TWO WAY DIRECT PRIVACY AND DATA PROTECTION POLICY AND NOTICE
Two Way Direct, Inc. (“Two Way Direct”, “we”, “our” or the “Company”) respects the privacy of its clients, partners, employees, mobile application users and website visitors, and is committed to protecting the personal information you may share with us (these and any others with respect to whom we collect personal data, shall collectively be referred to as “client” or “you” or “Data Subjects”).
Two Way Direct provides a mobile app for organizations for internal communication and management (the “Services”).
As part of the Services, Two Way Direct processes several sets of personal data, including of its clients and their workforce members, website visitors, employees, contractors and vendors.
For the purposes of EU General Data Protection Regulation (the “GDPR”) and other applicable privacy laws, Two Way Direct is a data controller in relation to the personal data of our clients and prospective clients, employees and website visitors. However, we will usually be a data processor in relation to the personal data of app users provided to us by our clients or the app users.
- WHICH INFORMATION MAY WE COLLECT?
Summary: we collect various categories of personal data in order to meet our contractual obligations, and also to meet various legitimate interests, such as fraud prevention and marketing. Some of the Data we collect may also be anonymized to be used for statistical and research purposes.
We collect data about you in connection with your transactions with us, in processing data for our clients, or when you give it to us through the Services. We also collect data about our employees, website visitors and app users. One type of data collected is non-identifiable and anonymous information (“non-personal data”). We also collect several categories of personal data (“Personal Data”), as described below.
Personal Data which is being gathered consists of any details which are personally identifiable and which are provided consciously and voluntarily by you through your use of the Services, through your registration on our platforms, by email, or other ways in which you communicate and interact with us. Personal Data about you may also be provided by your employer. This generally includes your name (first and last), company, role, e-mail address, phone number, and other data provided or shared by you or on your behalf for providing our Services or support via email or other communications.
Additionally, we may obtain location data related to the geographic location of your laptop, mobile device or other digital device on which the website is used.
You do not have any legal obligation to provide any information to Two Way Direct, however, we require certain information in order to perform contracts, or to provide any Services. If you choose not to provide us with certain information, then we may not be able to provide you with some or all of the Services.
By contacting us or submitting requests for information or support via the website, email etc., Two Way Direct will collect details, including also your name, phone number, email, country and other information provided by you. Two Way Direct uses this information to offer Two Way Direct’s Services and support.
- HOW DO WE COLLECT PERSONAL DATA OF YOURS ON TWO WAY DIRECT SERVICES?
Summary: we collect Personal Data when you send it to us, or when a client or business partner, sends it to us; we collect Personal Data through our website, mobile application and Services, and through our interactions with you.
We collect Personal Data required to provide Services when you register interest, or when you provide us such information in meetings or conferences, by entering it manually or automatically, in the course of registering on the website, or when otherwise engaging with us. We also collect Personal Data when you call us for support, in which case we collect the information you provide us.
We also collect Personal Data through your use of our website. In other words, when you are using the website, we are aware of it and may gather, collect and record the information relating to such usage, either independently or through the help of third-party services as detailed below. This includes technical information and behavioral information such as the user’s Internet protocol (IP) address used to connect your device to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, time zone setting, the user’s ‘clickstream’ on the websites, the period of time the user visited the websites, methods used to browse away from a page, and any phone number used to call our clients’ service number. We likewise may place cookies and pixel tags on your browsing devices during your use of our website (see ‘Cookies’ section below).
- WHAT ARE THE PURPOSES OF PERSONAL DATA WE COLLECT?
Summary: we process Personal Data to meet our obligations, protect our rights, and manage our business.
We will use Personal Data to provide and improve our Services to our Clients and others and meet our contractual, ethical and legal obligations. We strive to ensure that all Personal Data that we process remains accurate, complete and relevant for the stated purposes for which it was processed, including for example:
Processing which is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract:
- carrying out our obligations arising from any contracts entered into between you and Two Way Direct and/or any contracts entered into between Two Way Direct and our clients if you are an employee of our clients, and to provide you with the information, support and services that you request from Two Way Direct;
- verifying and carrying out financial transactions in relation to payments you make in connection with the Services.
Processing which is necessary for the purposes of the legitimate interests pursued by Two Way Direct or by a third party of providing an efficient and wide-ranging service to clients, where those interests are not overridden by your fundamental rights and interests:
- notifying you about changes to our Services and/or to our fee structure;
- contacting you to give you commercial and marketing information about events or promotions or additional services offered by Two Way Direct which may be of interest to you, including in other locations;
- soliciting feedback in connection with the Services;
- tracking use of the website, app and Services to enable us to optimize them.
- anonymizing your Personal Data for statistical and research purposes;
- for security purposes and to identify and authenticate your access to the login zone.
Processing which is necessary for compliance with a legal obligation to which Two Way Direct is subject:
- compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, anti money laundering, tax related obligations, and for crime prevention and prosecution in so far as it relates to our staff, clients, service providers, facilities etc;
- if necessary, we will use Personal Data to enforce our terms, policies and legal agreements, to comply with court orders and warrants and assist law enforcement agencies as required by law, to collect debts, to prevent fraud, infringements, identity thefts and any other service misuse, and to take any action in any legal dispute and proceeding;
- SHARING DATA WITH THIRD PARTIES
Summary: we share Personal Data with our service providers, partners, and group companies, and authorities where required.
We transfer your Personal Data to:
Members of our Group: This includes individual or corporate representatives of Two Way Direct, and any members of our group, which means our affiliate companies – whether wholly or partially owned by Two Way Direct, and co-owned companies.
Third Parties. We transfer Personal Data to third parties in a variety of circumstances. We endeavor to ensure that these third parties use your information only to the extent necessary to perform their functions, and to have a contract in place with them to govern their processing on our behalf. These third parties include business partners, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They assist us in providing the services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks, from time to time. These third parties may also include analytics and search engine providers that assist us in the improvement and optimization of our website and app, and our marketing.
We periodically add and remove third party providers. At present services provided by third-party providers to whom we transfer Personal Data include also the following:
- Website and app analytics;
- Document management and sharing services;
- Client ticketing and support;
- On-site and cloud-based database services;
- CRM software;
- Data security, data backup, and data access control systems;
- Our lawyers, accountants, and other standard business software and partners.
In addition, we will disclose your Personal Data to third parties if some or all of our companies or assets are acquired by a third party including by way of a merger, share acquisition, asset purchase or any similar transaction, in which case Personal Data will be one of the transferred assets. Likewise, we transfer Personal Data to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal or audit or compliance obligation, in the course of any legal or regulatory proceeding or investigation, or in order to enforce our terms and other agreements with you or with a third party; or to assert or protect the rights, property, or safety of Two Way Direct, our clients, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
For avoidance of doubt, Two Way Direct may transfer and disclose non-personal data to third parties at its own discretion.
- WHERE DO WE STORE YOUR DATA?
Summary: we store your Personal Data across multiple locations globally
We store your Personal Data on servers owned or controlled by Two Way Direct, or processed by third parties on behalf of Two Way Direct, by reputable cloud-service providers (see the following section regarding international transfers).
- INTERNATIONAL DATA TRANSFERS (EU DATA SUBJECTS)
Summary: we transfer Personal Data within and to the EEA, USA, Israel and elsewhere, with appropriate safeguards in place.
We transfer Personal Data to locations outside of the EEA, including in particular USA and Israel, in order to:
- store or backup the information;
- enable us to provide you with the Services and fulfill our contract with you;
- fulfill any legal, audit, ethical or compliance obligations which require us to make that transfer;
- facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
- to serve our clients across multiple jurisdictions; and
- to operate our affiliates in an efficient and optimal manner.
- DATA RETENTION
Summary: we retain Personal Data according to our data retention policy, as required to meet our obligations, protect our rights, and manage our business.
Two Way Direct will retain Personal Data it processes only for as long as required in our view, to provide the Services and as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements. We will also retain Personal Data to meet any audit, compliance and business best-practices.
- SERVICES AND WEBSITES DATA COLLECTION AND COOKIES
In many cases, these tags/files lead to the use of your device’s processing or storage capabilities. Some of these tags/files are set by Two Way Direct itself, others by third parties; some only last as long as your browser session, while others can stay active on your device for a longer period of time.
These tags/files can fall into several categories: (i) those that are necessary for functionality or Services that you request or for the transmission of communications (functionality tags/files); (ii) those that we use to carry out website performance and audience metrics (analytics tags/files) and (iii) the rest (tracking across a network of other websites, advertising, etc.) (other tags/files).
Functionality tags are necessary for us to provide the Services. All other tags/files will only be placed on your device subject to your consent.
Internet browsers allow you to change your cookie settings, for example to block certain kinds of cookies or files. You can therefore block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies, you may not be able to access all or parts of the website, due to the fact that some may be functionality cookies. For further information about deleting or blocking cookies, please visit: How to manage and delete cookies
To consult the list of cookies which we use on our website, please check your browser’s settings. Instructions: 5 Ways to View Cookies – wikiHow
- SECURITY AND STORAGE OF INFORMATION
Summary: we take data security very seriously, invest in security systems, and train our staff. In the event of a breach, we will notify the right people as required by law.
We take great care in implementing, enforcing and maintaining the security of the Personal Data we process. Two Way Direct implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of Personal Data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we encrypt data. Likewise, we take industry standard steps to ensure our website, app and Services are safe.
Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.
Two Way Direct shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities and data subjects in the event that any Personal Data processed by Two Way Direct is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. Two Way Direct shall promptly take reasonable remedial measures.
- DATA SUBJECT RIGHTS
Summary: depending on the law that applies to your Personal Data, you may have various data subject rights, such as rights to access, erase, and correct Personal Data, and information rights. We will respect any lawful request to exercise those rights.
Data subjects with respect to whose data GDPR applies, have rights under GDPR and local laws, including, in different circumstances, rights to data portability, rights to access data, rectify data, object to processing, and erase data. It is clarified for the removal of doubt, that where Personal Data is provided by a client being the data subject’s employer, such data subject rights will have to be effected through that client, the data subject’s employer. In addition, data subject rights cannot be exercised in a manner inconsistent with the rights of Two Way Direct employees and staff, with Two Way Direct proprietary rights, and third-party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot be accessed or erased or rectified by data subjects. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply. If processing occurs based on consent, data subjects have a right to withdraw their consent.
A data subject who wishes to modify, delete or retrieve their Personal Data, may do so by contacting Two Way Direct (firstname.lastname@example.org). Note that Two Way Direct may have to undertake a process to identify a data subject exercising their rights. Two Way Direct may keep details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by Two Way Direct.
Data subjects in the EU have the right to lodge a complaint, with a data protection supervisory authority in the place of their habitual residence. If the supervisory authority fails to deal with a complaint, you may have the right to an effective judicial remedy.
Minors. We do not knowingly collect or solicit information or data from or about children under the age of 16, or knowingly allow children under the age of 16 to register for the Services.
If you are under 16, do not register or attempt to register for the Services or send any information about yourself to us. If we learn that we have collected or have been sent Personal Data from a child under the age of 16, we will delete that Personal Data as soon as reasonably practicable without any liability to Two Way Direct. If you believe that we might have collected or been sent information from a minor under the age of 16, please contact us at: email@example.com as soon as possible.
Two Way Direct’s data protection officer (DPO) may be contacted at: firstname.lastname@example.org