WORKWELL™ TECHNOLOGIES PRIVACY POLICY

OUR COMMITMENT TO YOUR PRIVACY & SECURITY

Updated February 9, 2022

The privacy and the security of your information are important to us. This privacy policy (“Privacy Policy”) explains the type of information (“Information”) we collect from the users (“Users”) of our Website, www.CitadelTimeCloud.com (“Website”), cloud applications (“Cloud App”) or mobile application (“ Mobile App”), how the Information may be shared with third parties, and what controls Users have regarding their Information. The Privacy Policy also sets forth our policies and practices with respect to any data received from our Customers (“Customers”) or Customer employees (“Customer Employees”) who use our products or services.

Please review the following Privacy Policy carefully to understand our practices with respect to your Information. We may amend this Privacy Policy from time to time as we change or expand our Website or add functionality to our Cloud or Mobile Apps. Because this Privacy Policy contains legal obligations, you should read it carefully.

By using or accessing the Website, or Cloud or Mobile Apps, you signify that you have read, understand, and agreed to be bound by this Privacy Policy. You also are bound by the terms of use (“Terms of Use”), which may be found at this LINK. If you are a User of our products, you are also bound by the terms of use applicable to such products.

What Type of Information We Collect

You may enter the Website and browse its contents without submitting any Personal Information, such as your name, email address, and other information that can be used to directly identify you (“Personal Information”). Our Website also allows Users to provide contact information to us, which includes Personal Information. When you submit Personal Information on the Website, you are doing so voluntarily and giving your consent to the collection, use, and disclosure of your Personal Information as set forth in this Privacy Policy.

As you navigate our Website, we may also collect information through the use of commonly used information gathering tools, such as cookies. These tools obtain standard information from your web browser, your Internet Protocol (IP) address, and the actions you take on our Website (such as the web pages viewed, and the links clicked). Although you can configure your browser to not accept cookies, this action may make certain features of the Website unavailable to you.

Third parties, including Google, also may use cookies to provide advertisements to you on our Website based on your visits to other sites on the Internet.

We may automatically record your IP address and use it to help diagnose problems with our server, administer and improve our Website or Cloud App, and gather broad demographic information about Users of our Website or Cloud App, or for other uses that we may determine from time to time. This information is used on an aggregate basis to improve the User experience on the Website. It also allows our staff to measure the number of visitors to the different sections of the Website, Cloud or Mobile Apps to make the Website and Apps more useful to Users. We do not disclose this information to third parties.

To the extent Customers choose to utilize any of our products that employ finger-scan or facial-scan technology, the collection of Customer Employee finger-scan or facial-scan data is undertaken and controlled by the Customer and may include the collection by the Customer of information to verify Customer Employee identities. This technology does not collect or store fingerprints or facial data; instead, it creates a mathematical representation of particular data about the fingertip or face in a much smaller template that is encoded for security purposes. We may collect, receive, store, or process finger-scan or facial-scan data supplied by or about Customers and/or Customer Employees to provide products and/or services to Customers. Such data is collected pursuant to the terms of our End User License Agreement (“EULA”). We may also have a third party host such data. In that event, we only provide them information needed to perform that specific service or function.

In addition, we may also collect information regarding your usage of the Mobile App and its performance. This may include user ID, device manufacturer and model identifiers, operating system version, device memory, language, time zone and service provider.

How We Use the Information Collected

We use the information that you provide, including Personal Information, to perform the services requested. For example, if you provide your contact information, we will use the information provided to contact you about your interest in our services or to schedule a demonstration of our products. We also collect Personal Information in connection with the purchase of our products: however, the processing of payment card information for such purchases is conducted by a third party with whom we share only certain Personal Information of yours to enable the transaction.

We also may use Personal Information for marketing purposes. For example, we may use the information you provide us to contact you to further engage your interest in our services and to send you information regarding us. On an aggregate basis, we may also provide Personal Information to third parties for marketing, advertising, or other uses.

Whether or not you provide Personal Information, we may also collect information regarding your usage of the Website (“Usage Information”). We use Usage Information to operate and improve our Website and Cloud App and to analyze which of our pages or products are most popular, the browser you use, and the URLs you visited before and after using our Website. For the Mobile App, we use the information gathered to verify and enhance the performance and security of the application as well as providing baseline information for debugging purposes. The information gathered may also be aggregated to help drive new feature development.

If we collect, receive, store, or process Customer Employee data, we only do so in accordance with this Privacy Policy, or EULA, and as-instructed by the Customer. Customer Employee finger-scan or facial-scan data is only used to provide products and/or services consistent with the Customer’s instructions and only as directed by the Customer. At all times, the collection, retention and destruction of all Customer Employee data, including finger-scan or facial-scan data, is controlled by the Customer. The Customer is able to permanently destroy any finger-scan or facial-scan data, even if processed by us, and is responsible for permanently destroying any finger-scan or facial-scan data as required by applicable law. The Customer is also responsible for obtaining all consents and providing all notifications or information as may be required by applicable law. Customer Employees should contact the appropriate person within their employer’s organization to understand, access, change and/or control what is provided by the Customer to us.

How We Use the Do Not Track Option

Certain Internet browsers currently offer a “Do Not Track (‘DNT’) option.” However, because no common industry standard for DNT exists, we do not currently commit to responding to browsers’ DNT signals.

What We Share of Information Collected

We do not permit third parties to collect information from Users of our Website without our permission. We do not share your Personal Information with any third parties, except for the limited purposes of processing purchases of our products and operating our Website, Cloud or Mobile Apps or conducting our business. We do not allow third parties to set and access cookies on your computer through our Website. We do not disclose Personal Information without your consent or pursuant to your instructions, except (i) to the extent required by law (such as in response to subpoenas, court orders, or other legal process), (ii) when we believe it is appropriate to protect and defend the rights, property, or safety of our company, our Users, or others; (iii) where we are required to disclose your Personal Information pursuant to governmental or judicial order, law or regulation to meet national security or law enforcement requirements; (iv) in accordance with our policies regarding the use of this Website or Apps, as set forth in our Terms of Use; and (v) as otherwise specified in this Privacy Policy.
We will not disclose, sell, lease, trade, or otherwise profit from Customer Employee finger-scan or facial-scan data. We will not otherwise disclose Customer Employee finger-scan or facial-scan data unless required or permitted by any state or federal law, municipal ordinance, valid warrant, or valid subpoena.

Access to Personal Information

Employees of Workwell Technologies, Inc.’s customers should contact the appropriate person within their employer’s organization to understand, access, change, and/or control what employee information is provided by the employer to Workwell Technologies, Inc. so that Workwell Technologies, Inc. may deliver its products and services to the employer.

How We Link to Other Websites

This Website may contain links to other websites operated by third parties. We are not responsible for the privacy practices of the contents of such websites. Except as set forth in this policy, we do not share your Personal Information with those websites.

How We Handle Security of Personal Information

We have taken commercially reasonable steps to ensure the security and confidentiality of Personal Information against loss, misuse, unauthorized disclosure, alteration, and destruction. Please remember that no transmission of data over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, we cannot and do not guarantee the complete security of Personal Information you provide to us through your use of this Website.

All Customer Employee data obtained through finger-scan or facial-scan technology is protected from disclosure using the reasonable standard of care within the industry. Our commitment is that this data will be protected to the same level that the Company stores, transmits, and protects other confidential and sensitive company information.

Privacy Notice for California Residents (CCPA)

The privacy and the security of your information are important to us. This Privacy Notice for California Residents supplements the Privacy Policy of Workwell Technologies, Inc. and applies to visitors, users, and others who live in the State of California. We may amend this Privacy Notice from time to time as we change or expand our Website, Apps or Products. When we make changes to this notice we will notify you by email, or through a notice on our website. Because this Privacy Policy contains legal obligations, you should read it carefully.

Definitions:

  • This notice has been adopted in order to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other privacy laws. All terms defined in this notice have the same meaning as they do within the CCPA.
  • When used in this document, “you” or “your” refers to visitors and users of Workwell Technologies products and websites who live in the State of California.
  • “Workwell” or “Workwell Technologies” refers to “Workwell Technologies, Inc.”
  • “Citadel” refers to the Citadel Time & Attendance System and associated software as a service platform provided by Workwell Technologies as well as any other related media form, media channel, mobile website or mobile application.
  • “Personal Information” refers to information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device. Personal information does not include Publicly available information from government records, aggregated or anonymized consumer information, or other Information excluded from the CCPA’s scope.

Information Workwell Collects

Workwell collects the following categories of Personal Information from consumers:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. YES
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. NO
G. Geolocation data. Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. YES
I. Professional or employment-related information. Current or past job history or performance evaluations. YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other Personal Information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO

Workwell gathers Personal Information from the following categories of sources:

  • Directly from our clients or their authorized representatives.
  • Indirectly from our clients or their authorized representatives.
  • Directly and indirectly from activity on our websites.
  • From third-parties that interact with us in connection with the services Workwell performs.

Use of Personal Information

Workwell may use or disclose the Personal Information we collect for the following business purposes:

  • To fulfill or meet the reason for which the information is provided.
  • To provide you with information, products or services that you request from us.
  • To provide you with email alerts and other notices concerning our products or services, or events or news, that may be of interest to you.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • To improve our website and present its contents to you.
  • For testing, research, analysis and product development.
  • As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your Personal Information or as otherwise set forth in the CCPA.

Workwell will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

Workwell may disclose your Personal Information to a third party for a business purpose. When Workwell discloses Personal Information for a business purpose, we enter an agreement outlining the purpose of the information sharing and require the party to both keep that Personal Information secure, and not use it for any purpose except performing those defined by the agreement.

In general, Workwell discloses the following categories of Personal Information for a business purpose:

  • Category A: Identifiers.
  • Category B: California Customer Records Personal Information categories.
  • Category I: Professional or employment-related information.

Workwell discloses your Personal Information for a business purpose to the following categories of third parties:

  • Service providers.
  • Third parties to whom you or your agents authorize us to disclose your Personal Information in order to provide services to you.

Workwell does not sell your Personal Information.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request details about our collection and use of your Personal Information over the past 12 months. Once Workwell receives and verifies your request, we will provide you with the following information:

  • The categories of Personal Information Workwell collected about you.
  • The categories of sources for the Personal Information Workwell collected about you.
  • Our business or commercial purpose for collecting or selling your Personal Information.
  • The categories of third parties with whom Workwell shares that Personal Information.
  • The specific pieces of Personal Information Workwell collected about you (also known as a data portability request).

If Workwell disclosed your Personal Information for a business purpose or sold it, you will also be given information on:

  • sales, identifying the Personal Information categories that each category of recipient purchased; and
  • disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Deletion Request Rights

You have the right to request that Workwell deletes Personal Information collected and retained. After Workwell receives and verify your request, we will delete your Personal Information from our records, unless CCPA provides an exception.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
Calling us at 800-518-8925
Emailing [email protected]

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf can make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.

You may make a verifiable consumer request two times within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom Workwell collected Personal Information or are an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

If we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you, we cannot respond to your request or provide you with Personal Information. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Information provided in a verifiable consumer request to verify their identity or authority to make the request.

Response Timing and Format

Workwell will respond to most consumer requests within 45 days of their receipt. If Workwell requires more time (up to 90 days), we will inform you of the additional time needed and reason(s) in writing. If you have an account with Workwell, we will deliver this response to the email associated with that account. If you do not have an account with Workwell, we will deliver our written response by mail or electronically depending on your preference.

The information Workwell provides will cover the past 12-month period prior to the request being received. The response may also detail why we cannot comply with a request.

For data portability requests, we will provide your Personal Information in a format that should allow you to use and transmit the information between entities as needed.

We do not charge a fee to process or respond to your twice-yearly verifiable consumer requests.

Non-Discrimination

Workwell will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, Workwell will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

https://workwelltech.com/california-consumer-privacy-act/

Who Can Use Our Website, Cloud App or Mobile App

This Website, Cloud App and Mobile App is targeted to adult consumers. We do not knowingly collect or solicit Personal Information directly from anyone under 13 years of age. If you are under age 13, do not send any information about yourself to us, including your name, address, telephone number, or email address.

How Users Can Opt Out

If you provide your Personal Information to us on the Website, we may contact you regarding your interest in our products. If you later decide to remove your information from our database, you can do so by using the Unsubscribe link at the bottom of your emails.

Onward Transfers

Workwell™ Technologies, Inc. recognizes potential liability in cases of onward transfer to third parties. Workwell Technologies, Inc. will not transfer any Personal Information to a third-party without first ensuring that the third-party adheres to the EU-U.S. Privacy Shield.

We will only transfer data to our agents, resellers, or third-party service providers (such as accountants, attorneys, consultants, and other service providers) who need the information in order to provide services to or perform activities on behalf of Workwell Technologies, Inc., including in connection with the delivery of services or products, Workwell™ Technologies, Inc.’s management, administration, or legal responsibilities. We acknowledge our liability for such data transfers to third parties.

Privacy Shield Framework(s)

Workwell™ Technologies, Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union to the United States. Workwell Technologies, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Workwell™ Technologies, Inc. is subject to the investigatory and enforcement powers of the US Federal Trade Commission and/or the Department of Transportation for purposes of the EU-U.S. Privacy Shield Framework.

Privacy Shield Recourse

In compliance with the Privacy Shield Principles, Workwell Technologies, Inc. commits to resolve complaints about your privacy and our collection or use of your Personal Information. EU individuals with inquiries or complaints regarding this privacy policy should first contact Workwell™ Technologies, Inc. at:

[email protected]

Or write to us at:

Workwell™ Technologies, Inc. 2777 Loker Ave. West, Suite A Carlsbad, CA 92010 United States of America

Workwell™ Technologies, commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU.

Workwell™ Technologies, Inc. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, International Dispute Centre of the American Arbitration Association (“ICDR/AAA”), an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not resolved your complaint, please contact or visit ICDR/AAA at http://go.adr.org/privacyshield.html for more information or to file a complaint. The services of ICDR/AAA are provided at no cost to you.

Under certain conditions, if you are not satisfied with the above recourse mechanism, you may be able to invoke binding arbitration.

The Federal Trade Commission has jurisdiction over Workwell Technologies, Inc.’s compliance with the Privacy Shield.

How to Contact Us

If you have any questions about our Privacy Policy, please contact us with “Privacy” in the subject line of your email at:

[email protected]

Or write to us at:

Workwell Technologies
2777 Loker Ave. West, Suite A
Carlsbad, CA 92010
United States of America