Privacy Policy
DNA Systems ("DNA Systems", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our websites, purchase from us (online, directly, or through a Channel Partner), and use DNA ERP® (together, the "Services"). DNA ERP® is a registered trademark of Solution ERP.
1. Scope and Our Role (Controller and Processor)
This Policy covers two types of data and two roles:
- Account, website, and marketing data (we are the "Controller"): information we collect about you as our customer, prospect, or website visitor, where we decide how and why it is processed.
- Customer Data you put into DNA ERP® (we are the "Processor"): data you and your users upload or create in the ERP (such as your employees', customers', and suppliers' records). For that data, you are the Controller and we process it on your behalf and on your instructions to provide the Services. Our handling of such data is governed by these terms and, where applicable, a Data Processing Agreement (DPA) available on request.
2. Information We Collect
2.1 Account and Business Information
- Name and contact details (email, phone number);
- Company name, role, and business information;
- Billing address, tax or VAT identifiers, and payment information;
- For direct sales, bank transfer and remittance details needed to issue invoices and reconcile payments;
- Login credentials (passwords are stored in encrypted or hashed form).
2.2 Customer Data
When you use DNA ERP®, you may upload or create data including employee records (HR), customer and supplier records, financial and accounting data, and documents and communications. This data belongs to you; we process it only to provide the Services, on your instructions.
2.3 Usage and Device Data
- IP address, browser type, and language;
- Device type and operating system;
- Pages and features used, and actions taken;
- Date, time, and duration of access, and log data.
2.4 Communications
Records of your interactions with our sales, support, and success teams, including emails, tickets, and (where permitted and notified) call recordings.
2.5 Cookies
We use essential and, with consent where required, analytics cookies. See the Cookies section below.
3. Legal Bases for Processing
Where applicable law (such as the GDPR) requires a legal basis, we rely on: (a) performance of a contract with you; (b) our legitimate interests in operating, securing, and improving the Services and our business; (c) your consent (for example, for marketing or non-essential cookies), which you may withdraw at any time; and (d) compliance with legal obligations (such as tax and accounting record-keeping).
4. How We Use Your Information
4.1 To Provide the Services
- Create and manage your account and users;
- Process orders, quotations, invoices, and payments (including bank transfers for direct sales);
- Provide implementation, onboarding, training, and support;
- Send service, security, and administrative communications.
4.2 To Improve and Secure the Services
- Analyze usage to maintain, troubleshoot, and improve the Services;
- Develop new features and updates;
- Detect, prevent, and address fraud, abuse, and security incidents.
4.3 Marketing (with consent where required)
We may send product updates, newsletters, and offers. You can opt out at any time via the unsubscribe link or by contacting us. We do not sell your personal data.
5. AI and Automated Processing
Certain features ("DNA Intelligence") use automated processing to provide analytics, suggestions, and automation. We do not use these features to make decisions producing legal or similarly significant effects about individuals without appropriate safeguards or human involvement. We do not sell Customer Data, and we do not use your Customer Data to train third-party AI models for other customers without your instruction or consent, except as needed to provide the Services to you.
6. Cookies and Tracking
- Essential cookies: required for authentication, security, and core functionality; these cannot be disabled.
- Analytics cookies: help us understand how our website is used; used with consent where required and manageable via your browser or our cookie controls.
- Managing cookies: most browsers let you control cookies; disabling some may affect functionality.
7. How We Share Information
7.1 We Do Not Sell Your Data
We never sell, rent, or trade your personal information for third-party marketing.
7.2 Service Providers and Sub-processors
We share data with trusted providers who help operate the Services under confidentiality and data-protection obligations, including payment processing (Paddle), cloud hosting and infrastructure, transactional email, and analytics (anonymized or aggregated where feasible).
7.3 Channel Partners
If you engage with us through a Channel Partner, we may share relevant account and transaction information with that partner to fulfill your order and provide support. Channel Partners are independent and responsible for their own privacy practices for data they collect directly from you.
7.4 Legal and Protection
We may disclose information where required by law, regulation, court order, or governmental request, or to establish, exercise, or defend legal claims, or to protect the rights, safety, and property of DNA Systems, our customers, or others.
7.5 Business Transfers
If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.
8. International Data Transfers
We may process and store data in countries other than yours, including where our hosting or service providers operate. Where required, we implement appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) for such transfers.
9. Data Storage and Security
- Encryption in transit (SSL/TLS) and at rest;
- Access controls, authentication, and least-privilege practices;
- Regular security reviews, patching, and monitoring;
- Regular encrypted backups;
- Staff training on data protection.
No system is perfectly secure; while we protect your data using appropriate measures, we cannot guarantee absolute security.
10. Data Breach Notification
In the event of a personal data breach likely to result in a risk to affected individuals, we will notify affected customers and, where required, the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware, and take remediation steps.
11. Data Retention
- Active accounts: data retained while your account is active;
- Closed accounts: Customer Data available for export for 30 days after termination, then deleted in the ordinary course, subject to legal requirements;
- Billing and tax records: retained as required by law (typically 7 to 10 years);
- Backups: purged on a rolling cycle.
12. Your Privacy Rights
Subject to applicable law, you may have the right to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw consent. To exercise these rights, contact privacy@dna.systems. We will respond within the time required by law. For Customer Data where we act as Processor, we will refer data-subject requests to you as the Controller.
13. Regional Privacy Rights
13.1 Qatar
We process personal data in accordance with Qatar's Personal Data Privacy Protection Law (Law No. 13 of 2016) and its guidelines.
13.2 GCC (Saudi Arabia, UAE, Bahrain, Oman, Kuwait)
Where applicable, we handle personal data consistent with local data-protection laws, including the Saudi Personal Data Protection Law (PDPL), the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, and the data-protection laws of Bahrain, Oman, and Kuwait.
13.3 European Economic Area and United Kingdom
If you are in the EEA or UK, you have rights under the GDPR and UK GDPR, including those listed above and the right to lodge a complaint with your supervisory authority. Our legal bases are described in the Legal Bases section.
13.4 United States (including California)
If you are a California resident, you have rights under the CCPA and CPRA, including to know, access, delete, and correct personal information and to opt out of the "sale" or "sharing" of personal information. We do not sell personal information, and we will not discriminate against you for exercising your rights.
14. Children's Privacy
The Services are intended for businesses and are not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
15. Third-Party Links
Our websites and Services may link to third-party sites or services we do not control and that have their own privacy practices. We are not responsible for those third parties.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated Policy with a revised "Last update" date and, for material changes, provide notice by email or through the Services.
17. Contact Us
For privacy-related inquiries or to exercise your rights:
DNA Systems - Privacy Team
Doha, Qatar
Email: privacy@dna.systems
Phone: +974 4480 7193
