Effective on: 16 May 2019
Where a privacy complaint or dispute cannot be resolved through Praxomony's internal processes, Praxomony has agreed to participate in the VeraSafe Dispute Resolution Procedure for disputes related to processing of Personal Data within the Application. Subject to the terms of the VeraSafe Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/
We typically process the following types of Personal Data within the Application:
We typically process the following types of Personal Data when responding to enquiries about our services, for the purposes of sending marketing communications, or otherwise as outlined in this Policy:
We may process the following types of Personal Data ("Billing Details") for billing purposes, if you are the billing contact for our client ("Client"):
We may receive your Personal Data directly from you when: (i) you use the Application as a user; (ii) you provide us with Billing Details; or (iii) if you send an email or an enquiry through the Website. Alternatively or in addition to Personal Data we receive directly from you, we may receive your Personal Data from: (i) a Client with which you are associated; or (ii) a Client that is managing solutions for the organisation with which you are associated.
If you visit our Website, we will automatically collect usage and technical data about your equipment, browsing actions and patterns. We will collect this Personal Data by using cookies and other similar technologies. Please see the "Cookies" section below for more information.
In relation to our Application, we are a data processor and we only process Personal Data on behalf of our Clients, who are typically acting as data controllers. This means that our Clients typically determine why and how the Personal Data is processed by our Application. However, where you contact us by email or through our Website and where we process your Personal Data for marketing purposes, we act as a data controller.
In relation to our Application, we process Personal Data based on the instructions of our Clients.
Where we process Personal Data as a data controller, we do so for our legitimate interests, such as marketing and offering our services to you. We may also use your Personal Data where we need to comply with a legal obligation or to perform our obligations under a contract we are about to enter into or have entered into with you. Where we receive your Personal Data directly from you for the purpose of providing you with our services, we require such Personal Data to be able to perform our contractual obligations to you. Without the necessary Personal Data, we will not be able to provide our services to you.
Generally, we do not rely on consent as a legal basis for processing your Personal Data although we will get your consent before sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We process Personal Data for the purposes of providing our services to our Clients and in particular:
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Where we act as a data processor, we retain Personal Data for as long as instructed by our Clients. We will delete Personal Data within six months of receiving an instruction to do such by the applicable Client.
Where we act as a data controller and when the purposes of processing are satisfied, we will delete your Personal Data within six months.
Please note that we may need to retain certain information (such as contact data and financial data) for longer periods in order to comply with regulatory, accounting, tax or reporting requirements (up to six years) or in the event of a complaint or where we reasonably believe there is a prospect of litigation in respect to our relationship with you. In each case we will only do so to the extent necessary for that purpose.
Our Application does not have the capability to respond to "Do Not Track" signals received from various web browsers.
We make Personal Data available to our service providers, who provide specific contracted services to help run our Application and our business. These service providers process Personal Data on behalf of Praxonomy. Such third parties include those providing:
Some of our service providers who receive your Personal Data may be located in countries outside of the European Union or the European Economic Area. In some cases, the European Commission may not have determined that the legal environment in those countries provides a level of data protection that is essentially equivalent to the level of protection provided under European Union law.
We will require that those service providers maintain at least the same level of data protection that we maintain for such Personal Data. Transfers of your Personal Data to such service providers will be subject to appropriate safeguards, such as the standard contractual clauses for the transfer of Personal Data to third countries, as approved by, and available directly from, the European Commission.
Praxonomy remains liable for the protection of your Personal Data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorised or improper processing. Our service providers are listed at www.praxonomy.com/legal/subprocessors.
We may also disclose your Personal Data:
We reserve the right to use, transfer, sell, and share aggregated, anonymous data we process in our Application for any legal business purpose, such as analysing usage trends and seeking compatible advertisers, sponsors, and customers. Such data will not include any Personal Data.
If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
Praxonomy has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorised processing such as unauthorised access, disclosure, alteration, or destruction.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If we store Personal Data about you, you may have a right to request access to, and the opportunity to update, correct, or delete, such Personal Data. You may also have the right to ask that the processing of your Personal Data be limited, to object to the processing of your Personal Data, or to ask to have your Personal Data exported in a machine-readable format. Where we act as a data processor and if you are not able to make such changes yourself through the Application, you should contact the System Owner or Administrators of the Praxonomy system with which you are associated. Where we act as a data controller, you may exercise such rights by contacting us using the information provided in the "Contact Us" section below. You also have a right to file a complaint to a data protection supervisory authority in the EU.
If we make any material change to this Policy, we will post the revised Policy to this web page and update the "Effective on" date above to reflect the date on which the new Policy became effective.
If you have any questions about this Policy or our processing of your Personal Data, you can contact us by email at firstname.lastname@example.org or by postal mail at:
Attn: Privacy Officer
10/F, Mass Mutual Tower
33 Lockhart Rd, Wan Chai
Please allow up to four weeks for us to reply.