Last Updated: 26th November 2020
Your privacy is important to us. This notice outlines the personal data SelfDrvn collects, how it is processed, and for what purposes. SelfDrvn offers a wide range of software products, including those used to help manage and engage employees and talent in all forms by enterprises worldwide in the workplace and beyond. References to SelfDrvn products in this statement include SelfDrvn services, websites, platforms, applications, software, and bots.
This statement applies to the interactions between the end user and SelfDrvn products.
SelfDrvn products are a product of SelfDrvn Enterprise Pte Ltd and its affiliate entities located world-wide (together, ‘SelfDrvn’). We aim to protect your personal information and ensure that you continue to trust us with your personal data. This notice applies to the personal data that we collect/process for the purposes of providing you our services and an enhanced user experience on our products. This Notice is applicable to you if an account on our Platform was created on your behalf by your employer and if you share your personal information through your employer or directly with SelfDrvn. Some parts of this notice are applicable to you if you browse our website. Further, this notice is applicable to you in accordance with applicable local and international laws and regulations.
SelfDrvn reserves the right to make changes to this Notice at any time, which shall be duly informed to you via notification on the Products. We encourage you to regularly review this Notice to ensure that you are aware of changes made to it from time to time.
WHAT DATA WE COLLECT
SelfDrvn collects data from you, through our interactions with you and through our products. Most data are collected directly from end users, and some is collected through interactions with our products. The data we collect depends on the context of your interactions with SelfDrvn and the choices you make, including the products and features you use. We also obtain data about you from your employer if you are an end user of a SelfDrvn product or a SelfDrvn account provided by your organisation.
You have choices when it comes to the data you share. When we ask you to provide personal data, you can decline. Some of our products require some personal data to provide you with a service. If you choose not to provide required data, you may not be able to use one or more features of the product. Likewise, where we need to collect personal data to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract; or if this relates to an existing product you’re using, we may have to suspend or cancel it. We will notify you if this is the case at the time. Where providing the data is optional, and you choose not to share personal data, features like personalisation that use such data will not work for you.
We may also obtain data from third parties. We protect this data according to the practices described in this statement, in addition to any additional restrictions imposed by the data provider. These third-party sources vary over time and include services, including Google Fit, Apple Heaklthkit, and Fitbit, when you give us permission to access your data on such third-party services or networks. The data we collect depends on the context of your interactions with SelfDrvn and the choices you make, the products and features you use, your location, and the applicable law.
To read in detail, see the section on HOW WE USE AND PROCESS YOUR PERSONAL DATA.
HOW AND WHERE WE STORE YOUR PERSONAL DATA
We take safeguarding of your personal data very seriously. We use a variety of security technologies and procedures to provide proper safeguards and measures to ensure adequate protection of the personal data collected, processed and maintained from unauthorised access, use, or disclosure.
Your Personal Data is securely stored on servers hosted by Microsoft Azure provided by a reputed Cloud Service Provider (“CSP”) meeting the prescribed industry security standards. Such CSPs adopt state of art technical measures required to meet global standards of privacy. These data centres have limited access and are in controlled facilities.
Currently, the SelfDrvn data center is hosted with Microsoft Azure, in the region based on the location of our client. If our client is in the European Union, the primary server is hosted in Germany and the backup server will be in either the Netherlands, France, or Switzerland. If our client is outside of the European Union, the primary server is hosted in Singapore and the backup server is hosted in central India. The storage location(s) are chosen in order to operate efficiently, to improve performance, and to create redundancies in order to protect the data in the event of an outage or other problems. If you browse our website, the data collected there is always hosted on our Microsoft Azure data center in our primary server hosted in Singapore, with the backup server in central India.
When we transmit highly confidential data (such as a password) over the internet between your device and our data centre, we protect it through the use of encryption. SelfDrvn complies with applicable data protection laws, including applicable breach notification laws. We do not transfer your personal data from the data centre where your data is stored to any other location.
We take measures to require our employees who handle personal data to adhere to a strict privacy and non-disclosure policy. All such access to personal data by employees is strictly controlled, on a need to know basis and monitored through action logs.
WHY WE COLLECT AND PROCESS YOUR PERSONAL DATA
SelfDrvn as a data processor handles your Personal Data to deliver the contracted service on behalf of your employer. SelfDrvn helps organizations engage with employees through various initiatives at work including but not limited to learning, recognition, rewards, wellness, collaboration, communication and social causes to support and further the mission, goals, values and initiatives of the organization. Additionally, SelfDrvn may use your Personal Data:
- to notify you regarding activities on the Platforms, updates related to various programs or initiatives that your employer may consider beneficial to its employees.
- to notify you about functionality and changes on our Web sites, application, and new services.
- to create and maintain your accounts with SelfDrvn.
- to provide our products, which includes updating, securing, and troubleshooting, as well as providing support.
- to personalise our products and make recommendations within the product such as what next goal you should set or what personal development program you should take.
- In an anonymized way to measure performance of our own products in terms of adoption, and usage compared to similar benchmarks by our other customers.
WHEN WE CAN DISCLOSE/ SHARE YOUR PERSONAL DATA
We share your personal data with your consent or to provide any product feature you have requested or authorised. For example, we share your content with your co-workers/colleagues upon your request, such as when you publish a post (text, image, video, audio, etc.) in the newsfeed of the platform, share some content from the platform to the external social media platform, or share a feedback with your co-worker/colleague.
We also share personal data with our limited vendors who work on our behalf for the purposes described in this statement. For example, our Cloud Service Provider who provides us Microsoft Azure servers. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to access or use personal data they receive from us for any other purpose. We also share data when required by law or to respond to legal process; to protect our customers; to protect lives; to operate and maintain the security of our products, including to prevent or stop an attack on our computer systems or networks.
Please note that our products may include links to or otherwise enable you to access products of third parties whose privacy practices differ from those of SelfDrvn. If you provide personal data to any of those products, your data is governed by their privacy policies.
HOW WE USE AND PROCESS YOUR PERSONAL DATA
SelfDrvn takes all reasonable steps to ensure fair, lawful and transparent processing of your Personal Data. SelfDrvn as a data processor processes your personal data according to the agreement between SelfDrvn and your employer, and for limited purposes as mentioned in this privacy notice.
We process data for a variety of purposes described below.
- Name and Contact Data: Your full name, user image, nick name, personal email, contact number, and social media profile links (Facebook, Skype, LinkedIn). This information is used for your identification within users authorised by your employer.
- Credentials: Your login email and password. SelfDrvn application uses this data to identify you as a unique user, to authenticate you into the platform and uses this email for sending notification emails related to platform.
- Demographic Data: Data about you such as your gender, date of birth, and preferred language. This is used for record keeping purpose if required by your employer. It is not visible to any other user. SelfDrvn may also use the date of birth to send automated birthday wishes to the user in form of greetings that are publicly shared with other users on the platform.
- Subscription, and Access Control Data: Information about your subscriptions, and access control level assigned by your employer.
- Content: The content of your files, communications, and other inputs that you upload, and create on SelfDrvn platform. This data is not used by SelfDrvn but may be accessed by other users on the platform.
- Feedback and Ratings: The information you provide to us and the content of messages you send to us, such as product feedback, and product ratings you write. SelfDrvn may use this data for its marketing or to contact you to resolve your queries.
- Official Data: Your employee number, department, designation, position, reporting manager, business unit, joining date, resignation date, etc. This data is for purpose of record keeping, used by your This helps them identify users as a collective, for example all users who belong to a specific department and see analytics and reports based on those collective groups.
- Interactions: The data that you share while interacting with SelfDrvn platform, such as about/bio, poll/quiz/survey responses, peer feedback, responses to idea generating survey (“Message in a Bottle”), and goals. This also includes the data about you that gets generated on the platform such as rewards redeemed, events attended, and points/badges earned. This data is used by SelfDrvn to make it available to other users on the platform such as your peers at work, your manager and the human resources department. The appropriate access of each user is decided by the administrator at your employer. The data on points and badges earned are used by SelfDrvn to create leaderboards and profile pages that are visible at your organization level.
- Third Party Data: The data about you collected from third party sources with your consent, such as steps taken (for “Stepathon”). We read the number of steps measured by data subject's google fit/Fitbit/Apple Healthkit. These numbers are used to create leaderboards and gamified challenges for users. This data is based on consent, which can be revoked by user.
When you share your personal data while requesting for a demo on our website, you do that with a consent for us to contact you, and to occasionally send you latest case studies, webinars, and thought leadership content. The other information is necessary for us to know the organization you represent.
OUR RETENTION OF PERSONAL DATA
SelfDrvn retains personal data for as long as necessary to provide the products and fulfil the requests you have requested, or for other legitimate purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements, with your employer, for example.
We will retain the data for as long as your employer remains a customer of SelfDrvn and for a reasonable time thereafter, defined by the agreement between your employer and SelfDrvn. In case you stop being an employee of your employer, you may place a request with your employer to exercise your rights.
HOW DO WE KEEP YOUR DATA SECURE
We use appropriate technical and organisational measures designed to protect the data of our users. The measures we employ are designed to provide a level of security appropriate to the risk of processing your personal information and we continuously develop them. Our measures vary, but typically include controls to limit access to services or systems that contain personal data, pseudonymisation, databases protected by firewalls, passwords and other technical measures.
WHAT RIGHTS YOU CAN EXERCISE
You can make choices about the collection and use of your data by SelfDrvn. You can control your personal data that SelfDrvn has obtained, and exercise your data protection rights, by contacting your employer or using various tools we provide. In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable law.
How you can control your personal data will also depend on which product features you use. For example, you can choose not to update certain data on SelfDrvn if you do not want to. These include your profile image, nickname, personal email, contact number, social media page links like Facebook/LinkedIn/skype, About/Bio, Gender, Date of Birth, Stepathon linking with your Google Fit, Apple Health Kit, Fitbit. These are purely based on your free consent which you are free to revoke whenever you want. To revoke consent on these fields, simply remove your data or replace with dummy data.
You have following data protection rights available to you, which you can exercise by contacting your employer.:
1. Right to Access and Rectification
2. Right to withdraw consent
3. Right to Erasure
4. Right to restriction of processing
Browser Based Controls: When you use a browser, you can control your personal data using certain features. For example, cookie controls. You can control the data stored by cookies and withdraw consent to cookies by using the browser-based cookie controls described in the “COOKIES AND OTHER TRACKING TECHNOLOGIES” section of this privacy statement.
COOKIES AND OTHER TRACKING TECHNOLOGIES
- What are cookies: Cookies are small text files that are placed on your web browser by websites that you visit, in order to make Web sites work more efficiently and generate user specific content and tools.
- What types of cookies we may use
- Persistent Cookies: It helps recognise you as an existing user, and use our services without signing in again. After you sign in, it stays in your browser and will be read by SelfDrvn when you return to our Web sites after navigating to other web sites or tabs. These also allow us to save your consent setting on the website. These cookies are necessary for the website to function.
- Session Cookies: The technical information stored by session cookies lasts as long as the current web session (usually your current visit to a web sites or a browser session) persists. If applicable, you can choose to opt out of these cookies as described below.
- Analytics Cookies: These cookies track information about how a user uses the Platforms. Analytics cookies may be first party cookies or third-party cookies. These cookies allow our websites to provide you a more personalised online experience. You can choose to opt out of these cookies as described below.
- Whether you can opt out of cookies: With most Internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored. Please refer to your web browser instructions or help screen to learn more about these functions. However, if you reject cookies, the functionality of our offerings may be restricted. You may also choose to opt out of optional cookies by clicking here.
THIRD PARTY LINKS/ EXTERNAL LINKS
Our Web sites, or the application, platforms may contain links to content or other functionality provided by third parties which are outside our control and are not covered by this Notice. Accordingly, SelfDrvn shall not be liable for any breach of your Personal Data which is attributable to the acts or omissions of such third parties.
PRODUCTS PROVIDED BY YOUR ORGANIZATION - NOTICE TO END USERS
Since you use SelfDrvn product with an account provided by an organisation you are affiliated with, that organisation can:
- Control and administer your SelfDrvn account, including controlling privacy-related settings of the product.
- Access and process your data, including the interaction data, diagnostic data, and the contents of your communications and files associated with your SelfDrvn account.
If you lose access to your work account (in event of change of employment, for example), you may lose access to products and the content associated with SelfDrvn products. If your organisation provides you with access to SelfDrvn products, your use of the SelfDrvn products is subject to your organisation's policies, if any. You should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organisation’s administrator. When you use social features in SelfDrvn products, other users in your network may see some of your activity. SelfDrvn is not responsible for the privacy or security practices of our customers.
When you use a SelfDrvn product provided by your organisation, SelfDrvn’s processing of your personal data in connection with that product is governed by a contract between SelfDrvn and your organisation. SelfDrvn processes your personal data to provide the product to your organisation and you, and for SelfDrvn’s legitimate business operations related to providing the product as described in this notice. As mentioned above, if you have questions about SelfDrvn’s processing of your personal data in connection with providing products to your organisation, please contact your organisation.
CHANGES TO THIS PRIVACY NOTICE
We update this privacy statement when necessary to provide greater transparency or in response to:
- Feedback from customer, regulators, industry, or other stakeholders.
- Changes in our products.
- Changes in our data processing activities or policies.
When we post changes to this statement, we will revise the "last updated" date at the top of the statement. We will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how SelfDrvn is protecting your information.
EUROPEAN PRIVACY CONSIDERATION IN RESPECT TO EU DATA SUBJECTS
SelfDrvn will process your data in accordance with PDPA and EU-GDPR for the lawful purposes and for the purpose of the work statement of the Agreement with your employer.
HOW YOU CAN REACH US
SelfDrvn customers are organizations such as businesses and schools, who use our platform/applications to help them manage their employees, students, freelancers, gig workers, and applicants. SelfDrvn processes personal data in these platforms/applications only according to our customers’ instructions. If you have a privacy concern, complaint, or question about your personal data on our application/platform that’s used by one of our customers, or want to exercise any of your rights regarding your personal data, our service agreement with customer requires that we redirect your inquiry back to that SelfDrvn customer.