Privacy Policy

Kairon is a product of NimbleWork, INC. The following privacy policy is applicable to all products and services provided by NimbleWork, INC, including Kairon. By using Kairon, you acknowledge and agree to the terms and conditions set forth in this privacy policy.

NimbleWork, INC. 

PRIVACY POLICY
Last Updated: May 21, 2024

1. INTRODUCTION

NimbleWork, Inc. (“NimbleWork,” “we,” “us,” or “our”) respects the privacy of its Users (“User,” “your,” or “you”). This Privacy Policy (the “Privacy Policy”) explains how we collect, use, disclose, and safeguard your information when you use Kairon Platform (the “Platform”) through Kairon’s website at https://www.kairon.com/ (the “Website”).

NimbleWork is committed to protecting the privacy of its Users whose information is collected and stored while using NimbleWork’s Platform through our Website or App.

The capitalized terms have the same meaning as ascribed in our Terms of Service as applicable, unless otherwise noted here.

PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND OUR POLICIES AND PRACTICES REGARDING YOUR INFORMATION AND HOW WE WILL TREAT IT. BY ACCESSING OR USING OUR WEBSITE AND PLATFORM, YOU AGREE TO ACCEPT ALL THE TERMS CONTAINED IN THIS PRIVACY POLICY AND ACKNOWLEDGE AND AGREE WITH THE PRACTICES DESCRIBED HEREIN. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS AND USE OUR WEBSITE AND PLATFORM.

IF YOU HAVE ANY QUESTIONS REGARDING THIS PRIVACY POLICY, PLEASE SEND US AN EMAIL AT privacy@nimblework.com.

WE DO NOT SELL YOUR PERSONAL INFORMATION, NOR DO WE INTEND TO DO SO. WE DO NOT GIVE ACCESS TO YOUR PERSONAL INFORMATION TO THIRD PARTIES EXCEPT TO SUBPROCESSORS TO ASSIST US IN THE PROVISION OF OUR SERVICES TO YOU. 

2. WEBSITES COVERED

The Service is currently provided through the website identified with the following url (uniform source locator): https://www.nimblework.com/, and from the following related websites:

https://saas.digite.com/digite/

https://nimble.digite.com/digite/

https://login.swiftkanban.com/

https://retro.digite.com/retro/

https://www.kairon.com/

https://app.kairon.com/

https://www.agwise.com/

3. DATA PRIVACY FRAMEWORKS

At NimbleWork Inc., we understand the importance of data privacy and security. We are committed to protecting our users’ personal information, especially in the European Union and the UK. We are pleased to announce that we adhere to the EU-US Data Privacy Framework(DPF) and the UK Extension to the EU-US, which helps ensure that the personal data of our users is transferred and processed in a way that complies with EU and UK data protection laws.

What is the EU-US Data Privacy Framework?

The EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) were developed to facilitate transatlantic commerce by providing U.S. organisations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area, the United Kingdom (and Gibraltar), and Switzerland that are consistent with EU, UK, and Swiss law. 

What does this mean for you?

By adhering to the DPF, we are providing several key assurances to our users:

  • Jurisdiction: The Federal Trade Commission has jurisdiction over our compliance.
  • Transparency: We clearly explain how we collect, use, and share your personal data through our Privacy Policy and other resources.
  • Data Protection Principles: We abide by the DPF’s principles, which are similar to those of the GDPR and Swiss data protection laws. These principles include:
    • Lawfulness, fairness, and transparency: We only process your data transparently and for lawful purposes.
    • Purpose limitation: We only use your data for the purposes it was collected.
    • Data minimisation: We only collect and process the minimum amount of data necessary for the stated purpose.
    • Accuracy: We strive to keep your data accurate and up-to-date.
    • Storage limitation: We only store your data for as long as necessary for the stated purpose.
    • Integrity and confidentiality: We take appropriate technical and organisational measures to protect your data from unauthorised access, disclosure, alteration, or destruction.
    • Accountability: We are responsible for complying with these principles and are subject to enforcement mechanisms.
  • Individual Rights: You have certain rights concerning your personal data, such as the right to access, rectify, erase, restrict processing, and object to processing.
  • Redress Mechanism: You have access to an independent mechanism for resolving complaints about our data practices.
  • The link to the U.S. Department of Commerce is https://www.dataprivacyframework.gov/, which allows anyone to view our certification online.

NimbleWork, Inc. remains responsible for any of your personal information shared with subprocessors for external processing on our behalf, as described in the “ DISCLOSURE OF PERSONAL INFORMATION” section of our Privacy Policy.

In adherence to our privacy policy, if any concerns regarding personal data, as per the Data Privacy Framework (DPF) principles, remain unresolved internally, customers are encouraged to utilise our designated third-party dispute resolution provider ANA, free of charge.

Additionally, we pledge to cooperate with relevant data protection authorities in the European Economic Area and the UK, if necessary, to address any outstanding complaints.

Under certain conditions (as described under the EU-US DPF Principles that NimbleWork Inc. adheres to), you may invoke binding arbitration by delivering a notice to us via privacy@nimblework.com, including when other dispute resolution procedures have been exhausted. NimbleWork, Inc. is also subject to the investigatory and enforcement powers of the Federal Trade Commission.

We have certified to the U.S. Department of Commerce that NimbleWork Inc. adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) regarding the processing of personal data received from the European Union in reliance on the EU-US DPF and from the UK in reliance on the UK Extension to the EU-US DPF.

We will remain liable for onward transfers of your personal data to third parties (including our Service Providers) in accordance with applicable data transfer mechanisms. If there is any conflict between the terms in this privacy policy and the EU-US DPF Principles and the UK GDPR, the Principles shall govern with respect to personal data transferred under the DPF. To learn more about the DPF program, including its application in the UK, and to view our certification, please visit https://www.dataprivacyframework.gov/.

4. WHAT INFORMATION DO WE COLLECT? 

When you register to use our Website or Platform, we collect personal information (also referred to as personally identifiable information or “PII”) which may include your name, online contact information such as your email address or username and other personal information. The information so collected will be stored on our servers. You are able to change your personal information via email by contacting us at privacy@nimblework.com or through your profile or account settings on our Website or Platform.

Geolocation and Equipment Information. We may collect information that does not personally identify you such as (i) your geolocation, and (ii) information about your internet connection, the equipment you use to access our Website or Platform, and usage details.

Financial Information. We currently do not collect or store any credit cards or bank information, as we are using a third-party payment processor. However, we will update this Privacy Policy when we start using and storing such information. We will also inform you via reasonable means if we start collecting such information from you.

5. HOW DO WE COLLECT INFORMATION?

We collect personal information from you in the following ways:

  • At registration on our Website or Platform;
  • When you interact with our advertising and applications on third-party website and services, if those applications or advertising include a link to this Privacy Policy;
  • From you placing an order, which includes details of transactions you carry out on our Website or Platform;
  • When you subscribe to a newsletter;
  • From your responses to a survey;
  • From forms filled out by you; and
  • From records or copies of correspondences (including email addresses) if you contact us.

We collect information from you automatically when you navigate through our Website or Platform in the following ways:

  • Usage details; and
  • IP addresses.

6. HOW DO WE USE YOUR INFORMATION?

We use the information that you provide to:

  • Personalize your experience in using our Platform;
  • Provide you with information, products, or services requested from us;
  • Provide you with notices about account and/or subscription, including expiration and renewal notices;
  • Carry out obligations and enforce rights arising from contracts entered into between you and us, including billing and collection;
  • Notify you about changes to our Website and Platform and any products or services;
  • Allow you to participate in interactive features on our Website and Platform;
  • Improve the Website and Platform;
  • Improve our customer service;
  • Process transactions;
  • Anonymize data and aggregate data for statistics;
  • Contact you for other purposes with your consent;
  • Contact you about our products and services that may be of interest;
  • Contact you about third parties’ goods and services;
  • Enable the display of advertisements to our advertisers’ target audiences, although personal information is not shared with advertisers without your consent; and
  • Send you periodic emails, in accordance with the CAN-SPAM Act of 2003 as detailed in Section 15, via the email address provided by you to (i) send information, respond to inquiries, and/or other requests or questions; (ii) process orders and send information and updates pertaining to such orders; (iii) send additional information related to your product and/or service; and (iv) market to our mailing list or continue to send email to you after the original transaction has occurred.
  • To advertise, promote, and encourage interaction with the Services: We utilize your contact details and information about your usage of our Services to send marketing communications that are tailored to your interests in order to advertise, promote, and encourage engagement with our Services. You have the ability to manage whether you receive such communications, as explained in the “Opt-out of marketing communications” section.

7. OUR COOKIE POLICY

Cookies are small pieces of text used to store information on web browsers. Cookies are used to store and receive identifiers and other information on computers, phones, and other devices. Other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, are used for similar purposes. In this Privacy Policy, we refer to all of these technologies as “Cookies.”

We use Cookies on our Website to (a) help remember and process items in the shopping cart, (b) understand and save your preferences for future visits, (c) keep track of advertisements, (d) compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future, and (e) allow trusted third-party services that track this information on our behalf.  You can set your browser to refuse all or some browser Cookies, but it may affect your user experience. We honor Do Not Track signals and, if one is in place, we will not track, plant cookies, or use advertising.

We allow third-party behavioral tracking and links to third-party web pages.  Occasionally, at our discretion, we may include or offer third-party products or services on our Website or Platform.  These third-party sites have separate and independent privacy policies.  We, therefore, have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our Website or Platform and welcome any feedback at about these sites.  Please contact us at privacy@nimblework.com.

8. HOW DO WE PROTECT INFORMATION WE COLLECT?

Our Website and App are reasonably scanned to meet or exceed PCI Compliance. Our Website and App receive regular security scans and penetration tests.  Our Website and App also receive regular malware scans.  In addition, our Website and App use an SSL certificate as an added security measure. We require username and passwords for our employees who can access your personal information that we store and/or process on our Platform and servers. In addition, we actively prevent third parties from getting access to your personal information that we store and/or process on our Platform and servers.  We accept payment by credit card through a third-party credit card processor on our behalf.  We will implement reasonable security measures every time you (a) place an order, or (b) enter, submit, or access your information, (c) register, or (d) access our Platform, on our Website and App.

Marketing Information: If you have opted in to receive marketing emails from us, we will keep track of your marketing preferences for a reasonable duration starting from the last time you showed interest in our Services, such as the last instance you opened an email from us or stopped using your account. Information derived from cookies and other tracking technologies will also be stored for a reasonable duration starting from the date it was collected.

9. DATA SECURITY MEASURES.

  • Security Measures.  We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls.  The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website or Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website or Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on our Website or Platform.
  • Fair Information Practice Principles.  In the event of a personal data breach, we will notify you within 72 hours via (i) email and/or (ii) our Platform notification system on our Website and/or App.  We agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors. 

10. DISCLOSURE OF PERSONAL INFORMATION

 There are times when we may share Personal Information that you have shared with us may be shared by NimbleWork with others to enable us to provide you over Services, including contractors, service providers, and third parties (“Partners”). This section discusses only how NimbleWork may share such information with Partners. We will ensure that our Partners protect your Personal Information.

Other Disclosure of Personal Information.

  • We will disclose personal information (i) to comply with any court order, law, or legal process, including to respond to any government or regulatory request, (ii) to enforce or apply our Terms of Service and other agreements, including for billing and collection purposes, (iii) if we believe it is necessary or appropriate to protect the rights, property, or safety of NimbleWork, our customers or others, and/or (iv) if it is necessary or appropriate to protect the rights, property, or safety of NimbleWork, our customers, or others, and this includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Third Party Disclosure.

  • We do not sell, trade, rent, or otherwise transfer personal information to others, unless we provide you with advance notice.  This does not include our hosting partners and other parties who assist us in operating our Website or Platform, conducting our business, or servicing you, so long as those parties agree to keep this information confidential.
  • We do not provide non-personally identifiable visitor information for marketing purposes.

Choices Users Have About How NimbleWork Uses and Discloses Information.

  • Tracking Technologies and Advertising. You can set their browser to refuse some or all the browser cookies, but if you disable or refuse cookies, some parts of our Website may not be accessible or function properly.
Google API Services User Data Policy

Nimble for Gmail™ use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Access And Control Your Personal Information

You can make specific decisions concerning your information. Here is a concise summary of those decisions, along with guidelines on how to implement them and any possible constraints.

  • Your right to access: You have the right to request access to the personal information that we hold about you. As a NimbleWork’s customer, you can request a copy of your information, object to our use of your information (including for marketing purposes), request the deletion or restriction of your information. To access your personal data, please follow the instructions provided in “Access your personal data” in NimbleWork’s Terms of use.

Your request and choices may be limited in certain cases:

  • We take the privacy of our users seriously and strive to protect their personal information. However, we cannot disclose personal information about another person. Any such data requests will be denied.
  • While we take every precaution to protect your personal information, we cannot be held liable for any data shared with third-party service providers for which you have given your consent. If you wish to delete any such information, you will need to contact those third-party service providers directly.
  • Please note that if the Services are managed for you by an administrator, you may be required to reach out to them for any requests related to your personal information. Your administrator can assist you with your requests and ensure that they are handled appropriately.
  • For our Collaborative OKRs application on Slack, If you would like to have your data deleted, please send an email to developers@digiteapp.com with the subject line “Data Deletion Request”. Please note that upon receiving your request, we will delete your data within seven (7) days.
    • Additionally, we classify a workspace as dormant if no user has used the Slack app for a period of three (3) months. In such cases, we will retain the user’s data for a maximum period of one (1) year from the time the account became dormant.
    • During this period, we will continue to protect the user’s data in accordance with our privacy policy. If the user wishes to reactivate their account, they may do so at any time by logging into the app via the installed workspace.
    • If the account is not reactivated within the one-year period, we will securely delete their data from our servers.

11. COOKIES AND VISITOR TRACKING NOTICE

We use cookies on our website to improve and customize our products, websites and your experience. Opting out from our use of cookies is simple – you can instruct your browser to delete, and block or disable cookies.

Google Analytics

We track visitors to our website using Google Analytics from Google, Inc. Google Analytics records how you arrived at our site, what pages you view within our site, the time spent on different parts of our site, and some basic information about your computer and browser. All of that information is anonymous – so we don’t know who you are; we just know that somebody visited our site. We actually look at data in aggregate, so, while we know that several people visited a page on a given day, we cannot identify who specifically visited.

To learn more about how Google Analytics processes and collects this data please follow this link – https://www.google.com/policies/privacy/partners

You can also opt-out of Google Analytics tracking as well, please follow this link – https://tools.google.com/dlpage/gaoptout

Cloudflare CDN & Browser Insights

Cloudflare provides a worldwide content delivery network and DNS service. This means that the data transfer between your browser and our website is routed through Cloudflare’s network. This allows Cloudflare to analyze the data transactions and act as a filter against malicious data traffic from the internet. Additionally, Cloudflare may use cookies for this purpose.

Cloudflare Browser Insights requires that end users’ browsers report timing information back to Cloudflare. Browser Insights reports only the bare-minimum information needed to track website performance. The only metrics Browser Insights collects are about timing.

Microsoft Clarity

Clarity collects data about website usage and visitor behavior, which is used to create reports that provide insights into website performance and visitor behavior. We only collect data that is necessary for providing and improving our services. This data includes information about the pages visited on our website, the actions taken on those pages, and the device and browser used to access the website. Additionally, Clarity may collect IP addresses, which are used to identify geographic location.

Mixpanel

We gather personal information, including your email address and user activity, through the use of Mixpanel. Mixpanel’s handling and sharing of this information is subject to the Mixpanel Terms of Use and Privacy Policy, available at https://mixpanel.com/terms/ and https://mixpanel.com/privacy/. If you wish to opt-out of Mixpanel’s services, you can do so by visiting https://mixpanel.com/optout/

WhatFix

We use WhatFix digital adoption platform that helps support by providing contextual guidance and interactive walkthroughs of our programs. We utilize cookies to display information or assistance that is specifically applicable to you, ensuring optimal functionality of our service.

Appzi

Appzi is a user feedback collection platform that enables us to collect customer feedback and improve the website from within. Through the Appzi code embedded on our website, we collect and process the device-specific data of the visitor.

Hello Bar

Hello Bar uses cookies to track user behavior and personalize the user experience. These cookies collect information about the pages visited, the duration of the visit, and the actions taken on the site. The collected data is used to improve the site’s performance and to deliver targeted marketing messages.

Piwik Pro Analytics/ Matoma Analytics

We track visitors to our website using Piwik PRO/ Matoma analytics, we collect data about how visitors use our site. This can be data like visited pages or screens, session duration, and so on. We use this data to make the user experience better on our website.

RB2B Analytics

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners (RB2B) or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email. You may opt out of receiving this advertising by visiting https://app.retention.com/optout

Why do we collect this information?

The information we collect from Google Analytics, Microsoft Clarity, Mixpanel, Appzi, Hellobar & Cloudflare helps us understand what parts of our sites are working well, how people arrive at our site and so on. Like most websites, we use this information to make our website better.

Usage of Web Beacons/ Clear GIFs

When you use our site, we may employ clear GIFs (also known as web beacons) which are used to track the online usage patterns of our users anonymously.

In addition, we may also use clear GIFs in HTML-based emails sent to our users to track which emails are opened by recipients. The information is used to enable more accurate reporting and improve the effectiveness of our marketing. You may opt out of receiving email communications from us by using the unsubscribe link within each email. However, you will continue to receive transactional messages from us regarding any of our Products and Services that you have signed up for.

Social Networks

We give you the ability to share our content via Social Media networks such as Facebook, LinkedIn and Twitter. This is done through standard software code these networks provide, and is not under our control. You normally need to be logged in to one of these services to share any website article or link using these buttons and networks. These networks might track information on websites you visit, links that you share and might even post on your behalf on your social media profile on the respective networks. You can control what they do, using the controls they provide for such sharing of information. If you have an issue with such sharing, you can refrain from using these share buttons on our website.

Commenting on our blog

Our blog is built using the WordPress website development platform and we use the default WordPress commenting capability. If you choose to comment on our blog, please note that we need you to enter your name and email id. We do not do anything with this information with the exception that WordPress will notify you if someone replies to your comment IF you enable that option. Also, please note that your comment will be public and free to view for anyone who visits our blog/ site(s).

FOR OUR EUROPEAN CUSTOMERS AND VISITORS

We are headquartered in the U.S. Most of the operations are located in the U.S. Your Personal Information, which you give to us during  registration or use of our Website or Platform, may be accessed by or transferred to us in the United States.  If you are visiting our Web site or registering for our Services from outside the United States, be aware that your Personal Information may be transferred to, stored, and processed in the United States. Our servers or our third-party hosting services partners are located in the United States.  By using our site, you consent to any transfer of your Personal Information out of Europe and/or UK, or Switzerland for processing in the US or other countries.

We will comply with the EU Standard Contractual Clauses with respect to the transfer of Personal Data from the EU to the US for processing. If there is any conflict between the terms and conditions in this Privacy Policy and your rights under the EU Standard Contractual Clauses, the terms and conditions in the EU Standard Contractual Clauses will govern. For the purposes of this Privacy Policy, “EU Standard Contractual Clauses” mean the standard contractual clauses for the transfer of personal data to processors established in the US. (Commission Decision 2010/87/EC).

(i) Obligations of the data importer (processors)

The data importer agrees and warrants:

  • to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  • that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;
  • that it has implemented the technical and organizational security measures before processing the personal data transferred;
  • that it will promptly notify the data exporter about:
    • any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,
    • any accidental or unauthorized access, and
    • any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so;
  • to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;
  • at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;
  • to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;
  • that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent;
(ii) Obligations of the data exporter

The data exporter agrees and warrants:

  • that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;
  • that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses;
  • that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures;
  • that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;
  • that it will ensure compliance with the security measures;
  • that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;
  • to make available to the data subjects upon request a copy of the Clauses, with a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; and
  • that, in the event of sub-processing, the processing activity is carried out in at least the same level of protection for the personal data and the rights of the data subject as the data importer under the Clauses.
(iii) Liability
  • The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred above by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.
  • If a data subject is not able to bring a claim for compensation in accordance with paragraph a against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to above, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.
  • If you are a resident of or a visitor to Europe and/or UK, you have certain rights with respect to the processing of your Personal Data, (referred here as Personal Information), as defined in the GDPR.
  • Please note that in some circumstances, we may not be able to fully comply with your request, or we may ask you to provide us with additional information in connection with your request, which may be Personal Information, for example, if we need to verify your identity or the nature of your request.
  • In such situations, however, we will still respond to let you know of our decision. As used herein, “Personal Information” means any information that identifies you as an individual, such as name, address, email address, IP address, phone number, business address, business title, business email address, company, etc.
  • To make any of the following requests, please contact us (i) via email at privacy@nimblework.com, or (ii) by writing to us at NimbleWork, 21060, Homestead Road, Cupertino, California 95051.
    • Access: You can request more information about the Personal Information we hold about you. You can also request a copy of the Personal Information.
    • Rectification: If you believe that any Personal Information we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. Please contact us as soon as possible upon noticing any such inaccuracy or incompleteness.
    • Objection: You can contact us to let us know that you object to the collection or use of your Personal Information for certain purposes.
    • Erasure: You can request that we erase some or all of your Personal Information from our systems.
    • Restriction of Processing: You can ask us to restrict further processing of your Personal Information.
    • Portability: You have the right to ask for a copy of your Personal Information in a machine-readable format. You can also request that we transmit the data to another entity where technically feasible.
    • Withdrawal of Consent: If we are processing your Personal Information based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, it may limit your ability to use some/ all of our Services or Platform and you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Information, if such use or disclosure is necessary to enable you to utilize some or all of our Services and Platform.
    • Right to File Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Information with the supervisory authority of your country or EU Member State. Please go to https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm to locate your Data Protection Authority. We will respond to your inquiry within thirty (30) days of the receipt.

12. YOUR CALIFORNIA PRIVACY RIGHTS

NimbleWork does not sell, trade, or otherwise transfer to outside third parties your “Personal Information” as the term is defined under the California Civil Code Section § 1798.82(h).  Additionally, California Civil Code Section § 1798.83 permits Users of our Website or Platform that are California residents to request certain information regarding our disclosure of their Personal Information to third parties for their direct marketing purposes. To make a request for such disclosure, or identification and/or deletion of Personal Information in all our systems that we store on you, please send an email at privacy@nimblework.com or write us at NimbleWork, 21060, Homestead Road, Cupertino, California 95051.

Note that (i) if we delete your Personal Information as requested, we will no longer be able to provide our services to you and (ii) we may need to keep such Personal Information for a while during the shutting down and billing process. If you would like to discuss our Personal Information storage and processing process with us, please send us an email at privacy@nimblework.com or write us at NimbleWork, 21060, Homestead Road, Cupertino, California 95051. 

13. CALIFORNIA CONSUMER PRIVACY ACT

This Section supplements the information contained in our Privacy Policy above and applies solely to all visitors, users, and others to our Website or Platform, who reside in the State of California (“consumers” or “you”). We adopt this Section to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Section.

  • Right to Request Personal Information. Upon request, we will provide you with (i) a list of all Personal Information that we have collected on you, (ii) from whom we obtained such Personal Information, (iii) the reason why we collected such Personal Information, and (iv) with whom (if any) we have shared such Personal Information. If we sell your Personal Information or disclose your Personal Information to third parties, upon request, we will provide you with (i) a list of the Personal Information that we have collected on you, (ii) a list of the Personal Information that we sell or disclose to others on you, and (iii) to whom we have sold or disclosed your Personal Information. A consumer can make such a request only twice in a 12-month period.We require such Personal Information to be able to provide to you our Services. Unless otherwise specified, we only collect Personal Information from you. We do not use others to provide us with your Personal Information.
  • Disclosure of Personal Information. We only share your Personal Information with service providers, e.g., billing and collection agents, who enable us to provide our Services to you. We do not sell or give your Personal Information to third parties for purposes unrelated to our provision of Services to you.
  • Right to have Personal Information Deleted. Upon request, we will delete all of your Personal Information that we have collected on you and will direct our Service Providers to also delete all of your Personal Information. But note that if we do delete all of this Personal Information, you will no longer be able to use our Services.
  • Non-Discrimination Right. We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

(i)   Deny you goods or services.

(ii)   Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

(iii) Provide you a different level or quality of goods or services.

(iv)  Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

  • Financial Incentives. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
  • Contact Information. You may contact us (i) at privacy@nimblework.com, or (ii) by writing to us at Privacy Officer, at 21060, Homestead Road, Cupertino, California 95051 to (i) make a Personal Information Request, (ii) lodge a complaint about our use or storage of your Personal Information, (iii) ask us to delete such Personal Information, and/or (iv) discuss our Privacy Policy and/or anything that has to do with it. We will respond within forty-five (45) days of receiving such request or query. Additionally, in order for us to respond to your request or query, we will need to collect information from the requesting party to verify their identity.
  • Under 16. We will not sell your Personal Information if you are under the age of 16 unless we have the consent of your parent or your guardian nor will we sell it if you ask us not to do so.
  • Opt Out Right. Upon your request, we will stop selling your Personal Information (sometimes called your Opt Out Right). You may send the request to Opt Out (i) to privacy@nimblework.com, or (ii) by writing to us at Privacy Officer, 21060, Homestead Road, Cupertino, California 95051.
  • Personal Information that We Store. For your information, we store/collect the following Personal Information on you:
    1. Name
    2. Business Email Address
    3. IP Address

We will not retain the user data beyond one year. If you still want to delete your data, upon your prior written request, we will delete your data/information within sixty (60) days of receiving your request. Users outside of CCPA can also request to have their data deleted via email at privacy@nimblework.com We will delete their data also within sixty (60) days of receiving their request.

14. COPPA COMPLIANCE (FOR CHILDREN UNDER 13 USERS ONLY)

The Children’s Online Privacy Protection Act (“COPPA”) is a federal legislation that applies to entities that collect and store “Personal Information,” as the term is defined under COPPA, from children under the age of 13. We are committed to ensure compliance with COPPA. Our Website and Platform are not meant for use by children under the age of 13. Our Website and Platform do not target children under the age of 13, but we do not age-screen or otherwise prevent the collection, use, and personal disclosure of persons identified as under 13. If you would like to know more about our practices and specifically our practices in relation to COPPA compliance, please email us at privacy@nimblework.com.

IF YOU ARE UNDER 13, PLEASE DO NOT ACCESS OR USE OUR WEBSITE OR PLATFORM.

15. CAN-SPAM ACT OF 2003

The CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have businesses stop emailing them, and spells out penalties for violations.  Per the CAN-SPAM Act, we will:

  • not use false or misleading subjects or email addresses;
  • identify the email message as an advertisement in some reasonable way;
  • include the physical address of NimbleWork, which is 21060, Homestead Road, Cupertino, California 95051monitor third-party email marketing services for compliance, if one is used;
  • honor opt-out/unsubscribe requests quickly; and
  • give an “opt-out” or “unsubscribe” option.

If you wish to opt-out of email marketing, follow the instructions at the bottom of each email or contact us at privacy@nimblework.com and we will promptly remove you from all future marketing correspondences. 

16. MODIFICATIONS TO OUR PRIVACY POLICY

NimbleWork reserves the right, at its sole discretion, to change or modify this Privacy Policy at any time. In the event we modify this Privacy Policy, such modifications shall be binding on you only upon your acceptance of the modified Privacy Policy. We will inform you about the modifications on our Privacy Policy page via email, on our Website or Platform by posting a modified version of the Privacy Policy page, or by a comparable means within a reasonable time period.  Your continued use of our Website or Platform shall constitute your consent to such changes.

17. LIST OF THIRD-PARTY SERVICE PROVIDERS

NimbleWork uses the third-party service providers listed here: (Subsidiaries and Sub-processors) for the provision of services as detailed under the Terms of Service, as applicable

Additionally, if you have any questions or concerns about our third-party service providers, please email us at privacy@nimblework.com.

18. COPYRIGHT INFRINGEMENT/DMCA NOTICE

If you believe that any content on our Website or Platform violates your copyright, and you wish to have the allegedly infringing material removed, the following information in the form of a written notification (pursuant to the Digital Millennium Copyright Act of 1998 (“DMCA Takedown Notice”)) must be provided to our designated Copyright Agent.

  • Your physical or electronic signature;
    Identification of the copyrighted work(s) that you claim to have been infringed;
  • Identification of the material on our Website or Platform that you claim is infringing and that you request us to remove;
  • Sufficient information to permit us to locate such material;
  • Your address, telephone number, and email address;
  • A statement that you have a good faith belief that use of the objectionable material is not authorized by the copyright owner, its agent, or under the law; and
  • A statement that the information in the notification is accurate, and under penalty of perjury, that you are either the owner of the copyright that has allegedly been infringed or that you are authorized to act on behalf of the copyright owner.

NimbleWork’s Copyright Agent to receive DMCA Takedown Notices is Data Protection Officer (DPO), at privacy@nimblework.com, Attn: DMCA Notice, 21060, Homestead Road, Cupertino, California 95051. You acknowledge that for us to be authorized to take down any content, your DMCA Takedown Notice must comply with all the requirements of this Section. Please note that, pursuant to 17 U.S.C. § 512(f), any misrepresentation of material fact (falsities) in a written notification automatically subjects the complaining party to liability for any damages, costs and attorney’s fees incurred by NimbleWork in connection with the written notification and allegation of copyright infringement.

19. CONTACT US

To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:

Privacy Officer

Email: privacy@nimblework.com

Address: NimbleWork, Inc. 21060, Homestead Road, Cupertino, California 95051

PLEASE NOTE: IF YOU USE OUR WEBSITE OR PLATFORM, YOU HAVE AGREED TO AND ACCEPTED THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY AND THE TERMS AND CONDITIONS SET FORTH IN OUR TERMS OF SERVICE, AS APPLICABLE.  IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY OR OUR TERMS OF SERVICE, PLEASE DO NOT USE OUR WEBSITE OR PLATFORM.WW