By using the Service, you consent to our collection, use and disclosure of your personal information as described in this Policy. Protecting the privacy rights of data subjects and safeguarding their Personal Data is now being treated as a basic right of an individual and a legal requirement in many parts of world, being a global organization, respects the privacy of data subjects and is committed to complying with the applicable data privacy laws and legislations (including but not limited to EU General Data Protection Regulation 2016/679, California Consumer Privacy Act/California Privacy Rights Act, The Privacy Act 1988 (Australia) Data Protection Act 2018 (UK), Information Technology Act 2000 read along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and other applicable privacy laws to the extent that they apply to Xoxoday data processing and business operations) (the “Data Privacy Laws”).
We take your privacy seriously. If you have any questions about this Policy or about privacy at Xoxoday, please contact us at [email protected].
The meaning of some of the terms in use in the Policy are explained below:
When a Customer Company indicates interest in our Service, we collect the following information via our sign-up form: full name, email address, company name and phone number. We collect this information through a landing page which an interested Customer Company might access through forms on various directory services detailed in our Third-Party Provider.
We collect human resource (“HR”) information, and other information about Employee Users, from the Customer Company, and at the Customer Company’s option, such as: full name, email address, phone number or any other information that may be required from time to time. This Data is provided by the Customer Company’s HR department directly or indirectly by allowing Xoxoday to connect customer systems like HRMS, Single sign on systems etc, and is loaded and maintained in our system to allow for analytics. As noted above, we collect certain HR information about Employee Users directly from the Customer Company.
When Employee Users answer surveys or engage in conversations with peers on the App, Site, or System by voting on surveys or engaging in text conversations between peers, we collect employee opinions from Employee Users. Employee User votes or comments are connected to their authors. When a User visits our Site, we use certain tracking data (“Tracking Information”). We use Google Analytics and Freshdesk for Tracking Information.
The following Tracking Information is collected: email address, device ID, IP address. We collect your email address, IP addresses and device information, directly through inclusion of their sdk/pixel or any other information which may be required from time to time. Tracking Information is collected via the Site and our web-applications, as well as via our iOS and android implementations.
If a third party is not paying for the service on your behalf, We will collect the billing and financial information necessary to process your charges for Xoxoday services which require payment, which may include your postal and e-mail addresses. Xoxoday may also receive the billing and payment information that you provide when your purchase is processed by another party, such as Paypal etc. Our Terms of Service explain our policies and terms relevant to our charges and billing practices. Please note that establishing an account with a third-party payment processor, like PayPal etc, may also be subject to additional policies.
When you access our websites or use our Services, we collect -
When you access the Service, we collect certain technical information in order to -
We may collect or receive information from other sources including third party information providers. This information will be used to supplement your profile - primarily to help you and your friends connect. It will be combined with other information We collect.
In general, we collect, store, and use your information to provide you with a safe, smooth, efficient, and customized experience. For example, we may use information collected from you in any one or more of the following ways:
We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:
Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary.
We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc. We necessarily have to share your Personal Data with such third parties as may be required to perform their functions. We take necessary steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum(s), EU Model Clauses and/or ensuring these third-parties have EU-U.S. and Swiss-US Privacy Shield certification.
We have implemented reasonable administrative, technical, and physical security measures to protect your personal information against unauthorized access, destruction, or alteration. For example:
We do not knowingly collect any personal information from children under the age of 16. If you are under the age of 16, please do not submit any personal information through our Websites or Services.
We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Websites or Services without their permission. If you have reason to believe that a child under the age of 16 has provided personal information to us through the Websites or Services, please contact us at [email protected], and we will use commercially reasonable efforts to delete that information.
To exercise any of these rights, please email us at [email protected]
As per the California Consumer Privacy Act of 2018/California Privacy Rights Act (“CCPA/CPRA”) -
If you are a California resident, you have the rights outlined in this section.If you are a California resident and there are conflicts between this section and any other provision of this Policy, the portion that is more protective of your Personal Data shall control. If you have any questions about this section or whether any of the following applies to you, please email [email protected]
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. We will provide you with the following information:
If we have disclosed your Personal Data for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient as per CCPA/CPRA.
You have the right to request that we delete the Personal Data that we have collected from you. Under the California Consumer Privacy Act of 2018/California Privacy Rights Act (“CCPA/CPRA”), this right is subject to certain exceptions. For example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Exercising Your Rights
To exercise the rights described above, you must send us a request that
(1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data (this will require you to send an email from the account in question or login credentials), and
(2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request.
You may submit a Valid Request by emailing [email protected]
You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to do, and we may request a copy of this written permission from your Authorized Agent when they make a request to exercise your rights on your behalf.
We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA/CPRA.
We will not discriminate against you for exercising your rights under the CCPA/CPRA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA/CPRA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA/CPRA) with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
Any complaints or grievances received about our use of Personal Data, Personal Information or Sensitive Personal Data and any communications regarding enforcement of your privacy rights should be promptly directed to our Data Protection Officer Complaints.
Attn: Data Protection Officer
Email ID - [email protected]