WHATFIX

Privacy Notice

Effective Date: 23rd September 2021

Last Updated on: 10th October 2024

This privacy notice (“Notice” / “Privacy Notice”) explains how Whatfix Private Limited (Formerly known as Quicko Technosoft Labs Private Limited), a company incorporated in India bearing CIN U72200KA2010PTC055487 and having its registered office at 1090e, 18th Cross Rd, Sector 3, HSR Layout, Bengaluru, Karnataka 560102 (“We” or “Us” or “Our” or “Whatfix”) processes Personal Data which We collect from you in Our capacity as a controller, where We determine the purposes and means of processing of your Personal Data.

We process information relating to an identified or identifiable natural person (“Personal Data”)in accordance with this Privacy Notice and in compliance with the relevant data protection regulation and laws. This Notice provides the necessary information regarding right and obligations for concerned parties, and explains how, why and when we process Personal Data.

LEGAL BASIS FOR PROCESSING OF PERSONAL DATA

If you are a data subject , Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which We collect it. We will normally collect Personal Data from you only where it is needed to perform a contract with you, where the processing is in Our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where We have your consent. In some cases, We may also have a legal obligation to collect Personal Data from you. If We process Personal Data with reliance on your consent, you may withdraw your consent at any time. If you have questions or need further information concerning the legal basis on which We collect and use your Personal Data, please contact Us using the contact details provided under the “HOW TO CONTACT US” section of this Notice.

SHARING OF PERSONAL DATA

  • You acknowledge that We will share your Personal Data with Our group companies and third-party service providers so that they may offer you Our Service(s) and/or to send information or updates to the Service(s) if you have subscribed to Our Service(s) by agreeing to the Terms (“Subscriber”). We conduct a due diligence on such third-party service providers prior to sharing your Personal Data with them. When We process your order where you are a Subscriber, We may send your Personal Data to and also use the resulting information from credit reference agencies to prevent fraudulent purchases.
  • We share Personal Data with Our third-party service providers that host, maintain or provide Our websites, applications, backup, storage, analytics and other services. A list of our current third party service providers is available here. These third-party service providers may have access to or process your Personal Data for the purpose of providing these services for us.
  • We share your Personal Data with such third-party service providers only on a contract basis where such service providers assure that they are and shall be in compliance with the applicable data protection laws.
  • We may be required to disclose your Personal Data in response to: a) lawful requests by public authorities, including to meet national security or law enforcement requirements and/or b) subpoenas, court orders, or legal process, or to establish or exercise Our legal rights or defend against legal claims.
  • We may also share Personal Data to assist investigation and prevention of illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Our Terms, or as otherwise required by law.

COLLECTION AND USE OF PERSONAL DATA

We collect and process the following Personal Data about you.

1. Information you provide Us:

  • Subscription Information: When you subscribe to any of Our Service(s) by agreeing to the Terms of Services, We may collect your (i) contact information such as name, email address, mailing address, IP address, geographic location, or phone number of the account admin; (ii) name and email address when account admin/user(s) provide feedback from within the Service(s); and (iii) unique identifiers, such as username, account number or password. Subject to this Notice, we will use such data to (i) provide you the Service(s); (ii) send you communication from the Service(s); (iii) assess needs of your business to determine or suggest suitable Service(s); (iv) send you requested information about the Service(s); (v) respond to customer service requests, questions and concerns; (vi) administer your account; (vii) send you promotional and marketing communications (where you have requested us to do so); and (viii) facilitate your transactions with other users when you use Our Service(s).
  • Job Application(s): When you apply for an open position by populating the application form on our website(s), We may collect your (i) contact information, such as name, email address, mailing address, phone number, links to your social networking profiles; and (ii) any other information contained in the resume that you submit to us. Subject to this Notice, We will use such data to evaluate you for the open position that you have applied for or any position that we consider you suitable for at the time you submit your resume or at any later date. Unless you notify us otherwise by an email to [email protected], We will retain such data for a period of 6 (six) months for archival purposes. If you wish to update the data you provided to us, you may do so by contacting us at [email protected].
  • Websites: When you register for any of Our events or programs, including seminars or webinars through a registration form on Our website, visit Our publicly accessible community forums and blogs or submit any forms on Our website(s), We may collect information such as name, email address, company name and website URL, company details, location and contact information. Subject to this Notice, We will use such data to (i) facilitate your use of the program or event for which you have registered; (ii) send you requested information about Our Service(s); (iii) respond to your requests, questions and concerns; (iv) assess needs of your business to determine or suggest suitable Service(s); (vi) send you requested information about the Service(s); and (vii) send you promotional and marketing communications (where you have requested us to do so).
  • Cookies and similar technologies: We and Our third party advertising partners use cookies, gifs, log files, web beacons and similar technologies that collect Personal Data and help Us to analyze trends, administering the website, tracking users’ movements around the site, and gathering demographic information about Our user base as a whole. Please see Our Cookies Policy for further information about Our use of Cookies and similar technologies.

2. Information that We collect from other sources:

We may also receive your Personal Data from other sources which include sources such as Our business partners, social media services, marketing service providers, email add-ons in the following manner: (a) from third party sources like databases and social media but only where We have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your Personal Data to Us; (b) We may also obtain Personal Data if you authorize Us to connect with a third-party service including single sign- on services such as Google and Facebook Connect. We will access and store your name, email address(es), current city, profile picture URL, and other Personal Data that the third- party service makes available to Us and use and disclose it in accordance with this Notice; (c) other information such as location information, device information, browser information, information regarding the date and time of your access to Our Service(s), navigational information such as the websites you visit and/ or access.

TRANSFER OF PERSONAL DATA

We process Personal Data in USA and India. If your Personal Data is processed outside country, state or region, We will ensure that the recipient of your Personal Data offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of Personal Data as approved by the European Commission (Article 46 General Data Privacy Regulation, 2016), or We will ask you for your prior consent to such international data transfers.

YOUR RIGHTS

  • Right of access: You have the right to access any Personal Data that We process about you and to request information about:

– What Personal Data We hold about you
– The purposes of the processing
– The categories of Personal Data concerned
– The recipients to whom the Personal Data has/will be disclosed
– How long We intend to store your Personal Data for
– If We did not collect the data directly from you, information about the source.

  • Right to rectification: If you believe that We hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and We will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
  • Right to erasure: You also have the right to request erasure of your Personal Data or to restrict processing in accordance with the data protection laws; as well as to object to any direct marketing from us.
  • Right to data portability: Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making We may use.
  • Right to object: You have the right to object / restrict the processing of your Personal Data in certain circumstances, including where such Personal Data is no longer required in light of the purpose of processing, or in connection with direct marketing, and/ or by utilizing the opt-out mechanisms that We provide to you.

If We receive a request from you to exercise any of the above rights, We may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure. Requests to access, change, or remove your information will be handled within thirty (30) days.

SECURITY

We use appropriate technical and organizational measures to protect the Personal Data that we collect and process. The measures Whatfix uses are designed to provide a level of security appropriate to the risk of processing Your Personal Data as specified in Our security policy. If you have questions about the security of your Personal Data, please contact us immediately as described in this Policy.

CHOICE

If personal data covered by this Privacy Policy is to be used for a new purpose that is materially different from that for which the personal data was originally collected or subsequently authorized, or is to be disclosed to a non – agent third party in a manner not specified in this Policy, Whatfix will provide you with an opportunity to choose whether to have your personal data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to us specified in the “How to Contact Us” section below.

Whatfix will not use Personal data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individuals unless Whatfix has received your affirmative and explicit consent(opt-in).

ACCOUNTABILITY FOR ONWARD TRANSFER

If you are an EU, UK or Swiss Individual, where we transfer your personal data to third party service providers(see above) who perform services for us on our behalf, we are responsible for the processing of that data by them and shall remain liable if they process your personal data in a manner inconsistent with the EU – GDPR, UK – GDPR, or Swiss – FADP, as applicable, or the DPF principles referred to below, unless we prove that we are not responsible for the event giving rise to the damage.

GRIEVANCE OFFICER

Whatfix has appointed the data privacy officer as the grievance officer, who may be contacted at [email protected]. You may address any grievances you may have in respect of this privacy policy or usage of your Protected Information via this officer.

DATA PRIVACY FRAMEWORK(DPF) PRINCIPLES

Users’ information may be stored, processed and/or accessed in the United States or in any other country in which Whatfix or its affiliates, subsidiaries or agents maintain facilities.

When using the Whatfix Platform, our Customers have promised us that such Their Users have consented to any such transfer of information outside of the End Users’ home country.

Whatfix complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.  Whatfix has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Whatfix has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Whatfix commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

Whatfix is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. Whatfix complies with the DPF Principles for all onward transfers of personal data from the EU, Switzerland, and UK including the onward transfer liability provisions.

For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration as per DPF guidelines. 

Further information can be found on the official DPF website.

How to Contact Us for EU-US DPF

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Whatfix commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Whatfix at: [email protected]

Whatfix is subject to the investigatory and enforcement powers of the US Federal Trade Commission(FTC).

MINORS AND CHILDREN’S PRIVACY

Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 16, and We do not knowingly collect Personal Data from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. If We learn that Personal Data has been collected on the Service from persons under 16 years of age and without verifiable parental consent, then We will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has obtained an Account on the Service, then you may alert us at [email protected] and request that We delete that child’s Personal Data from our systems.

DATA RETENTION

We retain the Personal Data collected where an ongoing legitimate business requires retention of such Personal Data. In the absence of a need to retain Personal Data as specified herein, We will either delete or aggregate it or, if this is not possible then We will securely store your Personal Data and isolate it from any further processing until deletion is possible.

HOW TO CONTACT US

We only process your Personal Data in compliance with this Privacy Notice and in accordance with the relevant data protection laws. If, however , you wish to raise a complaint regarding the processing of your Personal Data or are unsatisfied with how We have handled your information, you have the right to lodge a complaint with our Data Protection Officer at [email protected]. If you are an EU resident you have the right to complain to the appropriate data protection authority.

CHANGES TO OUR PRIVACY NOTICE

We reserve the right to update or modify this Privacy Notice at any time and from time to time without prior notice. If We make any material changes to the way We use or disclose your Personal Data, We will notify you by email, at the email address you have provided to us. If you object to any changes you must cease using our Service(s). Please review this Privacy Notice periodically by visiting this webpage from time to time as changes to this Privacy Notice are effective when they are posted on this page.

NOTICE TO END-USER AND OTHER EXCLUSIONS

Our Service(s) are intended for use by enterprises. Where the Services are made available to you through a Subscriber, that enterprise is the Controller of your Personal Data. Your data privacy questions and requests should be submitted to the Subscriber in its capacity as your Controller. If you are an individual who interacts with a Subscriber using our Services, then you will be directed to contact our Subscriber for assistance with any requests or questions relating to your Personal Data. We are not responsible for Subscribers’ privacy or security practices which may be different from this Notice. Subscribers to our Services are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as any and all privacy policies, agreements or other obligations, relating to the collection of personal information in connection with the use of our Services by End Users. We collect information under the direction of our Subscribers, and have no direct relationship with individuals whose personal information We process in connection with our Subscriber’s use of our Service(s)

With the exception of Personal Data collected when you register for an account to access or utilize Our Service(s) and other information We collect in connection with your registration or authentication into Our Service(s), this Notice does not apply in connection with access and use of Our Service(s). The security and privacy practices, including how We protect, collect, and use electronic data, text, messages, communications or other materials submitted to and stored within the Service(s) by you (“Customer Data”), are detailed in and governed by Our Terms or such other applicable agreement between you and Us relating to your access to and your use of such Services.

Our website contains links to other websites. Our Notice applies only to Our website(s), so if you click on a link to another website, you should read their privacy policy. We encourage you to review the privacy statements of any such other websites to understand their Personal Data practices.

PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

This section provides additional details about the personal information We collect about California consumers and consumers’ rights under the California Consumer Privacy Act (“CCPA”). This section applies only to California residents and their personal information We collect as a business (as defined in the CCPA).

  1. Collection of Personal Information: The categories of personal information We have collected in the 12 months prior to the Effective Date and that We may collect include:
    a. Identifiers such as a real name, , , unique personal identifier, , Internet Protocol address, email address, registered account name, , a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers or similar technology;; telephone numbers, or other forms of persistent or probabilistic identifiers that can be used to identify a particular consumer or device.
    b. Internet or other electronic network activity information, including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with an internet website, app or advertisement related to Digital Adoption Platform.
    c. Geolocation data.
    d. Audio, electronic, visual, or similar information
    e. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, behavior, abilities and aptitudes.We collect this personal information for business purposes as described in the “INFORMATION THAT WE COLLECT AND HOW WE USE IT” section of Our Privacy Notice.
  2. Disclosure of Personal Information: We have disclosed the categories of personal information listed in clause 1 above for a business purpose in the 12 months prior to the Effective Date and may disclose such personal information to service providers who support our business provided they do not sell such personal information or retain, use or disclose such information for any purpose other than for the specific purpose of performing the services specified in our contract with them. We do not sell (as the term is defined in the CCPA) the personal information we collect, including personal information of minors under 16 years of age, and will not sell it without providing a right to opt out. We have not sold (as the term is defined in the CCPA) any personal information in the 12 months prior to the Effective Date.
  3. Your rights: You have certain rights, subject to certain limitations under applicable law,
    with respect to your personal information, including:
    a. The right to request disclosure of details of personal information collected
    b. The right to request disclosure of information sold (as defined in the CCPA)
    c. The right to deletion of your personal information.
    d. The right to “opt out” of any sale (as defined in the CCPA), if such sale occurs.
    e. The right not to be discriminated for exercising your rights under CCPA
  4. California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected].We will verify your request using the information associated with your account, including email address and / or Government identification. We will let you know if We need additional information to verify your identity. Consumers may also designate an authorised agent to exercise these rights on their behalf.
  5. Where we are a service provider: We may also act as a service provider (as the term is defined in the CCPA). When We act as a service provider, including by providing Our services to another company that you interact with, We follow the instructions of the company that engaged us as a service provider and you should directly contact that company if you have any questions or would like more details on how your personal information is processed by that company.

THIRD-PARTY SERVICES

If you are using Whatfix video channel authentication using YouTube to upload flow videos, we use YouTube API services. Please refer to Google Privacy policy and Google Security Settings page for further information.