2.Types and Uses of Collected Information.Enigma collects two types of information:
a. Personal Data. Personal Data is information that identifies a specific person. When you engage in certain activities via the Askky Service and/or the Askky Websites, including but not limited to creating an account, sending feedback, or otherwise participating in the Askky Service (collectively, “Identification Activities”), we may ask you to provide certain information. If you elect to engage in an Identification Activity, however, we may ask you to provide us with certain personal information, such as name, address (including zip code), email address and/or telephone number. Depending on the Identification Activity, some of the information we ask you to provide may be identified as mandatory and some identified as voluntary. If you do not provide mandatory information for a particular Identification Activity, you will not be permitted to engage in that Identification Activity with the Askky Service. Depending on the Identification Activity, Enigma may not re-ask you for Personal Data if such are already stored with us.
As you navigate the Askky Service, we may also collect information through the use of commonly-used information-gathering tools, such as cookies and Web beacons (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on the Askky Service (such as the Web pages viewed and the links clicked).
Through our [“import Customer End Users”] feature option, we may also collect information such as the name, company name, address, phone number, email address, and/or IP address of Customer End Users that you choose to share with us. When you provide us with personal information about your Customer End Users, we will only use this information for the specific reason for which it is provided, such as to add new records to your Askky account, or as agreed in the applicable agreement with Customer.
We use Non-Personal Data to provide products and/or services to you, enhance the operation of the Askky Services and/or the Askky Websites, troubleshoot, administer the Askky Service, analyze trends, gather demographic information, comply with applicable law, and cooperate with law enforcement activities. We may also share this information with our authorized Third Party Service Providers to measure the overall effectiveness of our products and services.
3. Sharing of Personal Data. We will not sell or share Personal Data with other parties except as provided below:
a. Authorized Third Party Service Providers. [PB1][RR2]Enigma may provide products and services through third parties. These “Third Party Service Providers” perform functions on our or your behalf. You or we may share Personal Data with such Third Party Service Providers to fulfill orders, analyze data (including IP Addresses), operate the Askky Service and/or the Askky Websites, collect payment for the Askky Service, troubleshoot and provide customer service. We may also provide personal information to individuals and companies with whom we have business relationships and may share your information with Third Party Service Providers to accomplish our administrative tasks. However, the use of Personal Data by such parties is governed by the privacy policies of such parties and is not subject to our control.
e. Emergency. Other extraordinary circumstances not listed here may require disclosure: we may also disclose information when we believe it’s necessary to prevent imminent and serious bodily harm to a person; to address fraud, security, or spam; or to protect our rights or property.
4. Customer End User Data. Enigma’s Customers may electronically submit Customer End User Data. Enigma will not review, share, distribute, or reference any such Customer End User Data except as provided in Enigma’s applicable agreement with Customer, or as may be required by law. Enigma acknowledges that Customer End Users have the right to access their personal information. If personal information pertaining to a Customer End User has been submitted to us by a Customer and a Customer End User wishes to exercise any rights it may have to access, correct, amend, or delete such data, Customer End User should inquire with the Customer directly. Because Enigma personnel have limited ability to access data our Customers submit to the Askky Service, if a Customer End User wishes to make a request directly to Enigma, please provide the name of the Customer who submitted your data to the Askky Service. We will refer your request to such Customer and will support them as needed in responding to your request within one month; provided that (i) such period may be extended by up to 2 additional months when necessary, taking into account the complexity and number of the requests and (ii) Enigma shall inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
5. Data Controller and Data Processor; Data Protection Officer. We process Personal Data both as a Processor and as a Controller, each as defined in the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the “Directive”) and the General Data Protection Regulation (“GDPR”):
(a) The Customer which Customer End Users provided Personal Data to, with the assistance of the Askky Service, will be the Controller for Customer End User Data. We will be the Processor.
(b) For Customer Data, we will be the Controller.Enigma has a Data Protection Officer (as defined in the Directive and GDPR) who is responsible for matters relating to privacy and data protection. Our Data Protection Officer can be reached as follows:
Enigma Software Solutions.
Attn: Athul Suresh
PADMAVATHI INDUSTRIAL, #81/11, 81/5,
KORMANGALA, Bengaluru, Karnataka 560034, India
For Customers and Customer End Users located in the European Data Region in the European Economic Area (EEA), all processing of Personal Data is performed in accordance with privacy rights and regulations following the Directive, and the implementations of the Directive in local legislation. From May 25th, 2018, the processing will take place in accordance with the GDPR.
All data collected by Enigma through the Askky Service will be stored exclusively in secure hosting facilities provided by Amazon Web Services. Enigma has a data processing agreement in place with its provider,[PB5][RR6] ensuring compliance with the Directive and the GDPR. All hosting is performed in accordance with the highest security regulations. All transfers of data from the EEA is done in accordance with this data processing agreement. If you are a Customer located in the EEA, we exclusively store and process Personal Data in the EEA. [PB7][RR8]
We have adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of data in our possession.
6.Referrals. Customers may choose to refer colleagues to use the Askky Service by sending invitation emails via an invite feature. Upon such referral, Enigma stores the email addresses provided so that the respondents may be sent reminders of the invitations. Enigma does not sell these email addresses or use them to send any other communication besides invitations and invitation reminders. Recipients of invitations may contact Enigma to request removal of their information from our database.
7. Sharing of Non-Personal Data. We may disclose or share Non-Personal Data with Third Party Service Providers and the general public. For example, we may share aggregated demographic information (which does not include any Personal Data) or use Third Party Service Providers to track and analyze Non-Personal Data usage and volume statistical information from our Customers and Customer End Users to administer the Askky Service. In order to administer the Askky Service, we collect Customer End User Data and provide analyses of anonymized aggregate Customer End User Data to the applicable Customer and, if applicable, Third Party Service Providers. We may also publish this aggregated information for promotional purposes. Notwithstanding the foregoing, Customer is the owner of its applicable Customer End User Data.
We may use Third Party Service Providers to serve ads when you use the Askky Websites. These companies may use Non-Personal Data about your visits and use of the Askky Service and/or the Askky Websites, and visits to other websites or locations in order to provide, through the use of network tags, advertisements about goods and services that may be of interest to you.
9. Updating Information. Customers may change any of their applicable Personal Data by logging into their account and accessing the “My Profile” section of the Askky Service or Askky Websites, as applicable. We encourage Customers to promptly update their Personal Data if it changes, as out-of-date Personal Data may negatively affect the quality of your Askky Service experience.
10. Choices on Collection/Use of Information. Customers can always choose not to provide certain information, although a certain level of information may be required to engage and participate in the Askky Service. Customers you cannot opt-out of Administrative Emails. “Administrative Emails” relate to Customer’s activity on the Askky Service and/or the Askky Websites, and include but are not limited to emails regarding a Customer’s account, requests or inquiries. If a Customer does not want to receive promotional emails from us, such Customer may elect to opt-out of receiving promotional emails at any time after registering by e-mailing us at email@example.com or by hitting the “unsubscribe” button at the bottom of any of our e-mails. If a Customer wants his/her data to be deleted from Askky servers, please email us on firstname.lastname@example.org. If a Customer wants to access/modify his/her data, please email us on email@example.com
11. Security of Information. Customers can access the Personal Data that it has provided via the Askky Service and/or the Askky Websites with a password and username. This password is encrypted. We advise against sharing passwords and usernames with anyone. If a Customer’s account is accessed via a third-party site or service, there may be additional or different sign-in protections via that third-party site or service. Customers need to prevent unauthorized access to their account and the Personal Data that you have provided, including without limitation any applicable Customer End User Data, by selecting and protecting your password and/or other sign-in mechanism appropriately and limiting access to your computer, browser, or mobile device by signing off after a Customer has finished accessing your account. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. In the event that we believe that the security of a Customer’s information may have been compromised, we may seek to notify the Customer of that development. In addition, the Personal Data that you have provided, including without limitation Customer End User Data, resides on a secure server that only selected personnel and contractors have access to. We [may] encrypt certain sensitive information using Secure Socket Layer (SSL) technology to ensure that Personal Data is safe as it is transmitted to us. However, no data transmission can be guaranteed to be 100% secure. As a result, while we employ appropriate and commercially reasonable security measures to protect data and seek to partner with companies that do the same, we cannot guarantee the security of any information transmitted to or from or via the Askky Service and/or the Askky Websites, and we are not responsible for the actions of any third parties that may receive any such information.
12. Data Tracking.
b. Other Tracking Devices. We may use other industry standard technologies like pixel tags and web beacons to track your use of the Askky Websites, or we may allow our Third Party Service Providers to use these devices on our behalf. When you access the Askky Service and/or the Askky Websites, or open or click an email, pixel tags and web beacons generate a Non-Personally Identifiable notice of that action. Pixel tags allow us to measure and improve our understanding of visitor traffic and behavior on the Askky Websites, as well as give us a way to measure our promotions and performance. We may also utilize pixel tags and web beacons provided by our marketing partners for the same purposes.
14. Email Choice/Opt-out. We will make commercially reasonable efforts to implement your email opt-out requests promptly, but you may still receive communications from us for up to ten (10) business days as we process your request.
15. Privacy Settings. As a user, you may have limited access to privacy settings. These settings help hide information you wish to share with other users and/or the public. It is up to you to select the appropriate privacy settings. If you don’t agree with the available privacy settings, please stop using the Askky Service and/or the Askky Websites.
16. Public Areas. We may provide areas on the Askky Websites where you can publicly post information about yourself or can communicate with others such as on forums. This information may be accessible by other users and companies and may appear on other websites or web searches, and therefore this information could be read, collected, and used by others. We have no control over who reads your postings or what other users may do with the information you voluntarily post, so please use caution when posting any content or providing anything that could be deemed personal information.
17. Notice of Privacy Rights to California Residents. California law requires that we provide you with a summary of your privacy rights under the California Online Privacy Protection Act (“COPPA”) and the California Business and Professions Code. As required by COPPA, we will provide you with the categories of Personal Data that we collect through the Askky Service and/or the Askky Websites, and the categories of third party persons or entities with whom such Personal Data may be shared for direct marketing purposes at your request. California law requires us to inform you, at your request, (1) the categories of Personal Data we collect and what third parties we share that information with; (2) the names and addresses of those third parties; and (3) examples of the products marketed by those companies. COPPA further requires us to allow you to control who you do not want us to share that information with. To obtain this information, please send a request by email or physical mail to the address found below. When contacting us, please indicate your name, address, email address, and what Personal Data you do not want us to share with our marketing partners. The request should be sent to the attention of our legal department, and labeled “California Customer Choice Notice.” Please allow 30 days for a response. Also, please note that there is no charge for controlling the sharing of your Personal Data or requesting this notice.
18. Children. If you are under the age of 18, you represent that you have the consent of a parent or legal guardian to use and access the Askky Service and/or the Askky Websites. If you become aware that your child has provided us with personal information without your consent, please contact us at https://askky.co/contact-us.