This information is our Privacy Notice. It explains what we do with your personal information, why we want to use it, how we protect it, and what rights you have to control our use of your personal data.
The most important fact is that it’s your personal data. We have complete respect for your rights and we will only use it where necessary to deliver our services to you or your employer, or to keep you up to date about developments in our products.
Information about the data controller:
The data controller is Deskworks LLC, 100 S. Murphy Avenue, Suite 200, Sunnyvale, CA, 94086, USA.
If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please email us at [email protected]. We use this email address for all data protection and data access matters.
The purpose and lawful basis for processing your personal data:
We use information for a few different purposes and these each have a different lawful basis. This section describes these in detail and, although it’s technical, we’re required by law in some countries to explain this to you.
If you are an existing Deskworks customer:
We hold your name, contact details and payment method information because we have a contractual obligation to deliver services to you. We need these details to deliver our services (such as send you update emails when you need to take actions, send you invoices, charge for payment and so on.) We will hold your information for seven years after the expiry of your Deskworks subscription, for legal and financial records. However, if you want your contact details removed from our database after termination of services, contact us and we will remove all information except for your client name and transaction history.
If you are a previous Deskworks customer:
We may continue to contact you with information about our services because we think you will find it useful. We believe we have a legitimate interest in this direct marketing activity (and this is also permitted under the Privacy and Electronic Communications Regulations or “PECR”), but you are always able to unsubscribe by clicking the link at the bottom of the emails we send, or by emailing us at [email protected].
If you are an employee of (or temporary or contract worker at) an existing Deskworks customer:
You should note that we may have been given your personal or business email or phone number by you or your employer; we may not have collected it from you directly. We hold your name and contact details so that we can assist you with use of Deskworks or provide other information to you about the product. We have a legitimate interest in being able to use your information in this way. We will hold your personal information for seven years after the expiry of your employer’s Deskworks subscription, for legal and financial records. However, if you want your contact details removed from our database after termination of services or your employment, contact us at [email protected] and we will remove your contact details. Logs that track transactions within your company’s instance of Deskworks will continue to display your name for audit purposes.
If you are a supplier or other business associated with Deskworks’ field of work, we will hold your contact details because we have a legitimate interest in doing business with your company. We will aim to hold this information for three years after we were last in contact with you. It’s possible we picked this information up from public directories (such as LinkedIn and internet searches) or that you passed your details to us with a business card.
If you visit our website or use our web app (by creating an account &/or logging in to an instance of Deskworks,) we use Google Analytics and Hotjar on our website to track user activity, so we can improve our service. We may record your computer’s IP address for marketing purposes and so we can tell how each user and repeat visitor is using our site. (Your IP address is also a piece of your personal data.) We have a legitimate interest in tracking user journeys on the site so that we can improve our service. We will hold IP information for three years from the time of your last visit to our site or application.
If you’re not an existing customer we may have your contact details on our marketing list so we can send you emails and newsletters about our service, along with information we think you’ll find interesting and useful. We will only send you this information if we have your consent (which you gave to us by ticking a consent box when you signed up to our lists or requested information) or if you have reached out to us by phone, email or in person. You may withdraw consent at any time – usually this is easiest by choosing the “unsubscribe” option at the bottom of information we send to you. You can also email us at [email protected] any time. Please note that if you do this, we will delete your records on our marketing list.
If you remain on our marketing list, we will hold your information for three years from the time we last checked that you wanted to receive communication from us.
Who we share your personal data with:
We use a number of different service providers (acting as “data processors”) who provide IT, payment processing and support services to enable us to operate our business and the services we provide to our users and partners. Your personal data is transferred to (and stored by) these data processors, who generally fall under the following categories:
- Website analytics service providers
- Website and data hosting service providers
- Document storage service providers
- Email, contacts and calendar service providers
- CRM and newsletter distribution service providers
- Cloud-based hosting service providers
- Accounting software service providers
- Credit card vault and payment gateway providers
For security reasons (to reduce the risk of phishing attacks to our customers) we do not name all our service providers in this notice. The types of personal data that may be transferred to our data processors are set out above. Please contact us at [email protected] for further information on specific data processed or on specific data processors.
Other circumstances in which we may share personal data with third parties
We may also share your personal data with the following third parties in certain circumstances:
- Law enforcement or other authorities (such as tax authorities) if required by applicable law.
- Third parties to whom we may choose to sell, transfer, or merge parts of our organisation or our assets. Alternatively, we may seek to acquire other organisations or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- Professional advisors such as lawyers, accountants or auditors in order for them to provide their services to us.
We will not sell or rent your information to third parties and we will never share your information with third parties for marketing purposes other than our own marketing activity.
International transfers of personal data, and the measures in place to safeguard it
Deskworks is a U.S.-based business, and this section explains the impact of international transfers of personal data and how your information is protected.
Many of our data processors operate “cloud-based systems”, which means the information is held in information data centers in different locations. All the cloud-based systems we use reserve the right to hold copies of your personal information outside the EEA. If you choose, your instance of Deskworks can be housed in a data center other than in the U.S., and potentially in the same country that your operation is in.
In each case we and/or our processors use one or more of the following means that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of abuse:
- Certain processors may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where personal data is transferred outside the EEA or countries the EC deems to have adequate privacy protection, we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Providers storing data in the US may be self-certified to the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us at [email protected] if you want further information on the specific mechanisms used by our data processors when transferring your personal data out of the EEA.
Your personal data rights
The personal data we hold about you is your data, so you have certain rights over them. This section summarises your rights. You can exercise any or all these rights when you choose. The easiest way is by email to [email protected] .
Where we are processing your data based on your consent (e.g. for marketing purposes) you can withdraw that consent and we must immediately stop processing your data. Please note that up to that point, we’re acting lawfully with your consent. Withdrawal of consent cannot be backdated.
You have the right to request a copy of all personal data we hold relating to you and we must provide this within 30 days. You also have the right to require us to correct any records that are wrong.
You have the right to require us to erase personal data and we must comply unless we need it for one of the purposes described above (for example, this might include the fact that your employer’s instance of Deskworks needs to track who created a transaction for audit purposes.) We also retain the right to keep data that is needed to establish, exercise or defend a legal claim.
Where we process your data based on a “legitimate interest” (underlined in the section on Purpose and Lawful Basis, above) you still have the right to object to our processing of that data. From that point, we must stop processing your data until we have determined whether your rights override our interests.
Finally, you may have the right to have your personal data transferred to another organisation, and we’re obliged to provide it to you in a clear and reasonable format.
Your rights to lodge a complaint with the Regulator
At all times, you have the right to report a concern or lodge a complaint with the appropriate governmental body. In the UK, this is the Information Commissioner’s Office, at https://ico.org.uk/concerns/ or by calling them on 0303 123 1113.
Of course, we hope that we can resolve your issue quickly and fairly – you can contact us at [email protected].
Our contractual requirements to use your personal data
If you’re a Deskworks customer, it’s a requirement that we collect personal information from you so that we can enter into a contract with your company.
If you’re an employee (or temporary or associated worker) at a Deskworks customer, we have a legitimate interest in using your personal data so that Deskworks can track your usage for audit purposes, as well as for training and support. Your employer will require us to do this through our contract with them. For this reason, we use our legitimate interests as the lawful basis for processing your data (which is why we don’t ask for your consent to process it.)
Automated processing of your personal data
If you are a user of Deskworks, your billing and payments are processed automatically. You have access to your data at any time through your login to the program to correct your personal information and update your payment information. If you are a client of ours, we will also correct information for you and can change the plan you are on. And as a client, your clients and members can correct their own information, and you can correct it for them through your instance of the program.
A possible consequence of automation is that charges occasionally can have errors or require discussion.
You have a right to object to the result of this automated processing and have it reviewed by a real person. You can contact us at [email protected] or by clicking the Contact button on the sidebar in your instance of Deskworks to discuss any charges or modifications or have any automated processing we do reviewed by someone.
We also use Mailchimp and and a CRM to undertake some automated communications activities. You are able to manage the information you receive from us through these channels at any time.
Other purposes for processing personal data
We don’t process your personal data for any other purpose than we’ve described here. We won’t sell your personal data to other companies.
As we develop the Deskworks range of products, we might add a new data process to our platform that uses your personal information. Should we decide that we want to develop a new processing purpose, we will contact you to let you know what we intend to do, the lawful basis we will use, and your rights over our intended new processing. We’ll also publish information about it on our website.
Changes to this privacy notice
This privacy notice was last updated on January 10, 2021 and historic versions can be obtained by contacting us. We may change this privacy notice from time to time by amending this page.
How to contact us
If you have any questions, concerns or just want some more information about our privacy management, drop us a line at [email protected]