Last updated: May 2024
We at Duda, Inc. (“Duda”, “we”, “our”, or “us”) respect your privacy. This Privacy Policy (“Policy”) explains how we collect, use, and disclose information from and about you (“your information”) that we receive in the ways specified below.
Duda provides website building, hosting, and operating services, as well as other services (the “Duda Services”) to our business customers and to resellers (“Customer(s)”). Customers use the Duda Services to provide website building and related tools to their customers (“End Customer(s)”), who develop websites for end users (“End User(s)”).
We collect information when individuals visit and interact with www.duda.co (the “Duda Site”), when Customers or End Customers use the Duda Services, or when End Users interact with any website built, hosted or operated via our Services or a part thereof (the “Customer Sites”). The Duda Site and the Duda Services are collectively referred to as the “Services.” How we collect your information and what information we collect depends on how you interact with the Services.
Duda is the controller of data collected from visitors to the Duda Site and from Customers when they interact with Duda or use the Duda Services (“Services Data”). Services Data does not include any End Customer and End User Data (defined below).
Customer or End Customer, as applicable, is the controller of information that pertains to End Customers and End Users and that is collected from the Customer Sites (“End Customer and End User Data”). Duda is the processor or service provider of such End Customer and End User Data. End Customer and End User Data is governed by the applicable Customer Site privacy policy.
This Policy is an integral part of, and incorporated into, our Terms of Service (the “Terms of Service”).
By using or otherwise interacting with the Services, you acknowledge that we will collect, use, and disclose your information as described in this Policy. Please read this Policy carefully. If you do not agree to this Policy, please do not use the Services.
We collect information that you provide to us, information that we collect automatically, and information from other sources.
Information You Provide to Us.
We collect information you provide to us, depending on how you use the Services, when, for example, you create an account or make a purchase through the Services, interact with customer support, or input information into the Services. Depending on whether you are a Duda Site visitor or Customer, this information may include:
You can choose not to provide us with certain information, but then you may not be able to register with us or take advantage of all of the functionality of our Services.
Customers and/or End Customers, as applicable, determine what Personal Data, if any, related to End Customers or End Users to process and/or to input into the Duda Services.
Information We Collect Automatically.
When you interact with the Services, we may automatically collect information about your browser, device, and use of the Services, including, but not limited to IP address, approximate location, information about your activity on the Services (such as page views and features you use), device type, browser type, operating system and version, the web page you were visiting before you came to the Site, information you search for on the Site, locale preferences, your mobile carrier, date and time stamps associated with transactions, system configuration information, metadata concerning your files, website alias, responsive website or mobile website URL, and website URL. Some of this data is collected using cookies and similar technologies. To learn more about these technologies and your choices regarding them, please see the section below titled “Your Choices and Rights”.
Information From Other Sources.
We may collect information about you from publicly and commercially available sources, as permitted by law, including but not limited to publicly available directories, social media, advertisers and business partners, and Customers.
We may use Services Data for the following purposes, unless indicated otherwise:
We may aggregate, de-identify and/or anonymize any information collected through the Services so that such information is no longer reasonably capable of being associated with you. We may use aggregated or anonymized information (or information that was never associated with you) for any purpose, including for research and marketing purposes, and we may also share such information for any purpose with any third parties, at our discretion.
The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to process your information. Our legal bases for processing your information as described in this Policy are as follows:
For the purposes discussed in this Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use such combined information in accordance with this Policy.
We may share your information under the following circumstances:
Internally - We share your information with companies in our group and our employees as necessary in order to provide you with our Services and operate our business efficiently and effectively.
Service Providers - We may share your information with third parties that work on our behalf to help us operate our business and provide the Services by performing services that include, without limitation: maintenance, payment processing, website hosting and database management services, data security, storage, analytics, website administration, legal or tax services, email management, consent management, and advertising. Service Providers must comply with this Policy and may only use your information to provide us with their services.
Affiliates and Partners - We provide your information to our affiliates or partners, if (i) you have a relationship with that affiliate or partner either online or offline (non-Internet), including in particular where you contract with such affiliate or partner independently of Duda, but the connection is made through the Duda app marketplace, (ii) you have visited the affiliate or partner's website that links to or mentions our website, or (iii) you have registered for our Services through the partner’s or affiliate’s program or website.
Marketing partners – in some cases, we share your information for communicating targeted advertising and promotional materials.
As required or permitted by law - We cooperate in good faith with government and law enforcement officials and private parties to enforce and comply with the law and protect the rights of Duda, its customers and third parties. We will disclose your information if we, in our sole discretion, believe it necessary or appropriate: to respond to claims and legal process (including but not limited to subpoenas); to protect our or a third party's property, safety, or rights; to address any activity we consider to be, or to pose a risk of being, illegal, unethical or legally actionable; or as otherwise required or permitted by law.
Business Transactions - We may share your information if we sell, transfer or otherwise share some or all of our assets in connection with a merger, acquisition, reorganization or sale of all or substantially all of our shares or assets or a similar transaction, in the event of bankruptcy, or contemplated of or diligence leading up to a potential corporate transaction.
With Your Consent – We share your information when we have your consent to do so.
Please note that if you choose to share your information on the Services (for example in the form of a comment or post on the Duda Sites, if such features are available), your information will be available to anyone who is able to view such information where you have shared it.
Marketing Emails. You may choose not to receive our promotional or marketing emails by clicking on the “unsubscribe” link in those emails. Please note that even if you unsubscribe from our marketing emails, we will continue to send you transaction-related emails regarding products or Services that you have requested, certain non-promotional emails about us and our Services, and responses to your queries or feedback.
Cookies and Similar Technologies. When you interact with the Services, we (and third parties acting on our behalf) automatically collect certain information about your browser, device, and use of the Services through cookies, pixel tags, web beacons, local storage, and other similar technologies. Cookies are small text files stored on your browser or device, which allow us to provide certain features of the Services, personalize your user experience, and advertise our Services to you. You can find more information about cookies at www.allaboutcookies.org.
We can only control the cookies on Duda’s Site. To manage your preferences with regard to cookies on Duda’s Site, please visit our page on Cookie Settings. Customers may place cookies on Customer Sites. Duda does not control those cookies, and the cookie preferences for Duda’s Site do not apply to the cookies on Customer Sites, or third party service providers (affiliates and partners) with whom you contract through Duda.
Your web browser may allow you to manage cookies and local storage. Each browser is different, so please, follow the directions provided in your browser’s “help” section to manage cookies. Please note that if you delete or disable cookies from our Services, some parts or functions of the Services may not work properly for you.
Tailored Advertising. We engage third parties to serve advertisements for our Services on our behalf on third-party websites and applications. You have certain choices about how your information is used for this purpose.
For more information about tailored advertising or to opt out of participating companies, visiting the opt-out pages of the Network Advertising Initiative or the Digital Advertising Alliance. We make no representation about the accuracy or effectiveness of these opt out mechanisms. Please note that if you opt out, you may still see advertisements; however, they will not be tailored based on your interests.
Some tailored advertising is carried out using cookies. You may be able to set your browser to refuse certain types of cookies. Please see the “help” section of your browser for more information.
If you are using a mobile device, you can opt out of certain types of tailored advertising by changing the settings on your device.
“Do Not Track” Signals. “Do-not-track” (“DNT”) is a setting offered by some browsers. DNT signals are not yet uniform, so we, like many other website operators, do not currently recognize or respond to DNT signals.
Your Rights. Depending on your jurisdiction of residence, you may have the right to request:
Access to, a copy of, and certain information about our processing of, your information;
Correction of inaccuracies in your information;
Deletion of your information, subject to any legal or other rights we have to retain certain information; and
Restriction of the processing of your information; you also have the right to object to our processing of your information in some circumstances.
These rights are subject to applicable exceptions, and we will need to verify your identity before processing your request. If you would like to submit a request relating to your information, please contact us using one of the methods in the section below titled “Contacting Us.”
If you contact us to exercise a right with respect to End Customer or End User Data, for which we are a processor/service provider, we will forward this request to the appropriate Customer who is responsible for responding to your request if we can identify the Customer, otherwise contact your controller directly to exercise these rights.
If you are a resident of the European Economic Area (“EEA”), the United Kingdom, or the state of California, please see the section below titled “Notice to EEA and UK Residents” or “Notice to California Residents” (as applicable to you) for more information about your rights.
The Services may contain third-party content or links to third-party websites and services. When you interact with such content or visit a third-party website, or install a third party app or use a third party service, you will be providing third parties with your information. Such third-party content and sites are not governed by this Policy, and we have no control over how third parties use your information, nor are we liable for such third parties’ use or disclosure of your information. A third party’s use of your information is subject to that third party’s privacy policy and your contract with them. Before you share your information with a third party, we encourage you to read the third party’s privacy policy and any other relevant terms.
We will retain your information for as long as necessary to provide our Service, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods are determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation. We will keep records containing Services Data, account opening documents, communications and anything else as required by applicable laws and regulations. In general, personal data relating to our Customers will be retained for the duration of the engagement with the Customer, and for a period of up to [7] years following the termination of Services to that Customer.
We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your information. However, because no security measures are perfect, there is always some risk involved in transmitting your information over the internet. We cannot guarantee the security your information, and you transmit it to and through the Services at your own risk.
You can help prevent unauthorized access to your account and information by protecting your password appropriately and limiting access to your account (for example, by signing off after you have finished accessing your account). You are solely responsible for all activity that takes place through your account, including any unauthorized use.
The Services are not intended for children under the age of 18. We do not knowingly collect personal information from children under the age of 18. If we learn that a child has provided us with personal information (as that term is defined in the Children’s Online Privacy Protection Act (COPPA)), we will delete such information in accordance with applicable law or if we otherwise determine Customer accounts are held by users under 18, we reserve the right to take actions we deem appropriate, including deleting such accounts.
Duda and our computer systems are based in the United States, so we will process your information in the United States, where the privacy laws may not be as protective as those in your jurisdiction. By using the Services, you understand and agree to the transfer of your information to the United States and to the processing of that information as described in this Policy.
Where required, we will use appropriate safeguards for transferring the data of residents of the EEA or UK. This may include signing Standard Contractual Clauses (“SCCs”) in the form issued as part of the EU Commission Decision (EU) 2021/914 that govern the transfers of such data. We receive personal data in the USA, including in reliance on the Data Privacy Framework as detailed below. We may conduct onward transfers based on DPF or another mechanism, generally the SCCs.
For non-EEA/UK residents, we will transfer your data in accordance with applicable law.
Right to Complain. We encourage you to contact us directly and allow us to work with you to address any concerns you might have about our privacy practices. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside or work, or the place of the alleged infringement. You have the right to do so if you consider that the processing of Personal Data relating to you infringes applicable data protection laws.
Duda complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Duda has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Duda has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. With respect to personal data received or transferred pursuant to the Data Privacy Frameworks, Duda is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Pursuant to the Data Privacy Frameworks, EU, UK, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you. You may also correct, amend, or delete the personal information we hold about you. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under the Data Privacy Frameworks, should direct their query to privacy@duda.co. If requested to remove data, we will respond within a reasonable timeframe.
We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to privacy@duda.co.
We remain liable under the DPF Principles in cases of onward transfer to third parties if such third parties use personal information in a manner inconsistent with the DPF Principles, unless We can demonstrate that we are not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF and the UK Extension to the EU- U.S. DPF and the Swiss-U.S. DPF, Duda commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to BBB National Programs, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers for more information or to file a complaint. The services of BBB National Programs are provided at no cost to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).
Categories of Personal Information We Collect. We collect information from and about you as specified in the section above titled “Types of Information We Collect.” This information includes the following categories of personal information:
Identifiers (such as name, address, IP address, and email address);
Commercial information (such as products or services purchased, obtained, or considered);
Payment information;
Internet or other electronic Network Activity Information (such as browsing history, search history, and information regarding your interaction with our Services);
Location Data;
Audio information (specifically, information from customer service calls, as explained above); and
Inferences drawn from any of the above information.
How We Use and Share These Categories of Personal Information. We use the above categories of personal information for the purposes listed in the section above titled “How We Use Your Information,” and we disclose your information to third parties as described in the section above titled “How We Share Your Information,” subject to the requirements of the CCPA. For data for which we are a service provider, as defined in the CCPA, we collect, process, and disclose your data at the direction and on behalf of our Customers.
The CCPA sets forth certain obligations for businesses that “sell” personal information to third parties. To the extent that re-targeted advertising is a sale of personal information, in that regard we may be selling personal information; to opt out of such re-targeted advertising, please use the cookie tool to block cookies on your browser and device.
Your Rights. California residents (or their authorized representative) have the right to request the actions listed in the section above titled “Your Choices and Rights.” To request to exercise any of these rights, please contact us using one of the contact methods in the section below titled “Contacting Us.”:
The CCPA further provides you with the right to information about the financial incentives that we offer to you, if any, and to not to be discriminated against (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you. We also will take reasonable steps to verify your identity before responding to a request.
Shine the Light Disclosure. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.
We reserve the right, in our sole discretion, to amend or update this Policy from time to time. If we make any material changes to this Policy, we will notify you as required by law. You are advised to consult this Policy regularly for any changes.
If you have any concerns or questions about this Policy or your rights, please contact us via:
By email: privacy@duda.co.
By post: ATTN: Duda Inc. DPO, Duda Legal Department, 577 College Avenue, Palo Alto, CA 94306