25th May, 2018
Revision Date: March 17th, 2020
This Notice applies to (i) entities or individuals, excluding End-Users and Users, who have subscribed to our Service(s) and have agreed to the Terms (hereinafter referred to as the “Customer”) and (ii) individuals (“Individuals”) from whom OneDirect collects data as a controller as specified below.
If you have questions or complaints regarding our privacy notice or practices, please contact us at firstname.lastname@example.org
When you visit our Websites or participate in OneDirect’s events, OneDirect may collect information, which may include Personal Data, from Individuals as set forth below (collectively referred to as “Collected Data”). For the purposes of General Data Protection Regulation (GDPR), OneDirect shall be the controller for the Collected Data – this means that OneDirect decides what Collected Data is processed and why.
When does OneDirect process Collected Data?
When you subscribe and sign-up to any of our Service(s), we may collect your (i) contact information such as name, e-mail address, mailing address, IP address, geographic location, or phone number of the Account admin; (ii) billing information, such as GST/VAT number, escalation metrics, and billing address; (iii) name and e-mail address when Account admin/Agent(s) provide feedback from within the Service(s); and (iv) unique identifiers, such as username, account number or password.
Subject to this Notice and the Terms, we will use such data, including without limitation, to (i) provide you the Service(s); (ii) send you communication from the Service(s); (iii) assess needs of your business to determine or suggest suitable Service(s); (iv) send you requested information about the Service(s); (v) respond to customer service requests, questions and concerns; (vi) administer your Account; (vii) send you promotional and marketing communications (where you have requested us to do so); and (viii) facilitate your transactions with other users when you use our Service(s).
When you apply for an open position by populating the application form, we may collect your (i) contact information, such as name, email address, mailing address, phone number, links to your social networking profiles; and (ii) any other information contained in the resume that you submit to us.
Subject to this Notice, we will use such data to evaluate you for the open position that you have applied for or any position that we consider you suitable for at the time you submit your resume or at any later date. Unless you notify us otherwise by an e-mail to email@example.com, we will retain such data for a period of 1 year for archival purposes. If you wish to update the data you provided to us, you may do so by contacting us at firstname.lastname@example.org. For the purposes of evaluating you for an open position, you understand that we may internally rate you based on parsing of your resume and your information. If you do not wish to be rated by us, please do not provide us your information.
When you attend an event conducted by OneDirect, including webinars or seminars, we may collect your contact information such as name, e-mail address, designation and company name. Subject to this Notice, we will use such data, including without limitation, to (i) assess needs of your business to determine or suggest suitable Service(s); (ii) send you requested information about the Service(s); (iii) send you promotional and marketing communications (where you have requested us to do so); and (iv) respond to your questions and concerns.
To help refer our Service, Customers can provide us with contacts within the Service. We may collect contact information such as name, e-mail address, mailing address, or phone number of such contact from our Customer. By providing us this information about third parties, you warrant you have complied with all necessary legal requirements to provide us with this information, including obtaining all necessary consents and providing the third party with a copy of this Notice.
If you have been referred by our Customer, then, subject to this Notice, we will use such data, including without limitation, to (i) assess needs of your business to determine or suggest suitable Service(s); (ii) send you promotional and marketing communications (where you have requested us to do so); and (iii) respond to your questions and concerns.
When you register for any of our programs (Like Training, etc.) through a registration form on our Websites or as part of the contract and terms, we may collect information such as name, e-mail address, company name and website URL, company details, location and contact information.
Subject to this Notice, we will use such data, including without limitation, to (i) facilitate your use of the program portal for which you have registered; (ii) send you communication from within the Service(s); (iii) send you requested information about our Service(s); (iv) respond to your requests, questions and concerns; and (v) send you promotional and marketing communications (where you have requested us to do so).
When you visit our publicly accessible community forums and blogs (Owned and not owned like medium, etc.), you should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Further, we may collect your (i) contact information such as name, e-mail address, mailing address, or phone number; (ii) information about your business, such as company name, company size, business type; and (iii) a short bio about you to identify you as the author of the post. When you actively subscribe to our newsletters, we collect your e-mail address to share our newsletters with you.
Subject to this Notice, we will use such data, including without limitation, to (i) assess needs of your business to determine or suggest suitable Service(s); (ii) send you requested information about the Service(s); (iii) send you promotional and marketing communications (where you have requested us to do so); and (iv) respond to your questions and concerns.
We and our third party advertising partners use technologies such as web beacons/GA in analyzing trends, administering the website, tracking users’ movements around the site, and gathering demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.
As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We link this automatically collected data to other data we collect about you.
Apart from the aforementioned information collected by us, we automatically receive and record certain Personal Data of yours when You visit our Websites. This includes device model, IP address, the type of browser being used, usage pattern through cookies and browser settings, query logs and product usage logs. We also collect clicks, scrolls, conversion and drop-off on our Websites and Service(s) to render user journey at real-time.
Subject to this Notice, we will use such data, including without limitation, to (i) assess needs of your business to determine or suggest suitable Service(s); (ii) send you requested information about the Service(s); (iii) respond to customer service requests, questions and concerns; and (iv) for analytical purposes. You authorize OneDirect and its service providers to perform analytics on such Collected Data, to (i) improve, enhance, support and operate the Websites; and (ii) compile statistical reports and record insights into usage patterns. You acknowledge that OneDirect uses Collected Data, as the case may be, for the aforementioned purposes.
We may post your testimonials/comments/reviews/Logo on our Websites which may contain your Personal Data. Prior to posting the testimonial, we will obtain your consent to post your name along with the testimonial. If you want your testimonial removed, please contact us at email@example.com.
You understand that we will not be liable to any person for unauthorized publishing of testimonials. If you, as a Customer of our Service, wish to publish on your websites, any testimonials you have received from third parties via e-mails or widgets, it is your responsibility to obtain consent from such third parties prior to publishing the testimonials.
We may use your e-mail address, collected as part of Collected Data, to send our newsletters and/or marketing communications about our products and services. Where you have so requested, we will also send you marketing communications about our third party partners. If you no longer wish to receive these communications, you can opt out by following the instructions contained in the e-mails you receive or by contacting us at firstname.lastname@example.org
What is our legal basis for processing Personal Data (EEA and Swiss visitors only)?
If you are a visitor from the European Economic Area or Switzerland, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests or rely upon your consent where we are legally required to do so and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, please contact us using the contact details provided below.
We only process Service Data as per our Customer's instructions. For purposes of the GDPR and the Swiss Federal Act on Data Protection, we are the processor and not the controller of the Service Data. Service Data, as defined in the Terms, means all electronic data, text, messages or other materials, including Personal Data of Users and End-Users, submitted to the Service(s) by our Customers through Customer’s Account in connection with Customer’s use of the Service(s), including data collected under “Other Information” and “Mobile Applications” below. Our EEA or Switzerland based Customers are the “controllers” of that data and are responsible for compliance with the applicable data protection law. We work with our Customers to help them provide notice to their customers concerning the purpose for which Personal Data is processed by OneDirect.
If you are our Customer from EEA or Switzerland, then in your role as a controller, you are authorizing, on behalf of you and your authorized agents and End-Users, and representing that you have the authority to provide such authorization to the processing and transfer of Personal Data in and to the United States and other countries which may have different privacy laws from your or their country of residence. We will take all steps reasonably necessary to ensure that the Service Data is treated securely and in accordance with this Notice.
We do not own, control or direct the use of Service Data, and in fact we are largely unaware of what information is being stored on our platform and only access such information as reasonably necessary to provide the Service(s) (including to respond to support requests), as otherwise authorized by Customers or as required by law. Unless we explicitly agree otherwise in writing, you will not process sensitive personal data (such as health data) on our platform.
As the controller, it shall be your responsibility to inform the End-Users about the processing, and, where required, obtain necessary consent or authorization for any Personal Data that is collected as part of the Service Data through your use of the Service(s). As the processors of Personal Data on behalf of our Customers, we follow Customer’s instructions with respect to the Service Data to the extent consistent with the functionality of our Service(s). In doing so, we implement technical, physical and administrative measures against unauthorized processing of such information and against loss, destruction of, or damage to, Personal Data.
Where an User or End-User uses the Service(s), we automatically receive and record certain information of such user. This information includes device model, IP address, the type of browser being used, usage pattern through cookies and browser settings, query logs and product usage logs (collectively referred to as “Other Information”). If you are a customer of Messaging Cloud, please note that you will have the option to opt out of tracking certain events by writing an email to email@example.com or reaching out over email to your customer success manager.
You expressly authorize us and the service providers we use to process the Service Data in our systems to (i) provide, improve, enhance, support and operate the Service(s) and its availability; (ii) develop new products and services; and (iii) compile statistical reports and record insights into usage patterns.
Our Websites includes social media features, such as the Facebook “Like” button, the “Share This” button or interactive mini-programs. Where you interact with these features, they may collect your IP address, which page you are visiting on our Websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Websites. Your interactions with these features are governed by the privacy notice of the company providing them.
Facebook, Twitter, Instagram, Google My Business, Google Playstore reviews, Linkedin, Youtube, G+, etc. are some of the third party services we integrate. The same are activated based on the client's request and authorization. OneDirect will not be responsible for the GDPR compliances of these third party sources/integrations.
Following APIs from thridparties are used by OneDirect:
These APIs and third party tool used are authenticated with our customers’ user id and password in the respective platform. OneDirect does not store client user Id or password in its database the userID and password are pushed to the respective API to get an authentication token which is then stored in OneDirect database.
Except as outlined in this Notice and the Terms, Personal Data contained in Collected Data and Service Data will never be sold to or shared with other companies or organizations for commercial purposes. We process Personal Data in the India, Singapore and in other countries through third parties that we may use.
Third parties that we utilize to assist in providing the Service(s) with whom Service Data may be shared are listed below (“Sub-Processors”).
|Primary cloud infrastructure provider for OneDirect, where all SaaS applications are hosted. Almost all data stored, processed and transmitted through OneDirect products and services resides on E2E data centers.
|Mumbai, Chennai, Noida
|Service Cloud, Feedback Cloud, Messaging Cloud, Publishing, Analytics
|Secondary cloud infrastructure provider of OneDirect, data is stored and processed in Google Cloud Platform Data Centers. Will be making this primary in the future.
|Service Cloud, Feedback Cloud, Messaging Cloud, Publishing, Analytics
|Email Service Provider - managed mail servers are provided by SendGrid. Emails that are triggered programmatically from the applications are sent via SendGrid.
|Service Cloud, Messaging Cloud, Feedback Cloud, Publishing Cloud
|To send SMS to clients, we use SMS Service provided by gupshup
|Service Cloud, Feedback Cloud
|Secondary chat microservice for OneDirect application users.
|European Economic Area, Asia Pacific, United States
|Identity resolution software for user identification and contact enrichment. Helps obtain social and demographic details of an email or company.
|Firebase is used for communication between Server and Client in Messaging Cloud. To send Live Push Notifications to clients.
|Mailchimp is used to communicate with clients and prospects with regards to updates on OneDirect. It is also used to send newsletters, etc.
|Marketing and product launch communication
|Used for custom embedded analytics. The license used is deployed at our data center unless specified in the contract.
|India and Singapore
|Service Cloud, Messaging Cloud, Feedback Cloud, Custom analytics
Further, we may transfer Personal Data to our Group Companies for the purposes identified in the Terms and this Notice. All such transfers are covered by the service agreements with the relevant recipients and we have taken appropriate safeguards to ensure that your Personal Data will remain protected in accordance with this Privacy Notice. Further details can be provided upon request.
Subject to the Terms and this Notice, we and our Group Companies shall have the right to access Customer’s Account and to process Service Data solely to the extent necessary to provide, enhance and improve the Service(s), including, without limitation, in response to Customer’s support requests. Our Sub-Processors will only be given access to Customer’s Account and Service Data as is reasonably necessary to provide the Service(s) and will be subject to confidentiality obligations in their service agreements.
We use Local Shared Objects, such as Flash cookies, and Local Storage to store content information and preferences. Third parties with whom we partner to provide certain features on our Websites or to display advertising based upon your web browsing activity also use Flash cookies or local storage to collect and store information. Various browsers may offer their own management tools for removing local storage.
To manage Flash cookies, please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
Essential Cookies: These cookies are essential for the basic functionalities offered by the Service(s). These class of cookies helps in keeping a user logged in to the Service(s) and remember relevant information when they return to the Service(s). These cookies are essential for the basic functionalities offered by the Service(s). These class of cookies helps in keeping a user logged in to the Service(s) and remember relevant information when they return to the Service(s).
Insight Cookies: These are used for tracking the user activities within the Service(s), which in turn helps us in improving your user experience.
Marketing Cookies: These are used for providing you with customized and interest-based ads based on your browsing behavior and other similar activities on our Websites.
The cookies (third party) we may use in connection with our Websites and the Service(s) provided are:
List of cookies used by the Websites
|Set by or on behalf of
|Websites using the cookies
|Website analytics cookie for visitor information and source.
|Conversion tracking cookie for ads delivered by Google Adwords
|Google Interest-based ads
|Cookie to serve ads based on a user’s prior visits to our website.
|LinkedIn cookies for the purpose of interest-based advertising.
|Twitter tracking to track people interactions.
You can set your browser to either reject all cookies, to allow only “trusted” websites to set them, or to accept only those cookies from those websites you are currently on. For more information on controlling cookie settings in your browser, please refer to the following links:
Please note that if you wish to turn off the cookies in your web browser, you might not be able to take advantage of many features of our Service(s).
If you are a Customer of our Service with telephony integrations, please note that upon a Request for deletion of a contact, information such as name of the contact, call recordings of that contact and any notes pertaining to such call recordings shall be deleted. However, information such as logs containing actual numbers making and receiving the calls may be retained for audit, fraud and reporting purposes in accordance with applicable law.
If you are a Customer of our Service Cloud, and if you have raised a Request for deletion of a User, please note that, for business continuity purposes, deleting the User does not delete business-specific organization-owned data created and contributed to by the User including without limitation, knowledgebase articles, notes, forum topics/comments, support calls, surveys, automation and dispatcher rules, canned responses, ticket templates, contacts, companies, tags, conversations in the tickets, etc. The deleted User’s Personal Data will then be anonymized within the Service.
If you are a customer of Messaging Cloud and wish to raise a Request for deletion of an Agent, please write to firstname.lastname@example.org. Please note that for the purpose of business continuity, the name of the deleted Agent will be retained within your Account.
Notwithstanding the foregoing, we will retain Collected Data and Service Data as necessary to comply with our legal obligations, for litigation/defense purposes, maintain accurate financial and other records, resolve disputes, and enforce our agreements.
Upon request OneDirect will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at email@example.com .
We allow users of the Service(s) or Website to access, update or modify their information by clicking on the Profile in the OneDirect navigation menu or by contacting us at firstname.lastname@example.org .
We seek to respond to requests for access or modification as soon as possible and within reasonable time frame.