ClickSoftware® Cloud Service Privacy Policy

LAST UPDATED: July 2, 2019

This is the privacy policy (“Privacy Policy”) that governs how we, ClickSoftware Technologies Ltd., and our affiliated companies ("ClickSoftware", "we", "our" or "us"), use Personal Data (defined below) that we obtain from our clients (“Clients”) who are using our cloud products and services, including our mobile software applications that are used in conjunction with our cloud products (collectively, our “Cloud Service”). It explains what Personal Data we receive and collect about

(i) our Clients and their personnel (“Personnel”); and

(ii) the customers of our Clients ("End Customers"), and how we use, process, retain and transfer such Personal Data.  

1. Introduction. We are committed to respecting privacy and recognize the need for appropriate protection and management of any Personal Data that is shared with us as part of using our Cloud Service. As used in this Privacy Policy, "Personal Data" means any information that may be used, either alone or in combination with other information, to personally identify an individual, including, but not limited to, a first and last name, a phone number, an email address and other contact information.

2. Modification. We reserve the right, at our discretion, to change the terms of this Privacy Policy at any time. Such change will be effective ten (10) days following the earlier of:

(i) our posting of the revised Privacy Policy on our website www.clicksoftware.com (the “Site”); or

(ii) an email notification to our Clients. You can tell when the Privacy Policy was updated by reviewing the Last Updated legend on the top of this page.

3. Our collection and receipt of Personal Data. We may receive or collect Personal Data in the following ways:

3.1. Client Account Set-Up and Account Use: As part of setting up and maintaining a Client account to use the Cloud Service we may collect certain Personal Data that a Client chooses to provide about its Personnel. Such Personal Data may include a user ID, name, email address, phone number, address, information about a Personnel’s skills and professional experience, and other Personal Data that the Client chooses to make available in connection with its, and its Personnel’s, use of the Cloud Service. In order to access and use the Cloud Service, a separate user name and password will be created for individual Personnel.

3.2. Location Based Services and Personnel: Some of our Cloud Service products (each a “Location Based Service”) are dependent on data related to the geographic location of the mobile device on which the Cloud Service is being used by Personnel. ("Location Data"). We use various technologies to determine location, such as global position system (GPS) signals, Wi-Fi access points, and cell tower ids. If you choose to use these Location Based Services, you consent to our use of Location Data. If you don’t want us to receive your Location Data, you should be able to use the settings on your mobile device to turn off location-sharing features. Please be aware though, that if you choose to turn off device location-sharing features, you may not be able to use our Location Based Service and your (and our Client’s) use of the Cloud Service may be negatively impacted. Please consult with your employer or organization before turning off any device-based location services.

3.3. Personnel Mobile Device Data: In addition to Location Data, we may collect other limited information from the mobile device of Personnel who are using our Cloud Service. Such information may include the Personnel’s user name, mobile device type, mobile device id, the date and time stamps of Cloud Service usage, and browser information.

3.4. End Customers: As part of providing our Cloud Service to a Client, we may collect certain Personal Data that a Client chooses to provide about its End Customers. Such information may include an End Customer’s name, email address, phone number, fax number, and other Personal Data that the Client chooses to make available in connection with its use of the Cloud Service.

3.5. Log Files: Our Cloud Service may make use of log files. The information inside the log files may include internet protocol (IP) addresses, application times taken to process Cloud Service user requests, Cloud Service user action details along with input parameters for debugging, Device IDs, public telephone numbers (PTNs), browser types, date/time stamps, referring/exit pages, clicked pages and any other information that a browser may send to us.

3.6. Cookies: The Cloud Service may utilize session "cookies" for authentication validation purposes. A "cookie" is a small text file that may be used, for example, to authenticate access to the Cloud Service. Most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser. Please be aware that if you choose to block a cookie, your login attempt to the Cloud Service may be unsuccessful.

4. The Ways We Use Personal Data.

4.1. Personal Data Used to Administer the Cloud Services: We only use the Personal Data of a Client and its Personnel as necessary to provide the Cloud Service to the Client or to comply with any applicable law, regulation, legal process or governmental request. For example, we use Personal Data of a Client and its Personnel to

(i) contact the Client relating to the Cloud Service,

(ii) administer the Client’s account and settings, and

(iii) to identify and authenticate the Client's and its Personnel’s access to our Cloud Service.

4.2. Personal Data Processed on Behalf of Clients: We process Personal Data collected from the Cloud Service on behalf of our Clients and in accordance with our Clients’ lawful instructions. Although our Clients are responsible for determining the purposes and lawful basis for processing Personal Data through the Cloud Service, we offer a variety of tools to enable our Clients to minimize the impact of the Cloud Service on their Personnel’s and End Customers’ privacy. For example, we enable Client administrators to limit the amount of data (including Personal Data) collected and processed by various modules, including analytics and audit trail modules. As another example, we provide Clients with strict and granular access controls to limits access to Personal Data to only those with a need for such access. We strongly advise you to review notices provided by our Clients to determine how Clients process Personal Data using the Cloud Service.

5. The Ways We Disclose Personal Data.

5.1. Affiliates: We may transfer Personal Data to the subsidiaries and affiliated companies (each an “Affiliate”) that are within the ClickSoftware group of companies, but only for the purpose of providing our Cloud Service. Such information may be transferred to other countries around the world in which we have Affiliate offices, including England, Germany, India, USA, Israel and Australia. Our Affiliates are required to process any such Personal Data in compliance with this Privacy Policy. Notwithstanding the foregoing, we will comply with applicable laws regarding Personal Data transfers as well as any transfer restriction that is specified in a specific Cloud Service Agreement between ClickSoftware and a Client. To the extent that our Affiliate offices are not located in countries which the European Union considers as providing an adequate level of protection for Personal Data, such as Israel, we rely on other adequacy mechanisms for data transfers such as, with respect to the United States, the Privacy Shield (see Section 10) or the Standard Contractual Clauses.

5.2. Our Third Party Providers: We may transfer Personal Data to our third party service providers and partners (for example, a third party server hosting provider for hosting storage purposes), but only to assist us with our business operations and to enable us to provide our Cloud Service. Such information may be transferred to other countries around the world. Notwithstanding the foregoing, we will comply with applicable law regarding Personal Data transfers as well as any transfer restriction that is specified in a specific Cloud Service Agreement between ClickSoftware and a Client. We use commercially reasonable efforts to only engage or interact with third party service providers and partners that post a privacy policy governing their processing of Personal Data.

5.3. In the Event of Merger, Sale, or Change of Control. We may transfer or assign this Privacy Policy and any Personal Data to a third party entity that acquires or is merged as part of a merger, acquisition, sale, or other change of control.

5.4. Other Disclosures: We may disclose your Personal Data or any information that is submitted to us via the Cloud Service if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to:

(i) comply with any applicable law, regulation, legal process or governmental request;

(ii) enforce our Cloud Service Agreement, including investigations of potential violations thereof;

(iii) detect, prevent, or otherwise address fraud or security issues; or

(iv) protect against harm to the rights, property or safety of ClickSoftware, our users, or the public.

6. Anonymous Information. We may use Anonymous Information (defined below) or disclose it to third party service providers, to provide, improve and develop our Cloud Service, including to analyze trends and gather demographic information. "Anonymous Information" means information which does not enable identification of an individual user, such as aggregated information, about use of the Cloud Service.

7. Push notifications. If you access the Cloud Service while using your mobile device, you may receive push notifications from ClickSoftware or your employer/organization. If you don’t want to receive push notifications, you should be able to use the settings on your mobile device to turn off push notifications for a specific mobile application. Please be aware though, that if you choose to turn off push notifications, your (and our Client’s) use of the Cloud Service may be negatively impacted. Please consult with your employer or organization before turning off push notifications.

8. Your Rights

8.1. Clients. As a controller of the Personal Data of our Clients, we take steps to help ensure that our Clients are able to exercise their rights regarding Personal Data in accordance with applicable law. Our Clients may log into their Cloud Service account and use the Cloud Service tools to access or correct a material inaccuracy in certain Personal Data that we may be storing. If a Client would like to access, amend, delete, export, or object to or restrict the processing of any other Personal Data that we may be storing, the Client may submit a request to privacy@clicksoftware.com. The email should include adequate details of the request. We will promptly review all such requests in accordance with applicable laws.

8.2. End Customers and Personnel. We process Personal Data of our Clients’ End Customers and Personnel on behalf of our Clients and in accordance with their instructions. Thus, if End Customers or Personnel would like to exercise their rights concerning Personal Data processed through our Cloud Service, such individuals should reach out to the Client who collected the Personal Data directly. If you need help contacting one of our Clients, please let us know and we are happy to help connect you if we can.

8.3. Right to Contact Supervisory Authority. Depending on where you live, you may have a right to lodge a complaint with a supervisory authority or other regulatory agency if you believe that we, our Clients, or a third party have violated any of the rights concerning Personal Data about you. We encourage you to first reach out to us at privacy@clicksoftware.com, so we have an opportunity to address your concerns directly before you do so.

9. Links to Other Sites and Third Party Advertisements. Third party advertisements may appear on some pages of the Cloud Service, for example on the Cloud Service account log-in page. Such third party advertisements, and other parts of the Cloud Service (for example, the Cloud Service account log-in page) may also contain links to third party websites and services that are not owned or controlled by ClickSoftware. We are not responsible for the privacy practices or the content of third party websites, services and advertisements, and you visit them at your own risk.

10. Personal Data Transferred from the EU or Switzerland To The United States. ClickSoftware complies with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework (collectively, “Privacy Shield”) as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data from European Union (the “EU”) member countries and Switzerland. ClickSoftware has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. A violation of our commitment to Privacy Shield may be investigated by the Federal Trade Commission and/or the United States Department of Commerce. If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, to the extent available, please visit https://www.privacyshield.gov. In compliance with the Privacy Shield Principles, ClickSoftware commits to resolve complaints about your privacy and our collection or use of Personal Data about you. Persons from the EU or Switzerland who have inquiries or complaints regarding this Statement should first contact us via email at: privacy@clicksoftware.com. ClickSoftware has committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint. These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel. In cases of onward transfer to third parties of data of EU or Swiss individuals received pursuant to the Privacy Shield, ClickSoftware is potentially liable.

11. Security. The security of Personal Data is important to us. We follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect Personal Data, we cannot guarantee its absolute security. Additional information about our Cloud Service security practices is available at: https://www.clicksoftware.com/cloud-service-security/.

12. Retention: We may retain any Personal Data and other Cloud Service-related data in order to:

(i) fulfill the purposes that are described in Section 4 (The Way We Use Personal Data) of this Privacy Policy, and

(ii) to comply with applicable law. Our specific retention practices vary depending on the type of data. For example, we retain location data only for 30 days, analytics data for three months (unless Clients set a different retention policy), audit trail data for one year, and pseudonymized data, which is used for our predictive field services, for five years in keeping with predictive best practices.

13. Children's Privacy. Our Cloud Service is not structured to attract children under the age of 18. Accordingly, we do not intend to collect Personal Data from anyone we know to be under 18 years of age.

14. How We Respond to Do Not Track Signals. ClickSoftware does not track Cloud Service users over time and across third party websites to provide targeted advertising. Accordingly, we do not currently respond or take any action with respect to web browser "do not track" signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information about an individual consumer's online activities over time and across third party web sites or online services.

15. Contacting Us and our Privacy Officer. Any comments, concerns, complaints, or questions regarding our Privacy Policy may be addressed to the ClickSoftware privacy officer (“Privacy Officer”) at privacy@clicksoftware.com.