January 27th, 2023
For prior version, please click here.
Freshworks is committed to protecting your privacy. This Privacy Notice (“Notice”) describes how Freshworks processes personal data in connection with our business, including the provision of our website at (https://www.freshworks.com/) (“Website”) and our Services.
This Notice explains Freshworks’ approach to any Personal Data that we might collect from you, or which we have obtained about you from a third party, and the purposes for which we process your Personal Data in our capacity as a Controller (i.e. when Freshworks determines the purposes and means of the processing of personal data). It also describes your rights in respect of our processing of your Personal Data.
This Notice only applies to the use of your Personal Data by us or on our behalf. It does not apply to:
Personal Data collected by third parties during your communications/dealings with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control).
Personal Data processed, stored or hosted by us when we act as a Processor on behalf of our Customers in the course of providing our Services, in which case the privacy statement of the relevant Customer will apply, and our data processing agreement with such Customer will govern our processing of your Personal Data.
The capitalized terms used in this Notice are defined in Annex 1.
We recommend that you read this Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Notice, you can click on the relevant link below to jump to that section.
1. WHO IS THE DATA CONTROLLER?
The Website and our Services are made available by various companies in the Freshworks group of companies (each a “Group Company”).
Where this Privacy Notice refers to “Freshworks”, “we”, “us, “our”, this means one or more of the particular Group Companies that provide the particular Website, Mobile Application, Newsletter or Services to you, recruits you, uses testimonials from you, sends marketing communications to you, hosts an event you visit, or organizes a program in which you participate.
For the purposes of the GDPR and LGPD, the following Group Companies act as a data controller when the processing of your Personal Data is governed by the requirements of the GDPR or LGPD.
Location: United States
Freshworks Inc. (company no: 4861858) is a company established under the laws of Delaware with its registered office at 16192 Coastal Highway, Lewes, Delaware 19958, USA and its principal business address can be found here.
(company no: HRB 176669 B) is a company established under the laws of Germany and its registered office address can be found here.
Freshworks Technologies B.V. (company no: 73582166) is a company established under the laws of the Netherlands and its registered office address can be found here.
Freshworks SAS (company no: 842815581) is a company established under the laws of France and its registered office address can be found here.
Location: United Kingdom
Freshworks Technologies UK Limited (company no: 09338697) is a company established under the laws of England and Wales and its registered office address can be found here.
Freshworks Technologies Private Limited (company no: U72200TN2010PTC078458) is a company established under the laws of India with its registered office at Module - 1 & 2, 1st Floor, Block B, No 40, Global Infocity Park, MGR Salai, Perungudi Chennai – 600096, Tamil Nadu, India here.
2. WHO WE COLLECT PERSONAL DATA ABOUT
We collect, process and store Personal Data about the following people:
Website visitors: If you browse our Website or contact us via our Website (Contact Sales) we will collect, process and store your Personal Data in connection with your interaction with us and our Website.
Users of our Services: If you use our Services, whether it is through our Website or our Mobile Applications, we will process your Personal Data for certain data analytics purposes and in order to offer, deliver and improve our Services.
Visitors to our Offices: If you visit our office, we may process Personal Data about you that you volunteer in connection with your visit and any enquiries you make. For example, you may volunteer Personal Data when signing in as a guest. CCTV footage may also be collected for security purposes.
Recipients of marketing communications from us: If you are a potential lead or existing customer, we may process Personal Data about you in order to send you marketing communications.
Event attendees: If you register for, attend or take part in our events, webinars or contests hosted by us we will process Personal Data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other documents relating to the event.
Personnel that work for our Customers, partners and suppliers (including subcontractors and personnel who work for us as freelancers or contractors). If you (or your organization) are:
in receipt of services from us;
supply products or services to us; or
otherwise partner with us;
We may collect, process and store your Personal Data in connection with our provision of those Services to you, our receipt of those Services from you and/or our partnership. This may include Personal Data included in any email or telephone communications or recorded on any document relating to an order for the Services.
Job applicants: If you apply for a job with us, whether through our Website or otherwise, we will collect, process and store your Personal Data in connection with your application.
Shareholders: If you are a shareholder of our Group Companies, we will process your personal data in relation to your investment and for our reporting obligations.
We also make available a Market Place platform where individuals can download applications developed by Freshworks or by third parties (the “Applications”). This Notice will apply to our processing of your Personal Data during your use of the Applications when the Applications are provided by us, and the Application shall include a link to this Notice. When Applications are provided by a third party, the privacy statement of the relevant third party will apply.
Some of our Services include processing of data on behalf of our Customers in relation to applications, tools or software that we provide (“Hosted Data”). Save for the limited circumstances set out in this Notice, we are not the data controller of this Hosted Data as we do not determine the purposes or the means of the processing. If you believe your Personal Data is being processed by us in this way you should refer to the privacy notice of the data controller on whose behalf we are acting.
3. WHAT PERSONAL DATA DOES FRESHWORKS COLLECT, HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE RELY ON?
|What Personal Data we collect and how we use your Personal Data||WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR PERSONAL DATA|
|A) Personal Data we collect directly from you (“Collected Data”)|
|Purpose: providing you with the Services. We may use, retain and process your Personal Data for the following purposes when providing our Services:
||We process your Personal Data for these purposes based on our legitimate interests or a third party’s legitimate interest to ensure we provide our Services in an effective, safe and efficient way. Where we process your Personal Data to administer your account, or to the extent necessary to collect your subscription fees, we do so for the purposes of our contract with you.|
|Purpose: Recruitment, Freshworks Careers. When you apply for an open position by either populating the application form, by email or by hard copy and whether submitted directly by you or by a third-party recruitment agency on your behalf, we will use such data to evaluate you for the open position that you have applied for or any position that we consider you suitable for at the time you submit your resume (application?) or at any later date. For the purposes of evaluating you for an open position, you understand that we may internally rate you based on parts of your resume (application?) and your information. If you do not wish to be rated by us, please do not provide us your information. The data processed includes:
||Where we use your Personal Data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions. We will not process any special (or sensitive) categories of Personal Data or Personal Data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.|
|Purpose: Freshworks hosting or managing Events and programs. From time to time, we may organize and host events for the purpose of promoting our business or other reasons. The data processed includes:
||It is necessary for us to use your Personal Data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use Personal Data in such a way to ensure that the event is operated in a secure and effective way. We may specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event. Where this is the case, our processing of such Personal Data will be based on consent (or, if we enter into a contract with you for this purpose, on the performance of said contract)|
|Purpose: Prize draws, prize competitions and other promotions.
From time to time, we may run prize draws, prize competitions and other promotions on our Site and/or on our social media accounts.
The data processed includes:
For the purposes of administering such promotions, we may process:
||It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you (e.g. the promotion terms and conditions) or it is in our legitimate interest to use your personal data to enable us to administer our promotion fairly and effectively and to ensure that we comply with self-regulatory codes governing the operation of promotions.|
|Purpose: Participation in Public forums, Community platform, Forms and using of your statements for testimonials. When you visit or register our publicly accessible community forums and blogs or submit any forms on our Site, you should be aware that any information you provide in these areas may be read, collected and used by others who access them. We may post your testimonials/comments/reviews on our Websites which may contain your Personal Data. The data processed includes:
||We may post your testimonials/comments/reviews on our Websites which may contain your Personal Data. Where we use your content in connection with Services that we provide via our Website, it is in our legitimate interest to use any Personal Data that you provide to us to ensure that we provide the relevant Services in an effective way. Prior to posting the testimonial, we will obtain your consent to post your name along with the testimonial. If you do not consent we are only allowed to use the testimonial in a fully anonymized way. If you want to revoke your consent and your testimonial to be removed, please contact us at firstname.lastname@example.org. If we enter into a contract with you for this purpose, our legal basis may be the performance of said contract.|
|Purpose: Newsletters. When you actively subscribe to our newsletters, we collect and store your e-mail address to share our newsletters with you.||If you have requested content from us, i.e. a newsletter, it is in our legitimate interest to use your Personal Data in such a way to ensure that we process your request in an effective way.|
|Purpose: Advertising and marketing to our Customers and prospective leads - sending marketing communications by post and/or email. The data processed includes: We use your name, email address, job title; and organization that you represent, social media handle and details of any marketing preferences that you have communicated to us to send you (or the organization you represent) marketing communications by post and/or email. Our marketing will include press releases and information about us, our Website and our Services, any events we may hold and any offers or promotions we offer from time to time. Our marketing communications will include personalized and non-personalized marketing. Personalized marketing has been specifically tailored to you and will include content that we think is most relevant to you, based on what we know about you. We may use technology to do this, but generally all our marketing methods involve human intervention. Non-personalized marketing is marketing that is not tailored to you. Where we are sending you personalized marketing, we may also use other types of Personal Data to help us decide what sort of personalized marketing to send you (please see the “Cookies and Similar Technologies”, “Usage Data” and “Mobile Applications” sections below for more details).||In the UK, EU and Brazil we will rely on your consent when sending marketing communications. Otherwise, it is in our legitimate interest to use your Personal Data for marketing purposes, for example to decide what marketing content we think may appeal to you or for postal or email marketing (except where we are required by applicable law to obtain your consent).|
|Purpose: Advertising and marketing to our Customers and prospective leads - advertising to you on social media and other platforms. We share your email address and other identifiers such as your phone number or device ID (usually in an encrypted or ‘hashed’ form) with third-party providers of social media platforms and other services, such as [Facebook, LinkedIn] and other similar platforms (“Social Platforms”), so that the third party providers can try to “match” your data with the data of their registered users of their Social Platforms. Where there is a successful match, we will display our advertising to you when you use the relevant Social Platform (e.g. on your Facebook newsfeed). This is known as “custom audience” advertising, because we “customize” the audience that we want to reach on the relevant service. Some of the advertising that you see may be personalized to you. The data that we use to personalize our advertising, will include:
|Purpose: Advertising and marketing to our Customers and prospective leads - advertising to other people who share similar interests and characteristics to you (or if you are someone that sees such advertising). We will provide your Personal Data to third-party providers of Social Platforms as described in the “advertising to you on social media and other platforms” and the “Cookies and Similar Technologies” sections. If you are a user of those Social Platforms, we may ask the third-party providers of those Social Platforms to find other registered users of their services who share similar interests and characteristics to you, which will be based on information that the third party holds about you and its other registered users. This is known as “lookalike” audience advertising because we are trying to show our advertising to people who “look like” you. If you are someone who has seen this advertising on a Social Platform, please note that this activity is based on data that you have provided to the Social Platform (which we do not receive) and is also subject to the privacy choices you have elected to make on such third-party services.||Please see the “advertising to you on social media and other platforms” section for details of the lawful basis that we rely on to share your personal data with the Social Platforms. It is in our legitimate interests to further use your Personal Data to advertise our Services to other individuals that use those Social Platforms and who share similar interests and characteristics with you. If you are someone who has seen this advertising on a Social Platform, it is in our legitimate interests that the Social Platform uses the data that you have provided to it to advertise our Services, although please note that we do not receive this data and you should exercise your rights in respect of such data in accordance with the privacy notice of the relevant Social Platform.|
|Purpose: Service Analytics. We perform analytics on Personal Data that we process in order to: provide the Services, assess the needs of our Customer’s business to determine or suggest suitable Service(s); send Customers requested information about the Service(s) and improve the quality of this information; respond to customer service requests, questions and concerns and improve the quality of these responses; and for product improvement purposes. The data processed includes: Email addresses; mobile or landline telephone numbers; IP address; chat identifiers and chat content (including the contents of chatbot sessions); widgets. As set out above we are generally not a data controller of any Hosted Data – i.e.. data which we process on behalf of our customers. However, some Hosted Data may be used as part of our analytics for the above purposes.||It is necessary for us to use your Personal Data in this way to perform our obligations in accordance with any contract that we may have with you to provide our Services. It is also in our legitimate interests to process Personal Data in this way in order to perform analytics, train our algorithms, improve, enhance, develop, support and operate the Services and its availability, compile statistical reports and record insights into usage patterns, develop new products and services using machine learning technologies and more generally to better serve our Customers and be able to provide customized content and features.|
|c) Usage Data. In addition to the information mentioned in the Cookies and Similar Technologies https://www.freshworks.com/list-of-cookies/ section above that we automatically collect, we also collect clicks, scrolls, conversion and drop-off on our Websites and Service(s) to monitor user journey in real-time (“Usage Data”). Subject to this Notice, we will use such Usage Data and Service Data, including without limitation, to (i) assess the needs of your business to determine or suggest suitable Services; (ii) send you requested information about the Services; (iii) respond to customer service requests, questions and concerns; (iv) for any analytical purposes; and (v) to provide and improves the Services.
||Usage Data: We will rely on our legitimate interests to process Usage Data for the purposes outlined, except for call recording which we base on consent exclusively. Where Usage Data is collected via cookies or similar technologies please see the “Cookies and Similar Technologies” section) to learn about the legal basis that we rely on. https://www.freshworks.com/list-of-cookies/|
|d) Single sign-on. You can log in to our Websites using sign-in services such as Google, Facebook Connect and LinkedIn. These services will authenticate your identity and provide you the option to share certain Personal Data with us such as your name and e-mail address. Services like Google, Facebook Connect, Twitter, LinkedIn give you the option to post information about your activities on our Websites to your profile page and to share information with others within your network.||Single sign on: Where you have opted to use single sign on – it is in our legitimate interest to process your Personal Data in order to facilitate the single sign on function.|
|Purpose: Business administration and legal compliance.
||Where we use your Personal Data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your Personal Data to comply with any legal obligations imposed upon us, such as a court order. In some jurisdictions the applicable legal basis will be the exercise of legal rights in judicial, administrative or arbitration proceedings. We will not process any special (or sensitive) categories of Personal Data or Personal Data relating to criminal convictions or offences except where we are able to do so under applicable legislation and/ or with your explicit consent.|
|Purpose: Receipt of products and services from our suppliers. If we have engaged you or the organization you represent to provide us with products or services (for example, if you or the organization you represent provide us with services such as IT support or financial advice), we will collect and process your Personal Data in order to manage our relationship with you or the organization you represent, to receive products and services from you or the organization you represent and, where relevant, to provide our Services to others. The data processed includes: The Personal Data we collect from you may include your name, email address, telephone number, designation, billing address and any other personal data you volunteer which is relevant to our relationship with you or the organization you represent.||It is necessary for us to use your Personal Data to perform our obligations in accordance with any contract that we may have with you or the organization you represent, or it is in our legitimate interest to use Personal Data in such a way to ensure that we have an effective working relationship with you or the organization you represent and are able to receive the products and services that you or your organization provides, and provide our Services to others, in an effective way.|
|Purpose: Security. We may process your Personal Data in connection with the administration of our security measures. We have security measures in place at our premises, including CCTV and building access controls. There are signs in place showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft). We may require visitors to our premises to sign in on arrival and where that is the case we will keep a record of visitors for a short period of time – normally only for as long as is necessary for legitimate security purposes. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to look into an incident).||It is in our legitimate interests to process your Personal Data so that we can keep our premises secure and provide a safe environment for our personnel and visitors.|
|What Personal Data we collect and how we use your Personal Data?||What legal basis we rely on to process your Personal Data?|
|B) Information that we collect from third parties.|
|From time to time, we may receive Personal Data about you from third party sources like databases and social media but only where we have checked that these third parties either have your consent to or are otherwise legally permitted or required to disclose your personal information to us. The types of information we obtain from such third parties include your name, e-mail address, postal address, location, designation, telephone number and we use the information we receive from these third parties to maintain and improve customer support experience, improve the accuracy of the records we hold about you and for our sales and marketing purposes.||When processing your Personal Data received by third parties for these purposes, we will rely on the consent that you have given such third party to share data with us. Otherwise, subject to local law, our processing activities will rely on our legitimate interests to improve our customer service and ensure our marketing databases are accurate.|
5. INTERNATIONAL TRANSFER OF DATA
When making any transfers of Personal Data from the EEA, Switzerland and the UK to countries which do not have the same data protection laws as the EEA, Switzerland and the UK we will comply with our legal and regulatory obligations in relation to your Personal Data, including having a lawful basis for transferring Personal Data and putting appropriate safeguards in place to ensure an adequate level of protection for the Personal Data. We will take reasonable steps to ensure the security of your Personal Data in accordance with applicable data protection laws.
When transferring your Personal Data outside the EEA, Switzerland and the UK, we will, where required by applicable law, implement at least one of the safeguards set out below:
Adequacy decisions: We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK and/or European Union authorities. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
Model Clauses: Where we use certain service providers we may use specific contracts approved by the UK and/or European Authorities which give Personal Data the same protection it has in the UK and the EEA. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data- transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.
This is true whether or not the transfer is within our group, or to a third party.
With respect to Personal Data received or transferred to the United States, Freshworks Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
With respect to Personal Data subject to LGPD’s jurisdiction, Freshworks Inc. will also accomplish LGPD’s requirements for transfers of Personal Data to countries which do not have the same data protection laws.
In certain situations, Freshworks Inc. and/or its Group Companies may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you can contact us at email@example.com or via postal mail at Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403 at the attention of the Data Protection Officer with a copy to firstname.lastname@example.org.
6. HOW DOES FRESHWORKS KEEP PERSONAL DATA SECURE?
We use appropriate technical and organizational measures to protect the Personal Data that we collect and process. We have implemented information security policies, rules and technical measures to protect the Personal Data under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your Personal Data on our behalf) are obliged to respect the confidentiality of the Personal Data of all users of our Website and those who purchase our Services. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data.
While information security risks are always evolving, so are the controls. The controls, so implemented, are periodically reviewed as part of internal and external audits. If you have questions about the security of your Personal Data, please contact us using the details in section 18.
7. EEA, UK AND SWISS SPECIFIC RIGHTS
A) Collected Data (excluding Hosted Data)
If you are an individual resident in EEA, UK or Switzerland, you have the following data protection rights regarding Collected Data:
If you wish to exercise any of the following rights in relation to your Personal Data (hereinafter referred to as a “Request”), you can do so at any time by contacting us using the details in section 18:
|Your right of access||If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.|
|Your right to rectification||If the Personal Data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your Personal Data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your Personal Data with so that you can contact them.|
|Your right to erasure||You can ask us to delete or remove your Personal Data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your Personal Data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your Personal Data with so that you can contact them directly.|
|Your right to restrict processing||You can ask us to “block” or suppress the processing of your Personal Data in certain circumstances such as where you contest the accuracy of that Personal Data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your Personal Data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your Personal Data to stop us processing it further. If we’ve shared your Personal Data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your Personal Data with so that you can contact them directly.|
|Your right to data portability||You have the right, in certain circumstances, to obtain Personal Data you have provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.|
|Your right to object||You can ask us to stop processing your Personal Data, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your Personal Data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your Personal Data for direct marketing purposes.|
|Your rights in relation to automated decision-making and profiling||You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.|
|Your right to withdraw consent||If we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.|
|Your right to opt out of marketing communications||You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the details in section 18.|
|Your right to lodge a complaint with the supervisory authority||If you have a concern about any aspect of our privacy practices, including the way we have handled your Personal Data, please contact us using the details in section 18. You also have the right to complain to a data protection authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. The UK data protection regulator is the Information Commissioner’s Office and contact details can be found at https://ico.org.uk.|
|If you are residing in France: your right to give instructions regarding the processing of your data after your death||You have the right to give instructions regarding the retention, deletion and disclosure of your Personal Data after your death. You may designate a person to carry out these instructions. This person is then entitled to be informed of the directives and to request their implementation from us.|
We respond to all Requests we receive from individuals wishing to exercise their data protection rights within a reasonable timeframe in accordance with applicable data protection laws. We can only process requests after we have verified your identity which may mean requesting further information from you.
B) Hosted Data
As explained above, some of our Services including processing data on behalf of our customers in relation to Applications, tools or software that we provide. Save for the limited circumstances set out in this Notice, we are not the Data Controller of this Hosted Data as we do not determine the purposes or the means of the processing.
If you wish to access, correct, update, modify or delete Hosted Data or if you would no longer like to be contacted by one of our Customers you should direct your query to the Customer, who is the Data Controller of your data. If requested by the Customer to action a Request, we will respond within a reasonable timeframe.
If you are a Customer of our Services and wish to raise a Request on behalf of data subjects in connection with Hosted Data, you may raise a ticket on the support portal of the relevant Service. Please note that if a Customer has subscribed to more than one Service, a Request on a particular Service support portal is specific to that Service only and separate Requests need to be raised across other relevant Service support portals.
8. CALIFORNIA-RESIDENT SPECIFIC RIGHTS
Your California Privacy Rights; “Shine the Light” Law
California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their own direct marketing purposes in the preceding calendar year. We do not share your personal information with third parties for those third parties’ direct marketing purposes.
California Consumer Privacy Act
To the extent you are a 'consumer' as defined under the California Consumer Privacy Act of 2018 ("CCPA") and Freshworks is a 'business' as defined under CCPA, the following applies to you:
Under the CCPA, “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Subject to the provisions of the CCPA, consumers have the rights to receive certain disclosures regarding the collection, use, and disclosure of information about them, as well as rights to know/access, delete, correct, and limit the use and disclosure of sensitive personal information and opt out of the sale or sharing of personal information. You have the right to be free from discrimination based on your exercise of your CCPA rights. To the extent that we collect personal information that is subject to the CCPA, that information, our practices, and your rights are described below.
Notice at Collection Regarding the Categories of Personal Information Collected
You have the right to receive notice of certain information about our data collection, use, and disclosure. Freshworks does not sell personal information as defined by the CCPA. The following table summarizes the categories of personal information we may collect that may be disclosed to service providers. Freshworks does share personal information (as defined by the CCPA) as explained below the following table. The categories we use to describe personal information are those enumerated in the CCPA.
We may collect this personal information for the purposes described in the section above titled 'WHAT PERSONAL DATA DOES FRESHWORKS COLLECT, HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE RELY ON.'
|Identifiers (such as contact information or personal characteristics like name, email address or postal address, or social media handles)||You; our social media pages|
|Health Information (such as protected health information or physical or mental health status)||You|
|Financial Information (such as payment data, bank account information, or credit information)||You|
|Protected Classifications and Other Sensitive Data (such as date of birth or gender)||You|
|Commercial Information (such as transaction information, billing and payment records, or order history)||You|
|Biometric Information (such as fingerprint, voiceprint, facial recognition, or eye recognition)||You|
|Geolocation Information (such as approximate location based on your IP address)||You|
|Internet or Electronic Network Activity Information (such as IP address, device identifier (e.g. Mac), cookie or tracking pixel information, browsing or search history, or diagnostic information)||You|
|Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information (such as call recordings, photographs, or video)||You|
|Professional or Employment-Related Information (such as current employer or job title)||You|
|Education Information (such as education history and level of education)||You|
|Inferences Drawn About You (such as user profile reflecting preferences, characteristics, psychological trends, or predispositions)||You|
|Content of Communications (such as contents of phone calls, emails, text messages, or photos)||You|
|Contacts (such as list of contacts you supply to us or that we may collect from your device with your permission)||You|
We may share the categories of Identifiers, Geolocation Information (coarse location only), and Internet or Electronic Network Activity Information as described above with advertising partners.
We determine the retention period for each of the categories of personal information listed above based on (1) the length of time we need to retain the information to achieve the business or commercial purpose for which it was obtained, (2) any legal or regulatory requirements applicable to such information, (3) internal operational needs, and (4) any need for the information based on any actual or anticipated investigation or litigation.
Entities to whom we disclose information for business purposes are service providers, which are companies that we engage to conduct activities on our behalf. We restrict service providers from using personal information for any purpose that is not related to our engagement.
We may disclose personal information that we collect or that you provide as described in this privacy notice:
To our affiliates, subsidiaries, and other Freshworks companies.
To the following categories of service providers who are bound by law and contractual obligations to keep your personal information confidential. Service providers may use information that we share with them only for the purposes for which we disclose it to them and as otherwise permitted by law.
Payroll services providers that assist us in calculating and disbursing your salary and other compensation.
Auditing and accounting firms, such as firms that assist us in the creation of our financial records.
Professional services consultants, such as firms that perform analytics, assist with improving our business, provide legal services, or supply project-based resources and assistance.
Recruitment vendors that assist with the application process, including assessing candidate qualifications and providing the platform through which candidates submit their candidacy.
Analytics services, including entities that analyze traffic to and on our website and assist with identifying and communicating with potential customers.
Security vendors, such as entities that assist with security incident verification and response, service notifications, and fraud prevention.
IT vendors, such as entities that assist with website design, hosting and maintenance; data and software storage; and network operation.
To other external parties when required by law or to protect Freshworks or other persons, as described in this privacy notice.
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Freshworks’ assets or capital stock, whether as a going concern or as part of bankruptcy, liquidation or a similar proceeding, in which personal information held by Freshworks about our employees, workers and contractors is among the assets transferred. If this happens, the recipient of the personal information will continue to honor the promises made in this privacy notice, or else provide you notice of any changes.
Your rights under the CCPA
Know and request access to and correction and deletion of personal information: You have the right to request access to personal information collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers with to whom we sell or disclose it. You also have the right to request in certain circumstances that we delete personal information that we have collected directly from you or correct information that we have collected about you.
Right to opt out of selling/sharing personal information: You have the right to opt out of the sale of your personal information to, and the sharing of your personal information with, third parties. Please note that the right to opt out does not apply to our sharing of data with service providers, who are parties we engage to perform a function on our behalf and are legally and contractually obligated to use the data only for that function.
In case you would like to exercise this right please go here.
Right to limit the use and disclosure of sensitive personal information: You have the right to limit the use and disclosure of sensitive personal information that we use to infer characteristics about you. If you exercise this right, we may still use and disclose sensitive information about you for limited purposes.
Colorado, Connecticut, Utah, and Virginia
Residents of the States of Colorado, Connecticut, Utah, and Virginia have the following rights:
Opt out of “sales” of personal information and use of their personal information for “targeted advertising,” as those terms are defined under applicable law.
Opt out of “profiling” under certain circumstances, as defined under applicable law. (Residents of Colorado, Connecticut, and Virginia only.)
Confirm processing of and access to personal information under certain circumstances.
Correct personal information under certain circumstances. (Residents of Colorado, Connecticut, and Virginia only.)
Delete personal information under certain circumstances.
Residents of these states can exercise their rights by contacting us using one of the methods listed below.
How to submit an opt-out, access or deletion request:
If you seek to exercise the foregoing rights to access, correct, or delete Personal Information, please contact us at email@example.com or write to us here. We respond to all requests we receive from you wishing to exercise your rights within a reasonable timeframe in accordance with applicable data protection laws. By writing to us, you agree to receive communication from us seeking information from you in order to verify you to be the consumer from whom we have collected the Personal Information and such other information as reasonably required to enable us to honor your request.
If you are a resident of California, Colorado, or Connecticut, you may, under certain circumstances, authorize another individual or a business, called an authorized agent, to make requests on your behalf. (Authorized agents in California must be registered with the California Secretary of State.) The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative of that person. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity, and value of the information, including the risk of harm to you posed by any authorized access, correction, or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.
Residents of Colorado, Connecticut, and Virginia have the right to appeal a denial of their request by contacting us as described in the notice of denial.
The LGPD grants control and self-determination to data subjects and provides compliance responsibilities for organizations such as Freshworks in regard to personal data whose data subject is located within Brazilian territory at the moment of data collection or to any offering or providing of goods or service for individuals located within Brazilian territory. The LGPD gives national regulators powers to impose significant fines and indemnification liabilities on organizations that breach this law. All content of this notice and Freshworks’s processing of personal data are in strict compliance with LGPD, where applicable. At Freshworks we take a global approach to ensure all members benefit from increased control and clarity, which is in line with our commitment to putting our Customers first and working every day to maintain the trust they put in us.
LGPD grants the following rights to those individuals subject to its jurisdiction:
|Confirmation of data processing and access||You have the right to know and have access to the data we process about you.|
|Data correction||You have the right to request a correction of any incomplete, inaccurate or outdated data of yours that we process.|
|Anonymization, blocking or deletion||You have the right to request anonymization, blocking or elimination of unnecessary or excessive data or of any data being processed contrary to the law.|
|Data portability||You have the right, in certain circumstances, to reuse the Personal Data you have provided to us elsewhere or to ask us to transfer it to your chosen third party.|
|Information on data sharing||You have the right to be informed about the public and private entities with which we may share your Personal Data.|
|File a complaint||You have the right to file a complaint with a supervisory authority about our collection and processing of your Personal Data. The Brazilian data protection regulator is the Autoridade Nacional de Proteção de Dados and contact details can be found at https://www.gov.br/anpd/pt-br.|
10. OPTING OUT PROCEDURE
If you no longer wish to receive marketing communications from Freshworks, you may click on the “unsubscribe” link located on the bottom of our marketing emails or you can contact us at firstname.lastname@example.org. When using our Mobile Applications, you also have the option to turn off push notifications.
If you would like to object to the use of your Personal Data for analytics, you can contact us at email@example.com
11. OTHER COMMUNICATIONS
If you are our Customer, we will send you announcements (email or in product notifications related to the Services) on occasions when it is necessary to do so. For instance, if our Services are temporarily suspended for maintenance, we might send you an e-mail. Generally, you may not opt-out of such communications as they are a key part of delivering our Services to you effectively. If you do not wish to receive them, you may deactivate your Account.
12. RETENTION OF PERSONAL DATA
We will retain Personal Data only as long as is necessary for the purposes for which it is collected, as set out in this Notice. We will also retain it as necessary to comply with our legal obligations, for legal and litigation purposes, to maintain accurate financial and other records, deal with complaints, and enforce our agreements.
Generally, in respect of Personal Data that we process in connection with the supply of our Services, we may retain your Personal Data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.
Where we process any other Personal Data, we will generally retain relevant Personal Data for up to three years from the date of our last interaction with you (and in compliance with our data protection obligations). We may then destroy such files without further notice or liability.
If any Personal Data is only useful for a short period (e.g., for a specific activity, promotion or marketing campaign), we will not retain it for longer than the period for which it is used by us. If you have opted out of receiving marketing communications from us, we will need to retain certain Personal Data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. However, we will not use this Personal Data to send you further marketing unless you subsequently opt back in to receive such marketing.
Should you apply to work for us, we will retain data from your application for a limited period for record keeping and legal purposes. We may (subject to laws in your jurisdiction) also retain your data in order to contact you if a role arises for which we think you would be suitable. Further information about this will be provided during the application process and we will ask for consent where necessary according to local law.
The above examples may vary in some cases due to local laws, liability periods and mandatory retention requirements. For example, if certain information needs to be retained for longer according to local laws, regulations or because different legal limitation periods apply, then we will keep the Personal Data for these longer periods.
14. GOOGLE API DISCLOSURE
Freshworks has developed a functionality that allows its customers to connect their Gmail mailbox using Oauth with our products. Connecting your Gmail mailbox to your Freshworks account allows Freshworks to associate your account with your personal information on Google, to see your personal information, including any personal information you have made available, to view your email address and access your emails in order to create them as a ticket in our products, and to transmit the Service Data to third-party applications listed on Freshworks’ Marketplace that you integrate with your Account. The connection will further allow you to respond to your emails directly from our product and to delete them once they are fetched into our product.
Freshworks's use of information received from Google APIs will adhere to Google API Services User Data Policy's App's, including the Limited Use requirement.
15. CHILDREN'S PERSONAL DATA
Freshworks does not knowingly collect any Personal Data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Websites or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Notice by instructing their children never to provide Personal Data through our Services or Websites without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Websites or Services, please contact us using the details in section 18 and we will endeavor to delete that information and terminate the child's account from our databases.
Amendments to this Notice will be posted to this URL and will be effective when posted. If we make any material changes, we will notify you by means of a conspicuous notice on this Website or via e-mail or via in-product notification, but we encourage you to review this Notice periodically to keep up to date on how we use your Personal Data. You should frequently visit this Notice to stay fully informed. Your continued use of our Websites or the Service(s) following the posting of any amendment, modification, or change to this Notice shall constitute your acceptance of the amendments to this Notice. You can choose to discontinue use of the Websites or Service(s), if you do not accept the terms of this Notice, or any modified version of this Notice.
17. EFFECT OF MERGER OR ACQUISITION
In the event Freshworks goes through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, Customers’ Accounts, Collected Data and Service Data will likely be among the assets transferred. A prominent notice will be displayed on our Websites to notify you of any such change in ownership or control and Customers will be notified via an e-mail.
18. CONTACTING FRESHWORKS
If you have any questions about this Privacy Notice or our privacy practices, you can contact us at firstname.lastname@example.org or via postal mail at Freshworks Inc., 2950 S.Delaware Street, Suite 201, San Mateo, CA 94403 at the attention of the Data Protection Officer with a copy to email@example.com.
Annex 1 – Definitions
"Controller", "Data Subject", "Personal Data Breach", "Processor" and "Process" shall have the meaning given to them in the GDPR or other applicable law.
“Account”: means any accounts or instances created by or on behalf of Customer for access to and use of any of the Service(s).
“Affiliate”: means, with respect to a Freshworks entity, any entity that directly or indirectly controls, is controlled by, or is under common control with such Freshworks entity, whereby “control” (including, with correlative meaning, the terms “controlled by” and “under common control”) means the possession, directly or indirectly, of the power to direct, or cause the direction of the management and policies of such person, whether through the ownership of voting securities, by contract, or otherwise.
“API”: means the application programming interfaces developed, enabled by, or licensed to Provider that permits a User to access certain functionality provided by the Service(s).
“Apps”: mean the software applications listed on the Market Place which are created, developed, licensed, or owned by third-party developers. The term also includes any updates, upgrades and other changes to such software applications and versions thereof.
“Documentation”: means any published data sheet provided by Freshworks detailing the functionalities of the Software.
"GDPR" shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and any legislation relating to the processing of personal data effective in the UK and/or Switzerland that is intended to replicate or maintain some or all of the provisions, rights and obligations set out in Regulation (EU) 2016/679, as relevant.
“LGPD” means “Lei Geral de Proteção de Dados Pessoais”, which corresponds to the Brazilian data protection law no. 13.709/2018.
“Market Place”: means an online marketplace for Apps that interoperate with the Service(s). Its Website(s) is https://www.freshworks.com/apps/.
“Mobile Applications”: mean the software applications created, developed, and owned by Freshworks to enable access and use of the Service(s) through mobile or other handheld devices (such as apps on iOS or Android devices).
"Personal Data" shall mean any information relating to an identified or identifiable natural person as defined by the General Data Protection Regulation of the European Union ("GDPR" EC-2016/679).
‘Processing”/“To Process”: means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
“Service Data": means all electronic data, text, messages or other materials, including without limitation Personal Data of Users and End-Users, submitted to the Service(s) by Customer through Customer’s Account in connection with Customer’ use of the Service(s).
“Service(s)”: mean and include Freshdesk, Freshservice, Freshsales, Freshchat, Freshcaller, Freshteam, Freshmarketer, Freshconnect, Freshinbox, Freshsuccess, Freshping or Freshstatus and/or any new services that Provider may introduce as Service(s) to which Customer may subscribe to and any Updates, modifications or improvements to the Service(s), including individually and collectively, Software, the API and any Documentation, but exclude any Apps or APIs that belong to third parties. Software: means software provided by Freshworks (either by download or access through the internet) that allows Customer to use any functionality in connection with the Service(s) and includes Mobile Application(s), but excludes any Apps or APIs that belong to third parties.
“User”: means an individual who is authorized by Customer to use the Service(s) including an Account administrator, employees, consultants, contractors, and agents of Customer, and third parties with which Customer transacts business.
Sorry, our deep-dive didn’t help. Please try a different search term.