This Privacy and Data Protection Policy sets out the practices that Kerner Norland Pte Ltd (“Kerner Norland”, “we”, “our”, “us”) follows with respect to the collection, use maintenance, transfer and disclosure of information collected when you use and or access the website as well as any other media form including but not limited to, WorkShiftly software, media channel, mobile website or mobile application, desktop application related or connected thereto (collectively referred to as “WorkShiftly Portal”) provided by the Company.
The purpose of this policy is to provide you with an understanding of how we collect, handle and use your personal data.
Kerner Norland collects personal data about you when you (1) register for WorkShiftly on the WorkShiftly Portal, (2) use our products, (3) subscription, (5) communicates with us through any mode of communication including, but not limited to, chat, phone and email.
1. The personal data we collect
When you register with us through the WorkShiftly Portal, it will prompt you to provide us with information such as your login credentials (e.g. your name, company name, designation, email address and/or password), geographic region. Customer service telephone calls, emails, and other communications with us, may collect information such as the identity of the caller or sender of the email, the date and time of the call or email, and the subject and resolution of the issue.
2. Information collected when you use the WorkShiftly Portal
(1) unique identifiers relating to your device(s) and their components; (2) performance of the WorkShiftly Portal; (3) configurations of your device(s), the WorkShiftly Portal and the software applications, contents and peripheral devices that interact with the WorkShiftly Portal; (4) use and frequency of use of the functions of the WorkShiftly Portal, and the software applications, contents and peripheral devices that interact with the WorkShiftly Portal; and (5) the time zone.
Payments made through the WorkShiftly Portal are processed through a third-party payment processor. Information to administer, manage, and fulfill the purchases and subscriptions you make, may be collected by us or on our behalf. Such information may include payment information credit card number, account authentication information, and contact information including your full name, billing and shipping address and email address.
We may collect “usage information” anytime you visit, view and/or interact with our WorkShiftly Portal. We may collect your computer’s IP address, browser type, operating system version, geolocation information, and information regarding your browsing activities (e.g., parts of the website visited, items clicked on). We may associate this information with your personally identifiable information.
3. How We Use Your Information
- Provide and maintain the services- to process and fulfill your purchases and subscriptions, send you confirmation emails of your purchase and subscription status and allow you to pay for subscriptions.
- Communicate with you-To alert you about products upgrades and revisions, respond to you when you contact us, and promote new features or products that we feel may be of interest you to assist in addressing your inquiries and troubleshooting, about our products and services. To notify you about changes to our products and services and provide you with information that is relevant to your use of the service.
4. Disclosure to Third-Party
We do not sell, trade or otherwise transfer to third parties your personally identifiable information. Any information provided to the WorkShiftly Portal will be protected from loss, misuse, unauthorized access or disclosure, alteration or destruction.
However, we share your personal information with authorized third parties who assist us in operating the WorkShiftly Portal, conducting our business or servicing you including, but not limited to, credit card payments and online support, as long as these parties are compliant with applicable data protection laws.
We may choose to retain your personal information to the full extent of any period provided by law and statute. We may also choose to delete your personal information from our databases after a required number of years and/or if the intended purposes for which we have collected your information is completed or is no longer relevant. We may release your information when we are required to comply with the law, enforce our policies, or protect Kerner Norland’s and other third-party rights, property or safety. However, non-personally identifiable information may be provided by Kerner Norland to third parties for marketing, advertising, or other uses.
5. Cookies and Tracking Codes
- Necessary cookies: Necessary cookies enable you to use our Portals and all it’s features, such as enabling access to secure areas of the Portals. Without these cookies you may not be able to use all the features of our Portals.
- Performance cookies: Performance cookies collect information about how you use our Portals so we can improve them for you in future. For example, they collect information on which pages you visit most often and any error messages you may get. The information collected by these cookies is anonymous. They do not collect any information that can identify you personally.
- Functionality cookies: We use functional cookies to provide enhanced functionality and personalization, to remember your preferences, to diagnose server and software errors, and in cases of abuse, track and mitigate the abuse. The information these cookies collect is anonymous. They cannot track your browsing activity on other websites.
- Targeting/advertising cookies: We and our service providers may use advertising cookies to deliver ads that we believe are relevant to you and your interests. For example, we may use targeting or advertising cookies to customize the advertising and content you receive on our Portals, to limit the number of times you see the same ad on our Portals and to help measure the effectiveness of our advertising campaigns.
6. Company policy towards minors
Our Portals are for a general audience. We do not intentionally collect personally identifiable information from users of this Site who are under the age of 13.
7. Threat Assessment and Protection
We have standardized enterprise-wide analysis of software-related threats within the organization and have prioritized proactive improvement of threat coverage throughout the organization to ensure that there are no leaks of the data we collect.
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure we have put in place the following suitable physical, electronic and managerial procedures to secure the information.
- Implement strong access controls, including strong passwords, input validations, multi-factor authentication, and role-based access permissions.
- Use secure protocols (SSL/TLS version 1.2 and higher) for data transmission and avoid transmitting sensitive data over unsecured networks.
- Establish clear data retention policies and securely dispose of data that is no longer needed.
- Kerner Norland is keeping systems and software up to date with the latest security patches.
- Conduct regular security audits, and assessments to identify vulnerabilities and implement necessary measures.
- Encrypted the offline data stored on the device using strong encryption algorithms.
- Established secure key management techniques to store and handle encryption keys (API keys).
- Data protection by design and default.
- Monitoring and reporting in a file any unauthorized or illegal access attempts.
- Monitoring specific activities such as who accesses personal data and with whom the data are being shared.
- Keeping a record of how long the data are to be stored while being stored.
- The data are encrypted, pseudonymized, and anonymized whenever possible, to protect them from any unauthorized access.
8. Storage and Retention
We may keep information and content in our systems, backup files and archives as follows;
- Utilized encryption for data at rest and in transit.
- Strong hashing for sensitive information in the database tables.
- Server-side encryption by default in the database.
- Obtaining regular backup and testing the backup and recovery procedures.
- Monitoring and logging access (only metadata), network traffic, and system activities for detection of security incidents and getting monitored via Security Operation Centre.
- Classified data based on sensitivity and applied appropriate security controls over the Risk Based Authentication.
We will retain your personal data as long as necessary to provide you with the services requested. However once your account has been deleted/de activated, your personal data will be stored in our archives for six months from the de activated date and we will remove it from our systems, records and/or take steps to properly anonymize it so that you can no longer be identified from it, unless we need to keep your personal data, including if we need to keep your personal data to comply with legal or regulatory obligations to which we are subject.
9. Your Rights
- Right of access- You may have the right to obtain from us confirmation as to whether personal data concerning you is processed, and, where that is the case, to request access to the personal data.
- Right to rectification- You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to object- If the processing of your personal data is based on legitimate interests, you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data. Moreover, if your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case, your personal data will no longer be processed for such purposes by us.
- Right to fair treatment- We will not discriminate against you for exercising any of your privacy rights. Irrespective of your standing on your privacy preferences, we will provide the services.
- To restrict the use of your information- You can request to restrict the use of your information.
- To complain to a supervisory authority – If you have any complaints regarding the data collected and the usage of it, you have the right to lodge a complaint to a superior authority.