Workato Services Privacy Policy

Last updated: June, 2021

This Services Privacy Policy explains how Workato (“we”, “us”) collects, uses, shares, and protects the personal information we collect about individuals (“you”, “yours”) when you use the websites we operate and the services we provide.

This Services Privacy Policy does not apply to our processing of the personal information of our business customers’ consumer or end customer. We process that consumer or end customer information on behalf of our business customers in our capacity as a service provider / processor. Our processing of that information is governed by our agreement with our business customers.

Please read this Services Privacy Policy before using our Services or submitting any personal information to Workato and contact us if you have any questions. By using the Services or otherwise providing personal information to us, you agree to the practices described in this Services Privacy Policy. If you do not agree to this Services Privacy Policy, please do not access the Services or otherwise provide personal information to us.

This Services Privacy Policy constitutes an integral part of our Terms of Service, which are accessible at: https://www.workato.com/legal/terms-of-service .

1. Definitions

A. Services or Service refers to the Sites as well as Workato’s application integration and automation platform, tools, mobile applications, educational systems, and related services.

B. Sites include www.workato.com and the other websites under the workato.com domain.

C. Users include subscribers to Workato’s SaaS application integration platform as well as visitors who use or otherwise interact with the Sites and Services.

2. Personal Information We Collect

We collect personal information about you when you provide information directly to us, when third parties such as our business partners or service providers provide us with personal information about you, or when personal information about you is automatically collected in connection with your use of our Services. The following subsections describe the types of data we collect:

A. Essential Account Data

We receive personal information directly from you when you provide it to us as part of creating an Account, including at least: name; email address; and password.

B. Profile Information

We may collect contact information and related personal information, relating to present and prospective customers from various sources, including offline marketing activities. You may voluntarily provide this information to us by submitting it. In some cases, we may collect information about you from other sources, including third parties from whom we purchase personal information and from publicly available information, such as information published on social media sites, to the extent permitted by applicable law, and we may combine that information with personal information provided by you. This personal information may include:

  • Name
  • Phone number
  • Role/Title
  • Company name
  • Physical Address
  • Additional/substitute email addresses
  • Social media ids and profiles
  • IP address
  • Device id
  • Browsing and/or search history

For example, we may collect this information when you:

  • Fill in the optional fields that are part of a Workato Account profile
  • Provide contact information online, for example to file a support ticket, subscribe to a Workato newsletter, register for a Workato event or attend a webinar or take a course.
  • Visit a website and the information is supplied to us by a cookie or other tracking technology. A cookie is a small text file that collects and tracks certain technical information. See our Cookie Policy for a description of the information collected from cookies and related tracking technologies, and your rights and options with respect to these technologies.

C. Billing Information

For all paying Users, we maintain a record of Service subscriptions, invoices, billing and payment information.

For Users who pay by credit card, our third-party payment sub-processor as listed in https://www.workato.com/legal/sub-processors will process your credit card information. We will collect and associate the payment information with a Subscription ID but we do not store any payment card information ourselves. If you have questions about how our sub-processor protects the data it receives from Users, please refer to its websites as listed in https://www.workato.com/legal/sub-processors.

D. Connection Data

If you access our Site or Service through a third-party service (for example, logging into the Site using Google or Salesforce credentials), or connect an application to Workato, that third party you connected with may pass certain information about your use of its service to Workato. This information could include but is not limited to the User ID associated with your account; an access token necessary to access that service; any information that you have permitted the third party to share with us; and any information you have made public in connection with that third-party service, such as a user profile. The information we receive will depend on the policies and your account settings with the third-party service.

E. Form, Email and Chat Data

You may voluntarily submit to us, and we will retain and process information from Web forms and other online communication systems including email and chat applications. This may include personal information, such as your name, job title, company name, address, phone number, email address.

The Service and Sites offer publicly accessible blogs and community forums, to which you may submit content. If you elect to post in a public area of our Sites or Service, any Personal Information or other

F. Usage Data

Workato automatically compiles statistical and other information related to the performance, operation and use of the Platform, and (ii) data related to identifiable Users’ usage of features and functionality within the Workato Platform. Clauses (i) and (ii) are collectively referred to as “Usage Data” (as defined in the Agreement) and are used for billing during the term of the Agreement and during and after the term of the Agreement to create statistical analyses and for research and product development purposes. For purposes of clarity, Usage Data excludes any application data Processed on the Workato Platform. For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use the Site and enhance your experience when you use the Site. For more information on how Google uses this information, click here . Please also read our Cookie Policy for more information about cookies and similar technologies we use on the Services.

Workato also maintains system log files which may include internet protocol addresses, browser, internet service provider, pages visited within Workato’s Sites, referring/exit pages, search terms, operating system, date/time stamp, and clickstream data.

3. Use and Sharing of Personal Information

A. Usage by Workato

Workato collects and maintains personal information to:

  1. provide its Service to Users;
  2. provide support and maintenance for our Services;
  3. provide personalized content to Users;
  4. contact and communicate with you about the Service and your use of the Service, including by sending you announcements, updates, security alerts, and support and administrative messages;
  5. initiate billing or draw payments for Workato products and/or services, according to the terms of your payment agreement with us;
  6. send you marketing information (depending on whether you have opted out of receiving such communications. For further information, please review section 5, ‘Correcting, Updating or Deleting Your Information’);
  7. troubleshoot problems and provide support;
  8. analyze usage of our Services for internal purposes, to improve our marketing and outreach to customers, and to improve the content and functionality of the Service;
  9. comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
  10. protect our intellectual property rights, your or others’ privacy rights in connection with your use of the Services, (including by making and defending legal );
  11. audit our internal processes for compliance with legal and contractual requirements and internal policies;
  12. enforce our Terms of Services; and
  13. prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

Note that we will never email you to ask for your Account information; if you receive such an email, please forward it to privacy@workato.com .

If provided, Workato may use your cell phone number to call or text you in order to provide the Service.

B. Educational Certifications

When you participate in any program or request a certification in any educational offerings provided by Workato, we may, with your consent, display information about your participation in these programs and your completion of activities within them, for certification purposes. This information may be disclosed by Workato for marketing or promotional purposes and may be shared with other Users including the admin in your company, organization or team, who are also a part of the Services, as permitted by law.

C. Testimonials

From time to time, we post User testimonials on the Sites which may contain personal information. We will always obtain your consent before posting your personal information along with your testimonials.

D. Third-Party Service Providers

Workato shares personal information with its Affiliates and third-party service providers (such as its credit card processors, learning management systems, support services, and hosting partners) to provide the necessary hardware, software, networking, storage, and other services we use to operate the Service and maintain a high-quality User experience.

Workato may store personal information in internal third-party marketing, customer relationship management (“CRM”) programs and mail-management software to facilitate interactions with Users or potential customers and for Workato’s sales and marketing purposes.

In all situations where Workato discloses personal information to third parties acting as service providers or "agents" acting on behalf of Workato, Workato requires the recipient to adequately protect personal information and treat it as confidential.

E. Other Information Sharing

In addition to the purposes described above, we disclose personal information to respond to subpoenas, court orders, on legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such personal information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations or our Terms of Service, or as otherwise required by law.

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, dissolution, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your personal information and other information may be shared in the diligence process with representatives or counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.

Additionally, we may share information, including personal information with our Affiliates, which include Workato Europe, S.A., and Workato Pte. Ltd., and other Affiliates as updated from time to time for administrative, operational, support and marketing purposes.

4. Links to Other Websites

The Service contains links to websites and applications other than the Service, including websites and applications operated by affiliates and other third parties. Workato does not determine and we are not responsible for the privacy practices or content of websites and applications operated by third parties. Your browsing and interaction on any third-party website or service, including those that have a link on our Site, are subject to that third party’s terms and conditions and policies. We encourage you to read the privacy statements and other terms and conditions of third-party websites and applications linked to the Service every time you leave the Service to access such third-party websites.

5. Correcting, Updating or Deleting Your Information

You may update or change the personal information you have provided to us by logging into the Service.

We have established internal policies for the deletion of data from customer accounts following termination of a customer’s subscription to the Service. We will also respond to requests to delete personal information that may be held within our systems, to the extent possible and with the limitation that some information may need to be retained (see the “ Data Retention ” section of this Policy for details). Note that if you remove or request removal or deletion of information that you posted in a public area of the Service, copies may remain viewable in cached and archived pages of the Service, or if other Users have copied or saved that information. Therefore, in some cases, we may not be able to delete or remove your personal information.

To request deletion, removal, correction or updates of your personal information, contact us at privacy@workato.com .

Moreover, if you are a Workato User and would like to opt-out of marketing communications from Workato please contact us at privacy@workato.com or follow the unsubscribe instructions included in the marketing emails. Users in the EU and some other jurisdictions have more specific and additional rights related to their personal information: see sections 10 and 11 for more details.

In some instances, for example, instances of Embedded functionality or other cases in which Workato has no direct relationship with the end-customers of a corporate User, we process personal data of our corporate User’s end-customers on behalf of our corporate User in our capacity as a service provider / processor. If your data has been submitted to us by or on behalf of a Workato corporate User and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the relevant corporate User directly. Because we may only access customer’s data upon their instructions, if you wish to make your request directly to us, please provide us the name of the Workato corporate User who submitted your data to us. We will refer your request to that corporate User and will support them as needed in responding to your request in accordance with our contract with the relevant corporate User.

6. Data Retention

Workato will retain your personal information for a period of time consistent with the original purpose of collection (see the “ Use and Sharing of Personal Information ” section above) or as long as necessary to comply with our legal obligations, maintain accurate accounting, financial and other operational records, resolve disputes, and enforce our agreements.

We determine the appropriate retention period for personal information on the basis of the amount, nature, and sensitivity of the personal information being processed, the potential risk of harm from unauthorized use or disclosure of the personal information, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).

After expiry of the applicable retention periods, your personal information will be deleted.

Specific information about retention periods for components of a Workato Account can be found in the Data Retention section of our online documentation. Please also contact us if you have any questions.

7. Incident Management and data breach notification

If Workato becomes aware of and determines that an incident involving personal information qualifies as a breach of security leading to the misappropriation, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information that compromises the security, confidentiality or integrity of such personal information, Workato will report such breach to the Workato account holder without undue delay.

8. International Transfers

Workato may offer the option to host and process customer data in specific non-U.S. localities. When this is done, all Account Data, including Account configurations, meta-data, and definitions of Recipes and related assets, is stored exclusively in the customer’s selected region, as is Transaction Data. However, some personal information may still be transferred to the U.S. or other locations and processed there, including chat messages, payment information, support tickets and e-mails to Workato support, Usage Data, information posted to blogs, and information collected in connection with our educational offerings. Please refer to Section 11 below for further information applicable to Users in the EEA and the UK.

9.Security Measures

We seek to protect personal information using appropriate technical and organizational measures based on the type of personal information and applicable processing activity, as detailed on our Security page . However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to us may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. You are responsible for the selection and use of any privacy settings or security capabilities within the Service, or Third-Party Applications.

10. Children's Personal Information

Workato does not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our Service. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our Policy by instructing their children never to provide personal information on our Service without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to Workato through our Service, please contact us, and we will use commercially reasonable efforts to delete that information from our databases.

11. Notice to California Residents

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: support@workato.com or Workato Inc., 215 Castro St., Suite 300, Mountain View, CA 94041, Attn: Legal.

Moreover, we are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide this CCPA Notice to California residents to explain how we collect, use and share their personal information, and the rights and choices we offer California residents regarding our handling of their personal information, which the CCPA currently defines as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

This CCPA Notice does not apply to individuals with whom Workato engages in the individuals’ capacity as representatives of businesses that may provide services to Workato, or to which Workato may provide its Services.

  1. Personal Information Collection, Use, and Disclosure: We describe the sources through which we collect personal information and the types of personal information collected in the “Personal Information We Collect” section in the Services Privacy Policy. We describe the purposes for which we use and share this information in the “Use and Sharing of Personal Information” section in the Services Privacy Policy.
  2. California Privacy Rights: To the extent provided for by law and subject to applicable exceptions, California residents have the following privacy rights in relation to the personal information we collect:
    1. Right to request access to information about categories of personal information Workato has collected about you, specific pieces of personal information Workato has collected about you, categories of sources from which the personal information is collected, business or commercial purpose for collecting personal information, and categories of third parties with whom the business shares personal information.
    2. Right to request deletion of any personal information collected about you by us.
    3. Right to opt-out of the sale of personal information. Please note that we do not sell personal information we collect from you, in accordance with the definition of sell in the CCPA and its supplemental regulations.
    4. Right against discrimination because you exercised the rights available to you.
    5. Right to protection against waiver of rights.
    You can exercise the rights described above, by sending an email to support@workato.com or calling +1-844-469-6752. You may exercise these rights by yourself or via an authorized agent who meets the agency requirements of CCPA. Once you exercise your rights, you agree to receive communication from us seeking information from you in order to verify your identity as the consumer from whom we have collected the personal information and such other information as reasonably required to enable us to fulfill your request. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify that you are the consumer from whom we collected personal information, as well as sufficient details necessary to help us handle the request.

Note: The Sites do not respond to browser “Do Not Track” (DNT) signals and operates as described in this Services Privacy Policy whether or not a DNT signal is received. If we do so in the future, we will describe how we do so in this Services Privacy Policy.

12.Notice to European Users

If you are a User in the European Economic Area (“EEA”) or the United Kingdom (“UK”), the following provisions apply to you, in addition to the other policies in this Services Privacy Policy. Workato, Inc. is the controller for your personal data. For the purposes of the GDPR, Workato, Inc. is established in the EEA through and Workato Europe, S.A., with office at Av Diagonal Num.497 Esc. P.2 Pta., Barcelona.

A. Legal Bases For Processing

We are required to identify the legal bases for processing personal data about you. We process personal data as follows:

  • Contractual Necessity: We process the following categories of personal data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such personal data will result in your inability to use some or all portions of the Services that require such data.
    • Essential Account Data
    • Essential First-Party Cookies
    • Billing Data
    • Connection Data
    • Online Form, Email and Chat Data used for support services
    • Usage Data required for billing purposes
    • Account information for third-party services (e.g., if a User logs into the Services using a third party such as Google or Office 365).
  • Legitimate Interest: We process the following categories of personal data when we believe it furthers our legitimate interests or those of third parties, or your legitimate interest. We will rely on our legitimate interests for processing personal data only after balancing our interests and rights against the impact of the processing on individuals.
    • Profile Data
    • Online Form, Email and Chat Data
    • Usage Data

    These legitimate interests include:

    • Providing the Services to Users
    • Facilitating usage of our Service
    • Responding to your inquiries, comments, feedback or questions
    • Managing our relationship with Users, which includes sending administrative information to Users relating to our Service and changes to our terms and conditions, and policies, and asking Users to leave a review or take a survey
    • Providing personalized and customized content and information to Users
    • Gaining insights about and making improvements to our business, products and services
    • Administering and protecting our business and the Service, preventing fraud, criminal activity, or misuse of our Service, and ensuring the security of our IT systems, architecture and networks (including troubleshooting, testing, system maintenance, support and hosting of data)
    • Providing information to current and prospective users of our products and services
    • Compliance with legal obligations and legal process and protecting our rights, privacy, safety or property, and/or that of our affiliates, you or other third parties
  • Consent: In some cases, we process personal data based on the consent you expressly grant to us at the time we collect such data, such as in relation to the collection of information through the use of cookies and similar technologies other than strictly necessary technologies. When we process personal data based on your consent, it will be expressly indicated to you at the point and time of collection.
  • Other Processing Grounds: From time to time, we may also need to process personal data to comply with a legal obligation.

B. Your Rights Regarding Your Personal Data

You have certain rights with respect to your personal data, including those set forth below, subject to certain conditions and exceptions. For more information about these rights, or to submit a request, please email privacy@workato.com. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.

  • Access: You can request more information about the processing of personal data we hold about you and request a copy of such personal data. You can also access certain of your personal data by accessing your account settings or contacting us at privacy@workato.com.
  • Rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by accessing your account settings or contacting us at privacy@workato.com.
  • Erasure: You can request that we erase some or all of your personal data from our systems by sending a request to privacy@workato.com.
  • Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. However, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
  • Portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible, if the processing of your data is based on your consent or on contractual necessity, and if the processing is carried out by automated means.
  • Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes by sending a request to privacy@workato.com.
  • Restriction of Processing: You can ask us to restrict further processing of your personal data by sending a request to privacy@workato.com.
  • Right to File Complaint: You have the right to raise a complaint about Workato’s practices with respect to your personal data to your local regulator. If you are a resident of the United Kingdom and believe that we maintain your personal data within the scope of the applicable laws relating to personal data in the UK, you may direct questions or complaints to the UK supervisory authority, the Information Commissioner’s Office.

C. Transfer of Personal Data

Workato offers its Services to customers in various geographic regions, including the United States, the EEA and the UK. However, as described in section 3, some personal data may nonetheless be collected, transferred to and stored by us in the United States and by our service providers that are based in the United States as necessary for the purpose of providing the Services and for the business purposes described in this Services Privacy Policy. Laws in the U.S. may be less stringent or otherwise different from the laws where you reside. Where applicable or required by law, we will ensure that the recipient of your personal data offers an adequate level of protection and security, for instance by entering into appropriate standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulators. Moreover, we transfer some of your personal data as a matter of “contractual necessity” (for further information on the type of personal data concerned, please read Section 11.A above).

13. Changes to the Services Privacy Policy

We may, in our sole discretion, modify or update this Policy from time to time. When we post changes to this Services Privacy Policy, we will also revise the “Last Updated” date appearing at the top of the Policy. Any changes to this Services Privacy Policy are effective immediately after we post them. If we make any material changes to this Policy, we will endeavor to notify you by email or by posting a prominent notice on the Sites prior to the change becoming effective. We encourage you to review this page periodically for the latest information on our privacy practices.. Your continued use of the Service after the publication of any updated Services Privacy Policy shall constitute your agreement to be bound by such changes to this Policy. Your only remedy, if you do not accept the terms of this Policy, is to discontinue use of the Service.

14. Contact Us

If you have questions regarding this Policy or about Workato’s privacy practices, please send your inquiries to:

Name: Workato, Inc.

Physical address: 215 Castro Street, Suite 300, Mountain View, CA 94041, United States

Email address: privacy@workato.com .