Privacy Policy

This privacy policy describesInformation we collect from customer companyPersonal data we collect from employee usersPayment informationTechnical and usage informationCookies and automated information collectionOther sourcesHow we use the information we collectLaw enforcement and internal operationsBusiness transferThird-partiesHow is my data protected?GDPR complianceChanges to privacy policyQuestions?

This website is operated by Nreach Online Services Private Limited, a Private Limited Company also refererred as Xoxoday (“we”,”us” or “our”).

This privacy policy (“Policy”) explains how we collect, use and disclose information about our users when you use our mobile application (the “App”), our Web site (the “Site”) and other online products and services that link to this Policy (collectively, the “Service”). We refer throughout this Policy to our users as “User,” “you,” or “your,” and we also refer to users as, “Potential Customers” to denote those visiting or site or requesting information regarding our Services, “Customer Company” to denote our organizational customer, and “Employee User” to denote individual employees of Customer Company who are users of the App, the Site, and the Service through their employer. By using the Service, you consent to our collection, use and disclosure of your personal information as described in this Policy.

We take your privacy seriously. If you have any questions about this Policy or about privacy at Xoxoday, please contact us at privacy@xoxoday.com.

This privacy policy describes:

The information We collect, how We do so and the purposes of our collection

How We use and with whom We share such information

How you can access and update such information

The choices you can make about how We collect, use and share your information

How We protect the information We store about you

Aggregate or scrape any content, data or other information from the Website to be aggregated or shown with material from other sites or on a secondary site without our express written permission;

If you access our Services from a third party site, you may be required to also read and accept the third party’s terms of service and privacy policy.

Information we collect from customer company

When a Customer Company indicates interest in our Service, we collect the following information via our sign-up form: full name, email address, company name and phone number. We collect this information through a landing page which an interested Customer Company might access through forms on various directory services detailed in our Third Party Provider.

Personal data we collect from employee users

We collect certain human resource (“HR”) information, and other information about Employee Users, from the Customer Company, and at the Customer Company’s option, such as: full name, email address, phone number or any other information that may be required from time to time. This Data is provided by the Customer Company’s HR department directly or indirectly by allowing Xoxoday to connect customer systems like HRMS, Single sign on systems etc, and is loaded and maintained in our system to allow for analytics. As noted above, we collect certain HR information about Employee Users directly from the Customer Company. When Employee Users answer surveys or engage in conversations with peers on the App, Site, or System by voting on surveys or engaging in text conversations between peers, we collect employee opinions from Employee Users. Employee User votes or comments are connected to their authors.

When a User visits our Site, we use certain tracking data (“Tracking Information”). We use Google Analytics and Freshdesk for Tracking Information.

The following Tracking Information is collected: email address, device ID, IP address. We collect your email address, IP addresses and device information, directly through inclusion of their sdk/pixel or any other information which may be required from time to time. Tracking Information is collected via the Site and our web-applications, as well as via our iOS and android implementations.

Payment information

If a third party is not paying for the service on your behalf, We will collect the billing and financial information necessary to process your charges for XOXODAY Services which require payment, which may include your postal and e-mail addresses. XOXODAY may also receive the billing and payment information that you provide when your purchase is processed by another party, such as Paypal etc. Our Terms of Service explain our policies and terms relevant to our charges and billing practices. Please note that establishing an account with a third party payment processor, like Paypal etc, may also be subject to additional policies

Technical and usage information

When you access our websites or use our Services, We collect (i) certain technical information about your mobile device or computer system, including IP Address and mobile device ID; and (ii) usage statistics about your interactions with the Service. This information is typically collected through the use of server log files or web log files (“Log Files”), mobile device software development kits and tracking technologies like browser cookies to collect and analyze certain types of technical information. Some of the cookies the Service places on your computer are linked to your user ID number(s).

Cookies and automated information collection

When you access the Service, We collect certain technical information in order to (i) analyze the usage of our sites and services; (ii) provide a more personalized experience; and (iii) manage testimonials.

You can set your web browser to warn you about attempts to place cookies on your computer or limit the type of cookies you allow.

Other sources

We may collect or receive information from other sources including third party information providers. This information will be used to supplement your profile - primarily to help you and your friends connect. It will be combined with other information We collect.

How we use the information we collect

In general, We collect, store and use your information to provide you with a safe, smooth, efficient, and customized experience. For example, We may use information collected from you in any one or more of the following ways:

Provide, maintain and improve our Service;

Provide and deliver the Service Customer Company requests and configures, process transactions and send you related information, including confirmations;

Investigate system issues that impact our ability to provide the Service to Users;

Send you technical notices, updates, confirmations, security alerts and support and administrative messages;

Respond to your comments, questions and requests and provide customer service;

Communicate to Customer Companies with you about products, services, offers, promotions, rewards and events offered by Xoxoday and others, and provide news and information we think will be of interest to you;

Monitor and analyze trends, usage and activities in connection with our Service and improve and personalize the Service;

Personalize and improve the Service, content or features that match user profiles or interests;

Link or combine with information we get from others to help understand your needs and provide you with better service; and

Connect you with other users in your Contacts.

We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:

Law enforcement and internal operations

Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against Xoxoday or to comply with the legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes; or (iv) to protect the rights, property or safety of Xoxoday, its users or members of the general public. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defences or objections that you may have to any third-party request to compel disclosure of your information.

Business transfer

Xoxoday may sell, transfer or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Under such circumstances, Xoxoday will use commercially reasonable efforts to notify its users if their personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.

Third-parties

We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc. We necessarily have to share your Personal Data with such third-parties as may be required to perform their functions. We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum(s), EU Model Clauses and/or ensuring these third-parties have EU-U.S. and Swiss-US Privacy Shield certification.

How is my data protected?

We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. For example:

SSL encryption (https) where we deal with personal data. Personal Data is encrypted in transit using https/ssl/tls and encrypted at rest. Our database is encrypted and data transferred via sftp is encrypted using PGP.

Password protection on your account.

Rotating verification codes to access by some parties

Data is kept on secure, encrypted servers.

Restricting staff access to Personal Data, protected by password logs and two factor authentications.

Non-Disclosure Agreements with vendors

Regular staff privacy and security training

GDPR compliance

Our Services involves the processing of Personal Data on behalf of our Customer Companies. When we do so, we are acting as processors for the controllers of such data. As such, we take steps to ensure that Personal Data subject to GDPR is processed in accordance with controller instructions and GDPR; such as entering into a Data Processing Addendum incorporating EU Standard Contractual Clauses governing the processing, transmission and use of such Employee User Personal Data. Customer Companies determine what data on Employee Users are collected and how it is used. If you wish to exercise your data subject rights to review, rectify, delete or port your Employee User Personal Data, please contact the controller to make such request. If you make the request to us, we will work with the controller to process and evaluate such request to confirm whether deletion is required by GDPR.

Changes to privacy policy

If any of the above conditions in this Agreement is deemed invalid, void, or for any reason unenforceable, that condition will Xoxoday reserves the right to amend this Privacy Policy at any time. If Xoxoday makes material changes to its Privacy Policy, we will notify you by (1) changing the Effective Date on our Privacy Policy and provide additional notification either (1) via email or other means as we may deem commercially reasonable.be deemed severable and will not affect the validity and enforceability of the remaining Agreement.

Questions?

If you ever have any questions about our online Privacy Policy, please contact us. We respect your rights and privacy and will be happy to answer any questions or concerns you might have. You may direct any such questions to our Data Protections Officers via email at privacy@xoxoday.com