Updated: October 15, 2019
WorkDone Respects Your Privacy
Your privacy is our top priority. A combination of policy, innovative thinking, and a deep respect for your right to privacy ensure that your data is always kept safe and secure.
Who We Are
WorkDone is in the business of cloud-based Work Heuristics Management (WHM) Platform. “WorkDone Services” are offered as a Software-as-as-Service. Our technology comprises of technology components, automation services, web clients, mobile apps, vertical business solutions, web services and web portals that are made available from the Cloud.
Who You Are
Unless otherwise noted, we refer you, the Customer, as an Enterprise account, SMB (Small/Medium-size Business), Partner or End-User.
As an individual, at any point while WorkDone or our subprocessors are in possession, or processing your personal data, all data subjects (you) have the following rights:
• Access: You can request more information about the Personal Data we hold about you. You can also request a copy of the Personal Data.
• Rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your service account. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
• Objection: You can contact us to let us know that you object to the collection or use of your Personal Data for certain purposes.
• Erasure: You can request that we erase some or all of your Personal Data from our systems. Data subjects who want their data deleted can do so by deactivating their account. Deactivation will delete all account usage and related information. If you are not a WorkDone customer and would like your data deleted, please contact the data Controller directly about deleting information.
• Restriction of Processing: You can ask us to restrict further processing of your Personal Data.
• Portability: You have the right to ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
• Withdrawal of Consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Products.
• Right to File Complaint: You have the right to lodge a complaint about WorkDone’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State.
Our Data Protection Principles
1. Data Portability
You may export your WorkDone data at any time you wish during the life of your account. If you discontinue payment, your account will enter a frozen (read-only) state for a period not less than six months during which you may still retrieve and export your data.
Export is limited to your Secure Data. Vault permissions, the structure of groups of individuals, and other information about the relationship between individuals and data is not guaranteed to be included in export.
2. Your Right to Know to What We Know
You have the right to know what we know about you and to see how that data is handled. You may request a screenshot of what we can see about you in our back office systems. However, to protect customer privacy, such requests must be carefully authenticated beyond demonstrating control of the customer’s email address.
3. Your Right to Have Your Data Erased
As we are merely custodians of your data, account owners have the right to instruct us to remove data permanently from our systems. To ensure that no one’s data is deleted without their consent, you must first delete your account through an authenticated session. After your account has been deleted, the account owner may contact us and ask for the data to be expunged. Once the request is authenticated, the data will be removed from our active systems within 72 hours.
Disaster recovery and data availability requirements mean that WorkDone has a legitimate interest in maintaining secure and immutable backups. Backups are kept for 35 days. Erasure requests will leave those backups untouched, and we will only remove data from backups if legally compelled to.
4. Your Right to Access and Control Your Personal Data
• Right of access – you have the right to request for the details of personal information that we have of you.
• Right of rectification – you have a right to amend data that is inaccurate or incomplete.
• Right to be forgotten – you have the right to request that your data are removed from our records
• Right to restriction of processing – you have a right to restrict the processing if applicable
• Right of portability – you have the right to have the data we hold about you transferred to another organisation
• Right to object – you have the right to object to certain types of processing such as direct marketing
• Right to object to automated processing, including profiling – you have the right not to be subject to the legal effects of automated processing or profiling
What Information WorkDone Collects and Why
Information you provide to us: When you register for and use WorkDone, you are providing us with information, which we collect. This information may include your name, surname, billing and mailing address, email address, phone number(s), and credit card information. We use a third-party intermediary to manage credit card processing. This intermediary is not permitted to store, retain, or use your billing information for any purpose except for credit card processing on our behalf.
Information from your use of Services: This information may include IP Address, location information, date and time, browser type, and any other action you might have taken to use and while using the Services. In addition, the Service can be configured to capture the following data from subjects monitored by the Service: Screen recording, keystrokes, website visit history, application usage history, search engine queries, emails, instant messages, social media posts, audio, printed documents, network activity, log in / log out activity, file transfer activity, and time active/idle.
• Services provision
• Account creation
• Services billing
• Customer support
• Service personalization
• Information transfer: M&A, consolidation, or acquisition
• Discovery: Respond to subpoenas, court orders, or legal process
We do not collect or obtain data from third parties. We collect some data from you, in order to provide you with our WorkDone products and associated services. You provide some data directly, such as when you create a WorkDone account, when you register for a WorkDone event or a webinar, or contact us for support. Such data is limited to your email address only. We get some limited data from your use of the WorkDone products and services. Such data includes your IP address, and the make and model of your device through which you access or use WorkDone products or services.
We use your personal data to provide you with services associated with the use of WorkDone account and to provide you with a rich customer experience through our customer support. In particular, we use your data to provide WorkDone services, which includes updating, securing and troubleshooting, and providing support.
The following is a more detailed description of the types of WorkDone account user data:
We process two kinds of user data to deliver our services: (i) Secure Data and (ii) Service Data. Both are treated securely with respect for customer privacy and data confidentiality, but there are important technical and usage differences.
Secure Data are the data that we are not capable of decrypting under any circumstances. It includes all information stored within vaults in WorkDone accounts. These data are encrypted using secure cryptographic keys that exist only in the possession and under the control of our customers. We have no way of accessing or providing decrypted Secure Data, and we never receive copies of unencrypted Secure Data.
Your Secure Data is your property. We claim no rights to it beyond those necessary to deliver services to you. You may add, modify, and delete Secure Data at your discretion. If you do not have a WorkDone account, you cannot provide us with Secure Data.
We inevitably acquire Service Data about your usage of WorkDone, your account, and your payments through operating our services. We retain only enough Service Data to operate and maintain the services. These data are never used for any other purpose.
Service Data are kept confidential. It is visible to our staff and includes, but is not limited to, server logs, billing information, client IP addresses, number of vaults and number of items in vaults, company or family name, and email addresses. Service data includes the name you provide us for your profile and any image that you may upload, at your option and discretion, as part of your profile.
As long as you are using our services, we retain the right to hold and use Service Data to provide our services, troubleshoot problems, analyze the performance and demands on our services, and to provide our payment processors with the information they need to process payments.
Diagnostic Data are a category of Service Data which are not automatically collected or required for operation of our services.
In some cases we seek diagnostic reports and other troubleshooting, bug, and crash reports from customers to help identify and solve problems with our products and services. This information is sent to us only on a case by case basis, or by users who explicitly opt into our beta software programs or who otherwise explicitly choose to provide diagnostic data to us.
Diagnostic Data may contain sensitive information about your devices and operating environment as well as personally identifying information. Although there may be occasions when we ask for Diagnostic Data to assist you with a problem, you are never obligated to provide it.
We collect information about where you are located when you are using our Products. We use this information for purposes such as optimizing your connection to our data center, supporting compliance, and suggesting customizations to your experience with our Products (e.g. your language preference).
Protection of Personal Information and Content
Your Content may be viewed where necessary to protect the rights, property or personal safety of WorkDone and its users, or in order to comply with our legal obligations, such as responding to warrants, court orders or other legal process. We vigilantly protect the privacy of your account contents and, whenever we determine it possible, we provide you with notice if we believe we are compelled to comply with a third party’s request for information about your account.
Any information that you post in our public social media sites like LinkedIn, Twitter, Facebook, comments can be read, collected and used by anyone and could enable others to send you unsolicited messages, or if you choose to allow your content to be downloaded, screenshot, email, shared, uploaded or distributed using your email, or chat applications,
Sharing of Personal Information and Content
While we never share your personal information with non-affiliated companies, we may share your personal information in the following ways:
• Public authorities in the event of priority legislation.
• External service providers or other contractors.
• Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.
We may share information with service providers who provide necessary services to WorkDone and to strategic partners who help us market WorkDone – for instance to send out newsletters or to process payments.
If a transfer of your information is required under the terms of a reorganization, merger, or sale of the company.
When we determine that information is aggregate information or other information that does not identify you.
WorkDone does not sell or rent user information. Your information may ONLY be provided to 3rd party service providers (or sub-processors) when:
• Explicit consent is given by you to share your information.
• Your information is required by service providers;
• to process data on our behalf in order to operate the Service and/or complete your payment transactions; and these providers are subject to strict data protection law requirements.
• to fulfil your product or service requests, including sales, delivery and support for certain products or services.
• Access, preservation or disclosure of information is required permitted by law to protect the rights, property or personal safety of WorkDone, our partners and users of the Service, or is required to comply with applicable laws, including compliance with warrants, court orders or other legal process.
Some third parties may embed plugins on the Service, such as Facebook “Like” buttons, and may allow their operators to learn that you have visited our website. They may combine this information with other, identifiable information they have collected about your visits to other websites or online services.
What is a Subprocessor?
WorkDone uses certain subprocessors to support delivery of our Services. This page provides important information about the identity, location and role of each Subprocessor.
A subprocessor is a third party data processor engaged by WorkDone, who has or potentially will have access to or process customer data.
Prior to engaging any third party subprocessor, WorkDone evaluates their security and privacy posture.
As our business grows and evolves, the subprocessors we utilize may also change. We will provide the owner of Customer’s account with notice of any new subprocessors to the extent required under contractual agreement, along with posting such updates here.
We process Personal Data when you use our website, desktop client and mobile applications to use or sign-up to use our Service for purposes such as:
• Account configuration
• Account maintenance
• Enabling meetings and webinars between users and third-party participants
• Hosting and storing personal data from meetings and webinars (only to provide the Service)
• Personalizing, improving or operating our Service and business
• Fulfilling requests you make related to the Service
• Protecting, investigating and deterring against fraudulent, harmful, unauthorized or illegal activity
• Providing reports based on information collected from use of our Service
• Processing your orders and deliver the Service that you have ordered
• Providing support and assistance for our Service
• Providing the ability to create personal profile areas and view protected content
• Providing the ability to contact you and provide you with shipping and billing information
• Providing customer feedback and support
• Complying with our contractual and legal obligations, resolving disputes with users, enforcing our agreements
We process Personal Data when you visit our website to:
• To keep you up to date on the latest Product announcements, software updates, software upgrades, system enhancements, special offers, and other information
• To provide customer feedback and support
• To provide and administer opt-in contests, sweepstakes or other marketing or promotional activities on the WorkDone.ai or affiliate websites
• Providing you with information and offers from us or third parties
• To the extent you choose to participate, to conduct questionnaires and surveys in order to provide better products and services to our customers and end users
• To support recruitment inquiries
• To personalize marketing communications and website content based on your preferences, such as in response to your request for specific information on products and services that may be of interest
• To contact individuals that you refer to us and identify you as the source of the referral, in accordance with the “Referral” section below
Legal rights to access personal data
Legal basis to process personal data
Use of Google Analytics & Social Conversion Tracking
According to the General Data Protection Regulation 2016/679 of the European parliament and of the council of 27 April 2016 (the “Regulation”), you have – at any time – a right of access, correction, and deletion of your data. In certain circumstances you also have the right to request the restriction of processing your Personal Data, to object to processing of your Personal Data, as well as the right to define guidelines related to the fate of your Personal Data after your death.
You have the right to object to your Personal Data being processed by us on the basis of our legitimate interests.
Where we are relying on consent to process your Personal Data you may withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried our before you withdraw your consent.
You also have the right to receive Personal Data which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller under conditions and in accordance with the Regulation.
If you are a resident of the European Economic Area and believe we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you may direct questions or complaints to the lead supervisory authority.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
CCPA – California Consumer Privacy Act
We will comply with applicable laws and the contracts with our customers to provide Service Data and encrypted Secure Data to law enforcement agencies. If permitted, we will notify you of such a request and whether or not we have complied. Your Secure Data remains encrypted with keys which we do not possess, and so we can only hand over Secure Data in encrypted form.
Some Service Data is made available to family account organizers and team owners. In some limited circumstances we may provide some information to non-owner members of these accounts. Account owners will be informed in these circumstances.
In an event of a breach, we recognize our responsibility to our customers and to the public to disclose the nature of the risk and provide a transparent account of the events without undue delay. We follow applicable requirements under the laws, that is, the Canadian data privacy breach notification requirements and the requirements related to data breach notification under the GDPR.
Specific information for the processing of customer data/prospective parties’ data
Specific information about the application process
Specific information for the processing of supplier data
Categories of recipients:
Duration of data storage:
You may not post, modify, distribute, or reproduce in any way copyrighted material.
No High Risk Use
The Services are not designed or licensed for use in hazardous environments requiring fail-safe controls, including without limitation operation of nuclear facilities, aircraft navigation/communication systems, air traffic control, and life support or weapons systems. The Services shall not be used for or in any HIGH RISK environment.
You acknowledge that any use of the Services contrary to this Agreement, or any transfer, sublicensing, copying or disclosure of technical information or materials related to the Services, may cause irreparable injury to WorkDone, its Affiliates, suppliers and any other party authorized by WorkDone to resell, distribute, or promote the Services (“Resellers”), and under such circumstances WorkDone, its Affiliates, suppliers and Resellers will be entitled to equitable relief, without posting bond or other security, including, but not limited to, preliminary and permanent injunctive relief.
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here and by email.