EFFIVITY PRIVACY POLICY
Last
updated on 14th of June
2020
Protecting your
privacy is of highest importance to us. We shall therefore use your personal data only in the manner set
out in this Effivity
privacy policy (the “Privacy Policy”).
This Privacy Policy describes in detail
what personal data we collect from you, how we use that personal data, to what
third parties we disclose it, how you can manage and control your personal
data, and what steps we take to protect your personal data from unauthorised
use.
If, after reading this Privacy Policy, you have further questions,
please do not hesitate to contact us.
Contents of this Privacy Policy
1. GENERAL INFORMATION
2. WHAT PERSONAL DATA WE COLLECT AND HOW WE USE IT
3. TECHNICAL DATA
4. SHARING OF PERSONAL DATA
5. LINKS TO THIRD PARTY SITES, COMMERCIAL COMMUNICATION, AND ADVERTISEMENT
6. SECURITY PRECAUTIONS
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
8. RETENTION AND STORAGE OF PERSONAL DATA
9. YOUR RIGHTS
10. CHANGES IN THE PRIVACY POLICY
11. QUESTIONS AND CONTACT INFORMATION
1. GENERAL INFORMATION
1.1
Applicability and responsible entity. This Privacy Policy governs the processing of personal data
collected through the website www.effivity.com
(the “Website”) and the related software applications and services
(collectively, “Effivity”) developed, maintained, owned, and operated
by Effivity
Technologies Pvt Ltd having
a registered business address at A-4, Narsinhdham Society, Near Mother School,
Gotri Road, Vadodara, 390021, Gujarat,
India, together
with its affiliates
and subsidiaries (collectively, “we”, “us” and “our”). This Privacy Policy does not apply to
any websites, software products, or services owned and operated by third
parties.
1.2 About Effivity. Effivity is a business automation software-as-a-service (SaaS) product
that allows the Subscribers (as defined below) to streamline workflows of company’s departments and maintain
international certification
standards
in a user-friendly manner.
1.3 Types of data subjects. We collect personal data from different natural and
legal persons accessing and using Effivity, namely:
•
“Subscribers” - our clients, natural or legal
persons, who conclude a service contract with us for the services provided
through Effivity;
•
“Visitors” - natural or legal persons who access
the Website; and
•
“Users” - natural or legal persons to whom the
Subscribers grant access to Effivity.
In the
Privacy Policy, we refer collectively to the Subscribers, Visitors, and Users
as “you” and “your”; to the Subscribers and the Users - the “Clients”.
1.4 Minors. Effivity is not marketed to and should not be accessed and used by
persons who are of age of minority in their jurisdiction (usually - under the
age of 18). Therefore, we do not collect personal data from persons under the
age of 18.
1.5 Validity of the Privacy
Policy. This
Privacy Policy enters into force on the date of the last amendment specified at
the top of the Privacy Policy and continues in effect until updated or
terminated by us. If we decide to amend this Privacy Policy to address changes in our business practices or laws, regulations, and industry standards, we will post
the updated version on this page, change the effective date, and send you a
notice about the changes implemented by us (if we have your contact details).
1.6 Your
consent. Taking into account that we rely on lawful grounds for the
processing of your personal data other than your consent (please refer to
section 2 for more information), we do not ask you to provide us with your
general consent to our privacy policy. Nevertheless, we may seek your specific
and informed consent if we decide to:
•
Collect personal data that is not mentioned in this Privacy Policy;
•
Use your personal data for
purposes that are not indicated in this Privacy Policy;
•
Disclose or transfer your
personal data to third parties that are not specified in this Privacy Policy; or
•
Significantly
amend this Privacy Policy.
1.7 Our role as a data
controller and data processor. When handling personal data, we act as a data controller and a
data processor in terms of the applicable data protection laws, including, but
not limited to, the EU General Data Protection Regulation (GDPR). Our role
depends on the specific situation in which we handle your personal data as
explained in detail below:
•
We act in the
capacity of a data controller
when we ask you to submit your personal data that is necessary to ensure your direct
access and use of Effivity (e.g.,
when you conclude a contract for our services, browse the Website,
or communicate with us). In such instances, we are a data controller because we
make decisions about the types of personal data that should be collected from
you and the purposes for which such personal data should be used. Therefore, we
comply with data controller’s obligations set
forth in the applicable laws.
•
We act in the
capacity of a data processor
in situations when the Clients submit to us
certain information belonging to third parties within the scope of their use of
Effivity in a form of records (the “Records”) and those Records contain
personal data. We do not own, control, or make decisions about the
personal data in the Records and such personal data is
processed only in accordance with the instructions
provided by the respective Clients. The
Clients submitting the Records usually act as data
controllers and they
are responsible for deciding what personal data should be collected from
data subjects and how such data should be processed by
us. In the situations when we act in the
capacity of a data processor, we comply with data processors’ obligations set
forth in the applicable laws. To
ensure that personal data in the Records is processed in accordance with the
strictest data protection standards, we offer our Clients a data processing
agreement that is incorporated by reference in our terms and conditions and
available for consultation at Data Processing Agreement.1.8 Cookies.
We use cookies on the Website. Cookies may be considered to be personal data
because they allow us to track how you use Effivity and customise Effivity
accordingly. In our cookie policy available at Cookie Policy, we explain in detail what types of cookies
we use, for what purposes they are used, and how you can control your cookies.
Please consult the cookie policy for further information.
2. WHAT PERSONAL DATA WE COLLECT AND HOW WE USE IT
2.1 Our primary goal is to provide you a safe,
efficient, smooth and customised experience when
you use Effivity.
When operating Effivity, we comply with data minimisation
principles. It means that we collect only a minimal
amount of personal data that is necessary to ensure your use of
Effivity and make sure that no excessive personal data is collected by us. We
use personal data only for specific purposes for which it is requested. We do
not re-purpose your personal data without your prior consent. When the Clients
submit any personal data through the Records, we process that personal data by
following respective Client’s instructions. In this section, we list all
personal data that we collect from you, process on behalf of the Clients, the
purposes for which we use that personal data, and specify the legal bases on
which we rely when processing your personal data.
2.2 Personal data collected directly from you through Effivity
2.2.1 When the Subscriber registers for a free trial
on the Website, we collect Subscriber’s:
We use such data to:
•
Verify, create, and maintain Subscriber’s user account;
•
To provide the subscriber with the requested services;
•
To contact the Subscriber, if necessary;
•
To analyse our business;
•
To send promotional materials (only if you provide your prior
consent).
•
The email address and phone number collected via Facebook and
Google ads will be used for approaching the interested parties for demo / free
trial purpose. These data will not be shared to any third-party websites.
•
The leads collected via Facebook and Google ads will be stored
in our database for 2 months.
The lawful bases that we rely upon when processing your personal
data are: (i) performing a contract with you, (ii) pursuing our legitimate
business interests (i.e., to analyse and improve our business), and (iii) your
consent (for promotional materials).
2.2.2 When you browse the Website, we or our third-party
analytics service provider collect your IP address and cookie-related data. We
use your IP address to conduct analytics about your use of the Website, analyse
the content available on Effivity, and prevent abuse Effivity. The lawful basis
that we rely upon when processing your IP address is pursuing our legitimate
business interests (i.e., to analyse and improve our business and ensure
security). We use cookie-related data for purposes explained in our cookie
policy available at Cookie Policy
2.2.3 When the Subscriber updates user account, we
collect Subscriber’s:
•
Address(s);
•
Email address;
•
Logo;
•
Phone number;
•
Website URL;
•
Company Tax/Vat number; and
•
Any supporting files that the subscriber decides to upload.
We use such data for the following purposes:
•
To update the user account;
•
To provide the Subscriber with the requested services;
•
To contact the Subscriber, if necessary; and
•
To analyse our business.
The lawful bases that we rely upon when processing personal data
are: (i) performing a contract with the Subscriber, (ii) pursuing our
legitimate business interests (i.e., to analyse and improve our business), and
(iii) consent (for optional personal data).
2.2.4 When the Clients create or upload the Records
through Effivity and those Records contain Clients’ personal data provided at
their own discretion, we use that personal data to:
•
To provide the Clients with the requested services; and
•
Process the Records.
The lawful basis that we rely upon when processing Clients’
personal data is performing a contract with the Subscriber.
2.2.5 When you contact us by email, we collect your:
•
Name;
•
Email address; and
•
Any information that you, at your own discretion, decide to
provide in your message.
We use such data to respond to your inquiry. The
lawful basis that we rely upon is pursuing our
legitimate business interests (i.e., to
grow our business); if you provide optional
personal data, the lawful basis is your consent.
2.2.6 When the Subscriber makes a payment, we collect
Subscriber’s:
•
Name;
•
Billing address
•
PayPal details; or
•
Credit card details (credit card number, expiry date, and CVC).
We use such payment data for processing Subscriber’s payments
and maintaining our business and accountancy records. The lawful bases that we
rely upon are performing a contract with the Subscriber and pursuing
our legitimate business interests (i.e., to
administer our business and comply with our legal obligations).
2.3 Personal data processed by us on behalf of our Clients. When
the Clients create or upload the Records and those Records contain personal
data collected from data subjects, that personal data may include data
subjects’:
We use such data to provide the Clients with the requested
services. The lawful basis that we rely upon when processing personal data in
the Records is performing a contract with the Client. We do not intentionally access,
manage, correct, delete, share, disclose or grant rights to
the Records in any manner if it is not necessary for the provision of our
services to the Clients, or enforcement of our legal terms, unless if we
are requested by law enforcement agencies to do so.
The Clients are solely responsible for the content of the Records, including
making sure that the personal data in the Records was obtained in a lawful
manner. The Clients are not allowed to submit any personal data that was
obtained in an unlawful manner (e.g., without consent of a data subject). We shall not be
liable, for any reason whatsoever, for the authenticity of any personal data
provided by the Clients through the Records.
2.4 Sensitive data. We do not directly collect special
categories of personal data (also known as sensitive data), i.e., information
about natural person’s health, opinion about
religious and political beliefs, racial origins, membership of a professional
or trade association, or information about sexual orientation. In
certain cases, we may process such
sensitive data if it is included in the
Records. The Clients submitting the Records are solely responsible for
obtaining sensitive data in a legitimate manner. The legal basis on which we
rely when processing sensitive data (if any) is performing a contract with the
respective Client.
2.5 Personal data collected in other occasions. You may
also, at your sole discretion, submit your personal data in instances that are
not mentioned in this section above. For example, if
you request support, participate in an activity
organised by us, submit your feedback,
reviews, comments, post messages on our message boards, chat
rooms or other message areas, upload or exchange any content, we
may collect certain personal data that is relevant to that particular case.
Please note that the provision of such data is optional and you may choose what
personal data you would like to share with us. We will use such personal data
to reply to you, provide you with the requested services, or for pursuing our
legitimate business interests (i.e., to analyse
and improve our business).
2.6 Your refusal to provide personal data. You always have
the option to not provide information by choosing not to use a particular service
or feature of Effivity. However, please note that, if
you decide not provide us with your
personal data when requested, we may not be able to perform the
requested operation and you may not be able to use the full functionality of Effivity
or get our response.
3. TECHNICAL DATA
3.1 When you
use Effivity, we or our third-party service
providers may automatically collect information about your activity on Effivity, your computing device, system or other
technical data that helps
us to analyse Effivity and
to direct you to the appropriate information or service.
3.2 Types of technical data that
we collect. We
collect the following types of technical data:
•
The type of your
device;
•
The type of your
operating system;
•
The type of your
browser;
•
Your scroll depth;
•
The pages that you
view and your time logs;
•
Web addresses that
you access from the Website;
•
Information about
your screen; and
•
Your other online
behaviour data.
•
IP Address
3.3 Purposes of technical data. We use technical data listed above to
assist you in using Effivity (e.g., to avoid re-entering certain
data), resolve
technical issues, analyse your use of Effivity, personalise your browsing experience, improve Effivity, develop new services, and prevent abuse.
3.4 Aggregated and de-identified
data. If we combine technical data collected from you with your personal data and such combination allows us to identify you as a natural
person, we will treat aggregated data as personal data. If
your personal data is de-identified, such data will not be personal data and we reserve the right to use it for any reasonable business purpose.
4. SHARING
OF PERSONAL DATA
4.1 We
do not share your personal data with third parties, except where necessary to ensure the provision of Effivity, as described in detail below. We do not sell your personal
data to third parties.
4.2 When we disclose personal
data. To ensure
and facilitate the provision of Effivity, we may need to disclose personal data to our
affiliates, third-party service
providers, and other third parties mentioned in
this section 4. We
shall disclose personal data
only in circumstances where:
•
Your
personal data is necessary for (i) ensuring the provision of services requested
by you, (ii) replying to your inquiries, or (iii) achieving other purposes for
which your personal data was provided;
•
We have obtained your
prior specific and informed consent before sharing or disclosing your
personal
data to third parties
for any purpose that is not directly connected with providing Effivity to
you as mentioned above. Those entities and affiliates may not market to you as
a result of such sharing, unless you explicitly opt-in to receive their marketing communication; or
•
We in good faith believe
that access, use, preservation or disclosure of your personal data
is reasonably necessary to:
(i) satisfy any applicable
law, regulation, legal process,
enforceable governmental
or regulatory request; (ii)
enforce our legal terms; (iii)
detect, prevent, or otherwise address fraud, security or technical issues; or (iv)
protect our or your
rights, property or
safety, as required or permitted by law.
4.3. List of third parties that
access your personal data. The third parties that we cooperate with to ensure and facilitate the provision of Effivity
(our data processors) agree to ensure an adequate level of protection for your personal data that is consistent with this Privacy Policy and the applicable data protection laws. Our data processors include the following
entities:
•
Our hosting and cloud storage service provider Microsoft Azure (https://azure.microsoft.com) located in the United States;
•
Our
database service providers Microsoft Azure(https://azure.microsoft.com) and
MongoDB Atlas (https://www.mongodb.com/cloud/atlas) located in the United States;
•
Our
marketing and newsletter service provider Agile CRM (https://www.agilecrm.com) located in the United States;
•
Our
analytics service provider Google Analytics (https://analytics.google.com/) located in the United States;
•
Our payment
service providers PayPal (https://www.paypal.com) and Stripe (https://stripe.com) located in the United States;
•
Our survey
service provider SurveyMonkey (https://www.surveymonkey.com) located in the United States;
•
Our email
service provider SendGrid (https://sendgrid.com) located in the United States;
•
Our mobile
authentication service provider Twilio Authy (https://www.twilio.com/authy) located in the United States;
•
Our video
conference service provider Microsoft Teams, located in the United States; and
•
Our
independent contractors that provide us with support and consulting services.
4.4 Merger and acquisition. We may
also share with or transfer to another business entity some or all of your personal data, in the event of merger or
acquisition with, or be acquired by that business entity, or reorganisation, amalgamation,
restructuring of business or sale (including any transfers made as a part of an
insolvency or bankruptcy proceeding). Pursuant to the consummation of such
transaction, the new business entity (or the new combined entity) will be
required to follow this Privacy Policy with respect to your personal data.
4.5 Disclosures required by law. If we receive a request from a public authority, we may disclose information about you, including your personal data, if such a disclosure is
necessary for pursuing
a public interest objective, such as national security or law enforcement
(e.g., if we have a good-faith
belief that it is necessary to comply with a court order, ongoing judicial
proceeding, or other legal process served to us or to exercise our legal rights
or defend against legal claims).
4.6 Internet advertising. We may use pixel tags to track the actions of users on our site. Pixel tags measures the success of our marketing campaigns and compile statistics about the usage of the sites.
5.
LINKS TO THIRD PARTY SITES,
COMMERCIAL
COMMUNICATION, AND
ADVERTISEMENT
5.1 Third-party links. Effivity
may contain links to other sites or frames of other sites. Please be aware that
we are not responsible for the privacy practices of those third parties. For security purposes, you should always consult the privacy
notices of any third-party, websites, software, or service that you access.
5.2 Commercial communication. From time to time, we
may send you promotional information
about us, our discount
offers, our other
services, websites, sales
promotions, newsletters, and SMS updates relating to Effivity.
You will receive such
commercial communication only in the following instances:
•
If we
receive your prior express (“opt-in”) consent to receive marketing messages (please note that your voluntary
subscription to our newsletters or other promotional materials substitutes such
consent); or
•
If we decide to send you
marketing messages about our new services that are closely related to the services already used by you.
5.3 Opting-out from commercial
communication. If you would prefer not to receive
any commercial communication from us (or
any part of it), you can easily opt-out free of charge.
To do so, please click the “unsubscribe” link in any email that we
send to you or follow the un-subscription process as detailed in the SMS.
Kindly note that unsubscribing from one commercial communication medium does not
automatically lead to un-subscription from the other. We will cease to send you commercial communication as soon as possible. If you have any
concerns regarding our commercial communication, please contact us immediately.
5.4 Informational notices. From time to time, we send you important
informational notices related to service updates, technical or administrative
matters, information about Effivity, your orders, payments, user accounts, your privacy and security, and other important matters. Such
informational notices are sent on an “if-needed” basis and they do not fall
within the scope of commercial communication that requires your prior consent.
5.5 Advertisement. Effivity may feature advertisements placed by us or by third parties.
Some of those advertisements are based on your interests and data generated by
your cookies. We are not responsible in any manner for the content of
third-party advertisements or commercial practices of providers of such
advertisements. Please exercise your due diligence when relying on any
third-party information available on the Website.
6. SECURITY
PRECAUTIONS
6.1 We adopt industry
appropriate data collection, storage and processing practices and reasonable
physical, electronic and managerial procedures to safeguard and secure your personal data. Effivity
has stringent security measures in place to prevent loss,
misuse, unlawful interception and alteration of your personal data under our control in
compliance with the applicable laws and rules related thereto. Whenever you
access Effivity,
we offer the use of a secure server. Once your personal data is in our possession, we adhere to strict
security guidelines, protecting it against unauthorised access.
6.2 The
security measures taken by us include:
•
Secured networks and
databases;
•
SSL encryption;
•
Firewalls;
•
Strong passwords;
•
Hashed passwords;
•
Limited access to personal data by our staff;
•
Anonymisation
of personal data; and
•
Security certificates (we are ISO 27001:2013
certified).
6.3 No
website on the Internet is completely free of
security risks. Therefore, we do not make any
representation in respect of the same. Unless stated otherwise in the applicable law, we
shall not be liable for
any security breaches
that occur
outside our reasonable control. Further, although we put reasonable efforts to
ensure that Effivity is free of any viruses and other
harmful content, we do not warrant that Effivity or
any electronic communication made by us
is free of any faults. If a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by
the applicable law. Our liability for any security breach will be limited to
the highest extent permitted by the applicable law.
7. INTERNATIONAL TRANSFERS OF PERSONAL DATA
7.1 If it is necessary for the provision and facilitation of Effivity,
your personal data may be transferred to third parties outside the country
where you reside. When the transfer is necessary, we implement the necessary
safeguards to ensure that the transferred personal data is properly protected.
7.2 Some of
third parties listed in section
4 of this Privacy Policy are
located outside the country in which data
subjects reside. For example, if you reside
in the country belonging to the European Economic Area (EEA),
we need to transfer your personal
data to jurisdictions outside the EEA (e.g., to the United
States).
7.3 In case it is necessary to
make such a transfer, we will make sure that the jurisdiction in which the
recipient third party is located guarantees an adequate level of protection for
personal data, the recipient is a
Privacy-Shield certified entity,
or we conclude an agreement with the respective third party that ensures such
protection (e.g., a data processing agreement based pre-approved
standard contractual clauses).
8. RETENTION AND STORAGE OF PERSONAL DATA
8.1 Retention
of personal data. We store your
personal data in our databases only as
long as such personal data is necessary
for the purposes described in this Privacy Policy or
until you request us to
delete your personal data. After your personal
data becomes no longer necessary for its
purposes and there is no other lawful
basis for storing it, we will immediately securely delete
such personal data from our databases.
8.2 Retention of the Records. We
store the Records as
long as the Records are necessary for the services requested by our Clients or
until the Clients decide to delete the Records from Effivity.
After the provision of the respective services ceases or our Clients
request us to delete the Records and there is no
other legal basis for storing the Records,
we immediately securely delete the
Records from our systems.
8.3 Retention of non-personal
data. We retain non-personal data (e.g.,
technical data collected from you or de-identified data) for
as long as necessary for the purposes described in this Privacy Policy,
including for the time period
needed for us to pursue legitimate business interests.
8.4 Retention as required by law.
In certain
cases prescribed by law, we are obliged
to store your personal data for a limited
period of time (e.g., for accountancy purposes or for
archiving our business records). In such cases, we store relevant
personal data for the time period stipulated by the applicable
law and delete the personal data as soon as the required retention period
expires.
9. YOUR RIGHTS
9.1 You have certain rights prescribed by law to control how we
process your personal data. In this section, we list the rights that you have
and explain how you can exercise those rights.
9.2 Unless
there are any exemptions provided by the applicable
law, you have the right to
ask us to:
• Get
a list of your personal data that
we store;
• Get
information about the purposes for
which your personal data is processed;
• Rectify
inaccurate personal data;
• Move
your personal data to another processor;
• Delete
your personal data from our systems;
• Object and restrict processing of your personal data (e.g., for marketing purposes);
• Withdraw your consent,
if you have previously provided it; or
• Process your complaint regarding your personal data.
9.3 Some of the rights
above (e.g., rectification or deletion of your personal data) can be exercised
through your user account. You merely need to edit or delete personal data that
you do not wish to share and we will amend our records accordingly. To exercise
other rights, you can contact us by email at privacy[at]effivity.com and explain your
request in detail. We
reserve the right to ask you for an identifying
piece of information to
verify the legitimacy of your request. Your request
will be answered within a
reasonable timeframe but no later than 2 weeks.
9.4 If you have any concerns about the way in
which we handle your personal data, we kindly ask you to contact us. We
will investigate your complaint and provide you with our response as soon as
possible. If you are not satisfied with the outcome of your complaint, you have
the right to lodge a complaint with your local data protection authority.
9.5 Requests regarding the personal data in the Records. We
act in the capacity of a data processor with regard to the
personal data submitted by
the Clients through the Records. We
do not accommodate requests related to the access,
rectification, deletion, or other rights with regard
to the personal data in the Records.
The persons that would like to exercise their rights with regard to the personal
data processed by us via the
Records should contact our Client
that acts as a data controller with regard to that
personal data. In case we receive a request
related to the Records directly from a
data subject, we will not take action and inform the
respective data controller without undue
delay.
10. CHANGES
IN THE PRIVACY POLICY
10.1 If we decide to change our
Privacy Policy,
we will post those changes on this page in order to keep you informed. We will specify the date of last amendment at the top of the
Privacy Policy. If we have your
email address, we will send you a notification about the changes implemented by
us. We
encourage you to review our Privacy Policy from time to time to stay informed.
10.2 If we
decide to implement significant material changes in the Privacy Policy or,
where required by the applicable law, we may seek your specific and informed
consent.
11.
QUESTIONS AND CONTACT INFORMATION
It is our goal to make our privacy practices easy to
understand. If you have any questions, concerns or if you would
like more detailed information, please email our privacy officer at privacy[at]effivity.com .
You can also
contact us by post at:
A-4, Narsinhdham Society, Near Mother
School, Gotri Road, Vadodara, 390021, Gujarat,
India
***
