Privacy Policy

Effective on: 20 April 2022

Introduction and Scope

This Privacy Policy (this "Policy") covers Praxonomy Limited, a private limited company organised under the laws of the United Kingdom, and Praxonomy Limited, a private limited company organised under the laws of Hong Kong (collectively "Praxonomy", "we", "us", "our"). We take the protection of personally identifiable information ("Personal Data") very seriously. This Policy addresses users ("Data Subjects") whose Personal Data we process in our web application called Boardlogic (the "Application"), the publicly accessible components of our website praxonomy.com (the "Website"), or when we are contacted on the Website or by email.

VeraSafe Privacy Program

Praxonomy is a member of the VeraSafe Privacy Program, meaning that with respect to Personal Data processed within the Application, VeraSafe has assessed Praxonomy's data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The certification criteria require that participants maintain a high standard for data privacy and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.

Dispute Resolution

Where a privacy complaint or dispute cannot be resolved through Praxomony's internal processes, Praxomony has agreed to participate in the VeraSafe Dispute Resolution Procedure for disputes related to processing of Personal Data within the Application. Subject to the terms of the VeraSafe Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

Categories of Personal Data

We typically process the following types of Personal Data within the Application:

biographical information, such as your name and title;
contact and user information – email address and telephone number;
professional information, such as job title, current and previous roles and experience;
education history;
profile photos and data; and
technical details such as username, login data and usage data.

We typically process the following types of Personal Data when responding to enquiries about our services, for the purposes of sending marketing communications, or otherwise as outlined in this Policy:

biographical information, such as your name and title;
contact and user information – email address and telephone number;
technical details such as username, login data and usage data; and
your preferences in receiving marketing from us and third parties and your communication preferences.

We may process the following types of Personal Data ("Billing Details") for billing purposes, if you are the billing contact for our client ("Client"):

biographical information, such as your name;
contact and user information – email address and telephone number;
billing information, such as your credit card number and billing address; and
professional information, such as the organisation for which you work.

How We Receive Personal Data

We may receive your Personal Data directly from you when: (i) you use the Application as a user; (ii) you provide us with Billing Details; or (iii) if you send an email or an enquiry through the Website. Alternatively or in addition to Personal Data we receive directly from you, we may receive your Personal Data from: (i) a Client with which you are associated; or (ii) a Client that is managing solutions for the organisation with which you are associated.

If you visit our Website, we will automatically collect usage and technical data about your equipment, browsing actions and patterns. We will collect this Personal Data by using cookies and other similar technologies. Please see the "Cookies" section below for more information.

Controllership

In relation to our Application, we are a data processor and we only process Personal Data on behalf of our Clients, who are typically acting as data controllers. This means that our Clients typically determine why and how the Personal Data is processed by our Application. However, where you contact us by email or through our Website and where we process your Personal Data for marketing purposes, we act as a data controller.

Basis of Processing

In relation to our Application, we process Personal Data based on the instructions of our Clients.

Where we process Personal Data as a data controller, we do so for our legitimate interests, such as marketing and offering our services to you. We may also use your Personal Data where we need to comply with a legal obligation or to perform our obligations under a contract we are about to enter into or have entered into with you. Where we receive your Personal Data directly from you for the purpose of providing you with our services, we require such Personal Data to be able to perform our contractual obligations to you. Without the necessary Personal Data, we will not be able to provide our services to you.

Generally, we do not rely on consent as a legal basis for processing your Personal Data although we will get your consent before sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

Purpose of Processing

We process Personal Data for the purposes of providing our services to our Clients and in particular:

providing services through our Application, such as facilitating meeting scheduling and preparation, storing documents and member directory records, enabling collaboration and distribution of information;
providing customer support;
tracking issues;
managing billing and subscriptions;
managing our relationship with you, which will include notifying you about changes to our terms or privacy policy;
to administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance); and
to respond to your enquiries.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Data Retention

Where we act as a data processor, we retain Personal Data for as long as instructed by our Clients. We will delete Personal Data within six months of receiving an instruction to do such by the applicable Client.

Where we act as a data controller and when the purposes of processing are satisfied, we will delete your Personal Data within six months.

Please note that we may need to retain certain information (such as contact data and financial data) for longer periods in order to comply with regulatory, accounting, tax or reporting requirements (up to six years) or in the event of a complaint or where we reasonably believe there is a prospect of litigation in respect to our relationship with you. In each case we will only do so to the extent necessary for that purpose.

Cookies

A "cookie" is a small file stored on your device that contains information about your device. We may use cookies in the Application or on our Website for the purposes of session management. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note that, if you reject certain cookies, you may not be able to use or access all of the features on our Application. For more information on the cookies we use in our Application or Website, please contact support@praxonomy.com.

Responding to Do Not Track Signals

Our Application does not have the capability to respond to "Do Not Track" signals received from various web browsers.

Sharing Personal Data with Third Parties

We make Personal Data available to our service providers, who provide specific contracted services to help run our Application and our business. These service providers process Personal Data on behalf of Praxonomy. Such third parties include those providing:

customer support software;
subscription management and billing software;
cloud infrastructure services;
inbound and outbound call centre software;
customer relationship management software; and
online payment processing services.

Some of our service providers who receive your Personal Data may be located in countries outside of the European Union or the European Economic Area. In some cases, the European Commission may not have determined that the legal environment in those countries provides a level of data protection that is essentially equivalent to the level of protection provided under European Union law.

We will require that those service providers maintain at least the same level of data protection that we maintain for such Personal Data. Transfers of your Personal Data to such service providers will be subject to appropriate safeguards, such as the standard contractual clauses for the transfer of Personal Data to third countries, as approved by, and available directly from, the European Commission.

Praxonomy remains liable for the protection of your Personal Data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorised or improper processing. Our service providers are listed at www.praxonomy.com/legal/subprocessors.

Other Disclosure of Your Personal Data

We may also disclose your Personal Data:

to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
if we sell or transfer all or a portion of our company's business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
to our subsidiaries or affiliates only if necessary for business and operational purposes.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data we process in our Application for any legal business purpose, such as analysing usage trends and seeking compatible advertisers, sponsors, and customers. Such data will not include any Personal Data.

If we must disclose your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.

Data Integrity & Security

Praxonomy has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorised processing such as unauthorised access, disclosure, alteration, or destruction.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Access & Review

If we store Personal Data about you, you may have a right to request access to, and the opportunity to update, correct, or delete, such Personal Data. You may also have the right to ask that the processing of your Personal Data be limited, to object to the processing of your Personal Data, or to ask to have your Personal Data exported in a machine-readable format. Where we act as a data processor and if you are not able to make such changes yourself through the Application, you should contact the System Owner or Administrators of the Praxonomy system with which you are associated. Where we act as a data controller, you may exercise such rights by contacting us using the information provided in the "Contact Us" section below. You also have a right to file a complaint to a data protection supervisory authority in the EU.

Changes to this Privacy Policy

If we make any material change to this Policy, we will post the revised Policy to this web page and update the "Effective on" date above to reflect the date on which the new Policy became effective.

Contact Us

VeraSafe has been appointed as Praxonomy's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. VeraSafe can be contacted in additional to privacy@praxonomy.com, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +420 228 881 031

Alternatively, VeraSafe can be contacted at:

VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland

Please allow up to four weeks for us to reply.