If you are a resident of the European Union (“EU”), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the “GDPR”) with respect to your Personal Information, as outlined below. The terms in this section will be effective as of May 25, 2018.
For this section, “Personal Information” shall have the same meaning as “personal data” as defined in the GDPR and we use the term “processing” as it is defined in the GDPR, but “Personal Information” generally means information that can be used to individually identify a person, and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Workato will be the controller of your Personal Information processed in connection with the Services. Note that we may also process Personal Information of our customers’ end users or employees in connection with our provision of services to customers, in which case we are the processor of Personal Information. If we are the processor of your Personal Information (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.
LEGAL GROUNDS FOR PROCESSING
We will only process your Personal Information if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.
We process the following categories of Personal Information as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Information will result in your inability to use some or all portions of the Services that require such data.
- Essential Account Data
- Essential First-Party Cookies
- Connection Data
- Third party account information (e.g. if a User logs into the Services using his/her Salesforce credentials)
We process the following categories of Personal Information when we believe it furthers the legitimate interest of us or third parties.
- Optional Account Data
- Billing Data
- Contact Information
- Online Form, Email and Chat Data
- Event Data
- Support Ticket Data
- Community Forums
- Augmented Tracking Data
- Tracking Cookies
- Web Beacons/Clear Gifs
- Device Identifiers
- Providing the Services to Users
- Facilitating usage of our Service
- Providing personalized and customized content and information to Users
- Collecting payment from customers
- Operation and improvement of our business, products and services
- Marketing of our products and services
- Provision of User support
- Compliance with legal obligations
- Consent: In some cases, we process Personal Information based on the consent you expressly grant to us at the time we collect such data. When we process Personal Information based on your consent, it will be expressly indicated to you at the point and time of collection.
- Other Processing Grounds: From time to time we may also need to process Personal Information to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
How And With Whom Do We Share Your Data?
- Other Users (where you post information publicly or as otherwise necessary to effect a transaction initiated or authorized by you through the Services)
- Social media services (if you interact with them through your use of the Services)
- Third party business partners who you access through the Services (e.g. third party applications)
- Other parties authorized by you
We also share information with third parties when you have given us consent to do so (as indicated at the point such information is collected).
We also share Personal Information when we believe it is necessary to:
- Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies
- Protect us, our business or our Users, for example to enforce our Terms of Service, prevent spam or other unwanted communications and investigate or protect against fraud
- Maintain the security of our products and services
If we choose to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party, and we would share Personal Information with the party that is acquiring our assets. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.
How Long Do We Retain Your Personal Information?
We retain Personal Information about you for as long as you have an open account with us or as otherwise necessary to provide you Services.
Account data (both essential and optional) is maintained as long as you have an active account with us and for up to 90 days after account closure.
Session cookies expire after 14 days, by default, but the expiration can set longer or shorter under your control.
In some cases we retain Personal Information for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. In particular, contact and company information, as well as subscription and payment activity and any contracts you have executed with us, will be retained for a period of at least 7 years, for auditing purposes. We will retain some marketing related information for a period of 5 years, for analytic purposes.
Content you post on our systems (such as Community Forums) may remain on the Site indefinitely, unless you send us an explicit removal request.
Our third-party processors may retain data for various periods depending on their individual privacy policies. For example, Marketo retains some tracking data for up to 25 months.
What Security Measures Do We Use?
We seek to protect Personal Information using appropriate technical and organizational measures based on the type of Personal Information and applicable processing activity, as detailed on our Security page.
Personal Information of Children
What Rights Do You Have Regarding Your Personal Information?
You have certain rights with respect to your Personal Information, including those set forth below. For more information about these rights, or to submit a request, please email email@example.com. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Information, if necessary to verify your identity and the nature of your request.
- Access: You can request more information about the Personal Information we hold about you and request a copy of such Personal Information. You can also access certain of your Personal Information by accessing your account settings or contacting us at firstname.lastname@example.org.
- Rectification: If you believe that any Personal Information we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by accessing your account settings or contacting us at email@example.com.
- Erasure: You can request that we erase some or all of your Personal Information from our systems.
- Withdrawal of Consent: If we are processing your Personal Information based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Information, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
- Portability: You can ask for a copy of your Personal Information in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection: You can contact us to let us know that you object to the further use or disclosure of your Personal Information for certain purposes.
- Restriction of Processing: You can ask us to restrict further processing of your Personal Information.
- Right to File Complaint: You have the right to lodge a complaint about Company’s practices with respect to your Personal Information with the supervisory authority of your country or EU Member State.
Transfers of Personal Information
The Services are hosted and operated in the United States (“U.S.”) through Workato and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Information about you, regardless of whether provided by you or obtained from a third party, is being provided to Workato in the U.S. and will be hosted on U.S. servers, and you authorize Workato to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. pursuant to (i) a data processing agreement incorporating standard data protection clauses promulgated by the EC, a copy of which can be obtained at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087, (ii) binding corporate rules for data protection that align with the GDPR’s requirements, or (iii) adherence to an industry- or technology-specific approved code of conduct blessed by the EC.
What if You Have Questions Regarding Your Personal Information?
If you have any questions about this section or our data practices generally, please contact us using the following information:
- Name: Workato Inc.
- Attention: Legal Department
- Physical address: 20450 Stevens Creek Boulevard, Suite 150, Cupertino, CA 95054
- Email address for contact: firstname.lastname@example.org