Last Updated on 4th January , 2021
We are ISO 27001 certified, independently certified for protecting privacy of Personally Identifiable Information (PII) under GDPR readiness, and working on a few other major data privacy certifications.
- The Policy does not apply in relation to other parties’ products, services, websites, resources or activities.
- When we speak of “Personal Data”, we mean any information about a living individual from which that person can be identified (the proper legal definition of ‘personal data’ is “any information relating to an identified or identifiable natural person”, with the person to whom the information relates being referred to as the ‘data subject’). Personal Data do not include information from which no individual can reasonably be identified, that is to say, anonymous information or personal data rendered anonymous in such a manner that the individual is not, or no longer is, identifiable (de-identified or anonymised information). The Policy does not apply to such information.
- The Policy supplements our other terms and policies and is not intended to override them Identifying the data controller.
Identifying the data controller:
- We are a technology company and a lot of what we do involves data processing in one way or another. Various data need to be processed in a number of ways in order for us to carry on our business, including provide, maintain and develop the Service and Websites, and to communicate with you. Information is processed both for us as well as our customers, and customers themselves process information through the Service. Not all of this information constitutes Personal Data and much of the processing is controlled by parties other than we360.ai.
- For instance, the user environment delivered via the Service has certain logically defined parts (each, a “Customer”) where an Employee (“User”) can enter, record, store, use, disclose and otherwise manipulate various data. The data thus processed are referred to as “Customer Data” and it is usually the User who created the Projects, Tasks, Customers etc that determines the purposes of, and otherwise controls, the processing of these data. That authority can be assigned to another User, but, at any rate, there is always one particular User, identified in the Customer as the “Account Owner”, that has legal control over, and is responsible for, Account Data. That User (the Account Owner) is also the ‘controller’ of all Personal Data maintained in the Account. we360.ai processes these data on the Account Owner’s behalf and is thus considered to be the ‘processor’ of the said Personal Data. This means that any enquiry, request, objection or complaint that you as a ‘data subject’ may have in connection with the processing of Personal Data that form part of Account Data (i.e., where the information concerned relates to you) should be addressed to, and resolved by, the relevant Account Owner.
- we360.ai is the ‘controller’ of the Personal Data that are collected by us or on our behalf through the activities listed in section 1 of this Policy, or which are otherwise processed for the purposes of our business. Specifically, it is we360.ai that acts as the ‘controller’ of the said Personal Data. The following sections explain the collection and subsequent processing of these data in more detail.
The information we collect and receive
- we360.ai collects, generates and receives information in a variety of ways. Some of this information constitutes Personal Data and the rest does not. We shall use the word “Information” to designate any and all of the data that are collected, generated or otherwise processed by us or on our behalf. This part of the Policy describes which Information and how is collected or generated through the activities listed in section
- Profile Information :
- Location (Applicable for Mobile Application):
- Billing Information
- Usage Information
- Cookie Information
- “Third-Party Information”
- “Other Information”
Purposes and grounds for Information processing
- The purposes for which Information is processed and the legal grounds for such processing are varied and depend on the nature of the Information. If Information is anonymous or de-identified, we may collect, use, disclose and otherwise process it for any purpose. Our processing of Personal Data, however, is limited to the purposes set out in this Policy.
- Most commonly, we will process your Personal Data in the following circumstances: (a) if we need to perform an agreement you have with us or it is necessary to take pre-contractual steps at your request before entering into such an agreement (we shall refer to these grounds as “Contractual”); (b) where we need to comply with a legal obligation, e.g., one arising from a law or regulation concerning taxation, accounting, financial reporting, prevention of terrorism or money laundering, or judicial or administrative process (this would be a “Legal” ground); (c) if it is warranted by our legitimate interests or those of a third party and such interests are not overridden by yours or your fundamental rights and freedoms (here, the processing would be based on “Interest”); (d) where we have your unambiguous consent before processing your Personal Data in that specific situation (thus allowing us to process these data on the grounds of “Consent”).
- The communications that we initiate with you can broadly be classified as: (a) Service-related technical, administrative, business, legal and subscribed-to promotional messages that we address to Users and which you only receive if you are one (“Service Messages”); and (b) messages about products, services, events and other matters you have shown interest in or which we believe may be of interest to you (“Marketing Messages”).
- You can unsubscribe from certain Service Messages by adjusting your User Account settings and from others by following the instructions provided in the message. There are, however, some Service Messages that form part of the Service and which you cannot opt out of receiving unless you unsubscribe from the Service. As for Marketing Messages, you can always opt out of receiving these, but the variety of procedures for doing so may depend on the nature of the message and whether you have a User Account. If you do, try adjusting your User Account settings, and whether you have an account or not, there should always be opt-out instructions in the message itself. If you have trouble unsubscribing, contact us and we shall opt you out. Our details, as noted, are at the end of this Policy.
Failure to provide Information
- Generally, no one is obliged to give us their Personal Data but failure to do so may, or, depending on the circumstances, will or is likely to, result in our not being able to achieve the data processing purpose(s) and the particular ‘data subject’ may, or, respectively, will or is likely to, miss the benefits corresponding to that purpose (or those purposes).
- Where we need to collect your Personal Data by law or under the terms of a contract we have with you, or in order to enter into such a contract, and you fail to provide those data when requested, we may not be able to perform or enter into the relevant contract (which may be a contract for the provision of the Service or some other benefit). Should that be the case, we may have to cancel a product or service you have with us, but we shall let you know at the time if that applies.
- If you limit the ability of a Service application or Website to set cookies, you may, and in some cases most definitely will, prevent yourself from using that application or site or certain of its features, or may worsen your user experience as the item in question will not be personalised to you. It may also stop you from saving customised settings and you may need to validate your access to the Service or the Website more frequently during your browsing session.
Duration of Personal Data storage
- We only store your Personal Data for as long as necessary in the light of, or compatible with, the purposes for which the data were collected (e.g., enjoying our rights and performing our obligations under the contract you have with us, if that was the sole purpose) and such additional period as may be required by law.
- Legal retention periods vary depending on the type of Information concerned, and they can be quite long. For instance, Personal Data relevant to our accounting or taxation (which is likely to be the case upon some of the Personal Data under the Profile Information and Billing Information categories, and may also apply to some other Personal Data) must be retained for at least seven years after the primary purpose for their processing ceases to apply (e.g., seven years following the financial year when our business relationship with you terminated and the last transaction between us occurred).
Disclosure of Personal Data
- This part of the Policy describes the circumstances in which we may disclose or transmit your Personal Data to third parties. Please note that the sections below only address the disclosures and transmissions of Personal Data and not, for example, anonymous or de-identified Information (which we may transmit and disclose at any time to anyone anywhere, in any manner and for any purpose). Nor does this part deal with the transmission or disclosure of Account Data, which is at the discretion and responsibility of the Account Owner.
- If you invite another User to your Account or join someone else’s Account, you are instructing us to display certain of your Profile Information (which may include your name, address, email address, profile picture, country of residence, time zone and telephone number) and, if applicable, Billing Information (including your name, billing address, billing email address, Tax number and the last four digits of your credit card number) in the Account such that other Users may or will have access to them (depending on their User privileges).
- If you use the Service automated onboard feature to invite someone to become a User, we shall let the invitee know who you are by including some of your Profile Information (name, email address and perhaps your profile picture) in the invitation.
- When you share Account Data or other content from your User Account by distributing links to such data (e.g., to allow someone without a User Account to view something you have created with the Service), certain of your Profile Information (e.g., name, email address and/or profile picture) is likely to be disclosed to the addressee(s) along with the material you share (and you may also be disclosing other Users’ Personal Data).
- Your Profile Information and possibly Billing Information or certain of these data may also be shared when integrating third-party services with your User Account or Service application and when using such third-party services in conjunction with the Service. You can control which data are shared when enabling and/or while enjoying the integration (depending on the third-party service). At any rate, do check your privacy settings for both the Service as well as the third-party service prior to integration as well as during to determine which data may be shared. And please note that we are not responsible for the privacy practices (or other acts or omissions) of such third-party service providers, so it would be advisable for you to make sure, before the integration, that you trust the service and the provider in question and are satisfied with the provider’s policies.
- We have engaged and will continue to use third-party service providers to assist us in providing, maintaining, developing, protecting and promoting the Service and Websites. We may, for example, use such parties for hosting the Service or a Website, sending out Service Messages or Marketing Messages, providing or hosting customer support services, performing analyses related to the Service or a Website, or for processing payments. We may also store Personal Data in locations outside our direct control, e.g., on third-party cloud infrastructure or platforms (IaaS/PaaS) or cloud infrastructure whose operation we have entrusted to other parties. These service providers may have access to your Personal Data for the limited purpose of providing the service we have engaged them to provide. Importantly for you as a ‘data subject’, our use of such service providers may involve transmitting your Personal Data to jurisdictions other than the one you reside in. Where this is the case, section International transfers of Personal Data, Point 2 will apply.
- We may share your Personal Data with our corporate affiliates and outside accountants, legal counsels and auditors.
- If we engage in or are subject to a merger, acquisition, division, transformation, public offering of our securities, obtaining financing, divestiture of all or substantially all of our assets or a significant part of such assets, transfer of the enterprise or a part of the enterprise to which your agreement with us pertains, or a similar transaction or proceeding, or if we take steps in contemplation of such activities (e.g., submit to due diligence), your Personal Data may, subject to standard confidentiality arrangements, be shared with, or transferred to, our counterparties or other relevant participants in the respective transaction or proceeding.
- We may find ourselves in a situation where we are legally obliged to disclose some or all of your Personal Data or where we reasonably believe that we are so obliged. This may be the case if we receive an Information request from an authority or there is a law or regulation that requires us to make a disclosure without specific request (e.g., to comply with national or international measures against terrorism or money laundering). We may also be compelled to disclose your Personal Data by a judicial, arbitral, administrative or otherwise mandatory order or judgment. Where any of the foregoing applies, we shall make the disclosure, and we may not be permitted to tell you that your Personal Data have been disclosed.
- There may also be situations where we find the disclosure of your Personal Data to be necessary in order to exercise, enforce or defend our rights, freedoms or legitimate interests or to protect the rights, freedoms or legitimate interests of a third party (e.g., a ‘data subject’ or an intellectual property owner).
- We shall disclose your Personal Data at your request (unless legally prohibited, impracticable or involving unreasonable effort or expense) or may do so upon your Consent.
International transfers of Personal Data
- We may transfer your Personal Data to jurisdictions other than the one you reside in, subject to point 2.
- We shall not transfer your Personal Data from countries participating in the European Economic Area (“EEA”) to those which do not, or from the EEA to international organisations, unless the recipient country or the particular person or entity receiving the data ensures an adequate level of protection for the data received, or, if it does not, then without applying such safeguards as legally required and/or without the transfer being subject to such other conditions as the law provides for these kinds of transfers. For instance, if we are to transfer your Personal Data from the EEA to a recipient in the India, we shall make sure that the recipient participates having thus self-certified itself as ensuring a level of protection of Personal Data that is essentially equivalent to the one guaranteed under the GDPR.
Personal Data Security
- We shall maintain adequate technical and organisational measures to ensure such level of security in our processing of Personal Data as appropriate in the given circumstances. Upon assessing whether a measure is adequate and which level of security is appropriate we consider the nature of the Personal Data we are processing and the nature of the processing operations we perform, the risks to which you are exposed by our processing of your Personal Data, the state of the art, the costs of implementation and such other matters as may be relevant in the particular circumstances.
- The measures referenced in the preceding section particularly address the following: (a) the protection of Personal Data against unauthorised or unlawful processing and against accidental loss, alteration or destruction; (b) the integrity and confidentiality of Personal Data; (c) the availability and resilience of the Service features pertinent to the processing of Personal Data; and (d) our ability to restore the availability and access to Personal Data in a timely manner after a Service failure.
- However, please be aware that no security measure is perfect. Our efforts notwithstanding, we cannot guarantee that your Personal Data, during transmission over the internet or while stored in our systems or those of our service providers or while otherwise in our care, will be absolutely safe from unauthorised or unlawful processing or accidental loss, alteration or destruction, or that they will indeed be intact and confidential at all times or shortly available after any Service incident. Note also that we cannot control, and are not responsible for, the actions of other parties with whom you share (or instruct us to share) your Personal Data.
Your rights as a Data subject
- ‘Data subjects’ in the EEA have certain statutory rights under the GDPR concerning the Personal Data that we have on them. This part of the Policy aims to give you a general understanding of these rights and we encourage you to deepen this understanding by studying the GDPR yourself. To facilitate this, we have, in relation to each of the rights noted below, provided a reference to the specific provision of the GDPR from which that right arises.
- Right of access / GDPR Article 15
- Right to rectification / GDPR Article 16
- Right to erasure (right to be forgotten) / GDPR Article 17
- Right to object / GDPR Article 21
- Right to restriction of processing / GDPR Article 18
- Right to data portability / GDPR Article 20
- Right to withdraw consent / GDPR subsection 13(2)(c)
- As noted above, you can exercise some of your ‘data subject’ rights (such as the ‘right of access’ and the ‘right to rectification’) through your User Account. If you are unable to do so, particularly if you have no User Account, or if the right in question cannot be thus exercised, then please use the contact details at the end of this Policy to get in touch with us and we shall do what we reasonably can to facilitate the exercise of your rights.
- We aim to respond to any legitimate request within a month of its receipt but it may take us longer if your request is particularly complex or you have made several requests. If that is the case, we shall let you know and keep you updated.
- We shall not charge you any fee for exercising the above rights unless your requests are clearly unfounded or excessive (e.g., because of their repetitive character), in which case we may charge a reasonable fee. Alternatively, we may decline your request in such circumstances.
Right to lodge a complaint with a supervisory authority
- In case you believe that we are processing your Personal Data in violation of the GDPR, you have the right to lodge a complaint with the ‘supervisory authority’ located in the EEA country where you reside or work or where the alleged infringement took
Changes to this Policy
User privacy controlsThis section describes key controls for managing your privacy across our platforms and services. In addition to this we also provide few other mechanisms by which users can reach out to us to modify or erase their information available with us. Managing, reviewing, and updating your information: When you’re signed in, you can always review and update information by visiting the services you use. For example, you can change your contact details such as your name, email and phone number. Choice to Opt-out: We provide all users with options to opt-out from receiving non-essential (promotional, marketing related etc.) communications from us. This can be done directly on our platforms or providing us with necessary information at DPO@WE360.AI Unsubscribing, removing and deleting your information: If you choose to unsubscribe from our platforms or delete any of all of your information, you can delete your SCREENSHOTS ,NAME . In addition to this you may also send an email to DPO@WE360.AI for specific information about your account or deletion of your account history. However, we may still retain some information and records of transaction for specific period as required by any law, contract with RWA or policy as applicable. Contacting Data Protection Officer: In subsequent sections covering “Role and details of Data Protection Officer(DPO)”, we have full disclosure of how users can reach out to WE360.AI DPO to lodge complaints or communicate any privacy related grievances.
Role and details of Data Protection officer :We360.ai has employed a dedicated data protection and grievance officer who will be responsible for overseeing the company’s data protection strategy and its implementation to ensure compliance with various Privacy law requirements.
Our DPO is responsible for the following:
- Constantly educating the company and employees on important Data Privacy compliances
- Training all staff involved in data processing
- Conduct regular audits to ensure compliance and address any gap or issues proactively
- Monitoring implementation and effectiveness of data protection efforts within company
- Maintaining comprehensive records of all data processing activities, including purposes and necessity of all processing activities, which must be produced on request.
- Interfacing with data subjects to address how their information is being used, their right to have their personal data amended or erased and what measures we360.ai has put in place to protect your personal information.