Effective on: Feb 20th, 2020
Introduction and Scope
Wizeline, Inc. and its affiliates Wizeline, S. de R.I. de C.V. (Mexico), Wizeline Vietnam Company Limited (Vietnam), Wizeline Singapore Pte. Ltd (Singapore), Wizeline Inc. Co. Ltd. (Thailand), Wizeline SL (Spain), and Wizeline PTY LTD (Australia) (collectively, “Wizeline”, “we”, “us”, “our”) take the protection of personally identifiable information (“Personal Data”) very seriously.
- in the course of providing professional software development and consulting services (the “Services”);
- in our website located at https://www.wizeline.com (the “Website”); and
- in our customer relationship management (CRM) software (collectively, with the Website, the “Sales and Marketing Systems”).
This Policy does not apply to Personal Data we collect by other means, such as Personal Data collected from or concerning our own employees.
Wizeline acts as an agent, also known as a data processor, for the Personal Data we process for our customers when providing our Services. This means that Wizeline’s customers determine the type of Personal Data they provide for Wizeline to process on their behalf.
Wizeline acts as a data controller for the Personal Data we process in our Sales and Marketing Systems.
Basis of Processing
With respect to our Services, we process Personal Data based on the instructions of our customers.
In our Sales and Marketing Systems, we may process your Personal Data on the basis of:
- the need to perform a contract with you or engage in precontractual necessities with you;
- our legitimate interests, such as our interest in marketing and selling our Services;
- the need to comply with the law; or
- any other ground, as required or permitted by law.
Where we receive your Personal Data as part of providing our Services to you based on a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.
How We Receive Personal Data
With respect to our Services, we may receive your Personal Data:
- when you provide it directly to us in the context of using or purchasing our Services; and
- when our customers (including their employees, contractors, and other representatives of a customer company) provide such information to us.
With respect to our Sales and Marketing Systems, we may receive your Personal Data:
- when you contact us directly by phone, email, or on our Website;
- our customers (including their employees, contractors, and other representatives of the company) provide it to us;
- our service providers provide it to us;
- we purchase lists of individuals who might be interested in becoming customers of ours; or
- when a friend of yours or one of our partners or customers refers you to our Services by providing your Personal Data to us.
If we receive your Personal Data from a third party, we will notify you, where required by applicable laws, without undue delay.
Categories of Personal Data
In the performance of our Services and in our Sales and Marketing Systems, we may process the following types of Personal Data:
- biographical information, such as first and last name;
- contact information, such as e-mail;
- employment information, such as your job title or company name; and
- any other type of personal data you choose to submit to us through our Services or the Sales and Marketing Systems.
Purposes of Processing
In the context of our Services, we may process your Personal Data for the purposes of:
- enabling the use of the Services; and
- responding to your inquiries, and/or other requests or questions.
We may process your Personal Data in our Sales and Marketing Systems for the purposes of marketing and selling our Services to you.
In the context of our Services, we retain Personal Data for as long as instructed by the respective customer (who typically acts as a data controller). We delete the Personal Data submitted to us within six months of the termination of the applicable service agreement, unless applicable laws require or allow for a different retention period.
In the context of our Sales and Marketing Systems, when the purposes of processing are satisfied, we will delete the related Personal Data within six months.
Sharing Personal Data with Third Parties
We may share Personal Data with our subsidiaries and affiliates, as well as with our service providers, who process Personal Data on behalf of Wizeline, and who agree to use the Personal Data only to assist us in providing our Services or as required by law. Our service providers include those providing:
- application hosting services;
- project management and content collaboration services;
- team communication services;
- software development services;
- e-mail software; and
- customer relationship management (CRM) software.
Such third parties may be located outside of the United States; however, we will either obtain your explicit consent to transfer your Personal Data to such third parties, or we will require that those third parties maintain at least the same level of privacy and security that we maintain for such Personal Data. Wizeline remains liable for the protection of your Personal Data within the scope of our certification to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) when we transfer that Personal Data to third parties, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.
Some of the third parties we may share your Personal Data with may be located in countries outside of the European Union or the European Economic Area. In some cases, the European Commission may not have determined that the legal environment in those countries provides a level of data protection that is essentially equivalent to the level of protection provided under European Union law. Transfers of your Personal Data to such third parties will be subject to appropriate safeguards, such as the standard contractual clauses for the transfer of Personal Data to third countries, as approved by, and available directly from, the European Commission.
Other Disclosure of Your Personal Data
We may disclose your Personal Data (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders; or (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or (iii) to our subsidiaries or affiliates only if necessary for business and operational purposes as described in the section above.
We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about individuals whose Personal Data we process in connection with providing our Services, as a group, for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, and customers.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy and security of your Personal Data.
If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to use all of our Services’ features. For more information, please visit https://www.aboutcookies.org/.
You may also set your browser to send a Do Not Track (DNT) signal. For more information, please visit https://allaboutdnt.com/. Please note that our Services do not have the capability to respond to “Do Not Track” signals received from various web browsers.
Data Integrity & Security
Wizeline has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.
Access & Review
If we process your or your child’s Personal Data, you may have a right to request access to, and the opportunity to update, correct, or delete, such Personal Data.
If we have received your Personal Data, you may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent that you have previously provided for your Personal Data to be shared with third parties, except as required by law. You also have the right to opt out if your Personal Data is used for any purpose that is materially different from, but nevertheless compatible with the purpose(s) for which it was originally collected or subsequently authorized by you.
Requests related to Personal Data collected by our customers through our Services (for which we are a data processor) should be sent directly to the Wizeline customer who provided your Personal Data to us. Wizeline has limited rights to access Personal Data our customers submit to us. Therefore, if you contact us with such a request, please provide the name of the Wizeline customer who submitted your Personal Data to us. We will forward your request to that customer, and provide any needed assistance as they respond to your request.
Requests related to Personal Data collected by us through our Sales and Marketing Systems should be sent to Wizeline at the contact information provided below.
EU-U.S. and Swiss-U.S. Privacy Shield Frameworks
With respect to personal data processed in the context of our Services, Wizeline, Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework, as adopted and set forth by the U.S. Department of Commerce and the European Commission, regarding the processing of Personal Data transferred from the European Union, the United Kingdom, and Switzerland. Wizeline, Inc. commits to adhere to and has certified to the Department of Commerce that it adheres to the Privacy Shield Principles in respect of all Personal Data it receives in reliance on the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
VeraSafe Privacy Program
Wizeline, Inc. is a member of the VeraSafe Privacy Program, meaning that with respect to Personal Data processed in the context of our Services, VeraSafe has assessed Wizeline, Inc.’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.
Where a privacy complaint or dispute cannot be resolved through Wizeline’s internal processes, Wizeline has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Privacy Shield Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
If your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by VeraSafe, you may have the right to require that we enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
U.S. Regulatory Oversight
Wizeline, Inc. is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
European Union Supervisory Authority Oversight
If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union member states.
Changes to this Policy
If we make any material change to this Policy, we will post the revised Policy to this web page and update the “Effective” date above to reflect the date on which the new Policy became effective. By continuing to use our Services after we post any such changes, you accept the Policy as modified.
If you have any questions about this Policy or our processing of your Personal Data, please write to our Privacy Team by e-mail at email@example.com or by postal mail at:
ATTN: Security Team
564 Market Street, Suite 314
San Francisco, CA 94104, United States
Please allow up to four weeks for us to reply.