- Services or Service refers to the Sites as well as Workato’s application integration and automation platform, tools, mobile applications, educational systems, and related services.
- Sites include www.workato.com and the other websites under the workato.com domain.
- Users include subscribers to Workato’s SaaS application integration platform as well as visitors who use or otherwise interact with the Sites and Services.
All capitalized terms not defined above have the meaning set forth in the https://www.workato.com/legal/terms-of-service.
2. Personal Information We Collect
We collect personal information about you when you provide information directly to us, when third parties such as our business partners or service providers provide us with personal information about you, or when personal information about you is automatically collected in connection with your use of our Services. The following subsections describe the types of data we collect:
- Essential Account Data We receive personal information directly from you when you provide it to us as part of creating an Account, including at least: name; email address; and password.
- Profile Information
We may collect contact information and related personal information, relating to present and prospective customers from various sources, including offline marketing activities. You may voluntarily provide this information to us by submitting it. In some cases, we may collect information about you from other sources, including third parties from whom we purchase personal information and from publicly available information, such as information published on social media sites, to the extent permitted by applicable law, and we may combine that information with personal information provided by you. This personal information may include:
- Phone number
- Company name
- Physical Address
- Additional/substitute email addresses
- Social media ids and profiles
- Photographs you submit to us
- IP address
- Device id
- Browsing and/or search history
For example, we may collect this information when you:
- Fill in the optional fields that are part of a Workato Account profile
- Provide contact information online, for example to file a support ticket, subscribe to a Workato newsletter, register for a Workato event or attend a webinar or take a course.
For all paying Users, we maintain a record of Service subscriptions, invoices, billing and payment information.
For Users who pay by credit card, our third-party payment sub-processor as listed in https://www.workato.com/legal/sub-processors will process your credit card information. We will collect and associate the payment information with a Subscription ID but we do not store any payment card information ourselves. If you have questions about how our sub-processor protects the data it receives from Users, please refer to its websites as listed in https://www.workato.com/legal/sub-processors.
If you access our Site or Service through a third-party service (for example, logging into the Site using Google or Salesforce credentials), or connect an application to Workato, that third party you connected with may pass certain information about your use of its service to Workato. This information could include but is not limited to the User ID associated with your account; an access token necessary to access that service; any information that you have permitted the third party to share with us; and any information you have made public in connection with that third-party service, such as a user profile. The information we receive will depend on the policies and your account settings with the third-party service.
You may voluntarily submit to us, and we will retain and process information from Web forms and other online communication systems including email and chat applications. This may include personal information, such as your name, job title, company name, address, phone number, email address.
The Service and Sites offer publicly accessible blogs and community forums, to which you may submit content. If you elect to post in a public area of our Sites or Service, any Personal Information or other content that you voluntarily disclose becomes available both to Workato and to the public.
Workato will compile (i) statistical and other information related to the performance, operation and Account Holder’s use of the Platform, and (ii) data related to identifiable Users’ usage of features and functionality within the Workato Platform. Clauses (i) and (ii) are collectively referred to as “Usage Data” and are used to provide the Services during the term of the Agreement and during and after the term of the Agreement to create statistical analyses and for research and product development purposes. For purposes of clarity, Usage Data excludes all data processed on the Workato Platform. Workato will own and retain all right, title, and interest in and to the Usage Data and may use Usage Data during and after the Term for the purposes of implementing, operating, maintaining and improving the Workato Platform and fulfilling its obligations hereunder.
Workato also maintains system log files which may include internet protocol addresses, browser, internet service provider, pages visited within Workato’s Sites, referring/exit pages, search terms, operating system, date/time stamp, and clickstream data.
3. Use and Sharing of Personal Information
- Usage by Workato
Workato collects and maintains personal information to:
- provide its Service to Users;
- provide support and maintenance for our Services;
- provide personalized content to Users;
- contact and communicate with you about the Service and your use of the Service, including by sending you announcements, updates, security alerts, and support and administrative messages;
- initiate billing or draw payments for Workato products and/or services, according to the terms of your payment agreement with us;
- send you marketing information (depending on whether you have opted out of receiving such communications. For further information, please review section 5, ‘Correcting, Updating or Deleting Your Information’);
- troubleshoot problems and provide support;
- analyze usage of our Services for internal purposes, to improve our marketing and outreach to customers, and to improve the content and functionality of the Service;
- comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- protect our intellectual property rights, your or others’ privacy rights in connection with your use of the Services, (including by making and defending legal );
- audit our internal processes for compliance with legal and contractual requirements and internal policies;
- enforce our Terms of Services; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
Note that we will never email you to ask for your Account information; if you receive such an email, please forward it to firstname.lastname@example.org.
If provided, Workato may use your cell phone number to call or text you in order to provide the Service.
- Educational Certifications
When you participate in any program or request a certification in any educational offerings provided by Workato, we may, with your consent, display information about your participation in these programs and your completion of activities within them, for certification purposes. This information may be disclosed by Workato for marketing or promotional purposes and may be shared with other Users including the admin in your company, organization or team, who are also a part of the Services, as permitted by law.
From time to time, we post User testimonials on the Sites which may contain personal information. We will always obtain your consent before posting your personal information along with your testimonials.
- Third-Party Service Providers
Workato shares personal information with its Affiliates and third-party service providers (such as its credit card processors, learning management systems, support services, and hosting partners) to provide the necessary hardware, software, networking, storage, and other services we use to operate the Service and maintain a high-quality User experience.
Workato may store personal information in internal third-party marketing, customer relationship management (“CRM”) programs and mail-management software to facilitate interactions with Users or potential customers and for Workato’s sales and marketing purposes.
In all situations where Workato discloses personal information to third parties acting as service providers or "agents" acting on behalf of Workato, Workato requires the recipient to adequately protect personal information and treat it as confidential.
- Other Information Sharing
In addition to the purposes described above, we disclose personal information to respond to subpoenas, court orders, on legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share such personal information if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations or our Terms of Service, or as otherwise required by law.
If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, dissolution, sale of all or a portion of our assets, or transition of service to another provider (collectively a “Transaction”), your personal information and other information may be shared in the diligence process with representatives or counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
Additionally, we may share information, including personal information with our Affiliates, which include Workato Europe, S.A., and Workato Pte. Ltd., and other Affiliates as updated from time to time for administrative, operational, support and marketing purposes.
4. Links to Other Websites
The Service contains links to websites and applications other than the Service, including websites and applications operated by affiliates and other third parties. Workato does not determine and we are not responsible for the privacy practices or content of websites and applications operated by third parties. Your browsing and interaction on any third-party website or service, including those that have a link on our Site, are subject to that third party’s terms and conditions and policies. We encourage you to read the privacy statements and other terms and conditions of third-party websites and applications linked to the Service every time you leave the Service to access such third-party websites.
5. Correcting, Updating or Deleting Your Information
You may update or change the personal information you have provided to us by logging into the Service.
We have established internal policies for the deletion of data from customer accounts following termination of a customer’s subscription to the Service. We will also respond to requests to delete personal information that may be held within our systems, to the extent possible and with the limitation that some information may need to be retained (see the “Data Retention” section of this Policy for details). Note that if you remove or request removal or deletion of information that you posted in a public area of the Service, copies may remain viewable in cached and archived pages of the Service, or if other Users have copied or saved that information. Therefore, in some cases, we may not be able to delete or remove your personal information.
To request deletion, removal, correction or updates of your personal information, contact us at email@example.com.
Moreover, if you are a Workato User and would like to opt-out of marketing communications from Workato please contact us at firstname.lastname@example.org or follow the unsubscribe instructions included in the marketing emails. Users in the EU and some other jurisdictions have more specific and additional rights related to their personal information: see sections 10 and 11 for more details.
In some instances, for example, instances of Embedded functionality or other cases in which Workato has no direct relationship with the end-customers of a corporate User, we process personal data of our corporate User’s end-customers on behalf of our corporate User in our capacity as a service provider / processor. If your data has been submitted to us by or on behalf of a Workato corporate User and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the relevant corporate User directly. Because we may only access customer’s data upon their instructions, if you wish to make your request directly to us, please provide us the name of the Workato corporate User who submitted your data to us. We will refer your request to that corporate User and will support them as needed in responding to your request in accordance with our contract with the relevant corporate User.
6. Data Retention
Workato will retain your personal information for a period of time consistent with the original purpose of collection (see the “Use and Sharing of Personal Information” section above) or as long as necessary to comply with our legal obligations, maintain accurate accounting, financial and other operational records, resolve disputes, and enforce our agreements.
We determine the appropriate retention period for personal information on the basis of the amount, nature, and sensitivity of the personal information being processed, the potential risk of harm from unauthorized use or disclosure of the personal information, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your personal information will be deleted.
Specific information about retention periods for components of a Workato Account can be found in the Data Retention section of our online documentation. Please also contact us if you have any questions.
7. Incident Management and data breach notification
If Workato becomes aware of and determines that an incident involving personal information qualifies as a breach of security leading to the misappropriation, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information that compromises the security, confidentiality or integrity of such personal information, Workato will report such breach to the Workato account holder within 48 hours.
8. International Transfers
Workato offers the option to host and process customer data in specific non-U.S. localities. When selected, all Account Data (as defined in the agreement), including Account configurations, meta-data, and definitions of Recipes and related assets, and Transaction Data (as defined in the agreement), is stored exclusively in the customer’s selected region. However, some personal information may still be transferred to the U.S. or other locations and processed there, including chat messages, payment information, support tickets and e-mails to Workato support, Usage Data, information posted to blogs, and information collected in connection with our educational offerings. Additionally, recipes and connectors made public by a Workato user will be made available globally. Please refer to Section 11 below for further information applicable to Users in the EEA and the UK.
9. Security Measures
We seek to protect personal information using appropriate technical and organizational measures based on the type of personal information and applicable processing activity, as detailed on our Security page. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to us may not be secure. Therefore, you should take special care in deciding what information you send to us via e-mail. You are responsible for the selection and use of any privacy settings or security capabilities within the Service, or Third-Party Applications.
10. Children's Personal Information
Workato does not knowingly collect any personal information from children under the age of 13. If you are under the age of 13, please do not submit any personal information through our Service. We encourage parents and legal guardians to monitor their children’s internet usage and to help enforce our Policy by instructing their children never to provide personal information on our Service without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to Workato through our Service, please contact us, and we will use commercially reasonable efforts to delete that information from our databases.
11. Notice to California Residents
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to: email@example.com or Workato Inc., 215 Castro St., Suite 300, Mountain View, CA 94041, Attn: Legal.
Moreover, we are required by the California Consumer Privacy Act of 2018 (“CCPA”) to provide this CCPA Notice to California residents to explain how we collect, use and share their personal information, and the rights and choices we offer California residents regarding our handling of their personal information, which the CCPA currently defines as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
This CCPA Notice does not apply to individuals with whom Workato engages in the individuals’ capacity as representatives of businesses that may provide services to Workato, or to which Workato may provide its Services.
California Privacy Rights: To the extent provided for by law and
subject to applicable exceptions, California residents have the
following privacy rights in relation to the personal information we
- Right to request access to information about categories of personal information Workato has collected about you, specific pieces of personal information Workato has collected about you, categories of sources from which the personal information is collected, business or commercial purpose for collecting personal information, and categories of third parties with whom the business shares personal information.
- Right to request deletion of any personal information collected about you by us.
- Right to opt-out of the sale of personal information. Please note that we do not sell personal information we collect from you, in accordance with the definition of sell in the CCPA and its supplemental regulations.
- Right against discrimination because you exercised the rights available to you.
- Right to protection against waiver of rights.
12. Notice to European Users
- Legal Bases For Processing
We are required to identify the legal bases for processing personal data about you. We process personal data as follows:
- Contractual Necessity: We process the following
categories of personal data as a matter of “contractual
necessity”, meaning that we need to process the data to perform
under our Terms of Service with you, which enables us to provide
you with the Services. When we process data due to contractual
necessity, failure to provide such personal data will result in
your inability to use some or all portions of the Services that
require such data.
- Essential Account Data
- Essential First-Party Cookies
- Billing Data
- Connection Data
- Online Form, Email and Chat Data used for support services
- Usage Data required for billing purposes
- Account information for third-party services (e.g., if a User logs into the Services using a third party such as Google or Office 365).
- Legitimate Interest: We process the following
categories of personal data when we believe it furthers our
legitimate interests or those of third parties, or your
legitimate interest. We will rely on our legitimate interests
for processing personal data only after balancing our interests
and rights against the impact of the processing on individuals.
- Profile Data
- Online Form, Email and Chat Data
- Usage Data
These legitimate interests include:
- Providing the Services to Users
- Facilitating usage of our Service
- Responding to your inquiries, comments, feedback or questions
- Managing our relationship with Users, which includes sending administrative information to Users relating to our Service and changes to our terms and conditions, and policies, and asking Users to leave a review or take a survey
- Providing personalized and customized content and information to Users
- Gaining insights about and making improvements to our business, products and services
- Administering and protecting our business and the Service, preventing fraud, criminal activity, or misuse of our Service, and ensuring the security of our IT systems, architecture and networks (including troubleshooting, testing, system maintenance, support and hosting of data)
- Providing information to current and prospective users of our products and services
- Compliance with legal obligations and legal process and protecting our rights, privacy, safety or property, and/or that of our affiliates, you or other third parties
- Other Processing Grounds: From time to time, we may also need to process personal data to comply with a legal obligation.
- Contractual Necessity: We process the following categories of personal data as a matter of “contractual necessity”, meaning that we need to process the data to perform under our Terms of Service with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such personal data will result in your inability to use some or all portions of the Services that require such data.
- Your Rights Regarding Your Personal Data
You have certain rights with respect to your personal data, including those set forth below, subject to certain conditions and exceptions. For more information about these rights, or to submit a request, please email firstname.lastname@example.org. In some cases, we may also need you to provide us with additional information, which may include personal data, if necessary to verify your identity and the nature of your request.
- Access: You can request more information about the processing of personal data we hold about you and request a copy of such personal data. You can also access certain of your personal data by accessing your account settings or contacting us at email@example.com.
- Rectification: If you believe that any personal data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by accessing your account settings or contacting us at firstname.lastname@example.org.
- Erasure: You can request that we erase some or all of your personal data from our systems by sending a request to email@example.com.
- Withdrawal of Consent: If we are processing your personal data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. However, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your personal data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
- Portability: You can ask for a copy of your personal data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible, if the processing of your data is based on your consent or on contractual necessity, and if the processing is carried out by automated means.
- Objection: You can contact us to let us know that you object to the further use or disclosure of your personal data for certain purposes by sending a request to firstname.lastname@example.org.
- Restriction of Processing: You can ask us to restrict further processing of your personal data by sending a request to email@example.com.
- Right to File Complaint: You have the right to raise a complaint about Workato’s practices with respect to your personal data to your local regulator. If you are a resident of the United Kingdom and believe that we maintain your personal data within the scope of the applicable laws relating to personal data in the UK, you may direct questions or complaints to the UK supervisory authority, the Information Commissioner’s Office.
- Transfer of Personal Data
14. Contact Us
If you have questions regarding this Policy or about Workato’s privacy practices, or to file complaints, please send your inquiries to:
Name: Workato, Inc.
Attention: Privacy Team
215 Castro Street, Suite 300, Mountain View, CA 94041, United States
Email address: firstname.lastname@example.org.