DIPPER – GOVERNMENTAL REQUEST POLICY

Last updated – 2023-06-01

1. INTRODUCTION

1.1 Welcome to Dipper! We always aim to act in accordance with applicable laws and in cooperation from relevant governmental authorities. This Policy sets out how we respond to requests from governmental authorities, but please note that we may respond to such requests in another manner where required pursuant to applicable laws.

1.2 We receive various requests from governmental authorities in relation to Dipper. Where such request is made:

• a. by law enforcement authorities regarding the disclosure of data about our users on Dipper and in accordance with legal processes (e.g. court injunction, court orders, subpoenas, police investigations), we will treat such request in accordance with the Law Enforcement Data Request Guidelines; and
• b. in any manner and by any governmental entity other than pursuant to paragraph (a), we will treat such request in accordance with this Policy (all such requests under this paragraph (b) being a “Request”).

Requests that fall under paragraph (b) and are governed by this Policy include:

• c. take down requests from governmental authorities in relation to promotional political content that does not comply with any applicable laws or regulations (see Section 11 of our Acceptable Use Policy for further details);
• d. requests from telecommunication authorities regarding content that is distributed on Dipper; and
• e. requests to engage in discussions with governmental authorities.

This Policy applies to Requests from governmental authorities. If you are a governmental authority, we recommend that you follow this Policy in making your Request, so that we can respond to your Request as soon as reasonably practicable and in accordance with applicable laws.

1.3 We may amend this Policy at any time without notice. We encourage you to check back regularly on this page for updates.

1.4 In this Policy:

• a. "we", "us", "our" or "Dipper App" means Dipper App
• b. “Request” means any request pursuant to Section 1.2(b) that this Policy applies to.
• c. “Requesting Authority” or "you" means the governmental authority making the relevant Request.

2. OUR RELATIONSHIP WITH HAIRTE AND OTHER THIRD PARTIES

2.1 We regularly receive Requests for disclosure of data which do not belong to and/or are not held by us. To clarify:

• a. We cannot assist on Requests relating to any platform or service other than Dipper (including any data that is held by or regarding such other platforms or services, and regardless of whether those platforms or services were accessed via Dipper). It is the Requesting Authority's responsibility to make the appropriate Request(s) to such other platforms or services (and their operators) as necessary.
• b. Hairte is operated by a separate legal entity, and we are therefore unable to assist with any Requests relating to Hairte.

3. GENERAL PRINCIPLES OF THIS POLICY

We apply this Policy in accordance with the following principles. Further details are set out in the remainder of this Policy.

3.1 We act in accordance with Requests when legally required to do so. The basis for the Requests that we comply with may be pursuant to specific laws and regulations. Such actions may include:

• a. The removal, disabling or geo-blocking of certain content in certain jurisdictions.
• b. The display of notices specifying particular actions that have been taken pursuant to the Request.

3.2 We do not retain all user information and content, and such information and content may be deleted, de-personalised and/or amended from time to time. Our end users maintain the right to treat their information, and we will treat their information, in accordance with our Terms of Service and Privacy Policy. This means that we do not retain all such information, and they may from time to time be amended or deleted. Further information regarding our data handling practice is set out in our Terms of Service and Privacy Policy.

3.3 We aim to apply this Policy consistently and fairly across all jurisdictions where we operate Dipper, subject to all applicable laws and regulations and our interpretation of potential differences between jurisdictions. Dipper is available internationally, and to that end we aim to apply all of our terms (including this Policy) fairly and consistently across all jurisdictions.

3.4 Further to Section ‎3.3, we may depart from this Policy from time to time for various reasons, including for instance, due to applicable laws and regulations or pursuant to professional advice we have received on the matter.

3.5 We aim to be transparent with our users in the actions that we take. Before and/or after we comply with a Request (depending on the Request and applicable laws and regulations), we reserve the right to notify our users of the Request (including the actions being sought by the Request). This is to ensure that our users have a right to respond to the Request. In addition, where the Request is in relation to actions that may affect other users, we may also notify other users of the relevant Request that we have complied with.

For example, if we have complied with a Request to take down content, we may post a notice in place of the removed content, stating to our users why such content was taken down.

3.6 We do not automatically comply with all Requests. We will always carefully review all Requests to ensure that we comply with all applicable laws and regulations in our response, while respecting our users' rights. That may include taking appropriate internal and third-party professional advice.

4. HOW WE APPLY THIS POLICY

As above, we aim to apply this Policy fairly and consistently internationally. We note the following in relation to how we apply this Policy:

• a. We may not be able to remove information and/or content in certain jurisdictions due to legal requirements in those jurisdictions (or a conflict of legal requirements between different jurisdictions). Where required and where possible, we may employ geo-blocking technology to ensure that we meet relevant legal requirements in relation to the removal of information in certain jurisdictions (but not others).
• b. We will carefully review all Requests to make sure they comply with the law. Where relevant or necessary, we may require appropriate legal and/or supporting documentation to be provided by the Requesting Authority before we comply with the Request.
• c. Nothing in this Policy waives or limits any of our rights under all applicable laws and regulations. We may, as appropriate, question any Requests – including requesting governmental/judicial review of, and third-party legal advice regarding, any Requests.

5. AN OVERVIEW OF HOW WE DEAL WITH REQUESTS

5.1 When we receive a Request, we will generally deal with such Request in accordance with the following (and always subject to applicable laws and regulations):

• a. Review of the Request, to ensure that it meets all relevant legal and our requirements.
• b. Whether it is necessary and/or appropriate to notify the affected user(s).
• c. Responding to the Requesting Authority regarding the outcome of the Request.

6. WHAT KINDS OF REQUESTS DO WE RESPOND TO?

6.1 General requirements

If you are making a Request, please ensure that your Request

• a. is typed and in PDF file format;
• b. is sent on the Requesting Authority's letterhead and signed by an appropriate and authorised representative of the Requesting Authority - see Section ‎6.2;
• c. includes all information as set out in Section ‎6.3;
• d. is sent to us in accordance with Section ‎9;
• e. be drafted in, or translated to, English; and
• f. complies with all applicable laws and regulations. We expect all Requesting Authorities to have already obtained legal advice on whether a Request meets this requirement.

We may not respond to any Requests that do not meet the above requirements.

6.2 Who can send Requests?

Appropriate Requesting Authorities may be different in different jurisdictions. Depending on the jurisdiction, legitimate Requests may be submitted by government agencies or from other authorities (e.g. electoral commissions, telecommunication authorities, consumer protection authorities, etc.).

The power of many of these authorities will differ depending on the jurisdiction in question. As above, we will review all Requests in accordance with applicable laws and regulations.

6.3 Form of Request

We will only respond to Requests that contain the following information, and any other information as required by applicable laws and regulations:

• a. the Requesting Authority's identity;
• b. the identity of the specific officer and/or agent of the Requesting Authority responsible for the request (the "Request Contact"), including their rank, badge/identification number and identification documents;
• c. the relevant authorisation document(s) of the specific officer and/or agent of the Requesting Authority, if applicable;
• d. contact details for the Request Contact, including phone number, email address (which must be from the Requesting Authority’s email domain address) and postal address;
• e. a reasonable date that Dipper should respond to the Request by;
• f. the Dipper user to which the Request relates, including all known information pertaining to the relevant user - including users’ identification / Dipper ID / account details/email addresses. This will help us to identify the data subject;
• g. the specific actions being requested from and how it relates to the matter to which the Request relates; and
• h. the basis of the Request, including the provisions of any laws being relied upon for the Request and, where applicable and/or necessary, details of the nature of the investigation, procedure and/or process being carried out by the Requesting Authority.

Please note that we may be unable to respond to any vague or incomplete Requests.

7. NOTIFICATION OF OUR USERS

We respect our users’ rights and privacy. As set out in Section 3.5 above, we may notify the relevant user about any Requests prior to acting on them, unless we are prohibited from doing so under applicable laws or regulations, by the terms of any legal process (such as a confidentiality order), or where we reasonably believe that such actions may create imminent danger or risk for us or any third party. This notification may allow the end user to seek appropriate protective relief.

Requesting Authorities who believe that notification would jeopardize an ongoing legal investigation should obtain an appropriate court order or legal process that specifically prohibits notification of our users. It is the Requesting Authority's responsibility to request that we do not notify a user of the Request because it would jeopardize an ongoing legal investigation.

If your Request is in relation to an ongoing or prior violation of our Terms of Service, we will take action to prevent further abuse, including actions that may notify the user that we are aware of their misconduct. If you believe in good faith that such actions will jeopardize an ongoing investigation, it is your responsibility to request that we defer such action, including providing to us the appropriate court order or legal process prohibiting such notification.

We reserve the right to challenge any non-disclosure requests or orders, pursuant to applicable laws and regulations.

8. REIMBURSEMENT OF COSTS

To the extent permitted by applicable laws and regulations, we may seek from you reimbursement of our costs in responding to a Request.

9. WHERE SHOULD REQUESTS BE SENT TO?

All Requests should be emailed to support@dipperapp.com with the subject "Governmental Request (insert jurisdiction)".

Please note that:

• a. we may not, or may take longer to, respond to any Requests not sent to the above contact details;
• b. we will not review correspondences sent by anyone other than governmental authorities to the above contact details; and
• c. if we accept any legal processes via the above contact details, such acceptance is for convenience only and does not waive any of our rights or objections, including for lack of proper service or jurisdiction.