1. Introduction. We are committed to respecting privacy and recognize the need for appropriate protection and management of any Personal Data that is shared with us as part of using our Cloud Service. As used in this Privacy Policy, "Personal Data" means any information that may be used, either alone or in combination with other information, to personally identify an individual, including, but not limited to, a first and last name, a phone number, an email address and other contact information.

2. Modification. We reserve the right, at our discretion, to change the terms of this Privacy Policy at any time. Such change will be effective ten (10) days following the earlier of: (i) our posting of the revised Privacy Policy on our website (the “Site”); or (ii) an email notification to our Clients. You can tell when the Privacy Policy was updated by reviewing the Last Updated legend on the top of this page.

3. Our collection and receipt of Personal Data. We may receive or collect Personal Data in the following ways:  

3.1. Client Account Set-Up and Account Use: As part of setting up and maintaining a Client account to use the Cloud Service we may collect certain Personal Data that a Client chooses to provide about its Personnel. Such Personal Data may include a user ID, name, email address, phone number, address, information about a Personnel’s skills and professional experience, and other Personal Data that the Client chooses to make available in connection with its, and its Personnel’s, use of the Cloud Service. In order to access and use the Cloud Service, a separate user name and password will be created for individual Personnel. 

3.2. Location Based Services and Personnel: Some of our Cloud Service products (each a “Location Based Service”) are dependent on data related to the geographic location of the mobile device on which the Cloud Service is being used by Personnel ("Location Data"). We use various technologies to determine location, such as global position system (GPS) signals, Wi-Fi access points, and cell tower ids. If you choose to use these Location Based Services, you consent to our use of Location Data. If you don’t want us to receive your Location Data, you should be able to use the settings on your mobile device to turn off location-sharing features used by or in connection with our Location Based Service. Please be aware though, that if you choose to turn off device location-sharing features, you may not be able to use our Location Based Service and your (and our Client’s) use of the Cloud Service may be negatively impacted. Please consult with your employer or organization before turning off any device-based location services that may impact your use (and/or use by your employer or organization that is our Client) of the Cloud Service. 

3.3. Personnel Mobile Device Data: In addition to Location Data, we may collect other limited information from the mobile device of Personnel who are using our Cloud Service. Such information may include the Personnel’s user name, mobile device type, mobile device id, the date and time stamps of Cloud Service usage, and browser information. 

3.4. End Customers: As part of providing our Cloud Service to a Client, we may collect certain Personal Data that a Client chooses to provide about its End Customers. Such information may include an End Customer’s name, email address, phone number, fax number, address, and other Personal Data that the Client chooses to make available in connection with its use of the Cloud Service.

3.5. Log Files: Our Cloud Service may make use of log files. The information inside the log files may include internet protocol (IP) addresses, application times taken to process Cloud Service user requests, Cloud Service user action details along with input parameters for debugging, Device IDs, public telephone numbers (PTNs), browser types, date/time stamps, referring/exit pages, clicked pages and any other information that a browser may send to us.

3.6. Cookies: The Cloud Service may utilize session "cookies" for authentication validation purposes. A "cookie" is a small text file that may be used, for example, to authenticate access to the Cloud Service. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser. Please be aware that if you choose to block a cookie, your login attempt to the Cloud Service may be unsuccessful.

4. The Ways We Use Personal Data.

4.1. Personal Data Used to Administer the Cloud Services: We only use the Personal Data of a Client and its Personnel as necessary to provide the Cloud Service to the Client or to comply with any applicable law, regulation, legal process or governmental request. For example, we use Personal Data of a Client and its Personnel to: (i) contact the Client relating to the Cloud Service; (ii) administer the Client’s account and settings; and (iii) to identify and authenticate the Client's and its Personnel’s access to our Cloud Service.

4.2. Personal Data Processed on Behalf of Clients: We process Personal Data collected from the Cloud Service on behalf of our Clients, in accordance with our Clients’ lawful instructions and as necessary to provide the Cloud Service, in each case consistent with the ClickSoftware General Data Protection Regulation Addendum located at: www.clicksoftware.com/gdpraddendum (the "ClickSoftware GDPR Addendum"). Although our Clients are responsible for determining the purposes and lawful basis for processing Personal Data through the Cloud Service, we offer a variety of tools to enable our Clients to minimize the impact of the Cloud Service on their Personnel’s and End Customers’ privacy. For example, we enable Client administrators to limit the amount of data (including Personal Data) collected and processed by various modules, including analytics and audit trail modules. As another example, we provide Clients with strict and granular access controls to limit access to Personal Data to only those with a need for such access. We strongly advise you to review notices provided by our Clients to determine how Clients process Personal Data using the Cloud Service.

4.3. Data Privacy Framework: Clicksoftware complies with the EU-U.S. Data Privacy Framework, UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework”) and Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union, the United Kingdom, and Switzerland to the United States. Clicksoftware has certified to the U.S. Department of Commerce that it adheres to the Data Privacy Framework Principles. If there is any conflict between the terms in this privacy policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework program please visit https://www.dataprivacyframework.gov/s/.  Click here to view Clicksoftware’s certification/verification status

You may direct any inquiries or complaints concerning our Data Privacy Framework compliance to privacy@salesforce.com. Salesforce will respond within 45 days. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. If neither Salesforce nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. Clicksoftware complies with the Data Privacy Framework Principles for all onward transfers of Personal Data from the EU, UK, and Switzerland, including onward transfer liability provisions.

With respect to Personal Data transferred pursuant to the Data Privacy Frameworks, Clicksoftware is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

5. The Ways We Disclose Personal Data.

5.1. Affiliates: We may transfer Personal Data to the subsidiaries and affiliated companies (each an “Affiliate”) that are within the ClickSoftware group of companies, but only for the purpose of providing our Cloud Service. Such information may be transferred to other countries around the world in which we have Affiliate offices, including England, Germany, India, USA, Israel and Australia. Our Affiliates are required to process any such Personal Data in compliance with this Privacy Policy. Notwithstanding the foregoing, we will comply with applicable laws regarding Personal Data transfers as well as any transfer restriction that is specified in a specific Cloud Service Agreement between ClickSoftware and a Client. To the extent that our Affiliate offices are not located in countries which the European Union considers as providing an adequate level of protection for Personal Data, such as Israel, we rely on other adequacy mechanisms for data transfers such as the Standard Contractual Clauses.

5.2. Our Third Party Providers: Consistent with the ClickSoftware GDPR Addendum, we may transfer Personal Data to our third party service providers and partners (for example, a third party server hosting provider for hosting storage purposes), but only to assist us with our business operations and to enable us to provide our Cloud Service. Such information may be transferred to other countries around the world. Notwithstanding the foregoing, we will comply with applicable law regarding Personal Data transfers as well as any transfer restriction that is specified in a specific Cloud Service Agreement between ClickSoftware and a Client. Further, our Cloud Service may contain links to other websites, applications, and services maintained by third party providers. The information practices of other services from such third party providers are governed by their privacy statements, which you should review to better understand their privacy practices.

5.3. In the Event of Merger, Sale, or Change of Control. We may transfer or assign this Privacy Policy and any Personal Data to a third party entity that acquires or is merged as part of a merger, acquisition, sale, or other change of control.

5.4. Other Disclosures: We may disclose your Personal Data or any information that is submitted to us via the Cloud Service if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our Cloud Service Agreement, including investigations of potential violations thereof; (iii) detect, prevent, or otherwise address fraud or security issues; or (iv) protect against harm to the rights, property or safety of ClickSoftware, our users, or the public.

6. Anonymous Information. We may use Anonymous Information (defined below) or disclose it to third party service providers, to provide, improve and develop our Cloud Service, including to analyze trends and gather demographic information. "Anonymous Information" means information which does not enable identification of an individual user, such as aggregated information, about use of the Cloud Service.

7. Push notifications. If you access the Cloud Service while using your mobile device, you may receive push notifications from ClickSoftware or your employer/organization. If you don’t want to receive push notifications attributable to the Cloud Service, you should be able to use the settings on your mobile device to turn off push notifications for a specific mobile application. Please be aware though, that if you choose to turn off push notifications attributable to the Cloud Service, your (and our Client’s) use of the Cloud Service may be negatively impacted. Please consult with your employer or organization before turning off push notifications that may impact your use (and/or use by your employer or organization that is our Client) of the Cloud Service.

8. Your Rights

8.1. Clients. As a controller of certain Personal Data of our Clients, we take steps to help ensure that our Clients are able to exercise their rights regarding Personal Data in accordance with applicable law. Our Clients may log into their Cloud Service account and use the Cloud Service tools to access or correct a material inaccuracy in certain Personal Data that we may be storing. If a Client would like to access, amend, delete, export, or object to or restrict the processing of any other Personal Data that we may be storing, the Client may submit a request to privacy@salesforce.com. The email should include adequate details of the request. We will promptly review all such requests in accordance with applicable laws.

8.2. End Customers and Personnel. We process Personal Data of our Clients’ End Customers and Personnel on behalf of our Clients and in accordance with their instructions. Thus, if End Customers or Personnel would like to exercise their rights concerning Personal Data processed through our Cloud Service, such individuals should reach out to the Client who collected the Personal Data directly. If you need help contacting one of our Clients, please let us know and we are happy to help connect you if we can.

8.3. Right to Contact Supervisory Authority. Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we, our Clients, or a third party have violated any of the rights concerning Personal Data about you. We encourage you to first reach out to us at privacy@salesforce.com so we have an opportunity to address your concerns directly before you do so.

9. Links to Other Sites and Third Party Advertisements. Third party advertisements may appear on some pages of the Cloud Service, for example on the Cloud Service account log-in page. Such third party advertisements, and other parts of the Cloud Service (for example, the Cloud Service account log-in page) may also contain links to third party websites and services that are not owned or controlled by ClickSoftware. We are not responsible for the privacy practices or the content of third party websites, services and advertisements, and you visit them at your own risk.

10. Security. The security of Personal Data is important to us. We follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Data, we cannot guarantee its absolute security. Additional information about our Cloud Service security practices is available at: https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/clicksoftware/clicksoftware-information-security-program.pdf.

11. Retention: We may retain any Personal Data and other Cloud Service-related data in order to: (i) fulfill the purposes that are described in Section 4 (The Way We Use Personal Data) of this Privacy Policy; and (ii) to comply with applicable law. Our specific retention practices vary depending on the type of data. For example, we retain location data only for 30 days, analytics data for three months (unless Clients set a different retention policy), audit trail data for one year, and pseudonymized data, which is used for our predictive field services, for five years in keeping with predictive best practices.

12. Children's Privacy. Our Cloud Service is not structured to attract children. Accordingly, we do not knowingly collect, or intend to collect, Personal Data from anyone under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions.

13. How We Respond to Do Not Track Signals. ClickSoftware does not track Cloud Service users over time and across third party websites to provide targeted advertising. Accordingly, we do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about an individual consumer's online activities over time and across third party web sites or online services.

14. Contacting Us and our Privacy Officer. Any comments, concerns, complaints, or questions regarding our Privacy Policy may be addressed to the ClickSoftware privacy officer (“Privacy Officer”) at privacy@salesforce.com or write to us at 415 Mission St., 3rd Floor, San Francisco, CA 94105, USA. When you contact us, please indicate in which country and/or state you reside.