Privacy Policy Statement

Workify, Inc. (the “Company,” “we,” or “us”) respects your privacy. This Privacy Policy Statement (“Privacy Policy”) describes the ways we collect information from and about you, and what we do with the information, so that you may decide whether or not to provide information to us. By accessing our web site and mobile applications (collectively, the “Site”) and using the Workify service (the “Service”), you agree to this Privacy Statement in addition to any other agreements we might have with you. In the event that such agreements contain terms that conflict with this Privacy Policy, the terms of those agreements will prevail. If you do not agree to any of these terms and conditions, you should not access the Site or use the Service. This Privacy Policy Statement includes the Company’s Privacy Policy Statement and the Company’s Privacy Shield Statement.

 

Company Privacy Policy Statement

  1. Our Collection of your Personal Information

The information we collect may include your personal information, such as your name, contact information, IP addresses, product and service selections and other things that identify you. We collect personal information from you at several different points, including but not limited to the following:

  • when we correspond with you as a customer or prospective customer;
  • when you visit the Site;
  • when you register as an end-user of our Service and an account is created for you;
  • when you contact us for help; and
  • when the Site sends us error reports or application analytics data.

We do not require you to include sensitive information (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic data, biometric data, data concerning health or data concerning sexual orientation). In the event that you provide such sensitive information as listed above, you acknowledge that you have provided the Company explicit consent to receive such information.

  1. Lawful Basis for Processing (EEA and Switzerland only)

With respect to personal data collected from individuals from the European Economic Area or Switzerland, our legal basis for collecting and using the personal data will depend on the personal data concerned and the specific context in which we collect it. We will normally collect personal data from you only where:

  • we have your consent to do so;
  • where processing is necessary for the performance of a contract with you (e.g. to deliver the services you have requested) or our customers; and
  • where processing is in our legitimate interest or the legitimate interest of a third party;  provided that such interest does not outweigh the fundamental rights and freedoms of the affected individuals.
  1. Our Use of your Personal Information

Our Company may use personal information that we collect about you to:

  • deliver the products and services that you have requested;
  • manage your customer relationship and provide you with customer support;
  • perform analysis about your use of the Site and Service;
  • communicate with you by e-mail, postal mail, telephone and/or mobile devices about products or services that may be of interest to you;
  • enforce our terms and conditions;
  • manage our business;
  • respond to investigation, court orders, legal process, or to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person, or as otherwise required by law; and perform functions as otherwise described to you at the time of collection.
  1. Our Disclosure of your Personal Information to Third Parties

We may share your personal information with third parties only in the ways that are described in this Privacy Policy:

  • we may provide your information to vendors who perform functions on our behalf, such parties provide hosting and maintenance services, virtual infrastructure, analysis and other services for us;
  • we may allow a potential acquirer or merger partner to review our databases, although we would restrict their use and disclosure of this data during the diligence phase;
  • as required by law enforcement, government officials, or other third parties pursuant to a subpoena, court order, or other legal process or requirement applicable to our Company; or when we believe, in our sole discretion, that the disclosure of personal information is necessary to prevent physical harm or financial loss; to report suspected illegal activity or to investigate violations of our agreements or Company policies; to enforce our terms and conditions, to protect the security or integrity of our products and services, and when you give us consent to do so.

Please note that these third parties may be in other countries where the laws on processing personal information may be less stringent than in your country.

  1. Your Access to and Updating of Personal Information

You may correct, update, modify, delete or deactivate your personal information by contacting:

  • your program administrator or
  • our support team by e-mail at support@getworkify.com.

Our Company will provide reasonable access to your personal information within 30 days at no cost to end-users and customers upon request made to the contact information provided above. If access cannot be provided within that time frame, our Company will provide the requesting party a date when the information will be provided. If for some reason access is denied, our Company will provide an explanation as to why access has been denied.

  1. Our Security Measures to Protect your Personal Information

Our Company uses industry-standard technologies when transferring and receiving data exchanged between our Company and you to help ensure its security. The Site has security measures in place to help protect information under our control from the risk of accidental or unlawful destruction or accidental loss, alteration or unauthorized disclosure or access. However, “perfect security” does not exist on the Internet. Therefore, we cannot guarantee its absolute security. If you have any questions about the security of our Site or Service, please contact us.

  1. Our Use of Cookies, Web Analytics Services, and Links
  • Cookies. Many of our Web pages use “cookies.” Cookies are text files we place in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other personally identifiable information unless you choose to provide this information to us by, for example, registering at our Site. However, once you choose to furnish the Site with personal information, this information may be linked to the data stored in the cookie. We use cookies to understand Site usage and to improve the content and Service. We also may use cookies to offer you products or services. You have many choices with regards to the management of cookies on your computer. All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage cookies, please consult the privacy features in your browser.
  • Web Analytics Services. We use the following third-party data analytics platforms to improve the Site and Service:
    • Mixpanel. We use Mixpanel, an advanced analytics service provided by Mixpanel, Inc. Mixpanel allows us to analyze how visitors use our Site. Usage information and personal information is stored by Mixpanel and is subject to their privacy policy. You can view Mixpanel privacy policy at https://mixpanel.com/privacy and can read the Mixpanel Terms of use at https://mixpanel.com/terms/. Furthermore, you can opt out of Mixpanel collecting and storing such data at any time by following the instructions in the link below: https://mixpanel.com/optout/.
    • Google Analytics. We use Google Analytics, a service for the marketing analysis of the Site provided by Google, Inc. Google Analytics uses cookies to allow us to see how you use our Site so we can improve your experience. Google’s ability to use and share information collected by Google Analytics about your visits to the Site is restricted by the Google Analytics Terms of Use available at http://www.google.com/analytics/terms/us.html and the Google Privacy Policy available at http://www.google.com/policies/privacy/. You can prevent Google Analytics from recognizing you on return visits to the Site by disabling cookies in your browser. If you prefer to not have data reported by Google Analytics, you can install the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout.
    • Xamarin Insights. We use Xamarin Insights, a service provided by Xamarin, Inc. to analyze usage of our Site, report crashes, collect feedback, and for other purposes. Xamarin Insights may collect personal information. For example, it might collect your user ID or email address so that we can correlate application issues with specific end-users. You can read Xamarin Privacy Policy at https://xamarin.com/privacy. For more information about the terms that govern Xamarin Insights, please visit the Xamarin Insights terms of service at https://xamarin.com/cloud-services-agreement.
  • Links. We may create links to other Web sites. We will make a reasonable effort to link only to sites that meet similar standards for maintaining each individual’s right to privacy. However, many other sites that are not associated with or authorized by our Company may have links leading to our Site. Our Company cannot control these links and we are not responsible for any content appearing on these sites. Since this Site does not control the privacy policies of third parties, you are subject to the privacy practices of that third party. We encourage you to ask questions before you disclose any personal information to others.
  1. Limiting Use, Disclosure, Retention

Our Company identifies the purposes for which the information is being collected before or at the time of collection. The collection of your personal data will be limited to that which is needed for the purposes identified by our Company. Unless you consent or we are required by law, we will only use the personal data for the purposes for which it was collected. If our Company will be processing your personal data for another purpose later on, our Company will seek your further legal permission or consent; except where the other purpose is compatible with the original purpose. We will keep your personal data only as long as required to serve those purposes. We will also retain and use your personal data for as long as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

  1.  Accuracy of Personal data

We do our best to ensure that the personal data we hold and use is accurate. We rely on the customers we do business with to disclose to us all relevant information and to inform us of any changes.

  1. Marketing Communications

We offer those who provide personal contact information a means to choose how we use the information provided. You may manage your receipt of marketing and non- transactional communications by clicking on the “unsubscribe” link located on the bottom of our marketing emails.

  1. International Transfers of your Personal Information

The Site and Service is hosted and operated entirely in the United States and is subject to United States law. Any personal information that we collect from you is currently stored and processed in the United States. If you are accessing the Site or using the Service outside of the U.S., you need to understand that by accessing our Site or using the Service, you consent to the transfer of your personal information to the United States. Please be advised that United States law may not offer the same privacy protections as the law in your jurisdiction. European Union or Swiss individuals may refer to the Privacy Shield statement below with regard to the transfer of their personal data.

  1. Children’s Privacy

Because of the nature of our business, our services are not designed to appeal to minors. We do not knowingly attempt to solicit or receive any information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us immediately.

13. Your California Privacy Rights (California only)

Our Company does not currently respond to browser “Do Not Track” (DNT) signals or other mechanisms. Third parties may collect personal information about your online activities over time and across sites when you visit the Site or use the Service.

If you are a California resident, California Civil Code Section 1798.83 permits you to request certain information regarding our disclosure of personal information to third parties for the third parties’ direct marketing purposes. To make such a request, please contact us by sending an e-mail to privacy@getworkify.com.

Our Site and Service are not intendent to appeal to minors. However, if you are a California resident under the age of 18, and a registered user of our Site or Service, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an e-mail with a detailed description of the specific content or information to privacy@getworkify.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

Under California law, California residents who have an established business relationship with us may opt-out of our disclosing personal information about them to third parties for their marketing purposes.

  1. Additional Rights (EEA and Switzerland only)

If you reside in the European Economic Area or Switzerland, you may have the right to exercise additional rights available to you under applicable laws, including:

  • Right of erasure. You may have a broader right to erasure of personal data that we hold about you. For example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for record keeping purposes, to complete transactions or to comply with our legal obligations, among other things.
  • Right to object to processing. You may have the right to request that we stop processing your personal data or to stop sending you marketing communications.
  • Right to restrict processing. You may have the right to request that we restrict processing of your personal data in certain circumstances. For example, where you believe that the personal data we hold about you is inaccurate or unlawfully held.
  • Right to data portability: In certain circumstances, you may have the right to be provided with your personal data in a structured, machine readable and commonly used format and to request that we transfer the personal data to another data controller without hindrance.

If you would like to exercise any of the above rights, please contact our support team or contact our Data Protection Officer (see our contact details in Section 17 below). We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.

You may also have the right to make a privacy complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.  If you need further assistance regarding your rights, please contact us using the contact information provided below and we will consider your request in accordance with applicable law. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal data for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

  1. Notice to End-Users

Our Service is intended for use by organizations. Where the Service is made available to you through an organization (e.g. your employer), that organization is the administrator of the Service and is responsible for the accounts and/or Service over which it has control. Please direct your data privacy questions to your program administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.

Program administrators may be able to:

  • help you exercise the rights described in Section 14 above (if applicable);
  • allow you to reset your account password;
  • restrict, suspend or terminate your access to the services;
  • access information in and about your account;
  • access or retain information stored as part of your account;
  • change your information, including profile information associated with your account; and
  • allow you or restrict your ability to edit, restrict, modify or delete information.

Please contact your organization or refer to your administrator’s organizational policies for more information.

  1. Changes to our Privacy Statement

Our Company may change this Privacy Statement at any time by posting a new version. It is your responsibility to review this Privacy Statement periodically as your continued use of the Site and the Service represents your agreement with the then-current Privacy Statement.

  1. Contacting Us

We have designated a Data Protection Officer who is responsible for monitoring our Company’s ongoing compliance of this Privacy Policy. If you have any questions about this Privacy Statement, please contact our Data Protection Officer by e-mail at privacy@getworkify.com.

Privacy Shield Statement
For EEA and Swiss Individuals: Privacy Shield Notice for Personal Data Transfers to the United States

Workify, Inc. (the “Company”, “we” or “us”) complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Economic Area (“EEA”) member countries and Switzerland transferred to the United States pursuant to Privacy Shield.  Workify, Inc. has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this Privacy Policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles will govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

A). Definitions
“Personal Data” means information that (1)is transferred from the EEA or Switzerland to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

“Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

B). Principles
We may receive Personal Data from parties located in the EEA or Switzerland. Such information may contain names, addresses, email addresses and may be about customers, employees of customers, business partners, consultants, employees, and candidates for employment.

Usually, our Company, acting as a Data Processor may receive Personal Data indirectly via our customers or directly via end-users. We execute data processing agreements with such customers which set out the parties’ obligations and responsibilities to comply with the Principles. We will cooperate with our customers to enable them to comply with the Principles, to the extent a Principle is applicable to our Company.

Whenever we process Personal Data, we comply with the Principles (as each Principle is applicable to our role):

  1. Notice. We shall inform an individual of the purpose for which we collect and use their Personal Data and the types of third parties to which our Company discloses or may disclose that Personal Data. Please refer to our main Privacy Policy Statement above for more information regarding our data handling practices. Our Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Data. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Data to our Company, or as soon as practicable thereafter, and in any event before our Company uses or discloses the Personal Data for a purpose other than for which it was originally collected. Our Company may be required to disclose Personal Data in response to lawful request by public authorities, including to meet national security or law enforcement requirements
  2. Choice. Whenever we collect Personal Data directly from individuals for marketing purposes, we will offer those individuals the opportunity to choose (opt out) whether their Personal Data is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, our Company will give individuals the opportunity to affirmatively or explicitly (opt in) consent to the disclosure of the information to a third party or for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Our Company shall treat Sensitive Personal Information received from an individual the same as the individual would treat and identify it as Sensitive Personal Information.

Agents, technology vendors and/or contractors of our Company may have access to an individual’s Personal Data on a need to know basis for the purpose of performing services on our behalf or providing or enabling elements of the services. All such agents, technology vendors and contractors who have access to such information are contractually required to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for us or as otherwise required by law.

  1. Accountability for Onward Transfer. Prior to disclosing Personal Data to a non-agent third party, we shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. Our Company shall ensure that any third party to which Personal Data may be disclosed subscribes to the Principles or is subject to laws providing the same level of privacy protection as is required by the Principles and agrees in writing to provide an adequate level of privacy protection. Our Company may be held responsible in cases of onward transfers to third parties. Our accountability for Personal Data that we receive in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process the Personal Data on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.
  2. Data Security. We shall take reasonable steps to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Our Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Personal Data from loss, misuse, unauthorized access or disclosure, alteration or destruction. However, our Company cannot guarantee the security of Personal Data on or transmitted via the Internet.
  3. Data Integrity and Purpose Limitation. We shall only process Personal Data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, our Company shall take reasonable steps to ensure that Personal Data is accurate, complete, current and reliable for its intended use.
  1. Access and Recourse. We acknowledge the individual’s right to access their Personal Data. We shall allow an individual access to their Personal Data and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. Individuals may contact our Data Protection Officer via email at privacy@getworkify.com to request to access, correct, amend, or delete the Personal Data we hold about you. In cases where we are a Data Processor, individuals must contact the Data Controller first.
  2. Enforcement and Liability. With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In compliance with the Privacy Shield Principles, our Company commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. EEA and Swiss individuals with Privacy Shield inquiries or complaints should first contact us at:

Workify, Inc.
10415 Morado Circle
Building 3, Suite 300
Austin, TX 78759
E-mail: privacy@getworkify.com

a. Human Resources Data. If your complaint involves human resources data transferred to the United States from the EEA or Switzerland in the context of the employment relationship, and our Company does not address it satisfactorily, our Company commits to cooperate with the panel established by the data protection authorities (DPA Panel) and the Swiss Federal Data Protection and Information Commissioner, as applicable and to comply with the advice given by the DPA panel and Commissioner, as applicable with regard to such human resources data.  To pursue an unresolved human resources complaint, you should contact the EU DPA of your home country (a full list of DPAs is available here) or the Swiss Federal Data Protection and Information Commission for more information or to file a complaint. The services listed above are provided at no cost to you. Complaints related to human resources data should not be addressed to the BBB EU PRIVACY SHIELD.

b. Non-Human Resources Data. Our Company has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

C). Amendments

This Privacy Statement may be amended from time to time consistent with the requirements of the Privacy Shield Frameworks. We will post any revised policy on this website.

D). Information Subject to Other Policies

We are committed to following the Principles for all Personal Data within the scope of the Privacy Shield Frameworks. However, certain information is subject to policies of our Company that may differ in some respects from the general policies set forth in this Privacy Statement.

Updated:  October 10, 2018