EFFIVITY PRIVACY POLICY

 

Last updated on 14th of June 2020

 

 

Protecting your privacy is of highest importance to us. We shall therefore use your personal data only in the manner set out in this Effivity privacy policy (the “Privacy Policy”). This Privacy Policy describes in detail what personal data we collect from you, how we use that personal data, to what third parties we disclose it, how you can manage and control your personal data, and what steps we take to protect your personal data from unauthorised use.

 

If, after reading this Privacy Policy, you have further questions, please do not hesitate to contact us.

 

Contents of this Privacy Policy

1. GENERAL INFORMATION

2. WHAT PERSONAL DATA WE COLLECT AND HOW WE USE IT

3. TECHNICAL DATA

4. SHARING OF PERSONAL DATA

5. LINKS TO THIRD PARTY SITES, COMMERCIAL COMMUNICATION, AND ADVERTISEMENT

6. SECURITY PRECAUTIONS

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

8. RETENTION AND STORAGE OF PERSONAL DATA

9. YOUR RIGHTS

10. CHANGES IN THE PRIVACY POLICY

11. QUESTIONS AND CONTACT INFORMATION

 

 

 

1. GENERAL INFORMATION

1.1 Applicability and responsible entity. This Privacy Policy governs the processing of personal data collected through the website www.effivity.com (the “Website”) and the related software applications and services (collectively, “Effivity”) developed, maintained, owned, and operated

by Effivity Technologies Pvt Ltd having a registered business address at A-4, Narsinhdham Society, Near Mother School, Gotri Road, Vadodara, 390021, Gujarat, India, together with its affiliates and subsidiaries (collectively, “we”, “us” and “our”). This Privacy Policy does not apply to any websites, software products, or services owned and operated by third parties.

1.2 About Effivity. Effivity is a business automation software-as-a-service (SaaS) product that allows the Subscribers (as defined below) to streamline workflows of company’s departments and maintain international certification standards in a user-friendly manner.

1.3 Types of data subjects. We collect personal data from different natural and legal persons accessing and using Effivity, namely:

•         “Subscribers” - our clients, natural or legal persons, who conclude a service contract with us for the services provided through Effivity;

•         “Visitors” - natural or legal persons who access the Website; and

•         “Users” - natural or legal persons to whom the Subscribers grant access to Effivity.

In the Privacy Policy, we refer collectively to the Subscribers, Visitors, and Users as “you” and “your”; to the Subscribers and the Users - the “Clients”.

1.4 Minors. Effivity is not marketed to and should not be accessed and used by persons who are of age of minority in their jurisdiction (usually - under the age of 18). Therefore, we do not collect personal data from persons under the age of 18.

1.5 Validity of the Privacy Policy. This Privacy Policy enters into force on the date of the last amendment specified at the top of the Privacy Policy and continues in effect until updated or terminated by us. If we decide to amend this Privacy Policy to address changes in our business practices or laws, regulations, and industry standards, we will post the updated version on this page, change the effective date, and send you a notice about the changes implemented by us (if we have your contact details).

1.6 Your consent. Taking into account that we rely on lawful grounds for the processing of your personal data other than your consent (please refer to section 2 for more information), we do not ask you to provide us with your general consent to our privacy policy. Nevertheless, we may seek your specific and informed consent if we decide to:

•         Collect personal data that is not mentioned in this Privacy Policy;

•         Use your personal data for purposes that are not indicated in this Privacy Policy;

•         Disclose or transfer your personal data to third parties that are not specified in this Privacy Policy; or

•         Significantly amend this Privacy Policy. 

1.7 Our role as a data controller and data processor.  When handling personal data, we act as a data controller and a data processor in terms of the applicable data protection laws, including, but not limited to, the EU General Data Protection Regulation (GDPR). Our role depends on the specific situation in which we handle your personal data as explained in detail below:

•         We act in the capacity of a data controller when we ask you to submit your personal data that is necessary to ensure your direct access and use of Effivity (e.g., when you conclude a contract for our services, browse the Website, or communicate with us). In such instances, we are a data controller because we make decisions about the types of personal data that should be collected from you and the purposes for which such personal data should be used. Therefore, we comply with data controller’s obligations set forth in the applicable laws.

•         We act in the capacity of a data processor in situations when the Clients submit to us certain information belonging to third parties within the scope of their use of Effivity in a form of records (the “Records”) and those Records contain personal data. We do not own, control, or make decisions about the personal data in the Records and such personal data is processed only in accordance with the instructions provided by the respective Clients. The Clients submitting the Records usually act as data controllers and they are responsible for deciding what personal data should be collected from data subjects and how such data should be processed by us. In the situations when we act in the capacity of a data processor, we comply with data processors’ obligations set forth in the applicable laws. To ensure that personal data in the Records is processed in accordance with the strictest data protection standards, we offer our Clients a data processing agreement that is incorporated by reference in our terms and conditions and available for consultation at Data Processing Agreement.1.8 Cookies. We use cookies on the Website. Cookies may be considered to be personal data because they allow us to track how you use Effivity and customise Effivity accordingly. In our cookie policy available at Cookie Policy, we explain in detail what types of cookies we use, for what purposes they are used, and how you can control your cookies. Please consult the cookie policy for further information.

 

2. WHAT PERSONAL DATA WE COLLECT AND HOW WE USE IT

2.1 Our primary goal is to provide you a safe, efficient, smooth and customised experience when you use Effivity. When operating Effivity, we comply with data minimisation principles. It means that we collect only a minimal amount of personal data that is necessary to ensure your use of Effivity and make sure that no excessive personal data is collected by us. We use personal data only for specific purposes for which it is requested. We do not re-purpose your personal data without your prior consent. When the Clients submit any personal data through the Records, we process that personal data by following respective Client’s instructions. In this section, we list all personal data that we collect from you, process on behalf of the Clients, the purposes for which we use that personal data, and specify the legal bases on which we rely when processing your personal data.

2.2 Personal data collected directly from you through Effivity

2.2.1 When the Subscriber registers for a free trial on the Website, we collect Subscriber’s:


•         First name;

•         Last name;

•         Email address;

•         Country;

•         Company name;

•         Mobile phone number;

•         IP Address;

•         Company address; and

•         Domain name.


We use such data to:

•         Verify, create, and maintain Subscriber’s user account;

•         To provide the subscriber with the requested services;

•         To contact the Subscriber, if necessary;

•         To analyse our business;

•         To send promotional materials (only if you provide your prior consent).

The lawful bases that we rely upon when processing your personal data are: (i) performing a contract with you, (ii) pursuing our legitimate business interests (i.e., to analyse and improve our business), and (iii) your consent (for promotional materials).

2.2.2 When you browse the Website, we or our third-party analytics service provider collect your IP address and cookie-related data. We use your IP address to conduct analytics about your use of the Website, analyse the content available on Effivity, and prevent abuse Effivity. The lawful basis that we rely upon when processing your IP address is pursuing our legitimate business interests (i.e., to analyse and improve our business and ensure security). We use cookie-related data for purposes explained in our cookie policy available at Cookie Policy

2.2.3 When the Subscriber updates user account, we collect Subscriber’s:

•         Address(s);

•         Email address;

•         Logo;

•         Phone number;

•         Website URL;

•         Company Tax/Vat number; and

•         Any supporting files that the subscriber decides to upload.

We use such data for the following purposes:

•         To update the user account;

•         To provide the Subscriber with the requested services;

•         To contact the Subscriber, if necessary; and

•         To analyse our business.

The lawful bases that we rely upon when processing personal data are: (i) performing a contract with the Subscriber, (ii) pursuing our legitimate business interests (i.e., to analyse and improve our business), and (iii) consent (for optional personal data).

2.2.4 When the Clients create or upload the Records through Effivity and those Records contain Clients’ personal data provided at their own discretion, we use that personal data to:

•         To provide the Clients with the requested services; and

•         Process the Records.

The lawful basis that we rely upon when processing Clients’ personal data is performing a contract with the Subscriber.

2.2.5 When you contact us by email, we collect your:

•         Name;

•         Email address; and

•         Any information that you, at your own discretion, decide to provide in your message.

We use such data to respond to your inquiry. The lawful basis that we rely upon is pursuing our legitimate business interests (i.e., to grow our business); if you provide optional personal data, the lawful basis is your consent

2.2.6 When the Subscriber makes a payment, we collect Subscriber’s:

•         Name;

•         Billing address

•         PayPal details; or

•         Credit card details (credit card number, expiry date, and CVC).

We use such payment data for processing Subscriber’s payments and maintaining our business and accountancy records. The lawful bases that we rely upon are performing a contract with the Subscriber and pursuing our legitimate business interests (i.e., to administer our business and comply with our legal obligations).

2.3 Personal data processed by us on behalf of our Clients. When the Clients create or upload the Records and those Records contain personal data collected from data subjects, that personal data may include data subjects’:


•         Names;

•         Addresses;

•         Email addresses;

•         Images;

•         Phone numbers;

•         Website URLs;

•         Identification numbers;

•         Professional titles and positions;

•         Payment information;

•         Passwords;

•         Date of Birth

•         Audit documentation; and

•         Any other information that the Clients include in the Records.


We use such data to provide the Clients with the requested services. The lawful basis that we rely upon when processing personal data in the Records is performing a contract with the Client. We do not intentionally access, manage, correct, delete, share, disclose or grant rights to the Records in any manner if it is not necessary for the provision of our services to the Clients, or enforcement of our legal terms, unless if we are requested by law enforcement agencies to do so. The Clients are solely responsible for the content of the Records, including making sure that the personal data in the Records was obtained in a lawful manner. The Clients are not allowed to submit any personal data that was obtained in an unlawful manner (e.g., without consent of a data subject). We shall not be liable, for any reason whatsoever, for the authenticity of any personal data provided by the Clients through the Records.

2.4 Sensitive data. We do not directly collect special categories of personal data (also known as sensitive data), i.e., information about natural person’s health, opinion about religious and political beliefs, racial origins, membership of a professional or trade association, or information about sexual orientation. In certain cases, we may process such sensitive data if it is included in the Records. The Clients submitting the Records are solely responsible for obtaining sensitive data in a legitimate manner. The legal basis on which we rely when processing sensitive data (if any) is performing a contract with the respective Client.

2.5 Personal data collected in other occasions. You may also, at your sole discretion, submit your personal data in instances that are not mentioned in this section above. For example, if you request support, participate in an activity organised by us, submit your feedback, reviews, comments, post messages on our message boards, chat rooms or other message areas, upload or exchange any content, we may collect certain personal data that is relevant to that particular case. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us. We will use such personal data to reply to you, provide you with the requested services, or for pursuing our legitimate business interests (i.e., to analyse and improve our business).

2.6 Your refusal to provide personal data. You always have the option to not provide information by choosing not to use a particular service or feature of Effivity. However, please note that, if you decide not provide us with your personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of Effivity or get our response.

 

3. TECHNICAL DATA

3.1 When you use Effivity, we or our third-party service providers may automatically collect information about your activity on Effivity, your computing device, system or other technical data that helps us to analyse Effivity and to direct you to the appropriate information or service.

3.2 Types of technical data that we collect. We collect the following types of technical data:

•         The type of your device;

•         The type of your operating system;

•         The type of your browser;

•         Your scroll depth;

•         The pages that you view and your time logs;

•         Web addresses that you access from the Website;

•         Information about your screen; and

•         Your other online behaviour data.

•         IP Address

3.3 Purposes of technical data. We use technical data listed above to assist you in using Effivity (e.g., to avoid re-entering certain data), resolve technical issues, analyse your use of Effivity, personalise your browsing experience, improve Effivity, develop new services, and prevent abuse.

3.4 Aggregated and de-identified data. If we combine technical data collected from you with your personal data and such combination allows us to identify you as a natural person, we will treat aggregated data as personal data. If your personal data is de-identified, such data will not be personal data and we reserve the right to use it for any reasonable business purpose.

 

4. SHARING OF PERSONAL DATA

4.1 We do not share your personal data with third parties, except where necessary to ensure the provision of Effivity, as described in detail below. We do not sell your personal data to third parties.

4.2 When we disclose personal data. To ensure and facilitate the provision of Effivity, we may need to disclose personal data to our affiliates, third-party service providers, and other third parties mentioned in this section 4. We shall disclose personal data only in circumstances where:

•         Your personal data is necessary for (i) ensuring the provision of services requested by you, (ii) replying to your inquiries, or (iii) achieving other purposes for which your personal data was provided;

•         We have obtained your prior specific and informed consent before sharing or disclosing your personal data to third parties for any purpose that is not directly connected with providing Effivity to you as mentioned above. Those entities and affiliates may not market to you as a result of such sharing, unless you explicitly opt-in to receive their marketing communication; or

•         We in good faith believe that access, use, preservation or disclosure of your personal data is reasonably necessary to: (i) satisfy any applicable law, regulation, legal process, enforceable governmental or regulatory request; (ii) enforce our legal terms; (iii) detect, prevent, or otherwise address fraud, security or technical issues; or (iv) protect our or your rights, property or safety, as required or permitted by law.

4.3. List of third parties that access your personal data. The third parties that we cooperate with to ensure and facilitate the provision of Effivity (our data processors) agree to ensure an adequate level of protection for your personal data that is consistent with this Privacy Policy and the applicable data protection laws. Our data processors include the following entities:

•         Our hosting and cloud storage service provider Microsoft Azure (https://azure.microsoft.com) located in the United States;

•         Our database service providers Microsoft Azure(https://azure.microsoft.com) and MongoDB Atlas (https://www.mongodb.com/cloud/atlas) located in the United States;

•         Our marketing and newsletter service provider Agile CRM (https://www.agilecrm.com) located in the United States;

•         Our analytics service provider Google Analytics (https://analytics.google.com/) located in the United States;

•         Our payment service providers PayPal (https://www.paypal.com) and Stripe (https://stripe.com) located in the United States;

•         Our survey service provider SurveyMonkey (https://www.surveymonkey.com) located in the United States;

•         Our email service provider SendGrid (https://sendgrid.com) located in the United States;

•         Our mobile authentication service provider Twilio Authy (https://www.twilio.com/authy)  located in the United States;

•         Our video conference service provider Microsoft Teams, located in the United States; and

•         Our independent contractors that provide us with support and consulting services.

4.4 Merger and acquisition. We may also share with or transfer to another business entity some or all of your personal data, in the event of merger or acquisition with, or be acquired by that business entity, or reorganisation, amalgamation, restructuring of business or sale (including any transfers made as a part of an insolvency or bankruptcy proceeding). Pursuant to the consummation of such transaction, the new business entity (or the new combined entity) will be required to follow this Privacy Policy with respect to your personal data.

4.5 Disclosures required by law. If we receive a request from a public authority, we may disclose information about you, including your personal data, if such a disclosure is necessary for pursuing a public interest objective, such as national security or law enforcement (e.g., if we have a good-faith belief that it is necessary to comply with a court order, ongoing judicial proceeding, or other legal process served to us or to exercise our legal rights or defend against legal claims).

 

5. LINKS TO THIRD PARTY SITES, COMMERCIAL COMMUNICATION, AND ADVERTISEMENT

5.1 Third-party links. Effivity may contain links to other sites or frames of other sites. Please be aware that we are not responsible for the privacy practices of those third parties. For security purposes, you should always consult the privacy notices of any third-party, websites, software, or service that you access.

5.2 Commercial communication. From time to time, we may send you promotional information about us, our discount offers, our other services, websites, sales promotions, newsletters, and SMS updates relating to Effivity. You will receive such commercial communication only in the following instances:

•         If we receive your prior express (“opt-in”) consent to receive marketing messages (please note that your voluntary subscription to our newsletters or other promotional materials substitutes such consent); or

•         If we decide to send you marketing messages about our new services that are closely related to the services already used by you.

5.3 Opting-out from commercial communication. If you would prefer not to receive any commercial communication from us (or any part of it), you can easily opt-out free of charge. To do so, please click the “unsubscribe” link in any email that we send to you or follow the un-subscription process as detailed in the SMS. Kindly note that unsubscribing from one commercial communication medium does not automatically lead to un-subscription from the other. We will cease to send you commercial communication as soon as possible. If you have any concerns regarding our commercial communication, please contact us immediately.

5.4 Informational notices. From time to time, we send you important informational notices related to service updates, technical or administrative matters, information about Effivity, your orders, payments, user accounts, your privacy and security, and other important matters. Such informational notices are sent on an “if-needed” basis and they do not fall within the scope of commercial communication that requires your prior consent.

5.5 Advertisement. Effivity may feature advertisements placed by us or by third parties. Some of those advertisements are based on your interests and data generated by your cookies. We are not responsible in any manner for the content of third-party advertisements or commercial practices of providers of such advertisements. Please exercise your due diligence when relying on any third-party information available on the Website.

 

6. SECURITY PRECAUTIONS

6.1 We adopt industry appropriate data collection, storage and processing practices and reasonable physical, electronic and managerial procedures to safeguard and secure your personal data. Effivity has stringent security measures in place to prevent loss, misuse, unlawful interception and alteration of your personal data under our control in compliance with the applicable laws and rules related thereto. Whenever you access Effivity, we offer the use of a secure server. Once your personal data is in our possession, we adhere to strict security guidelines, protecting it against unauthorised access.

6.2 The security measures taken by us include:

•         Secured networks and databases;

•         SSL encryption;

•         Firewalls;

•         Strong passwords;

•         Hashed passwords;

•         Limited access to personal data by our staff;

•         Anonymisation of personal data; and

•         Security certificates (we are ISO 27001:2013 certified).

6.3 No website on the Internet is completely free of security risks. Therefore, we do not make any representation in respect of the same. Unless stated otherwise in the applicable law, we shall not be liable for any security breaches that occur outside our reasonable control. Further, although we put reasonable efforts to ensure that Effivity is free of any viruses and other harmful content, we do not warrant that Effivity or any electronic communication made by us is free of any faults. If a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.

 

7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

7.1 If it is necessary for the provision and facilitation of Effivity, your personal data may be transferred to third parties outside the country where you reside. When the transfer is necessary, we implement the necessary safeguards to ensure that the transferred personal data is properly protected.

7.2 Some of third parties listed in section 4 of this Privacy Policy are located outside the country in which data subjects reside. For example, if you reside in the country belonging to the European Economic Area (EEA), we need to transfer your personal data to jurisdictions outside the EEA (e.g., to the United States).

7.3 In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for personal data, the recipient is a Privacy-Shield certified entity, or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based pre-approved standard contractual clauses).

 

8. RETENTION AND STORAGE OF PERSONAL DATA

8.1 Retention of personal data. We store your personal data in our databases only as long as such personal data is necessary for the purposes described in this Privacy Policy or until you request us to delete your personal data. After your personal data becomes no longer necessary for its purposes and there is no other lawful basis for storing it, we will immediately securely delete such personal data from our databases.

8.2 Retention of the Records. We store the Records as long as the Records are necessary for the services requested by our Clients or until the Clients decide to delete the Records from Effivity. After the provision of the respective services ceases or our Clients request us to delete the Records and there is no other legal basis for storing the Records, we immediately securely delete the Records from our systems.

8.3 Retention of non-personal data. We retain non-personal data (e.g., technical data collected from you or de-identified data) for as long as necessary for the purposes described in this Privacy Policy, including for the time period needed for us to pursue legitimate business interests.

8.4 Retention as required by law. In certain cases prescribed by law, we are obliged to store your personal data for a limited period of time (e.g., for accountancy purposes or for archiving our business records). In such cases, we store relevant personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.

 

 

9. YOUR RIGHTS

9.1 You have certain rights prescribed by law to control how we process your personal data. In this section, we list the rights that you have and explain how you can exercise those rights.

9.2 Unless there are any exemptions provided by the applicable law, you have the right to ask us to:

•    Get a list of your personal data that we store;

•    Get information about the purposes for which your personal data is processed;

•    Rectify inaccurate personal data;

•    Move your personal data to another processor;

•    Delete your personal data from our systems;

•    Object and restrict processing of your personal data (e.g., for marketing purposes);

•    Withdraw your consent, if you have previously provided it; or

•    Process your complaint regarding your personal data.

9.3 Some of the rights above (e.g., rectification or deletion of your personal data) can be exercised through your user account. You merely need to edit or delete personal data that you do not wish to share and we will amend our records accordingly. To exercise other rights, you can contact us by email at privacy[at]effivity.com and explain your request in detail. We reserve the right to ask you for an identifying piece of information to verify the legitimacy of your request. Your request will be answered within a reasonable timeframe but no later than 2 weeks.

9.4 If you have any concerns about the way in which we handle your personal data, we kindly ask you to contact us. We will investigate your complaint and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.

9.5 Requests regarding the personal data in the Records. We act in the capacity of a data processor with regard to the personal data submitted by the Clients through the Records. We do not accommodate requests related to the access, rectification, deletion, or other rights with regard to the personal data in the Records. The persons that would like to exercise their rights with regard to the personal data processed by us via the Records should contact our Client that acts as a data controller with regard to that personal data. In case we receive a request related to the Records directly from a data subject, we will not take action and inform the respective data controller without undue delay.

 

10. CHANGES IN THE PRIVACY POLICY

10.1 If we decide to change our Privacy Policy, we will post those changes on this page in order to keep you informed. We will specify the date of last amendment at the top of the Privacy Policy. If we have your email address, we will send you a notification about the changes implemented by us. We encourage you to review our Privacy Policy from time to time to stay informed.

10.2 If we decide to implement significant material changes in the Privacy Policy or, where required by the applicable law, we may seek your specific and informed consent.

 

11. QUESTIONS AND CONTACT INFORMATION

It is our goal to make our privacy practices easy to understand. If you have any questions, concerns or if you would like more detailed information, please email our privacy officer at privacy[at]effivity.com .

 

You can also contact us by post at:

   A-4, Narsinhdham Society, Near Mother School, Gotri Road, Vadodara, 390021, Gujarat, India

 

***