Dilecy FAQ

About Dilecy

What was the reason you created Dilecy?
As technology and internet are evolving people are more and more vulnerable with their personal data. There is a significant public concern on internet privacy, personal data collection, and transparency. Since GDPR came into effect in 2018 people have stronger rights than ever before to control their own data. However, exercising these rights is not easy as there is a large number of organizations that they would have to send request to individually. This takes too much time and effort. So, we created Dilecy to solve this problem.

What is all this buzz around data ownership?
As a person you have a right to have a total ownership over your data. After using a service of an organization your data might be stored in their database and might be used for a different purpose than it was originally intended for. You have the right to tell them to remove your personal data (right to be forgotten) or object to the use of it. You can also receive a copy of the data and use it at another service.

Can I protect myself by limiting my use of the internet?
Partially yes you can. But then you wouldn’t be able to fully enjoy your online experience. Besides, once your data is with one organization it might have already been transferred around the web. Therefore, instead of limiting yourself you should follow common digital hygiene rules and be aware of your digital footprint at all times.

What is Dilecy used for?
By using Dilecy, you can find out which organizations have your data, send GDPR requests to take control of your data and gain data ownership.

Does Dilecy have my data?
No. Your data is only stored locally on your device. We do not have access to your personal information, or to the requests you send. Dilecy only sees the usage statistics of how many sessions are there in a month and in which calendar week they were installed.

Why should I trust Dilecy?
The Dilecy app was built according to the "privacy-by-design” principle and your personal data is only stored locally on your device. Our service is about trust, transparency and security. Of course, you can also make a data request to Dilecy.

Why should I provide my email password?
The desktop app works like an email client. You may already use one like Thunderbird or Apple Mail. It needs access to your email account in order to send your requests to companies. It cannot read your emails. The password is encrypted and stored on your laptop.
Nevertheless, you can also choose to not enter your email password and opt to send the requests alternatively. Here Dilecy generates the emails you would like to send to companies but sends them to you instead. You can then forward them to the companies individually. That way you avoid entering your email password. But this method takes longer. We suggest you use the first method.

What are SMTP and OAuth?
SMTP (Simple Mail Transfer Protocol) and OAuth are communication protocols that let internet users send emails through email clients such as Outlook, Thunderbird, and in our case the Dilecy desktop client.

When linking your email to Dilecy desktop you need to allow SMTP connection in your host email settings. Here is how it is done on web.de: Web.de account - Settings - POP3 und IMAP Zugriff erlauben. Gmail uses the OAuth 2.0 protocol for authenticating a Google account and authorizing access to your email account.

Who sends the requests, Dilecy or my email provider?
Dilecy merely acts as an email client. So, the requests are sent from your email address, which you connected with your Dilecy profile.

There are 10,000 companies in the database but I do not have time to go through the whole list, how can I use it efficiently?
Of course, you do not have to go through the whole list. You can use the category selection or search bar to find specific companies.

Why do I have to enter my personal information to make a request?
Because, when companies receive your request, they need to verify your identity and find the data related to you in their system.

Does the Dilecy team know which companies/organizations I requested data from and the email thread between them and me afterwards?
No, we do not have access to that information as this information is stored in your device locally. The further communication with the companies takes place in your email provider.

What kind of security measures are taken?
All local data is stored encrypted. Our server with corporate data does not process any personal data. The connection between the app and the server is SSL-encrypted. Our app is signed to prevent manipulation by third parties.

Why is Dilecy a desktop app?
Glad you asked! For your privacy and security. A desktop app offers extra security because it is on your own device. And hence it allows local storage of your data.

What does open source mean?
Open Source means that the code for a given software is public. Everyone can see how the software works and what it does. We made Dilecy open source so everyone can “look under the hood” and see what the software does. Our open source code can be found here. hier.

What is end-to-end encryption?
End-to-End encryption means that only the two parties communicating can decrypt the other ones messages. No party in between can read or alter the communicated infromation.

Is Dilecy really free?
Yes, it is! We believe that data ownership is your right and it is our mission to make it easy for you to exercise your GDPR rights for free and effortlessly.

Does Dilecy assist me?
You can reach us at support@dilecy.de. We can help with most questions but can’t assist with every single request. However, for your convenience there is the “old requests” section in your Dilecy profile. This section shows all your requests and dates they have been made along with deadlines. Dilecy will offer new features and support for the after-request process in the future.

On which operating systems does Dilecy run?
Currently, Windows and MacOS, later we will have a version for Linux as well. Stay tuned!

Which organizations/companies can I send requests to?
Currently, we have over 10,000 companies listed. These companies range from big players such as Google and Facebook to small enterprises. We are constantly increasing the list and you can also contribute to this by adding missing companies/organizations in our “add company” feature in our app.

Is there a webapp of Dilecy?
No, because we know that most people prefer to store their data on their device, where they have control rather than using a web-based service. Dilecy is all about giving you control and you need to store data locally. That's why we offer a desktop app.

How old do I need to be to use Dilecy?
You must be at least 16 years old if you want to make your request to a company yourself. If you are younger, a guardian must make requests for you.

Where can I view the terms and conditions?
You can view our terms and conditions here.

How can I contact you?
You can contact us here. Or you can send an email directly at support@dilecy.eu.

I like your idea; can I join your team?
ure, we are now growing and in search of developers and anybody who might have a brilliant idea of how we can take our business into the next level in the best way possible. You can also help us by volunteering, please contact us.


About GDPR

What is GDPR?
The GDPR is an EU data privacy law that went into effect in May 25, 2018. It is designed to give individuals more control over how their data is collected, used, and protected online. It also binds organizations to strict new rules about using and securing the personal data they collect from people, including the mandatory use of technical safeguards like encryption and higher legal thresholds to justify data collection. Organizations that don’t comply will face heavy penalties of up to 4 percent of their global annual revenue or €20 million, whichever is higher.

What is “personal data”?
According to GDPR Article 4 (1) personal data are any information which are related to an identified or identifiable natural person. ... For example, the telephone, credit card or personnel number of a person, account data, number plate, appearance, customer number or address are all personal data.

Am I eligible to GDPR protection if I am not an EU citizen?
You do not have to be an EU citizen to exercise your GDPR rights. You are eligible if:
- you are located in the EU or EEA countries; or
- you are not located in any of these countries, but your data is processed by an organization located in the EU

Are companies located outside of Europe subject to GDPR?
The whole point of the GDPR is to protect data belonging to EU citizens and residents. The law, therefore, applies to organizations that handle such data whether they are EU-based organizations or not, known as “extra-territorial effect” (Article 3).

Where can I find the GDPR?
You can find the official document here. The relevant articles are:
Article 12 - General requirements
Article 15 - Access your data
Article 16 - Correct your data
Article 17 - Remove your data (right to be forgotten)
Article 20 - Move your data (data portability)

What are my rights under GDPR?
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.

Can organizations charge a fee to process my request?
No, they cannot. However, there are two exceptions where organizations may request a compensation to cover their administrative costs:
- If your request is manifestly unfounded or excessive. Organization has to be able to demonstrate this character of the request;
- If you request for additional copies of your data.
In any case, the company must tell you in advance whether the request will cost anything. So, you won't be surprised by costs.

How does Dilecy work?

Where can I download the Dilecy app?
You can download the app here.

How do I use the app?
You need to first download and install the app. When you open the app, you will find information boxes that gide you through the process. More detailed instructions can be found here.

How does the request process work?
After you have installed the app on your computer, you can first select under "new request" whether you want to receive information, delete data or object to processing. You can then opt for the companies by letting the app search for visited websites in your browser. The app presents you with a list of companies that it has found. In the next step you can manually select additional companies. If you want you can still edit our email template. After you send a request to a company, it will respond directly to your email address with the requested information.

What kind of emails does the Dilecy app allow me to send?
Our emails are written in a formal language and checked by data protection lawyers. They refer to the relevant GDPR articles depending on the type of each request and some of your personal data so organizations can identify you.

Why does the email templates have brackets in them?
Those brackets are placeholders for the information from your profile.

Can I change the email template?
Yes, of course you can make changes to your email text before sending it.

What is the browser feature?
When selecting the companies that you like to send a request to, the browser feature lets your Dilecy app check for companies in your browser history. It works with all common browsers except Safari on MacOS.

What happens after I send the requests to companies?
After you send the requests companies have 30 days to respond. But usually you receive the response within 10 days. Some have automatic responses that confirm your inquiry and some send you instructions of how you can access or delete your data in their websites.

Does Dilecy notify me after the deadline?
Your Dilecy desktop app does not notify you because it does not “know” if you received the answer already. However, you can check the deadlines in your “old requests” section in your Dilecy profile.

Can I delete my profile after sending requests?
Yes, you can find the delete button in your profile settings.

What if organizations ask me to verify my identity?
Sometimes certain organizations may request additional information to confirm your identity. For example, governmental organizations may request you to provide an ID. However, it must be reasonable. Please, contact us if you are unsure if this is unreasonable.

When do organizations have to respond to my request?
Organizations are required to respond within 30 days after receiving your request. Sometimes due to complexity and number of requests this deadline can be extended by two more months. Nonetheless, within the initial one-month period the organization must inform you of any such extension and provide the reasons for the delay.

What should I do if I did not get a response within 30 days?
In this case you should send them another email reminding them of your request. Most of the time, they respond immediately after that. If they still do not respond you have a right to claim a complaint against them with one of three organizations:
a. You can file a complaint with the data protection authority;
b. You can file a case in court;
c. You can ask an NGO to file a complaint on your behalf.

What if the organization refused my request?
Some organizations might have a valid reason to refuse your request. However, they are required to provide the reasons for refusal. Then you can check if the refusal is valid. If you think it is not valid you can object by filing a complaint.

What if the response is incomplete or incomprehensible?
You can ask the organization for a clarification or missing information. The organizations are required to provide the information in a transparent, intelligible, and easily accessible form.

Can I restore the deleted data?
Once an organization has deleted your data it cannot be restored, but you can of course sign up to their services again.

What if I've sent a request to the wrong organization?
The organization will reply saying that they don’t have any data on you. Please only send requests to companies that you think have your data to avoid unnecessary workload for them.

Where can I see the current status of my requests?
In your Dilecy account go to the“old requests” section. It shows the date when each request was made with a 30-day deadline progress bar.

How can I file a complaint with my local Data Protection Authority?
If any organization fails to meet the legal requirements you can file a complaint with your local Data Protection Authority or take any other legal measures available in your country. If you are in the EU you can find the contact details of DPAs in the EU here.

My Dilecy profile

How can I delete my profile?
You can delete your profile by choosing the option “delete profile” in your “settings”. Please note, after deleting your profile you cannot restore it as all your personal data will be erased from your local storage and we do not have your data to be able to help you restore your profile.

What if I forgot my password?
It is unfortunately not possible to restore your password as we do not keep your password. So, save your password somewhere you can find later in case you forget it :).

Can I change my email address?
Yes, you can change your email in the “settings” of your Dilecy profile.


How to get support from Dilecy?
Please, contact us at support@dilecy.eu and we will get back to you as soon as possible.

I forgot my password to my Dilecy profile, what to do now?
Unfortunately, the Dilecy team cannot help you recover your password. But do not worry, you can make another account with the same email and the old emails you sent are in the “sent” folder of your email account. So, ultimately none of your effort is lost.

What happens when I change the password of my registered email account?
If you used SMTP protocol service to connect your email provider then you need to change the password in your Dilecy profile as well. It can be found in “settings” – “email settings”. However, there is no need to do that if you used OAuth (Google mail) initially.

Can I change my username and password to my Dilecy profile?
Yes, you can easily change them in the “settings” – “profile information”.

I did not get a confirmation of my data request, what should I do?
You can choose to either send another email asking if they received your email or wait up to 30 days and send a follow up email. We suggest that you send them an email after 10 days of the initial request as companies usually reply by this period.

For Companies

What is Dilecy?
Dilecy is a software tool that allows internet users exercise their GDPR rights by simplifying the data request process. In the age of technology users and organizations are on the opposite sides when it comes to personal data collection. We are here to build a mutual trust between them and prevent data-related risks.

Why did I get an email from a user through Dilecy?
Because, the user made a request to your email address in our database. We have collected over 10,000 email addresses of various companies/organisations to make it easy for our users to exercise their GDPR rights.

Does Dilecy act on behalf of the user?
No, Dilecy does not act on behalf of the user. It is the user’s will to initiate a request. Dilecy acts as an email client.

How does Dilecy validate requests and user identity?
Every user is required to set up an account in their Dilecy app. In order to set up an account the user needs a valid email and provide valid personal information that confirms their identity. We understand that in some jurisdictions you, as a company, are required to take extra precautions on identity verification. In this case, you should communicate this to the user.

How should I handle data requests?
If you received a data request email from the user it means they are exercising an important right backed up by GDPR. Please, do not disregard the user’s request as it may lead to a breach of trust and law. If uncertain we advise you to consult with your legal counsels. Even when you are not obliged to follow GDPR it is best if you still respond to a user’s request. This would ensure trust and transparency between you and the user. If you have questions or concerns, please contact us here.