Workvivo Privacy Policy

Effective date 20 April 2023

Introduction

This Privacy Policy describes how Workvivo Limited (“us”, “we”, or “our”) collects, uses, discloses, transfers, stores, retains or otherwise processes your information and the ways that you can manage how your personal data is used, including the right to object to certain types of processing (see Your Rights below for more information on your rights as a data subject).

Workvivo Limited is the controller of your personal data (except Customer Data, as defined immediately below). Personal data is information that can identify you, such as your name, email address or home address, or information that could reasonably be linked back to you.

We operate the Workvivo desktop and mobile applications (“Workvivo”) which are intended for use by our customers in accordance with the instructions they give us. If one of our customers (e.g. your employer or another organisation that has authorised your access to, and use of, Workvivo) makes an instance of Workvivo available to you, they are responsible for the collection and use of any data (such as messages, files or other content) that you submit or provide through that instance of Workvivo or that we otherwise process in accordance with their instructions (“Customer Data”) (and are subject to the terms we have in place with them). You should read such an organisation’s privacy policy for information on how it uses Customer Data. We are not the controller of Customer Data we process in accordance with our customers’ instructions.

Types of Data Collected
Use of Data
Statistical Data Use
Retention of Data
Transfer of Data
Security of Data
Your Rights
Sharing of Personal Data
Changes to this Privacy Policy
Contact Us

Types of Data Collected

We collect the following data which you provide us or which is automatically collected:

Information category	Description
Personal details and contact information	Your name. Contact information such as address, phone number, email address. Employment details such as job title and employer.
Customer admin account data	Any of your data included in a customer admin account (such as personal details and contact information where you are the account administrator).
Marketing, event and communications preferences	Your marketing, event and communications preferences.
Enquiry and other communications data	When you contact us with queries (such as through our webforms and chatbots or marketing channels) or otherwise communicate with us, you may provide us with information in relation to your queries and any other information you deem helpful.
Recruitment information	Information contained in applications and CVs, such as qualifications, education and employment background.
Web session data	Information about and replays of our web users’ clicks, mouse movements, scrolls, and keystrokes/key touches during a website visit. Web session data help us diagnose usability problems with our website and identify areas for improvement. You can learn more about Clarity at https://clarity.microsoft.com/terms, and you can opt-out of web session recording by Clarity at https://privacy.microsoft.com/en-us/privacystatement.
Usage data	Information like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our website and services, and the time, frequency, and duration of your activities), log files, and diagnostic, crash, service, and performance logs and reports.
Cookies data	Cookies and similar technologies as described in our Cookie Policy. Please refer to our Cookie Policy to learn about our practices and the controls we provide you.
Feedback data	Feedback, survey responses and other Information provided regarding the use of our services (including Workvivo), which could involve personal experiences, contact information, age, gender, details about your business role, the way you use our services and your feedback.

If the provision of particular personal data is a statutory or contractual requirement (or necessary to enter into a contract), we will let you know at the relevant time and of the possible consequences of failing to provide it.

We also collect data from other sources as follows:

Information category	Description and source
Personal details and contact information	Name, job title, employer and contact information such as email address and phone number provided by third parties like Zoominfo so we can get in touch with potential customers.
Customer admin account data	Any of your data included by someone in your organisation in the customer admin account (such as personal details and contact information where you are the account administrator).

Use of Data

We process your personal data in the following ways:

Purpose	Information category	Applicable Legal Bases
To manage our relationship with you or a customer. This can include: (a) administration of the customer account where you are a customer account administrator (b) notifying you about updates to our terms, policies and products.	Personal details and contact information Customer admin account data	Legitimate interests – it is in our and your (and, where applicable, the customer’s) interests for us to manage our relationship with you / a customer and to perform our contracts with our customers.
To provide marketing communications, events and advertising and to ask you to participate in a feedback panel or take a survey.	Personal details and contact information Marketing, event and communications preferences Cookies data Feedback data	Consent, or where not based upon your consent, legitimate interests – it is in our and your (and, where applicable, the actual or prospective customer’s) interest for us to: respond to your marketing, event and advertising related communications; market and advertise (including using third party ad networks) our products and events to you and keep you informed about them; and ask you to provide feedback or participate in surveys.
To personalise, measure the effectiveness of and improve our marketing and advertising by identifying (through analysis) what we think is likely to be of interest to you and to determine how you engaged with our marketing and advertising.	Personal details and contact information Marketing, event and communications preferences Cookies data Feedback data	Consent, or where not based upon your consent, legitimate interests – it is in our and your (and, where applicable, the actual or prospective customer’s) interest for us to send you marketing and advertising tailored to what we think you are likely to be interested in and to measure and improve the success of our marketing and advertising campaigns and events.
Respond to your queries (such as through our webforms, chatbots and marketing channels) and other communications.	Enquiry and other communications data	Legitimate interests – it is in our and your (and, where applicable, the actual or prospective customer’s) interest for us to operate communications channels like webforms and chatbots, respond to your queries and other communications and to keep you informed, market our products/events and provide you with information on new or updated products of interest.
To detect, prevent and address technical issues across our services generally. This does not include our processing of Customer Data to respond to customer specific support requests in accordance with their instructions, where we act as our customer’s processor.	Usage data Web session data	Legitimate interests – it is in our and our users’ and customers’ interest to detect, prevent and address technical issues across our services (including Workvivo) generally.
To promote safety, integrity and security of our services (including Workvivo), such as: preventing security incidents securing our services from bad actors investigating suspicious activity on our services detect and prevent spam maintaining the integrity of our services.	Usage data Cookies data	Legitimate interests – it is in our and our users’ and customers’ interest to secure our systems and services (including Workvivo) and fight and prevent spam, fraud, threats, abuse, or infringement activities and promote safety and security on our services (including Workvivo).
To understand what our users and customers want and their experiences with our products so that we can provide, operate and improve existing products and develop new ones, including by (a) creating de-identified and aggregated data from personal data such as Usage Data; (b) analysing usage of our services (including Workvivo) using de-identified and aggregate data; (c) analysing and addressing technical issues experienced with our services (including Workvivo); and (d) analysing feedback.	Enquiry and other communications data(in de-identified aggregate form) Cookies data Usage data , such as performance metrics and usage statistics (in de-identified aggregate form) Web session data	Legitimate interests – it is in our and our customers’ interests for us to understand what our users and customers want and their experiences with our products so that we can provide, operate and improve existing products and develop new ones.
To enforce our terms and policies with our users and customers.	Personal details and contact information Customer admin account data	Legitimate interests – it is in our interest to take appropriate steps to ensure our policies and terms are adhered to and complied with and our intellectual property and other assets are protected.
Recruitment and selection of prospective employees and contractors.	Recruitment information	Legitimate interests – it is in our and our customers’ interest for us to recruit excellent and suitable candidates to work in our business and the opportunity to apply to work with us is in candidates’ interests.
To comply with our legal obligations, such as: complying with requests to provide data from law enforcement agencies in relation to an investigation, such as under Section 10 of the Criminal Justice (Miscellaneous Provisions) Act 1997 as amended or to take steps to report information to law enforcement where required; complying with our obligations under tax law and companies legislation, such as the Irish Companies Act 2014 (as amended)	All data processed by us	Compliance with a legal obligation or, where the applicable law is of a country outside the European Union, in our legitimate interest in complying with the laws of the relevant country.

Statistical Data Use

As outlined above, we do create and use de-identified aggregated usage statistics and performance metrics to provide, operate and improve our services (such as our website or Workvivo) for Workvivo’s internal use and other lawful purposes. This may include, for example, the number of records held in Workvivo, the number and types of transactions, configurations, reports processed in Workvivo and the performance results for Workvivo. We do not disclose to customers in any aggregated statistics the identity, whether directly or indirectly, of any other customer (or their authorised users) or any specific content submitted by another customer (or their authorised users) through Workvivo.

Retention of Data

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. To determine the appropriate retention period for personal data, we consider various criteria including the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Where it is necessary to retain personal data to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies or otherwise establish, defend or exercise legal claims, then we will do so.

Once specific retention timelines have passed and we have no further specific reason to retain that personal data, the relevant personal data will be erased or adapted so that it no longer is personal data.

In some circumstances, you can ask us to delete your data. See Your Rights below for information on your data protection rights. You also have the right to object to our processing of personal data for direct marketing purposes (though where you do so, we will retain sufficient information to make sure we don’t send you direct marketing messages in the future).

Transfer Of Data

Your personal data may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. For instance, we have offices in the United Kingdom and the United States, and also use service providers in those countries, and accordingly some personal data may be transferred to these countries. Countries which are outside the EEA may not offer the same level of data protection as in your home country. These transfers are necessary for the management of our operations. We rely on Standard Contractual Clauses which have been approved by the European Commission and on the European Commission’s adequacy decisions on certain countries to transfer your information from the EEA. For instance, we rely on the UK adequacy decision for transfers of personal data between the EEA and the UK. Please find a list of the European Commission’s adequacy decisions here. You can request a copy of the Standard Contractual Clauses relating to your personal data by contacting us.

We implement measures designed to ensure that no transfer of your personal data takes place to a country outside the EEA unless there are adequate controls in place, including for the security of your personal data.

Security Of Data

The security of your data is important to us. We implement technical and organisational measures designed to ensure a level of security for the personal data which is appropriate to the risks to individuals that may result from the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the personal data.

Your Rights

You have several rights in relation to your personal data, subject to applicable law. While some of these rights apply generally, certain rights apply only in limited cases.

Right of access: You have a right to request access to your personal data and to be provided with a copy of certain information, including the categories of your personal data we collect and disclose.
Right of rectification: You have the right to request that we rectify inaccurate personal data about you.
Right of erasure: You have the right, in certain cases, to request that we delete your personal data, provided there are valid grounds for doing so and subject to applicable law.
Right to data portability: You may have the right to receive certain of your information in a structured, commonly used and machine-readable format and to transmit such information to another controller.
Right to object (marketing):You have the right to object to processing for direct marketing purposes at any time.
Right to object (legitimate interest): Where we process your personal data based on legitimate interests, you can object to this processing in certain circumstances. Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your personal data when you object.
Right to restrict processing: You have the right, in certain cases, to temporarily restrict the processing of your personal data by us, provided there are valid grounds for doing so.
Right to withdraw your consent: Where you have given your consent for certain processing activities, you have the right to withdraw that consent at any time. Please note that the lawfulness of any processing undertaken prior to your withdrawal of consent shall not be affected by the withdrawal.
Right to complain: You also have the right to lodge a complaint with your local supervisory authority for data protection. Click here to find your local supervisory authority.

However, these rights may not be exercised in certain circumstances, such as when the processing of your data is necessary to comply with a legal obligation or for the exercise or defence of legal claims.

Please note that we may ask you to verify your identity before responding to such requests.

Sharing of Personal Data

We employ third party companies and individuals to facilitate our services (“Service Providers”), to provide the service on our behalf, to perform service-related services or to assist us in analyzing how our services are used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Any personal data shared with third parties is limited to what they need to perform their designated functions.

Categories of third parties with whom we share your personal data	Description of the services in question
Service providers	For hosting our website For hosting our Workvivo platform For analytics or similar services, such as to help us understand feedback, keep our services secure and for improving our products and services, including through the sharing of web session data as described above To facilitate communications, including through automated chatbot functionality To assist with marketing and surveys For advertising, such as advertising networks To monitor usage on our website/platform
Our group companies	For purposes of allowing them to provide important functions such as sales and support services.
Law enforcement or other regulatory or similar bodies	We do not voluntarily share your personal data with law enforcement or regulatory bodies. We require a valid legal process before we would provide any data to law enforcement or other bodies.
Potential business partners	We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Workvivo Limited or as part of a corporate reorganization or other change in corporate control.
Professional advisers	Provision of legal, accounting, auditing, insurance and other professional services

Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. If we make material changes to this Privacy Policy, we will notify you via email, a prominent notice in our services or other appropriate means and provide you an opportunity to review before you choose to continue to use our services.

Contact Us

If you have any questions or comments about this Privacy Policy or the manner in which we process your personal data, or you wish to avail of any of your rights set out here, please contact us at:

Workvivo Limited

dpo@workvivo.com

Exham House, The Fingerpost, Douglas, Co Cork T12 PDD2, Ireland