Privacy Policy

Privacy Policy

Effective date: 10 October 2025

Who we are: DIGITAL DRINK DISPENSERS LIMITED ("Digital Interlock", "Digital Interlock Software", "we", "us", "our").

Contact: privacy@digitalinterlock.com

This notice explains how we process personal data when you use our websites, products and services, or otherwise interact with us. It is designed to meet the requirements of the UK GDPR and EU GDPR (collectively, "GDPR").

1) Data controller

DIGITAL DRINK DISPENSERS LIMITED is the controller of personal data described in this policy.

2) What we collect (categories of data)

• Identity & contact data: name, email address, company, role, phone (if provided).
• Account data: usernames, tenant/organisation associations, licence status.
• Support & communications: tickets, emails, chat transcripts, feedback.
• Usage & telemetry (product): event logs, device IDs, configuration metadata, timestamps, IP addresses.
• Technical data: browser type/version, operating system, device information; limited cookies/analytics if enabled.
• Billing data (if applicable): invoicing contact details and transaction metadata (no full card data stored on our systems).

We do not intentionally collect special category data or children's data.

3) Why we use your data (lawful bases)

We process personal data only where a lawful basis applies:

• Contract — to provide, support and secure our services; to set up and maintain your account.
• Legitimate interests — to improve services, prevent abuse, measure performance, and communicate important service updates (balanced against your rights).
• Consent — optional marketing and non-essential cookies/analytics (you can withdraw at any time).
• Legal obligation — records retention for tax, compliance, and responding to lawful requests.

4) How we use the data

• Operate and deliver the services you request (including identity, access and audit).
• Provide support and incident response.
• Improve reliability, performance and security.
• Send essential service communications (outages, security, policy changes).

Marketing emails are opt-in only.

5) Sharing and international transfers

We use trusted vendors (processors/sub-processors) to run our services. These may include:

• Microsoft Azure (hosting, UK South/EU regions), Microsoft 365 (email/collaboration).
• Azure DevOps / GitHub (software lifecycle).
• Trycomp.ai (compliance monitoring/integrations).

Where data is transferred outside the UK/EU, we rely on an adequacy decision or Standard Contractual Clauses (SCCs) plus additional safeguards.

6) Retention

We keep data only as long as needed:

• Account & contract records: up to 7 years after contract end (legal).
• Telemetry & logs: up to 13 months unless a longer period is required for security/investigations.
• Support tickets: 24 months.
• Backups: 35 days rolling (approx.).

7) Your rights (GDPR)

You have the right to access, rectify, erase, restrict, object, and port your data, and to withdraw consent where processing relies on consent.

You can also lodge a complaint with the ICO (UK) or your local supervisory authority.

• Contact: privacy@digitalinterlock.com
• Or use the form located here: (GDPR Data Deletion Request Form).

8) Security

We use strong identity controls (MFA), encryption in transit/at rest, role-based access, network isolation, vulnerability management and continuous logging/monitoring. Access is restricted to authorised personnel under confidentiality obligations.

9) Cookies & analytics

We use essential cookies for security and login. Non-essential analytics/marketing cookies run only with consent. You may change your preferences at any time.

10) Changes to this notice

We'll update this policy when practices change. Where changes are material, we'll notify you via the service or email. The "Effective date" will always reflect the latest version.

Change Log

• 10 Oct 2025 — Initial publication.