WorkWaves

Privacy Policy for Workwaves

Last Updated: 22-09-2024

This Privacy Policy sets out how Workwaves (hereinafter referred to as "Company", "we", "us", or "our") collects, uses, discloses, and protects personal data when users ("you" or "your") access our mobile application, website, and other related services (collectively referred to as the "Services").

We respect your privacy and are committed to safeguarding your personal data in compliance with applicable laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (GDPR), the California Consumer Privacy Act (CCPA), and India’s Information Technology Act 2000, including relevant rules such as the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules).

1. Definitions

Personal Data: Any information relating to an identified or identifiable natural person as defined by GDPR and similar laws.

Processing: Any operation or set of operations performed on personal data, including but not limited to collection, storage, use, and disclosure.

Controller: The entity that determines the purposes and means of processing personal data (Workwaves in this context).

Processor: Any third party that processes data on behalf of Workwaves.

2. Personal Data We Collect

We may collect and process the following types of personal data:

  • Identification Data: Your name, email address, and contact details.
  • Biometric Data: Facial recognition data for attendance validation (only if enabled by your employer).
  • Geolocation Data: Real-time location data during work hours to track attendance and work hours.
  • Usage Data: Data regarding your interactions with the Services, including task performance and attendance logs.
  • Device Information: Information related to your device, such as IP address, browser type, operating system, and device identifiers.

3. Purpose of Processing Personal Data

We process personal data for the following legitimate business purposes:

  • Attendance and Task Management: To track and validate your attendance using geolocation and biometric data.
  • Performance Monitoring: To generate reports for employers regarding attendance and task completion.
  • Security and Fraud Prevention: To maintain the integrity of our systems, monitor security risks, and prevent unauthorized access.
  • Legal and Regulatory Compliance: To comply with obligations under GDPR, CCPA, and India's data protection laws, including responding to lawful requests by public authorities.

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Consent: For location tracking and biometric data, your explicit consent is required.
  • Legitimate Interest: Processing is necessary for our legitimate interests, such as attendance management and security measures.
  • Legal Obligation: Processing is required to comply with legal obligations under data protection and labor laws.
  • Contractual Necessity: For the performance of a contract to which you are a party (employment).

5. Data Retention

We retain your personal data as follows:

  • Active Employment: We retain your personal data for as long as you are employed by your company. Data will be archived for six (6) months after your employment ends for record-keeping purposes.
  • Former Employees: Upon your departure, your employer may define a data retention period of up to two (2) years, after which your data will be permanently deleted unless required for compliance with legal or regulatory requirements.
  • Data Minimization: We ensure that only the minimum amount of personal data necessary for the specified purposes is collected and retained.

6. Data Storage and Transfers

Workwaves stores your personal data on servers located in India and Southeast Asia, in compliance with India's Information Technology Act 2000 and the GDPR's cross-border data transfer requirements.

Cross-Border Transfers: Personal data may be transferred to and processed in locations outside your jurisdiction, including countries that may not have equivalent data protection laws. By using our Services, you consent to the transfer, storage, and processing of your data in these locations.

Adequate Safeguards: We ensure appropriate safeguards are in place for international transfers in accordance with GDPR, including the use of Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

7. Sharing and Disclosure of Data

We may disclose your personal data under the following circumstances:

  • Third-Party Service Providers: We share data with trusted third-party providers, such as Firebase, Neo4j, and Calendly. These processors comply with applicable data protection laws.
  • Legal and Regulatory Authorities: We may disclose personal data to law enforcement agencies, courts, or regulatory bodies where required by law.
  • Corporate Transactions: In the event of a merger or sale of assets, your personal data may be transferred to the acquiring entity.

8. Security Measures

We implement robust security measures, including:

  • End-to-End Encryption: Data is encrypted during transmission to protect against unauthorized access.
  • Role-Based Access Control (RBAC): Only authorized personnel with a legitimate business need have access to sensitive data.
  • Regular Security Audits: We conduct regular audits of our security protocols to ensure compliance with international standards.

However, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your data.

9. Your Rights

Under applicable data protection laws, you have the following rights:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You can correct any inaccuracies in your personal data.
  • Right to Deletion: You may request that your personal data be deleted, subject to the retention obligations mentioned above.
  • Right to Data Portability: You may request that we transfer your data to another data controller, where feasible.
  • Right to Object: You may object to the processing of your data for certain purposes, such as direct marketing.
  • Right to Withdraw Consent: Where we process your data based on consent, you have the right to withdraw consent at any time.

To exercise these rights, please contact us at admin@workwaves.co.

10. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. You will be notified of any material changes, and your continued use of the Services constitutes your acceptance of such changes.

11. Contact Information

If you have any questions or concerns about this Privacy Policy, please contact our Data Protection Officer at:

Email: admin@workwaves.co

Address: VIT Chennai, Vandalur Kelambakkam Road, Tamil Nadu, Chennai, 600127, India