sole-proprietorship registered office is at 32 Michenzani Mall, Zanzibar ,Tanzania |
Our point of contact | ICT PRO : Abdullatif kadir mussa info@dumacarts.com 32 Michenzani Mall,Zanzibar,Tanzania https://www.dumacart.com/ 0776 64 5900 |
Personal data/ information | Any information relating to an identified or identifiable individual |
Sensitive personal data/ information | Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sex life or sexual orientation, or details of criminal offenses |
Therapy Provider | A therapy provider that uses the Dumacarts platform and provides therapy services to the Client |
Client | A recipient of therapy services provided by the Therapy Provider |
We may collect/store the following personal information about you:
“Identity Data” – includes name, username or similar identifier, marital status, title, date of birth and gender.
“Contact Data” – includes address, email address and telephone numbers. Where you are a Client, this includes your emergency contact details and your GP’s details.
“Financial Data” – includes bank account and payment card details (to allow our appointed third party payment processing provider to process payments – please see below).
“Transaction Data” – includes details about payments from you and other details of services and sessions you have purchased, including correspondence between Therapy Providers and Clients.
“Technical Data” – includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
“Profile Data” includes your username and password, purchases made by you, preferences, feedback and survey responses.
“Usage Data” – includes information about how you use our website and services.
“Marketing and Communications Data” – includes your preferences in receiving marketing from us and our third parties and your communication preferences.
If you are a Client, please note we provide a subscription service to Therapy Providers that allows them to upload session notes and other related documents/ information about you onto our platform. Such documents and information are securely stored by us, but we do not access such information unless it is necessary to do so.
If you are a Therapy Provider, we may also collect details about your qualifications and professional indemnity insurance.
The personal information we collect about you will depend on our relationship with you, e.g. whether you are a Therapy Provider, a Client, a visitor to our website etc. We only collect personal information about you where it is both lawful and necessary.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not
be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
We may collect/store (via your Therapy Provider(s)) the following sensitive personal information about you:
If you are a Client, information contained in the notes taken by your Therapy Provider during your sessions. Such notes may also contain the sensitive personal information of individuals you discuss during a session with your Therapy Provider. These notes are anonymised and password protected. This will include any related documents (including correspondence with medical professionals etc.) that your Therapy Provider uploads to our platform. We will not access these notes/related documents unless it is absolutely necessary.
This sensitive personal information is stored and processed for the reasons, and in the manner, explained below. We only collect and store such sensitive personal information where it is necessary and lawful to do so. We are committed to protecting and preserving the confidentiality of this information.
Information about other people
Should you provide information to us about any person other than yourself, including (but not limited to) your employees, advisers, or counterparties you must ensure that such third parties have been informed and understand how their personal data will be used and/or that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to process it.
In particular, if you are a Therapy Provider and you upload information to our platform relating to your Client(s)/other individuals, you must ensure that such Clients/individuals have been informed and understand how their personal data and sensitive personal data will be used and/or that they have given their permission for you to disclose it to us and for you to allow us to store it.
Our website is not intended for children and we do not knowingly collect data relating to children, unless their parent or guardian consents to the child being provided with therapy sessions.
How your personal information is collected
We collect most of this personal information directly from you or your organization – in person, by telephone, text or email and/or via our website. However, we may also collect information:
• from publicly accessible sources;
• from a third party, e.g. your bank or building society, other entities or individuals providing services to you, and our professional contacts;
• if you are a Client, from your Therapy Provider (and therefore via third parties from whom your Therapy Provider collects your personal data, including doctors, medical and occupational health professionals);
• from cookies on our website, when you complete online forms and in the form of “traffic data” – for more information on our use of cookies and how we collect information via our website, please see our “Cookie Policy” https://www.dumacarts.com/cookie-policy; and
• via our IT systems, e.g. automated monitoring of our technical systems, such as our computer networks and connections, communications systems, email and instant messaging systems.
How and why we use your personal information
We may collect your personal data for the following purposes:
to register you as a user on the dumacarts platform;
to provide services to you and fulfill our contract with you;
to administer our relationship with you, including processing payments (via Stripe Connect, our current third party payment processing provider), accounting and taking other steps linked to the performance of our relationship and/or the relationship between the Therapy Provider and the Client;
compliance with our legal and regulatory obligations, including maintaining records, compliance checks etc.;
to analyze and improve our services and communications and to ensure business policies are adhered to e.g. policies covering security, data protection, use of our website etc.;
to protect the security of our website, communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
for insurance purposes;
to exercise or defend our legal rights, or to comply with court orders;
for any other purposes related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us;
for statistical analysis to help us manage our practice e.g. in relation to our financial performance, client base, work type or other efficiency measures;
to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our, events and initiatives;
to send you feedback surveys and marketing campaigns; and
to collect information about your marketing preferences to personalize and improve the quality of our communications with you.
Under data protection law, we can only use your personal data if we have a reason for doing so. We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:
for the performance of our contract with you or to take steps at your request before entering into a contract;
to comply with our legal and regulatory obligations;
because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms;
where you have given consent; or
in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings.
Please note a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
How and why we collect/store your sensitive personal information
Please note we provide a subscription service to Therapy Providers that allows them to upload session notes and other related documents/information about you onto our platform. Such documents and information are securely stored by us, but we do not access such information unless it is necessary to do so.
If you are a Client, we may collect/store your sensitive personal data for the following purposes:
to securely store notes taken by your Therapy Provider during your sessions and related documentation, to allow the Therapy Provider to effectively exercise his/her duty of care and assist him/her in keeping track of all matters being discussed with you during such sessions. Please note we will not access such session notes unless it is absolutely necessary, such as where we need to retrieve lost personal data.
We can only collect/store your sensitive personal data if we have lawful grounds for doing so. We securely store your session notes on the basis of the below legal grounds:
to comply with our legal and regulatory obligations;
because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms; or
in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
AND
you have given your explicit consent. Before booking a session through Dumacarts, you will be asked to actively consent to the processing of your sensitive personal data in line with this privacy notice.
Promotional communications
We may use your personal data to send you updates (by email, telephone or post) about our services that might be of interest to you.
We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect.
You have the right to opt out of receiving promotional communications at any time or to update your marketing preferences by:
contacting us by e-mailing support@dumacarts.com; or
using the ‘unsubscribe’ link in emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Information about your device and how you use our site
We may collect information about the devices you use, such as your mobile or browser and information about how you use our website. This helps us to improve our website for you and allows us to give you a better experience. This data is anonymised and will not include any of your personal information.
This information may also be used in fraud prevention allowing us to earmark suspicious/criminal activity.
Please refer to our “Cookie Policy” https://www.dumacarts.com/cookie-policy for more information.
How long we keep your data for
We will keep your personal data for no longer than is necessary for the purpose(s) it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
We keep your data for the minimum period we consider necessary to resolve any queries and to ensure legal and regulatory compliance and in line with industry practice. We currently consider this period to be 7 years, unless the law prescribes a longer period.
As mentioned above, we do not access your personal/sensitive personal data (including session notes and related documents) unless it is absolutely necessary. Such data is uploaded by your Therapy Provider(s) to our platform to be securely stored. We therefore rely on Therapy Provider(s) promptly archiving your matter, upon which the 7 year retention period begins.
Further details of the periods for which we retain data are available on request.
Who we share your personal and/or sensitive personal information with
We may share your personal information with third parties, but only where this is necessary and lawful.
Professional advisers
We may share your personal data with our professional advisers, including our lawyers, accountants and insurers.
Third party providers
We may be required to share basic user information with our third-party service providers, such as our website developer and IT support.
Where your personal information is held
Information may be held on our secure online server, and with third party agencies, service providers, representatives and agents as described above (see above: ‘Who we share your personal information with’).
Your rights
You have the following rights, which you can ordinarily exercise free of charge:
Access | The right to be provided with a copy of your personal data |
Rectification | The right to require us to correct any mistakes in your personal data |
To be forgotten | The right to require us to delete your personal data – in certain situations |
Restriction of processing | The right to require us to restrict processing of your personal data – in certain circumstances e.g. if you contest the accuracy of the data |
Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party |
To object | The right to object: – at any time to your personal data being processed for direct marketing; and – in certain other situations to our continued processing of your personal data e.g. processing carried out for the purpose of our legitimate interests. |
If you would like to exercise any of those rights, please:
email, call or write to us – see below: ‘How to contact us’; and
let us have enough information to identify you (e.g. your full name, address and client or matter reference number);
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
let us know what right you want to exercise and the information to which your request relates.
Maintenance and security of your personal information
We are committed to ensuring that your information is secure. We endeavour to ensure that your data is stored securely and to prevent unauthorised access. We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online, which we monitor
regularly.
We limit access to your personal information to those individuals who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Right to withdraw consent
If you have provided your consent to the processing of your personal and/or sensitive personal data, you have the right to withdraw your consent. If you wish to do so, please contact us.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.
Updating your personal information
We are committed to maintaining the accuracy of the personal data we process. If any of the personal data that you have provided to us changes or if you become aware that we are processing inaccurate personal data about you, please get in touch. We will not be responsible for any losses arising from any inaccurate or incomplete personal data provided to us by you.
Cookies on this site
Cookies are small text files that are stored on your browser or the hard drive of your computer or other devices when you visit our website. We use cookies on our website. For more information on cookies, please see our “Cookie Policy” https://www.Dumacarts.com/cookie-policy.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. We cannot therefore be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy notice. You should exercise caution and look at the privacy notices applicable to the website in question.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
Data protection legislation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the TZ is the Information Commissioner who may be contacted at Michenzani Mall zanzibar or by telephone on 0776645900.
How to contact us
Please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.
Our contact details
IP TECH SOLUTION (trading as “DumaCarts”)
32 Michenzani Mall
https://www.Dumacarts.com/
0776 645 900