Desklog Committed To Data Security
Here you will be able to find out what type of information is collected regarding individuals or users, why and what we do with the data, and how confidentially we manage such information.
By accessing this site you agree to the Privacy Policies of desklog.io outlined below. If you do not agree to the terms of this policy, please do not access or use this site.
To comply with applicable laws, including the EU’s GDPR (General Data Protection Regulation) and local data protection legislation, the data will be processed on legitimate grounds. We may seek prior consent explicitly for any certain type of processing. Desklog is committed to protecting the privacy, security, and confidentiality of your personal data concerning applicable laws.
Any information that relates to the identification of the person, whether directly or indirectly, by reference to any other item of information (e.g. email address, pictures, IP address), which is in the possession of or is likely to come into the possession of the data controller.
Set of operations that involve personal data, whether or not by automatic means. Thus, it includes the collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure, or destruction of personal data.
The authorized person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data where the purposes and means of such processing are determined by Union or Member State law, the data controller.
The collection and processing of personal data may involve a “data processor,” an authorized person who actually collects and processes personal data upon instructions from, on behalf of, and under the surveillance of the data controller.
The person to whom the personal data relates.
Data Protection Authority (DPA)
The public body or organization that is entitled by law to regulate data protection issues in a certain country.
A small piece of data sent from a website and stored in a user’s web browser while the user is browsing that website. Every time the user loads the website, the browser may send the cookie back to the server to notify the website of the user’s previous activity.
The employment of technical, organizational, and legal measures in order to achieve the goals of data security (confidentiality, integrity, and availability), transparency, intervenability, and portability as well as compliance with the relevant legal framework.
Data Retention Period
The length of time for which the data is kept. In this respect, it should be noted that, as a general principle, personal data can be kept for no longer than is necessary for the purposes for which the personal data is processed.
Any authorized person, public authority, agency, or any other body apart from the data subject, the data controller, the data processor, and the people who, under the direct authority of the data controller or the data processor, are authorized to process the data. This means that people working for an organization that is legally different from the data controller – even if it belongs to the same group or holding company – will be (or will belong to) the third party.
The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
1.2 It may process personal data with respect to data protection laws and data subjects within the government standards and comply with GDPR.
1.3 Desklog acts as a Data controller and defines the purposes for the following data processing:
Personal data of the clients or the users who transfer their personal data to Desklog, such as independent individuals, freelancers (who use Desklog account for their own purpose)
Personal data of the subscribers who are interested in the updates and other news of Desklog but are not the registered users of Desklog.
1.4 When the data is transferred from the clients to Desklog and when the personal data is processed by Desklog, then it acts as a data processor.
2. Data processing on behalf of clients by Desklog
2.1 This section relates to Desklog clients that transfer end-user personal data. Here the end-user of the client relates to the employees of the client. With respect to this transferred data, the client shall define the purpose and means of personal data processing. Thus the client acts as the data controller.
2.2 Desklog processes the personal data of the end-user on behalf of the client and Desklog acts as a data processor and accesses the data for providing the service.
Data Processing Details
2.4 When the client transfers the personal data of the end-user(Client’s employee) to the Desklog, the data is processed by Dessklog in accordance with the agreement between the client and Desklog.
2.5 Desklog processes data in compliance with the data protection laws including GDPR wherever applicable.
Data subject categories and type of personal data
2.6 The data subject categories whose personal data processed on behalf of the client include the end-user of the client, client’s employees, representatives, or other users that will use the registered client account. The information collected on the personal data is indicated in section 4.
2.7 The client ensures that it has obtained all the legal bases, consents for personal data processing of end-users. The client should confirm that the end-users are informed about the personal data being transferred to Desklog and other integrated third parties of Desklog for rendering the service.
Data processing period
2.8 Desklog will process the personal data of the end-user as long as it provides the service to the client with the active Desklog account.
2.9 If the end-user profile or account is deleted by the client, then for the analytical interest of the client Desklog will process the deleted account data on behalf of the client. However, the same data can be deleted upon the client’s instruction.
2.10 After the period of the contractual relationship between Desklog and client, Desklog may continue to store some personal data (minimum amount) as required to comply with legal obligations, to resolve any future disputes between Desklog and client, to ensure reliable back-up, to prevent fraudulent activities, to implement agreements, to follow the legitimate interest of Desklog and its associated third parties.
2.11 The client agrees that Desklog process data for rendering the service and uses sub-processors and the services provided are indicated in section 6. The sub-processors will be in compliance with legal obligations and with the requirements of GDPR. If sub-processors fail to comply with the legal obligations of data protection, Desklog shall be liable to the client.
Support for the data controller
2.12 As a data processor Desklog will support the client with organizational or technical measures, as far as possible to fulfill the obligations of the client as the data controller:
Any request sent directly from the end-user to Desklog with respect to the access, restriction, deletion, blocking of personal data will be promptly forwarded to the client.
The personal data breach of the client’s end-user shall be notified to the supervisory authority.
The data protection assessments are prepared where appropriate and carry out consultation with the supervisory authority where ever required.
2.13 After the period of the contractual relationship between Desklog and client, Desklog may continue to store all data for a period of 6 months and if there is no perusal to extend the contract within the specified period, it may delete all data unless it is required by the applicable law.
3.The Necessity To Collect Personal Data
The nature of our product Desklog and the services we provide with the same require the collection and use of your personal data. When purchasing and using Desklog, you enter into a contractual relationship with IOSS. By virtue of that relationship and to allow us to provide the services required, we collect and process your personal data. Prior to starting to use our services, you are obliged to familiarize yourself with and accept our terms and conditions for processing the personal data contained therein.
3.1 Conditions and purposes for processing
3.1 As a data controller, Desklog shall process data to render service, to enhance our service, to address and resolve any service-related issues you may face, and ensure the best customer experience.
How We Use Your Personal Information
3.2 Desklog collects the data for the following purposes. However, not limited to:
- To get registered and avail of the service by creating your account with Desklog.
- To send invoices, payment processing for the service provided by Desklog.
- To personalize the service with your account settings.
- To communicate regarding the service-related queries and to support your requests.
- For analyzing your performance as a Desklog feature.
- To enhance service and to update the features within the service period.
- To analyze our service with your service usage and enhance accordingly.
- To deliver advertisements, offers, promotions to you.
- Legitimate data protection with respect to Desklog terms and conditions and other third parties integrated.
3.3 Legal conditions for personal data processing vary depending upon a certain group of data and the associated purpose. The same personal data may be used simultaneously for several purposes and may depend on one or more legal grounds.
4. What Type Of Information collected from Desklog users
We do not compel you to provide us your personal information and you agree that you are voluntarily providing it to Desklog. Personal information may be used to provide you the related services of Desklog. We may collect your personal data to improve our service and improve business decisions.
We collect several types of data to contact you or notify you regarding any updates.
Personally Identifiable Information
4.1 We may collect your personal data when you affirmatively choose to submit the data when required for any purpose.
The data which identifies you personally are as follows but not limited to :
- Email address
- First name and last name
- Phone number
4.2 You may select third-party integration available with Desklog service. Third-party integration is a tool or software which is integrated with the Desklog service and you may enable or disable the service with your active Desklog account. Any personally identifiable information will not be shared with a third party unless it is required to provide any particular service requested by or agreed by you. However, we reserve the right to disclose personal information as required by the applicable laws.
Desklog has the right to aggregate user data and filters out all personally identifiable information to share the data with a third party.
4.3 When the third -party integration is enabled, they may share certain information with Desklog. For example, any third-party service is used, then the details used for sign up with the third party like your name, the email address may be shared with us. The privacy setting of the third party should be checked to know what type of information may be shared with us.
Information collected during account configuration
4.4 When you configure settings of your Desklog account, including tracking preferences, the following information will be collected. However, not limited to:
Time zone, Location, work duration, start and end time of work, working days, start and stop time of work tracking, application names to be gathered, etc.
Information collected while using the service
4.5, When you use Desklog service, some of the information is processed and it may contain personally identifiable information as mentioned in section 4.1 and Desklog also records the following information while using the service:
IP address, browser type, browser software version, websites visited, Desklog client version used application names, screenshots captured.
Additional information collected may include data collected by the web, for example, the task name, time spent on the task, time spent on the break, start time, end time, screenshots of the websites visited, etc. We may record the mouse movements to enhance the usability of the site. Screenshots captured can be viewed by you and anyone who has admin rights to view screenshots in your company.
Desklog desktop app shall record the mouse movements you make. However, it does not capture where you made the click on the screen and does not record what is typed on the screen.
This includes information related to completing purchases such as your bank account number, the account holder’s name, your credit card number, etc. To pay for our services, we use a service provider. We do not collect information about your credit card or other financial information.
This is information related to your social activities, for example, your current employer and current job title.
This includes information related to your partners, clients, or contracting parties as entered by you into our program.
If you ask for support and you provide us with information containing personal data along with your request, we will retain that information.
4.6 If you are the end-user and not the client of Desklog service, then the above-mentioned information is shared by the client(eg: Your employer) to the Desklog.
5. Information collected from Desklog website visitors
5.1 While visiting our website we may collect the following information that may have your personal data:
- Device and browser
- IP Address
- Information collected from cookies
5.2 When you subscribe to the blogs of Desklog, share your comments on the blog, submitting the query, you may provide your personal data which may include :
- Email address
5.3 When subscribed to any newsletter or blog, we will process the email address that you have used to send the respective information.
6. Data Deletion
Unless otherwise required by applicable law, Desklog has no obligation to store the client’s data after termination of the agreement with the client, and deletion of the client’s data is associated with the pricing plan (Free/Business/Enterprise) opted by the client.
6.1 At the choice of the plan opted by the client, Desklog will delete the data of the client after a certain specific period as described below for the three different Desklog plans Free Plan- If the client has opted for a 40 days Free plan, the client data that includes general processing data (no screenshots) will be recorded for 40 days and the data will be retained for 3months. After the retention period of 3 months, the data will be deleted from Desklog.
6.2 Business Plan-If the client has opted for a Business plan, the client data that includes general processing data, screenshots will be recorded and retained for one year if the client is an active business user throughout the year. After the retention period, the data will be deleted and starts capturing the next year’s data.
If the client is not an active business user throughout the year, the data will be recorded until the subscription expires (after certain specific months) and the recorded data will be retained for 3 months. After the retention period, the data will be deleted.
6.3 Enterprise Plan- If the client has opted for an Enterprise plan, the client data that includes general processing data, screenshots will be recorded and retained for the lifetime without any limitation, if the client is an active enterprise user throughout the plan.
If the client is not an active enterprise user throughout the plan, the data will be recorded until the subscription expires (after certain specific months or years) and the recorded data will be retained for 6 months. After the retention period, the entire data will be deleted.
7. Rights of the data subject
7.1 Data subjects including end-user or individual clients have certain rights concerning their personal data. Subject to exemptions provided by the data rules and regulations, you may have the right to access your personal data and update, delete, or modify this data, may restrict or block to process your personal data.
Right of access
The data subject has the right to request details regarding their personal information being processed by us. The following can be requested pertaining to personal information
- Purpose of processing personal information
- Categories of personal data concerned.
- The recipients or categories of recipients to which the personal data has been or will be disclosed.
- The anticipated period during which the personal data will be stored.
Right to rectification: If the personal data is inaccurate or incomplete, the data subject requests its rectification. Desklog will conduct a check and if any inaccuracies are found, the data will be rectified. Right to erasure: If the personal data is undergoing processing by Desklog and the data subject considers that this processing lacks legal grounds, is illegal, or is not necessary for the purposes for which it was collected, the data subject can request its erasure. Desklog will conduct a check.
Right to data portability: The data subject has the right to receive your personal data, which was provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to another data controller without any hindrance from the data controller to which the personal data was provided.
Employees: If you are an employee with an employer who uses our product and you have been registered in our program, then your personal data is processed by us wherever your data has been provided by your employer. Your employer has full access to your personal data. In this case, you have all the rights listed herein, which should be made clear to you by your employer.
7.2 Make use of these rights by using your Desklog account or get connected with Desklog using the contact information.
7.3 If you are an individual reporting to the client and the personal data is processed by Desklog on behalf of the client, then please contact your client to acquire rights as a data subject.
7.4 In case, if Desklog receives any complaint from the individual or end-user of the client, whose personal data has been provided by the client to Desklog, then Desklog will not respond to these complaints or requests without any prior authorization letter from the client.
8. GDPR For European Union Users
Desklog complies with the European Union’s General Data Protection Regulation (GDPR). We keep up the commitment and ensure that our data subjects are protected. The GDPR provides all the rights discussed under section 7.1 to the EU users.
If you have any questions, comments, or concerns related to the GDPR, please feel free to contact us.
Desklog has a data protection officer and you can contact at …………………..
9. Personal data security
9.1 Desklog uses certain measures like organizational, technical measures to safeguard confidentiality, integrity. However, we encourage all end-users, representatives, freelancers, clients to protect their personal data as well as set strong passwords for their Desklog account.
9.2 All personnel involved in processing personal data provided to Desklog are committed to confidentiality obligations and shall not access personal data without any authorization.
9.3 If any personal data breach occurs, the same will be notified to supervisory authorities in compliance with the obligations set out as per the applicable law and will support the investigation of the personal data breach.
9.4 We also monitor the usage of our website to know which information is frequently visited or which pages are not visited. It assists Desklog to know the effectiveness of its software and website.
Information is transmitted over a secure socket layer (SSL) with encryption. SSL is a security standard used worldwide by many websites that look for the most secure form of communication to keep personal and financial data safe and protected.
10. Data protection audit
10.3 Such audits are allowed only to be carried out by the good reputed third parties, with the required experience to accomplish such audits.
10.4 The confidentiality agreement to be signed by the auditor which includes an obligation not to disclose audit reports with any business information.
12. Contact Information