Privacy Policy

Date updated:
October 9, 2024
Read time:
12
min read

The privacy of your data is important to us. This privacy policy (the "Privacy Policy") was created to inform customers ("you") of how Projectworks Inc. and Spiderworks Ltd. (“Projectworks”, “us”, “we” and “our”) will collect and use your information when you use our website projectworks.io and all related websites and web-based applications (our “Sites”), and any other technologies, features, content, and services we offer (collectively, our “Services”). We encourage you to read this Privacy Policy and reach out to us using the contact methods at the end of the Privacy Policy if you have any questions

This Privacy Policy incorporates our Terms of Service. To keep things simple, any capitalized terms not otherwise defined in this Privacy Policy have the meanings given to them in our Terms of Service.

This Privacy Policy does not apply to third-party websites, products, or services, even if they may link to our website or if our site links to them. We recommend that you review the privacy practices of those third parties before connecting accessing third party websites and sharing any personal data.

If you are a visually-impaired individual, an individual with another disability, or an individual seeking support in another language, you may access this Privacy Policy by emailing us at legal@projectworks.io

1 - Personal data we collect

Unless otherwise indicated, for the purposes of this Privacy Policy, “personal data” means individually identifiable information about an individual consumer collected online by the operator and maintained by the operator in an accessible form. Personal data does not include “aggregate” or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, service, or users that is not personally identifiable or from which individual identities are removed.

A. Personal Data You Provide Us

  • Subscription Information.  When you subscribe to our Services, we may require you to submit personal data about yourself, such as your full name, your address and other contact information. When you contact us for feedback or support, we may collect other personal data from you in order to assist you. We use your personal and billing information to provide and improve services to you. We may use your personal data to contact you with new features, special offers and update information.
  • Billing Information.  Billing information will be required from you when you use a paid service from us. You will provide this information yourself when you sign up for the service. This may include your subscription type and your billing contact details, such as your billing email, address and phone number. Your credit card information will be collected and stored with a PCI-compliant third party (Stripe) if you elect to pay by credit card.
  • Your Hosted Data.  In order to use the services, you voluntarily input or import your chosen data ("Hosted Data") into the Projectworks application. Your files, users, groups, permissions and metadata are hosted in Microsoft Azure and accessed using Projectworks.  Your hosted data may be used by us for the following purposes:
    • For delivery of the features of our software
    • To ensure compliance with the Terms of Service;
    • For product development and improvement of the service;
    • For technical support;
    • For pre-emptive health-checks;
    • To deploy updates to applications.

B. Personal Data Collected Automatically

Our Services may use cookies and other tracking technologies such as web beacons, embedded scripts, and tags, which collect information from you automatically as you use our Services, including:

  • Browser and device data.  When you use our Services, we may automatically collect information such as IP address, device identifier, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the Sites you are visiting.
  • Usage data.  When you use our Services, we may automatically collect information such as browsing history, time spent on the Sites, pages visited, links clicked, language preferences, patterns of use, and the pages that led or referred you to our Site.  We also collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps, and other online features and services.  For example, we use Google Analytics on our Sites to help us analyze your use of our Sites and diagnose technical issues.  Please review Cookies and Other Tracking Technologies below for more information about our use of these technologies.

C. Personal Data We Collect From Others

We may collect personal data about you from the following entities or individuals:

  • Our service providers.  We may collect personal data from our service providers, including communications and customer and technical support providers (including if you use our live chat, provided by HubSpot, or any chatbot on our Sites).
  • Third party marketing partners. We may collect information from marketing partners, including joint marketing/co-branding partners and marketing, advertising, and analytics companies.
  • Analytics and advertising partners.  We may collect personal data from our analytics and advertising partners and providers, including online advertising networks and analytics providers.
  • Social media and other content platforms.  We may collect personal data from platforms such as Meta, X, YouTube, LinkedIn, or Google if you interact with us on these platforms to use the Sites or Services.  

D. Aggregated, Anonymized, and Deidentified Information

We may create aggregated, anonymous, or de-identified data from personal data by removing data components that make the data personally identifiable to you or through obfuscation or other means.  Our use of aggregated, anonymized and de-identified data is not subject to this Privacy Policy.  

2. Use of Personal Data

We may use personal data we collect about you for the following purposes:

  • To contact you and provide information
  • To provide customer service and technical support
  • To provide and maintain our Services
  • To develop and improve our Services
  • To facilitate interactive features
  • For internal analytics
  • To market our products and services
  • To market the products and services of others
  • To provide promotions and sweepstakes
  • For internal business purposes, including general business administration
  • To fulfill audit, compliance, legal, policy, procedure, and regulatory obligations
  • To investigate customer claims and investigate and prevent fraud
  • To ensure systems and data security
  • To protect the safety of our employees and others
  • For marketing and targeted advertising
  • For any other purpose consistent with your preferences

3. Disclosure of Personal Data

We may disclose personal data to the following categories of third parties:

  • Our affiliates.  We may share personal data with our affiliates, in which case, we will require such affiliates to comply with the terms of this Privacy Policy.
  • Service providers.  We share personal data with our service providers to provide services on our behalf, such as payment processing, analytics, advertising, hosting, marketing, customer and technical support (including providers of our live chat or chatbot), and other services.  For example, if you use our live chat, the information provided may be recorded and stored by our provider HubSpot, in order for us to provide customer and technical support.
  • Third-party platform advertising.  We may share your information with third-party platform providers who assist us in serving advertising regarding the Sites and Services to others who may be interested.  We also partner with third parties such as Google, who use cookies to serve interest-based advertising and content on their respective third-party platforms that may be based on your preferences, location, and/or interests.
  • Compliance and harm prevention.  Under certain circumstances, we may share personal data as we believe necessary (i) to comply with applicable law, rules and regulations; (ii) to enforce our contractual rights; (iii) to investigate possible wrongdoing in connection with the Site and Services; (iv) to protect and defend the rights, privacy, safety and property of Projectworks, you or others; and (v) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
  • Affiliate and business transfers and transactions.  If we or our subsidiaries are involved in a merger, acquisition, asset sale, or other corporate combination, your personal data may be transferred to the acquiring or surviving entity.  

4. Cookies and Other Tracking Technologies

We may use various methods and technologies to store or collect information which may be linked to you. We use and allow third parties to use essential and non-essential cookies, online tracking tools, web beacons, and similar technologies (collectively, “cookies”) on the Sites. We collect and process this information to support the functionality on the Sites and to better understand your preferences.

Cookies on the Sites generally fall into the following categories:

  • Strictly Necessary Cookies: These are required for the operation of the Sites. They include, for example, cookies that enable you to log into secure areas. These cookies are session cookies which are erased when you close your browser.
  • Analytical/Performance Cookies: These allow us to recognize and count the number of users of the Sites and see how such users navigate through the Sites. This helps improve how the Sites work, for example, by ensuring that users can find what they are looking for easily. These cookies are session cookies which are erased when you close your browser.
  • Functional Cookies: These improve the functional performance of the Sites and make it easier for you to use. For example, cookies are used to remember that you have previously visited the Sites and asked to remain logged into it. These cookies are session cookies which are erased when you close your browser.
  • Targeting Cookies: These record your visit to the Sites, the pages you visit and the links you follow so we can recognize you and track your activity on the Sites and other websites you visit. These cookies are persistent cookies because they remain on your device for us to use during your next visit to the Sites. You can delete these cookies via your browser settings.

You can modify your browser settings to decline or accept cookies.  Please note that if you decline cookies, some of our Sites’ features may not function as designed.

A. Analytics information.  

We may use Google Analytics or other service providers for analytics services.  These analytics services may use cookies to help us analyze how users use the Service.  Information generated by these services (e.g., your IP address and other usage information) may be transmitted to and stored by Google Analytics and other service providers on servers in the U.S. (or elsewhere) and these service providers may use this information for purposes such as evaluating your use of the Services, compiling statistic reports on the Service’s activity, and providing other services relating to Services activity and other Internet usage.  You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on.  

B. Third-Party Ad Networks.  

Certain companies may participate in the Digital Advertising Alliance ("DAA") AdChoices Program and may display an Advertising Option Icon for Interest-based Ads that links to an opt-out tool which allows you to exercise certain choices regarding targeting.  You can learn more about the DAA AdChoices Program at http://www.youradchoices.com and its opt-out program for mobile apps at http://www.aboutads.info/appchoices.

In addition, certain advertising networks and exchanges may participate in the Network Advertising Initiative (“NAI”).  NAI has developed a tool that allows consumers to opt out of certain Interest-based Ads delivered by NAI members' ad networks.  To learn more about opting out of such targeted advertising or to use the NAI tool, see http://www.networkadvertising.org/choices/.  Please be aware that, even if you are able to opt out of certain kinds of Interest-based Ads, you will continue to receive non-targeted ads.  Opting out of one or more NAI or DAA members only means that those selected members should no longer under the NAI/DAA rules deliver certain targeted ads to you.  This will affect this and other services, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks).  If your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different device or web browser(s), or use a non-browser-based method of access (e.g., mobile app), your NAI/DAA browser-based opt-out may not, or may no longer, be effective.  Mobile device opt-outs will not affect browser-based Interest-based Ads even on the same device, and you must opt-out separately for each device.  

We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.  Please note that opting out of advertising networks does not necessarily mean that you will not receive advertisements while using our Sites or on other websites.

C. Do Not Track.

We do not support Do Not Track functionality.  Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.  You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

5. Data Security

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable security procedures appropriate to the nature of the personal data to reasonably protect it from loss, misuse, unauthorized access, disclosure, alteration or destruction, we cannot guarantee its absolute security. Where applicable, we encourage you to secure your account with a strong password and to keep your password private.

For example, your data is stored on the Microsoft Azure in a highly secure data center. Information concerning the physical and data security can be found here: https://www.microsoft.com/en-us/trustcenter/about/transparency#secure_your_data

6. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain certain personal data for internal analysis purposes. This information is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Services, or we are legally obligated to retain this data for longer time periods.

Our determination of precise retention periods will be based on (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position, including regard to applicable statutes of limitations, litigation or regulatory investigations.

7. Transfer of Personal Data

Our Services are operated in the United States and New Zealand, and our production data is hosted in Australia.  We may transfer, store, and use information we collect and maintain about you, including personal data outside of your state, province, country, or other governmental jurisdiction.  For such transfers, we take the necessary measures to ensure that your personal information receives an adequate level of protection.  Please note that the data protection laws in the jurisdiction in which we process personal data may differ from those of your jurisdiction, and in certain circumstances, your personal data may be subject to access requests from governments, courts, law enforcement agencies or regulatory agencies in those other jurisdictions.  

8. Children’s Data

Our Services are not intended for children. We do not knowingly collect any personal data from children under the age of 18. If you think that your child provided personal data to us, we strongly encourage you to Contact Us, and we will do our best efforts to promptly remove such information from our records.

9. Your Privacy Rights and Choices

You may have rights and choices regarding our use and disclosure of your personal data. Please note that you may have further rights and choices based on your jurisdiction, as provided in Sections 10 through 12 below.

  • Access or change your account data. You can access your account data at any time, provided that you have met your obligations under the Terms of Service. Please Contact Us if you would like to edit your account information, including billing information.  
  • Account deletion requests.  You have the right to request the deletion of your account with se.  If you would like to request that your account be deleted, please Contact Us.
  • Opt out of promotional emails. You may opt-out of any emails that we send for advertising or other promotional purposes by clicking the “unsubscribe” links provided at the bottom of those emails. Please note that if you opt out of receiving promotional emails from us, we may still send you important administrative messages that are required in order to provide you with the Services or for other reasons disclosed in this Privacy Policy.

10. Notice for Residents of California and Nevada

California Civil Code Section 1798.83 (“Shine the Light” Law) permits California residents who have supplied personal data, as defined in the statute, to us to, under certain circumstances, opt-out on a going forward basis of any such sharing or receive more information about such practices, if any. We do not currently disclose personal data for these purposes. You may send any inquiries or questions regarding this policy to us using the contact information provided below.

We do not “sell” personal data as that term is defined under Nevada law, but Nevada residents have the right to request to opt out of any future sale of their personal data under Nevada SB 220. If you are a Nevada resident and would like to make such a request, please Contact Us. You must include your full name, email address, and postal address in your email or mail request so that we can verify your Nevada residence and respond. In the event we sell your personal data after the receipt of your request, we will make reasonable efforts to comply with such request.

11. Notice for Individuals in the EEA, UK, and Switzerland

This European Privacy Notice applies to any individuals located within the European Economic Area (EEA), UK, or Switzerland from whom we may have collected personal data from any source, including through your use of the Service.  We provide this European Privacy Notice to comply with applicable privacy laws, including the General Data Protection Act (“GDPR”), the UK GDPR, and related laws, regulations, and guidance from the European Union and/or its member states.  Any capitalized term used and not otherwise defined below has the meaning assigned to it in our Privacy Policy.

European law provides individuals located in Europe with rights to receive certain disclosures regarding the collection, use, and sharing of personal data, as well as rights to be informed, access, rectification, erasure, restrict processing, data portability and to object with respect to collected personal data.  For the purposes of this European Privacy Notice, “personal data” means any information relating to an identified or identifiable natural person.

A. Basis for processing your personal data

We rely on one or more legal bases to process your personal data under applicable law.  We may process personal data (i) as necessary to perform our contractual obligations to you, including, but not limited to, those obligations in our terms of use; (ii) as necessary to pursue our legitimate interests as further detailed below; (iii) as necessary for our compliance with our legal obligations such as a request or order from courts, law enforcement or other government authorities; and/or (iv) with your consent, including to send you marketing email messages and other information that may be of interest to you, which you may withdraw at any time.

B. Legitimate business interests

We may collect, process, and maintain personal data to pursue the legitimate business interests outlined below.  To determine these legitimate interests, we balance our legitimate interests against the legitimate interests and rights of you and others and only process personal data in accordance with those interests where they are not overridden by your data-protection interests or fundamental rights and freedoms. Our legitimate interests generally include:

  • Providing, improving, and developing our Services, including to deliver your requested services, send you messages and provide user support, customize the Services to better fit your needs as a user, develop new products and services, and perform internal analytics and research and development. This also includes sharing personal data with our trusted service providers that provide services on our behalf.
  • Protecting you and others and to create and maintain a trusted environment, such as to comply with our legal obligations, to ensure compliance our agreements with you and other third parties, to ensure safe, secure, and reliable Service, and to detect and prevent wrongdoing and crime, assure compliance with our policies, and protect and defend our rights, interests, and property. In connection with the activities above, we may conduct internal research and profiling based on your interactions on various Sites, content you submit to the Sites, and information obtained from third parties.
  • Providing, personalizing, measuring, and improving our marketing, including to send you promotional messages and other information that may be of interest to you with your consent. We may also use personal data to understand our user base and the effectiveness of our marketing.  This processing is done pursuant to our legitimate interest in undertaking marketing activities to offer products or services that may be of interest to you.

C. Your Privacy Rights

In certain circumstances, individuals located within the EEA, UK, and Switzerland are entitled to the following data protection rights:

  • Right to Access. You have the right to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data.
  • Right to Erasure. You have the right to request that we erase your personal data in certain circumstances provided by law.
  • Right to Rectification. You have the right to request to have your personal data corrected or updated if that information is inaccurate, outdated, or incomplete.
  • Right to Object to Processing. You have the right to object to our processing of your personal data.
  • Right to Restrict Processing. You have the right to request that we restrict the processing of your personal data.
  • Right to Data Portability. You have the right to request that we provide you with a copy of your personal data in a structured, machine-readable and commonly used format.
  • Right to Withdraw Consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal data. Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data. You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA). You can view the contact information for your data protection authority here.

D. How to Exercise Your Privacy Rights

To exercise your privacy rights described above, please Contact Us. Please note that any request you submit to us is subject to an identification and residency verification process as permitted under applicable law, as well as certain other procedural requirements that may be noted in the sections below. Additionally, all requests are subject to certain exceptions under applicable law, which may vary. If you are a visually-impaired customer, a customer who has another disability or a customer who seeks support in other language, you may access your privacy rights by emailing us at legal@projectworks.io.

Except where otherwise noted, we will respond to your request within one month after receipt and we reserve the right to extend the response time by an additional two months when reasonably necessary and provided consumer notification of the extension is made within the first month. As described below, an authorized agent may submit a request to exercise your rights on your behalf.

We do not charge a fee to process or respond to your verifiable consumer request unless its excessive, repetitive, manifestly unfounded, or in accordance with applicable law.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If we have collected information on your minor child, you may exercise the above rights on behalf of your minor child. Additionally, you may designate an authorized agent to submit a request on your behalf, and if so, we may require proof of the agent’s authorization by you and/or verification of the agent’s own identity. Generally, a rights request must include:

  • Sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, which must include, at a minimum, your first and last name and email address.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to the request.

We cannot respond to your request or provide you with personal data if we cannot verify or authenticate your identity or authority to make the request and confirm that the personal information relates to you.

You are not required to create an account with us to submit a verifiable or authenticated consumer request. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable or authenticated consumer request to verify your (or your authorized agent’s, as applicable) identity or authority to make the request.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

12. Notice for Individuals in Australia and New Zealand

This Notice applies to any individuals located within Australia or New Zealand about whom we may have collected personal data from any source, including through your use of the Services.  We provide this Notice in addition to the disclosures throughout the rest of this Privacy Policy to comply with applicable privacy laws, including Australia Privacy Act 1988 and the New Zealand Privacy Act 2020.  Any capitalized term used and not otherwise defined below has the meaning assigned to it in our Privacy Policy.

In certain circumstances, individuals located within Australia and New Zealand are entitled to the following privacy rights:

  • Right to Access. You have the right to request confirmation of whether we process personal data relating to you, and if so, to request a copy of that personal data.
  • Right to Correct. You have the right to request to have your personal data corrected or updated if that information is inaccurate, outdated, or incomplete.

To exercise your privacy rights, please follow the instructions provided in Section 11(d).

13. Links to Other Websites

Our Services may contain links to websites that are not operated by Projectworks. We are not responsible for the content or privacy policies of websites we do not own or control, and our privacy policy does not apply to third party websites. We recommend that you review the privacy policies for third party websites to understand how your personal data is used and stored by those websites.

14. Updates to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Sites, prior to the change becoming effective and update “effective date” at the top of this Privacy Policy. We recommend that you review this page periodically as these policies are subject to change.

15. Contact Us

For questions or comments regarding this Privacy Policy or your information, we can be contacted via the methods listed below:

Have any questions?

For questions or comment we can be contacted via the methods listed below:

Email us at legal@projectworks.io

Write us at PO Box 248, Wellington 6140, New Zealand