THRIWIN PRIVACY POLICY

Your Privacy Is Our Priority and we don’t sell any data to third parties

We're here to help and answer any questions you might have. You can Contact Us in case of any doubts

Introduction & Summary

Adjoint Technologies Pvt Ltd (hereinafter referred to as Adjoint, Thriwin, Company or Organization) provides software applications | used by customers to manage business activities. This privacy policy applies to all our employees, Prospective employees, customers as well as other users/website visitors.

The following Privacy Policy(hereinafter referred to as privacy policy, privacy notice, or privacy statement) describes how Thriwin collects, uses, and discloses information, and what choices you have with respect to the information. Thriwin is the controller for the personal data discussed in this Privacy Statement, except as noted in the “ Thriwin as a Service Provider” section below.

For the purposes of this policy, references have been made to the General Data Protection Regulation (“EU GDPR”), 2016 and, the California Consumer Privacy Act, 2018 (“CCPA”), the California Privacy Rights Act, 2020 (together with the CCPA, “CPRA”).

Scope

This Privacy Notice applies to Visitors, Users, and Prospective Employees, Employees, and Independent Contractors (“individuals” or “you”) of Thriwin. This Privacy Notice also applies to the prospective customers of Thriwin who visit the website to understand the services provided by Thriwin.

For the purposes of this notice, a “visitor” of Thriwin refers to an individual who accesses Thriwin’s website or mobile application with or without registering for an account, or who provides personal data to Thriwin through other means, such as filling out a contact form or subscribing to a newsletter. A “user” of Thriwin refers to an individual who has registered for an account on Thriwin’s application either to access a demo or some other resource provided on the website

This Privacy Statement will not be applicable to the businesses that use Thriwin as a processor. The businesses that use Thriwin as a processor/service provider are referred to as a “Customer” for the sake of this Privacy Statement. For more information regarding the applicability of this notice on Thriwin customers, please refer to Section Thriwin as Service Provider/Processor of this notice.

Both these categories of individuals or businesses are potential customers for Thriwin, but with respect to the processing of their data, Thriwin acts as a ‘Data Controller’ as per GDPR and ‘Business’ as per CPRA.

This Notice applies to Personal Data/Information and sensitive personal data, as defined under the GDPR and CCPA, that we collect to provide you with certain products and services (collectively, “Services”). This Notice does not apply to anonymized, de-identified, or aggregate information if it is not Personal Information

Thriwin as Service Provider/ Processor

Thriwin’s customers are organizations such as businesses, who use our services as a business application platform. Thriwin acts as a processor processing personal data in these services only according to the customers' instructions.

If you are an individual employee or prospective employee of a Thriwin customer, this Notice does not apply to you. For information on your privacy rights and your employer’s privacy practices, please refer to your employer’s privacy notices. Under applicable privacy laws, we are a Data Processor under the GDPR or a Service Provider under CPRA and your employer is the Data Controller under the GDPR or the Business under CPRA.

Any queries or requests regarding the data processing from employees orusers of a Thriwin Customer, employee or users will be requested to reach outto the customer organisation.

Personal Data Collected by Thriwin as Controller/Business

The categories of information, including Personal Data that Thriwin may have collected from you to provide certain services to you are listed below:(Please note that the following list is not exhaustive in nature)

To access some areas of the Website, you will need to have account authentication credentials. As part of your account, you may choose to provide us with additional data, such as:

As a service provider under Section 3 of this Policy, Thriwin may collect more categories of personal data as per the agreement with Thriwin’s customers. However, processing-related information is not covered under this policy. For inquiries related to the same, please contact your employer or consult your employer’s privacy policy. Any such queries shall be redirected to the respective Thriwin customer.

Children’s Personal Information

Thriwin’s services are not intended for or directed to children under the age of thirteen. The Company does not knowingly collect personal information directly from children under the age of thirteen without parental consent. If the company is made aware that a child under the age of thirteen has provided their personal information, Thriwin will delete the information from its records.

If the personal data of a child is received by virtue of their parent being an employee or prospective employee of Thriwin, the data is retained only after consent from parents has been obtained. The retention period and nature of processing and handling for this type of data are the same as other personal data received from the parent.

If the personal data of a child is received by virtue of their parent being an employee of Thriwin’s customer, the privacy policy of the customers apply. Any queries about the same will be directed to the customer.

Website Visitor Information

Thriwin collects your personal data when you contact us to register for an event, request information (whitepapers, reports, etc.), or register for a free trial/demo. This information is used to set up the account and for service-related communications

Thriwin may use Cookies, Web Beacons, and other similar website tracking technologies like Google Analytics, LinkedIn, Bamboobox, HubSpot Marketing Hub to observe your activities, interactions, preferences, transactional information, and other computer and connection information (such as an IP(Internet Protocol) address) relating to your use of our websites and services. For more information about cookies, please refer to the cookie policy.

Thriwin may also use log files, cookies, and similar technologies to collect information about the pages you view, links you click, and other actions you take when accessing our website or emails. If Thriwin collects any other personal data from you, the company will explain the purposes at the time of collection.

Multifactor Resource Authentication

If you use certain systems provided by Thriwin, the company will collect data from you to enable multi-factor authentication. Two-factor authentication(2FA) is a security process that adds an extra layer of protection to ensure the security of online accounts and personal data. It is a method of confirming users identities by requiring them to provide two different factors or pieces of information, typically a password or PIN code, and a unique code or token generated by an authentication app or device

Users will be able to choose an offered multi-factor method, which may require additional information, such as mobile number, email address, or unique verification identifier.

Other Information

If Thriwin collects any other personal data from you, the company will notify and explain the purposes of such collection at the time of collection.

Personal Data Obtained from Third-Party Sources

Thriwin may also collect business contact information about you from other sources including third parties and from publicly accessible websites, such as your company’s website, professional network services, or press releases. Business contact information may include:

In some instances, Thriwin may combine the personal data you have provided to us with personal data collected from other sources as described above. This data is processed to update, expand, and analyze the existing marketing records; identify new customers; create customized advertising or website experiences; and send marketing emails.

How Thriwin uses your Personal Data

Thriwin uses the data collected to contact the users/ visitors and other relevant individuals to provide Thriwin’s websites, services, and support. For example, if you provide data in the “Contact Us” form, your data will be used to respond to the request.

Thriwin uses your personal data and information about your activity on our websites to contact you for marketing purposes in accordance with your marketing preferences, including telemarketing calls, and to send marketing emails that we believe may be of interest to you, such as product announcements, newsletters, educational materials, and details on upcoming events. The data is also used it to send administrative information, such as notices related to products, services, or policy changes. A detailed account of how Thriwin uses your personal data is provided below:

  1.  To Plan and Manage Events:
    Thriwin uses your data for event planning and management, includingregistration, billing, and connecting with other event attendees or to contactyou further about relevant products and services. Any information you provideabout emergency contacts will be used for your safety purposes.
  2.  For Improvement Purposes:
    Thriwin uses the data collected to understand how the websites and services are being used and to make improvements. For example, the company may solicit your feedback about your experience using our services, and ways to improve those services.
  3.  For Security and Investigations:
    Thriwin may use your information to diagnose website technical problems, as well as to prevent, detect, mitigate, and investigate potential security issues, as well as fraudulent or illegal activity.
  4. To Personalize Your Experience:
    Thriwin also may use your data to personalize your experience on our websites. Thriwin or our service providers use website tracking technologies like, Google Analytics, LinkedIn, Bamboobox and HubSpot Marketing Hub, to display products, features, or content that are tailored to your interests and to present advertising on other sites. For more information on how cookies are used, please see the Cookie Policy, which can be found on the website.
  5. For Market Research:
    Thriwin may use your data for market research purposes. This is done via functionality reporting on the data collected from you.

Data Disclosure

Thriwin may share information with its affiliates and third-party service providers or vendors that have been contracted to offer services on behalf of the Organization. These service providers or vendors are only permitted to use the disclosed data in accordance with the instructions provided by the Organization via binding documents enforceable by the law.

Additional Disclosures

Thriwin will not disclose customer data unless it is required to do so to comply with the statutory law or a binding order of a governmental body or a judicial authority. If a governmental body issues a notice or a directive to Thriwin to share the customer data, Thriwin will attempt to redirect the same to the Customer which shall be at the sole discretion of such authority. Governmental and regulatory bodies need to follow the stipulated procedure to obtain valid and binding orders that shall be undisputed. The company will review all orders and object to overbroad or otherwise inappropriate ones. If compelled to disclose customer data to a government body, Thriwin will give customers reasonable notice of the demand to allow the customer to seek a protective order or other appropriate remedy unless Thriwin is legally prohibited from doing so.

Thriwin does not sell personal data that is collected or processed under this Privacy Statement.

International Data Transfers

Thriwin while headquartered in Hyderabad, India, operates as a global business and may transfer, store, or process your personal data in a country outside your local jurisdiction, including countries outside the European Economic Area (“EEA”). However, the company has taken appropriate safeguards with respect to the protection of your privacy, fundamental rights and freedoms, and the exercise of your rights. For example, if Thriwin transfers personal data from the EEA to a country outside it, such as the United States, it will implement an appropriate data transfer solution such as entering into EU standard contractual clauses with the data importer or taking other measures to provide an adequate level of data protection under EU GDPR.

Transfer of data from the US to other countries only happens once Thriwin determines that the personal data transferred across borders is protected using appropriate safeguards. This includes implementing contractual or other measures to ensure that the recipient provides a level of data protection that is comparable to the protections afforded by the CCPA, as assessed by conducting risk assessments for cross-border transfers. The consumers will be notified of the cross-border transfers of their personal information including the categories of personal information that will be transferred, the countries to which the information will be transferred, and the purposes for which the information will be used. The consumer’s explicit consent will be obtained before making the transfer.

For the purposes of the processing conducted in the capacity of aprocessor, Thriwin is not liable to implement the controls noted above. Theimplementation of the appropriate safeguards is the responsibility of the datacontroller which in this case would be the Thriwin customers. If you are anemployee of a business that uses Thriwin, please contact your employer forquestions regarding cross border data transfer.

Data Retention as a Controller/Processor

Your Rights Over your Personal Data

Depending on where you are located, you may have certain legal rights over the personal data we hold about you, subject to local privacy laws.

If you are located in the US, the CCPA/CPRA ensures that you have the:

For EEA (“European Economic Area”), United Kingdom and Singapore Residents:

Thriwin will not discriminate against you for exercising your rights. You, or an authorized individual that we can verify is acting on your behalf, can exercise the applicable rights by contacting us using the contact details at the bottom of this Privacy Statement or by submitting your request through admin@thriwin.io

If your personal data has been submitted by or on behalf of a Thriwin customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the relevant customer directly.

If the local regulations require certain categories of personal data to be retained for legal and regulatory purposes, a data subject’s right to erasure will not be fulfilled. In such situations, Thriwin shall provide the data subject with a notification explaining the reasons for unfulfillment of the request.

Handling Customer Data Subject Requests

For DSRs received by Thriwin as a Processor:

The handling of Customer Data Subject Requests (DSRs) as received by Thriwin from its customers as defined in Section 3 of this policy, is a critical aspect of the organization’s data protection policy. As per the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), individuals have certain data subject rights related to their personal information that Thriwin as a processor is committed to uphold.

For customer data, the customer will be responsible for raising DSRs to the organization. The customer will act as the data controller and provide Thriwin with the necessary information to identify the requester and the personal information requested. The organization will then act as the data processor and process the request in accordance with the customer’s instructions.

For DSRs received by Thriwin as a Controller:

In accordance with the Data Subject Rights provided in the relevant regulations, the organization will take the following steps to handle Data Subject Requests, which will vary based on the type of data involved:

Timeline of Resolution:

The organization is committed to protecting the privacy rights of individuals and will take all necessary steps to ensure that Data Subject Requests are handled in a timely and effective manner, regardless of the type of data involved.

CCPA

The California Consumer Privacy Act (CCPA) provides certain rights to California residents with respect to their personal information as mentioned inSection 15 of this policy.

If you are a California resident and would like to make a CCPA request, please send an email to admin@thriwin.io. Thriwin will respond to your request within 45 days

GDPR

The General Data Protection Regulation (GDPR) is a privacy law in the European Union (EU) that applies to organizations that process personal information of individuals in the EU. As mentioned in Section 15, GDPR provides the data subject with certain rights. If you are an individual in the EU and would like to exercise your rights under GDPR, please send an email to admin@thriwin.io. Thriwin will respond to your request within 30 days

LINKS TO THIRD PARTY SITES

Thriwin offers convenient integrations with various third-party tools and shares user data with these tools to provide various functionalities and improve user experience. It's essential to remember that their privacy practices differ from ours. Also, our applications contain links to other websites that are not owned or controlled by Thriwin. Please be aware that we are not responsible for the privacy practices of such other websites or third parties. We encourage you to be aware when you leave our Website and to read the privacy policies of each and every website that collects Personal Data. Prioritizing your privacy is our commitment, but remaining informed about external tools empowers you to make informed choices about your data. By taking this proactive approach, you can enjoy the benefits of integrations while safeguarding your privacy.

GOOGLE API DISCLOSURE

Thriwin has developed a feature that enables its users to seamlessly integrate their Gmail mailbox with our products through OAuth. This development establishes a connection between the users Gmail mailbox and users Thriwin account, creating an association that enables Thriwin to access and view your personal information on Google. This includes any details you may have provided, granting visibility into your email address and access to your emails for creating tasks in our products, and to transmit the Customer data to third-party applications that are integrated with your Account. Furthermore, this connection enhances functionality, allowing you to respond to your emails and to delete them once they are fetched directly within our product.

Thriwin's use of information received from Google APIs will adhere to Google API Services User Data Policy's App's, including the Limited Use requirement.

Mechanism of Contact

For DSR related queries as mentioned in Section 15 and Section 18 of this policy please send an email to admin@thriwin.io.

For other grievances and queries on our privacy policy or the use of our services, you may contact us through email at  admin@thriwin.io.

You may also contact Thriwin at our mailing address below:

Adjoint Technologies Private Limited

Plot No. 13, Kakatiya Hills, Madhapur, Serilingampally Mandal,
Ranga Reddy District – 500081, Telangana

Legal Basis for Processing Personal Data

Thriwin’s legal grounds for collecting and using your personal data as described in this Privacy Statement fall into the following four categories:

Security

We use technical and organizational measures that provide a level of security appropriate to the risk of processing your personal data. This includes conducting Transfer Impact Assessments and having Standard Contractual Clauses in place before cross-border data transfers. As per technical measures only role-based and department-based access is allowed for employees who require access to the personal data collected by Thriwin. This is done by only allowing for SSO login

In case there is a requirement to share the collected personal data with an external team, the same is done by allowing restricted access to data present on our CRM system and via email.

To ensure that the organization is in compliance with the principles ofdata protection and the mechanisms in place are effective, reviews are conducted periodically.An internal audit is also conducted periodicall

However, the security of information transmitted through the internet can never be guaranteed. You are responsible for maintaining the security of your password or other form of authentication involved in accessing password-protected or secured resources.

Changes to this privacy statement

This Privacy Statement may be amended or revised from time to time at the discretion of Thriwin. Changes to this Privacy Statement will be posted on the Website and links to the Privacy Statement will indicate that the statement has been changed or updated. If there is a proposal to make any material changes, Thriwin will provide notice prior to the change becoming effective. The organization encourages you to periodically review this Privacy Statement for the latest information on its privacy practices.