Privacy, Security & Cookie Policy

Your information will be held by Dolphin Computer Access Ltd, full owner of its subsidiaries Dolphin Computer Access Inc and Dolphin Computer Access AB.

Our Privacy Promise

We promise:

  • To keep your data safe and private
  • Not to sell your data
  • To give you ways to manage and review your data at any time

How the law protects you

As well as our Privacy Promise, your privacy is protected by law. This section explains how that works.

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sharing it outside of Dolphin Computer Access Ltd. The law says we must have one or more of these reasons:

  • To fulfil a contract we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest, or
  • When you consent to it.

A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.

Groups of Personal Information

We may use many different kinds of personal information, and group them together as shown in the table below. We may not necessarily hold information about you in all of these categories.

Type of Personal Information

Description

Contact

Where you live and how to contact you

Transactional

Details about payments to and from us

Contractual

Details about the products or services we provide to you

Locational

Data we get about where you are such as the IP address where you connect a computer to the internet

Usage

Details about how you use our products & services

Technical

Details about the devices and technology you use

Communication

What we learn about you from letters, emails & conversations between us

Consents

Any permissions, consents, or preferences that you give us. This includes things like how you want us to contact you such as requiring large-print format.

Where we collect personal information from

We collect data about you in one of three ways: data that you give us, data we collect when you use our services and data from third parties we work with.

Data you give to us:

  • When you purchase our products or services
  • When you talk to us on the phone, e-mail, or letter
  • When you use our website, mobile device apps or software
  • If you take part in our competitions or promotions
  • In customer surveys

Data we collect when you use our products or services:

  • Profile & usage data

Data from third parties that we work with:

  • Social Media
  • Zoom
  • Google
  • Public information sources such as Companies House
  • Card payment processors (Merchant services)
  • Government & Law enforcement agencies
  • Credit Reference agency (such as Experian) – Business customers only

How we use your personal information

Here is a list of all the ways that we may use your personal information, and which of the legal reasons we rely on to do so. This is also where we tell you what our legitimate interests are.

What we use your personal information for

Our Reasons

Our Legitimate Interests

  • To manage our relationship with you or your business

  • To carry out marketing activities

  • To develop new ways to meet our customer’s needs and grow our business

  • To study how our customers use our products and services

  • To provide advice or guidance about our products and services

  • To develop and manage our brands, products & services

  • To test new products

  • Your consent

  • Fulfilling contracts

  • Our legal duty

  • Our legitimate interests

  • Keeping our records up to date, working out which of our products and services may interest you and telling you about them. 
  • Developing products and services, and what we charge for them.
  • Defining types of customers for new products or services.
  • Seeking your consent when we need it to contact you.
  • Being efficient about how we fulfil our legal duties.
  • To deliver our products & services

  • To make & manage customer payments

  • To obey laws and regulations that apply to us

  • To respond to complaints and seek to resolve them

  • Fulfilling contracts

  • Our legal duty

  • Our legitimate interests

  • Being efficient about how we fulfil our legal and contractual duties
  • Complying with regulations that apply to us
  • To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit

  • Our legal duty

  • Our legitimate interests

  • Being efficient about how we fulfil our legal and contractual duties
  • Complying with regulations that apply to us
  • To exercise our rights set out in agreements or contracts

  • Fulfilling contracts

 

How long do we keep your information for?

We will keep your personal information for as long as you are a customer of Dolphin Computer Access Ltd. We may keep your data for up to 10 years after you stop being a customer. The reasons we may do this are:

  • To respond to a question or complaint
  • To comply with legal obligations about record keeping
  • To study customer data as part of our own internal research

We may keep your data for longer than 10 years if we are unable to delete it for legal, regulatory or technical reasons. We will only use your personal information for those purposes noted above and ensure your privacy is protected at all times.

Can I choose not to give you my personal information?

You can choose not to give us your personal information however we may need this information by law, or to enter into or fulfil a contract we have with you. If you choose not to give us this information, it may delay or prevent us from fulfilling our contract with you, or doing what we must do by law. It could mean that we need to cancel or deactivate a product or contract you have with us or leave us unable to support you with any queries.

We sometimes ask for information that is useful, but not required by law or a contract. We will make this clear when we ask for it. You do not have to give us these extra details and it won't affect the products or services you have with us.

What are cookies?

Cookies are small computer files that get sent down to your PC, tablet or mobile phone by websites when you visit them. They stay on your device and get sent back to the website they came from, when you go there again. Cookies store information about your visits to that website, such as your choices and other details. Some of this data does not contain personal details about you or your business, but it is still protected by this Privacy notice. To find out more information about which cookies are used by this website on your device and update your preferences please view our Cookie Policy which has been developed in conjunction with this Privacy Policy. 

How do we keep your data secure?

Security of your information is extremely important to us here at Dolphin Computer Access. We employ procedural and technological measures, consistent with the demands of customer service. Such measures are reasonably designed to protect your personally identifiable information from loss, unauthorised access, disclosure, alteration or destruction. Where reasonably practical, Dolphin Computer Access uses SSL and other encryption, password protection, firewalls, internal restrictions and other security measures to help prevent unauthorised access to your personally identifiable information. Dolphin is regularly audited to ensure that we are PCI Compliant, ensuring a totally secure environment for card payments.

Our payment gateway providers are industry leaders, each with their own robust and secure privacy and security processes: SagePayFastspringFirst Data (Payeezy)

What rights do I have over my personal information?

Under the General Data Protection Regulations the following rights are applicable to data held by Dolphin Computer Access. Please see the section below entitled “How do I contact you?” for further information about how to contact us in relation to these rights.

Right to Withdraw Consent

You can withdraw your consent for us to process your data at any time however this will only affect the way we use information when our reason for doing so is that we have your consent. An example is withdrawing your consent to receiving marketing emails.

Right to Accurate Information

You have the right to question any information we have about you that you think is incorrect. We’ll take reasonable steps to check this for you and correct it.

Right to access your information

You can request a copy of all the personal information we hold about you. If this request is made electronically then we will provide the information in a suitable electronic format. The request is usually free of charge unless the request is particularly excessive. You are entitled only to access your own personal data and not information relating to other people (unless you are acting on behalf of that person).

Right to be forgotten

You can ask us to delete, remove or stop using your personal information if there is no need for us to keep it. However there may be legal or other reasons why we do need to keep your data that would prevent us from deleting it.

Right to data restriction

It may be possible to restrict the use of your data which means we can only use it in certain circumstances such as legal claims or to exercise legal rights. You can request data restriction if:

  • the data is not accurate
  • It has been used unlawfully but you don’t want us to delete it
  • It is not relevant any more but you want us to keel it for use in legal claims
  • You have already asked us to stop using your data but you are waiting for us to tell you if we are allowed to keep on using it

Right to Object

You have the right to object to us processing your data for direct marketing or if the processing is based on legitimate interests of the organisation.

If the objection is regard to processing based on legitimate interests: we will stop processing your personal data unless there are compelling legitimate grounds for the processing which override your interests, rights & freedoms or the processing is for the establishment, exercise or defence of legal claims

If the objection is regard to processing for direct marketing: we will stop processing your data for this purpose immediately.

Children’s Personal Information

Dolphin’s website and it’s products and services do not knowingly collect any identifiable data from anyone under the age of 13. Our apps, products and services are not exclusively aimed at children. We recommend that parents/guardian/schools use anonymous sign in credentials for any child using our products and in doing so comply with Children’s Online Privacy Protection Rule (COPPA) and other legislation. In the case that we discover a child under the age of 13 has provided us with personal information we will immediately delete this from our servers. If you become aware that a child has provided us with personal data please contact us so that we can take necessary action.

Links to Other Sites

This website and our products may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by Dolphin. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and
assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Third Party Service Providers

We may employ third party companies, as noted above, for the following reasons:

  • To facilitate our services
  • To provide services on our behalf
  • To perform services related to our products
  • To assist us in analysing how our products are used

These companies may be given access to your personal information to perform the tasks assigned to them on our behalf. They are obligated not to disclose or use the information for any other purpose.

Security Statement

At Dolphin Computer Access protecting your data is our highest priority. To do that, we employ corporate security policies, physical and environmental security procedures, operational security processes, secure systems development, maintenance and more.  Find the full security statement at Yourdolphin.com/security-statement

SuperNova User Data - Access to Google Drive

SuperNova uses the Google Drive API to make it easier for you to store files created by the SuperNova Scan & Read feature on Google Drive.
For further details of how to configure this feature, please refer to your SuperNova manual, which is accessible in the SuperNova Help menu.
This feature is optional. By turning this feature on, you are allowing SuperNova to “See, edit, create and delete all of your Google drive files”.

SuperNova uses the name SuperNova on Google Cloud Platform. That is the name you will see on the OAuth consent screen.
Your use of Google API with SuperNova is subject to the respective terms of service for each API. Please see Google APIs Terms of Service for further details.

The integration of SuperNova with Google Drive is governed by the Privacy Policy recorded on this web page.

Accessing user data on Google Drive

SuperNova accesses Google resources from the computer which uses SuperNova software. Your computer communicates directly with the Google APIs.

SuperNova never receives your data, or permission to access your data.

SuperNova sends users to the Google Accounts sign in screen: accounts.google.com/o/oauth2/auth for authorisation. It does not directly access or collect user data used by Google Auth.

Using user data from Google Drive

SuperNova includes a Scan & Read feature. This allows you to upload and modify Scan & Read Optical Character Recognition (OCR) files on your Google Drive. This can only happen after you provide an authorisation token, which requires that you authenticate yourself as a specific Google user, and authorise SuperNova to perform these actions on your behalf.

SuperNova can help you obtain a token by guiding you through the Google OAuth flow. There, you must consent to allow SuperNova to operate on your behalf. The Google OAuth consent screen describes the scope of the SuperNova authorisation. It will be stated as “See, edit, create and delete all of your Google drive files”.

Sharing user data from Google Drive

SuperNova only communicates with Google APIs. No user data is shared with Dolphin or any third party.

Storing user data from Google Drive

SuperNova stores your credentials on your computer for you to use at a later date.

We recommend that you exercise appropriate levels of caution when you use SuperNova on shared computers.

 

EasyReader and Google Classroom

Google Classroom in EasyReader is an optional feature and is only available for users with an active Premium subscription. EasyReader uses the Google Classroom API and Google Drive API to give students quick and easy access to shared documents and files in a school class environment. When a teacher shares a file on Google Classroom, the student can use EasyReader for quick access and download of the shared file. The student can use their personal accessibility preferences to read the shared file.

When a user wants to use this optional feature, Google OAuth flow is used for logging into Google Classroom and the consent screen displays the name Dolphin EasyReader. By approving the consent screen, EasyReader is allowed to:

 

  • See and download files from Google Drive
  • See, edit and create classwork materials in Google Classroom
  • View your classwork and grades in Google Classroom
  • View you Google Classroom classes

EasyReader never receives your user data, or permission to access your user data. EasyReader does not directly access or collect or share user data used by Google OAuth.

 

EasyReader is limited to see and download shared Google Classroom files on Google Drive. EasyReader does not access any personal files or documents on your personal Google Drive.

 

EasyReader stores the refresh token after successful login and may be used the next time Google Classroom is accessed. The user may be required to do a new login using Google OAuth.
 

EasyReader and Google Drive

Google Drive is an optional feature and is only available for users with an active Premium subscription. EasyReader uses the Google Drive API to give the users quick and easy access to documents and files for downloading. The user can use their personal accessibility preferences to read the downloaded file.

 

When a user wants to use this optional feature, Google OAuth flow is used for logging into Google Drive and the consent screen displays the name Dolphin EasyReader. By approving the consent screen, EasyReader is allowed to:

 

  • See and download files from Google Drive

 

EasyReader never receives your user data, or permission to access your user data. EasyReader does not directly access or collect or share user data used by Google OAuth.

 

EasyReader stores the refresh token after successful login and may be used the next time Google Drive is accessed. The user may be required to do a new login using Google OAuth.

 

EasyReader's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

 

GuideConnect and Gmail

Gmail is an optional feature in GuideConnect. It is only required if users wish to send emails with GuideConnect as their Gmail email client. GuideConnect uses the Gmail API to allow users to read, compose, send and manage emails. It uses GuideConnect as the email client.

When a GuideConnect user wants to use this optional feature, the Google OAuth flow is used for logging into Gmail. The consent screen displays the name GuideConnect. Approving the consent screen means GuideConnect is allowed to:

  • Read, compose, send and permanently delete all your email from Gmail.
     

GuideConnect never receives your user data, or permission to access your user data. GuideConnect does not directly access, collect, or share user data used by Google OAuth.

GuideConnect stores the refresh token after successful login and may be used the next time Gmail is accessed. The user may be required to complete a new login using Google OAuth.

When GuideConnect uses and transfers information received from Google APIs to any other app, it adheres to Google API Services User Data Policy. This includes the Limited Use requirements.

 


How do I contact you?

If you have a query about your personal information held by us, this privacy notice or you wish to make a request to us under the General Data Protection Regulations then please contact us at [email protected] or by writing to us at:

Data Protection Officer

Dolphin Computer Access Ltd

Technology House

Blackpole Trading Estate West

Worcester

WR3 8TJ

 

If you need to complaint to make in regards to data protection, we’d encourage you to contact us on the above details first however you also have the right to contact the regulator, the Information Commissioner’s Office, to which we are registered in the UK. Find out on their website how to report a concern.

Changes to this Privacy Policy

Any changes to this policy in the future will be posted on our website at www.yourdolphin.com and, where appropriate, shared through e-mail notification. Last Updated 27th June 2023.

.