Updated Nov 30, 2021
At Setapp Ltd. (“Setapp”, “Company”, “we,” “us,” and “our”), we care about the privacy of your data and are committed to protecting it.
This Privacy Policy (the “Policy”) explains what information we collect about you and why, what we do with that information, and how we
handle
that information. We also explain what choices you have with respect to the information.
Applicability Of This Privacy Policy
This Privacy Policy applies to:
- Setapp, a subscription-based service, including the associated Setapp desktop applications (collectively, the “Services”)
- Setapp.com and other Setapp websites (collectively, the “Sites”)
- Any software or applications made available on the Sites and as a part of Services ("Developer Content") from a third-party app developer or distributor ("App Developer") provided, however, that there may be additional privacy statements applicable to Developer Content that govern the App Developer’s use of your personal data. You should review such additional privacy statements before using any Developer Content
- Other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with Setapp.
This Policy applies to the Company’s employees, contractors, and officers.
The Company has a contract with all Data Processors that it uses in compliance with Article 28 & Article
29
of the GDPR and ensures that all Data Processors are compliant with the applicable data protection legislation.
The Policy does not apply to third-party services. Where third-party services are used, and the third
party
is not a Data Processor, no Relevant Data (as defined below) is shared with them, or the Relevant Data has
been anonymised. Information collected by third parties is governed by
their privacy practices. We encourage you to learn about the privacy practices of those third parties.
In addition, a separate agreement governs delivery, access and use of the Services (the “Terms of service”),
This Policy applies to Relevant Data received and processed only.
Definitions
Capitalised terms used in this Policy and not otherwise defined shall have the meanings provided below:
Relevant Data – Personal Data and Special Categories of Data and as defined in the applicable data protection legislation.
Personal Data – any information relating to an identified or identifiable natural person.
Special Categories of Data – Personal Data revealing racial or ethnic origin, political
opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data and
data concerning health or a person’s sex life or sexual orientation.
Information We Collect and Receive
Payments Information:
Payments information provided by you via the Sites will be stored and processed by third-party payment service providers as designated by us from time to time. We will collect certain
information on the Sites required for such third-party payment services providers to
process
payments, including credit/debit card numbers, security numbers and other related payment information.
All such information is subject to the privacy policy of such third-party payment service provider as applicable.
Other Information
Setapp also collects, generates and/or receives Other Information:
Usage Information
Certain data about the devices you use to connect with Setapp and your use of the Sites, Services, and/or Developer Content are automatically logged in our systems, including:
Certain data about the devices you use to connect with Setapp and your use of the Sites, Services, and/or Developer Content are automatically logged in our systems, including:
- Location information. This is the geographic area where you use your computer and mobile devices (as indicated by an Internet Protocol [IP] address or similar identifier) when interacting with our Site and/or Services.
- Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect data when you access or use our Sites, Services and/or Developer Content and record it in log files. This log data may include the IP address, browser type and settings, the date and time of use, information about browser configuration, language preferences, and cookie data.
- Services and Sites Specific Data. This is information about the Setapp Sites, Services and/or Developer Content you use and how you use them. We may also obtain data from our third-party partners and service providers to analyse how users use our Sites, Services, and/or Developer Content. For example, we will know how many users access a specific page on the Site and which links they clicked on. We use this aggregated information to better understand and optimise the Site.
- Device information. These are data from your computer or mobile device, such as the type of hardware and software you are using (for example, your operating system and browser type), as well as unique device identifiers for devices that are using Setapp Sites, Services and/or Developer Content.
Cookies
Setapp uses cookies and similar technologies in our Sites and Services that help us collect Other Information. The Sites and Services may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Sites and Services and across other websites and online services. For more details about how we use these technologies, please see our Cookie Policy.
Setapp uses cookies and similar technologies in our Sites and Services that help us collect Other Information. The Sites and Services may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Sites and Services and across other websites and online services. For more details about how we use these technologies, please see our Cookie Policy.
Third-Party Data
Setapp may receive data about Sites visitors, marketing campaigns and other matters related to our business from affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
Setapp may receive data about Sites visitors, marketing campaigns and other matters related to our business from affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information we collect and might include aggregate level data, such as which IP addresses correspond to zip codes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
Additional Information Provided to Setapp
We receive Other Information submitted to our Sites by you or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Setapp.
We receive Other Information submitted to our Sites by you or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Setapp.
Collecting Information from Children
Setapp does not knowingly collect personal information from children under the age of 13. If we determine
we
have collected personal information from a child younger than 13 years of age, we will take reasonable
measures to remove that information from our systems. If you are under the age of 13, please do not submit
any personal information through the Site and/or Services. We encourage parents and legal guardians to
monitor their children’s Internet usage and help enforce this Policy by instructing their children
never
to provide personal information through the Sites, Services and/or Developer Content without their
permission.
Using Your Information by Setapp
We use, process, and store your information as necessary to perform our contract with you and for our
legitimate business interests, in operating our Services, Sites, and business, including:
- to help us administer our Sites, Services, and/or Developer Content, authenticate users for security purposes, provide personalised user features and access, process transactions, conduct research, develop new features, and improve the features, algorithms, and usability of our Sites, Services and/or Developer Content;
- as required by applicable law, legal process or regulation;
- to calculate aggregate statistics on the number of unique devices using our Site and/or Services;
- to send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services and/or Developer Content, our Services and/or Developer Content offerings, and important Services and/or Developer Content-related notices, such as security and fraud notices. These communications are considered part of the Setapp product, and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Setapp. We will only send you marketing information if you give your respective consent to us;
- for billing, account management and other administrative matters. Setapp may need to contact you for invoicing, account management and similar reasons, and we use account data to administer accounts and keep track of billing and payments;
- to investigate and help prevent security issues, fraud and abuse.
How We Share And Disclose Information
We only disclose Personal Data to third parties when:
- It is necessary to deliver you our Services and we use service providers who assist us in meeting these needs, including hosting, delivering, and improving our Services. We also use service providers for specific services and functions, including email communication, customer support services. These service providers may only access, process, or store Personal Data pursuant to our instructions, under appropriate safeguards and to perform their duties to us.
- We have your explicit consent to share your Personal Data if required. For example, you can log in to our App Developers’ websites with your Setapp account. App Developers will receive your personal data only when you have consented to sharing your personal data with them, i.e., authorise them to access your data at Setapp.
- We believe it is necessary to investigate potential violations of the Terms of service, to enforce those Terms of service, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, or potential threats against persons, property, or the systems on which we operate our Sites, Services and/or Developer Content.
- We determine that the access, preservation, or disclosure of your Personal Data is required by law to protect the rights, property, or personal safety of Setapp and users of our Site and/or Services, or to respond to lawful requests by public authorities, including national security or law enforcement requests.
- We need to do so in connection with a merger, acquisition, bankruptcy, reorganisation, sale of some or all of our assets or stock, public offering of securities, or steps in consideration of such activities (e.g., due diligence). In these cases, some or all of your Personal Data may be shared with or transferred to another entity, subject to this Policy.
- We also may disclose non-Personal Data publicly and to third parties – for example, in public reports about word usage, to partners under agreement with us, or as part of progress reports that we may provide to users.
Setapp does not sell or rent your Personal Data.
Links
Our Site may contain links to and from the websites that belong to third parties. If you follow a link to
any of these websites, please note that these websites and any services that may be accessible through
them
have their own privacy statements or policies and that we do not accept any responsibility or liability
for
these statements or policies or for any personal data that may be collected through these websites or
services, such as contact and location data. Please check these policies before you submit any personal
data
to these websites or use these services.
Our Sites may also use or offer Services or services from third parties (including Developer Content).
Information collected by third parties, which may include such things as location data or contact details,
is governed by the applicable privacy policies provided. We encourage you to read the privacy policies of
all such third parties and App Developers.
Data Storage, Transfer, Retention, and Deletion
Data Storage and Transfers
We may transfer your Personal Data to a country outside of the European Economic Area (EEA). In order to be
consistent
with the GDPR requirements and protect your data in the most secure way, we provide the following
safeguards
if
we transfer Personal Data originating from the EEA to other countries:
- Standard contractual clauses adopted by the European Commission (EU Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries) or other applicable cross-border data transfer mechanisms.
Information submitted to Setapp may also be transferred to, processed, and stored in the United States, and/or Ukraine.
When you use the Services on your computing device, the user content you save will be stored locally on that device and
synced with our servers. If you post or transfer any information to or through our Site and/or Services,
you agree to such information, including Personal Data and user content, being hosted and accessed in
the United States and/or Ukraine.
Duration of Information Storage
You can remove your Personal Data from Setapp at any time by emailing us with the respective request: [email protected]. However, we may keep some of your
Personal Data for as long as reasonably necessary for our legitimate business interests, including fraud
detection and prevention and to comply with our legal obligations, including tax, legal reporting, and
auditing obligations.
Safeguards
When you give us personal information, we take steps to ensure that it’s treated securely.
Non-sensitive details (your email address etc.) are normally sent over the Internet, and this can never be
guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot
guarantee the security of any information you transmit to us, and you do so at your own risk. Once we
receive your information, we make our best effort to ensure its security on our systems.
We use industry-standard encryption to protect your data in transit. This is commonly referred to as
transport layer security (“TLS”) or secure socket layer (“SSL”) technology.
Once we receive your data, we protect it on our servers using a combination of technical, physical, and
logical security safeguards. The security of the data stored locally in any of our Services installed on
your computing device requires that you make use of the security features of your device. We recommend
that
you take the appropriate steps to secure all computing devices that you use in connection with our Site
and
Services.
The Company takes the security of your data very seriously and works to protect your data from loss,
misuse
and unauthorised access or disclosure.
All staff and officers who handle Relevant Data are aware of this Policy and have been given training in
how
to correctly collect, process, store and delete data. The Company holds a log of when staff training was
undertaken and updates it on an annual basis.
Data Breaches
All breaches will be reported to the relevant supervisory authority within 72 hours, unless the data was
anonymised or encrypted or if it has a particularly high risk.
Breaches of this Policy by staff, contractors, officers of the Company will be dealt with under the
Company’s grievance and disciplinary policy and may lead to a disciplinary sanction.
If Setapp learns of a security system breach, we may attempt to notify you and provide information on
protective steps, if available, through the email address that you have provided to us or by posting a
notice on the Site. Depending on where you live, you may have a legal right to receive such notices in
writing.
Your Rights
Setapp uses, processes, and stores Personal Data, as necessary to perform our contract with you and based
on our legitimate interests in order to provide the Services. We rely on your consent to process Personal
Data to send promotional emails and to place cookies on your devices. In some cases, Setapp may process
Personal Data pursuant to legal obligation or to protect your vital interests or those of another person.
You have certain rights in respect to your Personal Data,
including the right to access, correct, or delete Personal Data we process through your use
of
the Sites and/or Services. In particular, you can:
- Have your Personal Data corrected or deleted. You may ask us to correct information you think is inaccurate or completely delete all information that we hold about you by emailing: [email protected].
- Access your Personal Data report by submitting a request at [email protected]. This report will include Personal Data we have about you, provided to you in a structured, commonly used, and portable format.
- Object to us processing your Personal Data. It is your right to lodge an objection to the processing of your Personal Data by emailing: [email protected] if you feel the “ground relating to your particular situation” apply. The only reasons we will be able to deny your request is if we can show compelling legitimate grounds for the processing, which override your interest, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
- You can ask us to stop using your Personal Data, including when we use your Personal Data to send you marketing emails. We only send marketing communications to you with your prior consent, and you may withdraw your consent at any time by clicking the “unsubscribe” link found within Setapp emails and changing your contact preferences. Please note you will continue to receive transactional messages related to our Services, even if you unsubscribe from marketing emails.
- Complain to a regulator. If you think that we haven’t complied with data protection laws, you have a right to lodge a complaint with your local supervisory authority.
Data Protection Officer
To communicate with our Data Protection Officer, please email [email protected].
Changes to our Privacy Policy
We may need to update this Policy to keep pace with changes in our Sites, Services, Developer Content, our
business, and laws applicable to us and you. We will, however, always maintain our commitment to respect
your privacy. We will notify you of any material changes that impact your rights under this Policy by
email
(to your most recently provided email address) or post any other revisions to this Policy, along with
their
effective date, in an easy-to-find area of the Site. Hence, we recommend that you periodically check back here
to stay informed of any changes. Please note that your continued use of Setapp after any change means that
you agree with and consent to be bound by the new Policy. If you disagree with any changes in this
Policy
and do not wish your information to be subject to it, you will need to stop using the Site, Services, and
Developer Content.
Contact us
You may contact us with any questions relating to this Policy by e-mailing: [email protected].