Privacy Policy

Definition

Personal Data

Any information that relates to the identification of the person, whether directly or indirectly, by reference to any other item of information (e.g. email address, pictures, IP address), which is in the possession of or is likely to come into the possession of the data controller.

Data Processing

Set of operations that involve personal data, whether or not by automatic means. Thus, it includes the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure, or destruction of personal data.

Data Controller

The authorized person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data where the purposes and means of such processing are determined by Union or Member State law, the data controller.

Data Processor

The collection and processing of personal data may involve a “data processor,” an authorized person who actually collects and processes personal data upon instructions from, on behalf of, and under the surveillance of the data controller.

Data Subject

The person to whom the personal data relates.

Data Protection Authority (DPA)

The public body or organization that is entitled by law to regulate data protection issues in a certain country.

Cookie

A small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser may send the cookie back to the server to notify the website of the user’s previous activity.

Data Protection

The employment of technical, organizational, and legal measures in order to achieve the goals of data security (confidentiality, integrity, and availability), transparency, intervenability, and portability as well as compliance with the relevant legal framework.

Data Retention Period

The length of time for which the data is kept. In this respect, it should be noted that, as a general principle, personal data can be kept for no longer than is necessary for the purposes for which the personal data is processed.

Third-Party

Any authorized person, public authority, agency, or any other body apart from the data subject, the data controller, the data processor, and the people who, under the direct authority of the data controller or the data processor, are authorized to process the data. This means that people working for an organization that is legally different from the data controller – even if it belongs to the same group or holding company – will be (or will belong to) the third party.

Regulation

The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

1. Introduction

1.1 This privacy policy controls the personal data processing of any independent individual user or visitors of Desklog. It includes personal data processing by Desklog with respect to companies, organizations and their employees with their Desklog account (Client account) within their registered service.

1.2 It may process personal data with respect to data protection laws and data subjects within the government standards and comply with GDPR.

1.3 Desklog acts as a Data controller and defines the purposes for the following data processing:

Personal data of the clients or the users who transfer their personal data to Desklog, such as independent individuals, freelancers (who use Desklog account for their own purpose)

Personal data of the subscribers who are interested in the updates and other news of Desklog but are not the registered users of Desklog.

1.4 When the data is transferred from the clients to Desklog and when the personal data is processed by Desklog, then it acts as a data processor.

2. Data processing on behalf of clients by Desklog

2.1 This section relates to Desklog clients that transfer end-user personal data. Here the end-user of the client relates to the employees of the client. With respect to this transferred data, the client shall define the purpose and means of personal data processing. Thus the client acts as the data controller.

2.2 Desklog processes the personal data of the end-user on behalf of the client and Desklog acts as a data processor and accesses the data for providing the service.

2.3 If you as the end-user(employee) of the Desklog client account, the privacy policy of the client(employer or the organization) will apply. The personal data of the end-user is processed on behalf of the client by Desklog. Any inquiry, request, complaint, objection subjected to the profile of the end-user created by the client should be addressed and resolved by the client and thus the client is the data controller.

Data Processing Details

2.4 When the client transfers the personal data of the end-user(Client’s employee) to the Desklog, the data is processed by Dessklog in accordance with the agreement between the client and Desklog.

2.5 Desklog processes data in compliance with the data protection laws including GDPR wherever applicable.

Data subject categories and type of personal data

2.6 The data subject categories whose personal data processed on behalf of the client include the end-user of the client, client’s employees, representatives, or other users that will use the registered client account. The information collected on the personal data is indicated in section 4.

2.7 The client ensures that it has obtained all the legal bases, consents for personal data processing of end-users. The client should confirm that the end-users are informed about the personal data being transferred to Desklog and other integrated third parties of Desklog for rendering the service.

Data processing period

2.8 Desklog will process the personal data of the end-user as long as it provides the service to the client with the active Desklog account.

2.9 If the end-user profile or account is deleted by the client, then for the analytical interest of the client Desklog will process the deleted account data on behalf of the client. However, the same data can be deleted upon the client’s instruction.

2.10 After the period of the contractual relationship between Desklog and client, Desklog may continue to store some personal data (minimum amount) as required to comply with legal obligations, to resolve any future disputes between Desklog and client, to ensure reliable back-up, to prevent fraudulent activities, to implement agreements, to follow the legitimate interest of Desklog and its associated third parties.

Sub-processors

2.11 The client agrees that Desklog process data for rendering the service and uses sub-processors and the services provided are indicated in section 6. The sub-processors will be in compliance with legal obligations and with the requirements of GDPR. If sub-processors fail to comply with the legal obligations of data protection, Desklog shall be liable to the client.

Support for the data controller

2.12 As a data processor Desklog will support the client with organizational or technical measures, as far as possible to fulfill the obligations of the client as the data controller:

Any request sent directly from the end-user to Desklog with respect to the access, restriction, deletion, blocking of personal data will be promptly forwarded to the client.

The personal data breach of the client’s end-user shall be notified to the supervisory authority.

The data protection assessments are prepared where appropriate and carry out consultation with the supervisory authority where ever required.

Data Deletion

2.13 After the period of the contractual relationship between Desklog and client, Desklog may continue to store all data for a period of 6 months and if there is no perusal to extend the contract within the specified period, it may delete all data unless it is required by the applicable law.

3.The Necessity To Collect Personal Data

The nature of our product Desklog and the services we provide with the same require the collection and use of your personal data. When purchasing and using Desklog, you enter into a contractual relationship with IOSS. By virtue of that relationship and to allow us to provide the services required, we collect and process your personal data. Prior to starting to use our services, you are obliged to familiarize yourself with and accept our terms and conditions for processing the personal data contained therein.

3.1 Conditions and purposes for processing

3.1 As a data controller, Desklog shall process data to render service, to enhance our service, to address and resolve any service-related issues you may face, and ensure the best customer experience.

How We Use Your Personal Information

3.2 Desklog collects the data for the following purposes. However, not limited to:

• To get registered and avail of the service by creating your account with Desklog.
• To send invoices, payment processing for the service provided by Desklog.
• To personalize the service with your account settings.
• To communicate regarding the service-related queries and to support your requests.
• For analyzing your performance as a Desklog feature.
• To enhance service and to update the features within the service period.
• To analyze our service with your service usage and enhance accordingly.
• To deliver advertisements, offers, promotions to you.
• Legitimate data protection with respect to Desklog terms and conditions and other third parties integrated.

Consent will be put forward to use your information for any other purpose which is not mentioned in this privacy policy.

3.3 Legal conditions for personal data processing vary depending upon a certain group of data and the associated purpose. The same personal data may be used simultaneously for several purposes and may depend on one or more legal grounds.

4. What Type Of Information collected from Desklog users

We do not compel you to provide us your personal information and you agree that you are voluntarily providing it to Desklog. Personal information may be used to provide you the related services of Desklog. We may collect your personal data to improve our service and improve business decisions.

We collect several types of data to contact you or notify you regarding any updates.

Personally Identifiable Information

4.1 We may collect your personal data when you affirmatively choose to submit the data when required for any purpose.

The data which identifies you personally are as follows but not limited to :

• Email address
• First name and last name
• Phone number

Third-party integrations

4.2 You may select third-party integration available with Desklog service. Third-party integration is a tool or software which is integrated with the Desklog service and you may enable or disable the service with your active Desklog account. Any personally identifiable information will not be shared with a third party unless it is required to provide any particular service requested by or agreed by you. However, we reserve the right to disclose personal information as required by the applicable laws.

Desklog has the right to aggregate user data and filters out all personally identifiable information to share the data with a third party.

4.3 When the third -party integration is enabled, they may share certain information with Desklog. For example, any third-party service is used, then the details used for sign up with the third party like your name, the email address may be shared with us. The privacy setting of the third party should be checked to know what type of information may be shared with us.

Information collected during account configuration

4.4 When you configure settings of your Desklog account, including tracking preferences, the following information will be collected. However, not limited to:Personal Data

Time zone, Location, work duration, start and end time of work, working days, start and stop time of work tracking, application names to be gathered, etc.

Information collected while using the service

4.5 When you use Desklog service, some of the information is processed and it may contain personally identifiable information as mentioned in section 4.1 and Desklog also records the following information while using the service:

IP address, browser type, browser software version, websites visited, Desklog client version used application names, screenshots captured and snapshot captured (Premium feature).

Additional information collected may include data collected by the web, for example, the task name, time spent on the task, time spent on the break, start time, end time, screenshots of the websites visited and snapshot etc. We may record the mouse movements to enhance the usability of the site. Screenshots and Snapshots captured can be viewed by you and anyone who has admin rights to view in your company.

Desklog desktop app shall record the mouse movements you make. However, it does not capture where you made the click on the screen and does not record what is typed on the screen.

4.6 Desklog can take automated photos through your webcam if the feature is enabled by your company.

You agree that you are solely responsible for the content sent or transmitted by you or displayed using the service and for compliance with all Laws about the Content, including, but not limited to, laws requiring you to obtain the consent of a third party to use the Content and to provide appropriate notices of third party rights.

You represent and warrant that You have the right to upload the Content to Desklog and that such use does not violate or infringe on any rights of any third party.

Under no circumstances will Desklog be liable in any way for any (a) Content that is transmitted while using the Services, (b) errors or omissions in the Content, or (c) any loss or damage of any kind incurred as a result of the use of, access to, or denial of access to Content.

Although Desklog is not responsible for any Content, Desklog may delete any Content, at any time without notice to You, if Desklog becomes aware that it violates any provision of this Agreement or any law. You retain copyright and any other rights You already hold in Content which You submit, post, or display on or through, the Services.

Financial Information

This includes information related to completing purchases such as your bank account number, the account holder’s name, your credit card number, etc. To pay for our services, we use a service provider. We do not collect information about your credit card or other financial information.

Social Information

This is information related to your social activities, for example, your current employer and current job title.

Partner Information

This includes information related to your partners, clients, or contracting parties as entered by you into our program.

Support Information

If you ask for support and you provide us with information containing personal data along with your request, we will retain that information.

4.6 If you are the end-user and not the client of Desklog service, then the above-mentioned information is shared by the client(eg: Your employer) to the Desklog.

5. Information collected from Desklog website visitors

5.1 While visiting our website we may collect the following information that may have your personal data:

• Device and browser
• IP Address
• Information collected from cookies

5.2 When you subscribe to the blogs of Desklog, share your comments on the blog, submitting the query, you may provide your personal data which may include :

• Name
• Email address

5.3 When subscribed to any newsletter or blog, we will process the email address that you have used to send the respective information.

6. Rights of the data subject

6.1 Data subjects including end-user or individual clients have certain rights concerning their personal data. Subject to exemptions provided by the data rules and regulations, you may have the right to access your personal data and update, delete, or modify this data, may restrict or block to process your personal data.

Right of access

The data subject has the right to request details regarding their personal information being processed by us. The following can be requested pertaining to personal information

• Purpose of processing personal information
• Categories of personal data concerned.
• The recipients or categories of recipients to which the personal data has been or will be disclosed.
• The anticipated period during which the personal data will be stored.

Right to rectification: If the personal data is inaccurate or incomplete, the data subject requests its rectification. Desklog will conduct a check and if any inaccuracies are found, the data will be rectified. Right to erasure: If the personal data is undergoing processing by Desklog and the data subject considers that this processing lacks legal grounds, is illegal, or is not necessary for the purposes for which it was collected, the data subject can request its erasure. Desklog will conduct a check.

Right to data portability: The data subject has the right to receive your personal data, which was provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to another data controller without any hindrance from the data controller to which the personal data was provided.

Employees: If you are an employee with an employer who uses our product and you have been registered in our program, then your personal data is processed by us wherever your data has been provided by your employer. Your employer has full access to your personal data. In this case, you have all the rights listed herein, which should be made clear to you by your employer.

6.2 Make use of these rights by using your Desklog account or get connected with Desklog using the contact information.

6.3 If you are an individual reporting to the client and the personal data is processed by Desklog on behalf of the client, then please contact your client to acquire rights as a data subject.

6.4 In case, if Desklog receives any complaint from the individual or end-user of the client, whose personal data has been provided by the client to Desklog, then Desklog will not respond to these complaints or requests without any prior authorization letter from the client.

7. GDPR For European Union Users

Desklog complies with the European Union’s General Data Protection Regulation (GDPR). We keep up the commitment and ensure that our data subjects are protected. The GDPR provides all the rights discussed under section 7.1 to the EU users.

If you have any questions, comments, or concerns related to the GDPR, please feel free to contact us.

8. Personal data security

8.1 Desklog uses certain measures like organizational, technical measures to safeguard confidentiality, integrity. However, we encourage all end-users, representatives, freelancers, clients to protect their personal data as well as set strong passwords for their Desklog account.

8.2 All personnel involved in processing personal data provided to Desklog are committed to confidentiality obligations and shall not access personal data without any authorization.

8.3 If any personal data breach occurs, the same will be notified to supervisory authorities in compliance with the obligations set out as per the applicable law and will support the investigation of the personal data breach.

8.4 We also monitor the usage of our website to know which information is frequently visited or which pages are not visited. It assists Desklog to know the effectiveness of its software and website.

Information is transmitted over a secure socket layer (SSL) with encryption. SSL is a security standard used worldwide by many websites that look for the most secure form of communication to keep personal and financial data safe and protected.

9. Data protection audit

9.1 With the client’s written request, Desklog agrees to offer the client with proper information and demonstrates obligations laid down by Desklog privacy policy and the applicable laws. This information is provided under Desklog’s control.

9.2 If sufficient information is not provided to the client to confirm compliance with the privacy policy, then Desklog allows for data processing audits.

9.3 Such audits are allowed only to be carried out by the good reputed third parties, with the required experience to accomplish such audits.

9.4 The confidentiality agreement to be signed by the auditor which includes an obligation not to disclose audit reports with any business information.

10. Privacy Policy Changes

10.1 Desklog may amend or modify this privacy policy as it introduces new features or services. This modification will be enforced and applied from the moment the privacy page is updated.

10.2 Thus we encourage you all to check this page frequently to know the updated privacy policy. By continuing our service, we hereby assume that you agree to the updated privacy policy.

11. Contact Information

In case you have any queries regarding this Privacy Policy or our data processing practices, please contact us by email Email: [email protected]