In order to provide you services, Wevalgo might need to collect and process data and/or some of your personal data.
As data processors and in some instances data controllers, we take security and your data seriously at Wevalgo. As well as complying with the General Data Protection Regulation 2018 we adhere to strict security protocols (see section 6). Certain areas of the Wevalgo website may require the use of a user ID, e-mail address or password, as an additional security measure that helps protect your information.
We empower all our customers to control their data through their account. As long as your account is active, you have full control over the specific types of data, and length of time you hold such data.
2. Information we collect about you
Who are “you”?
You may be accessing Wevalgo products in different forms, however in general you will fit in one of the following three categories.
- Account holder:
You hold an account within Wevalgo that allows you to directly create content which could be responding to one of our services and tools, commenting on, reviewing or creating your own services and tools within an account. You may also from this same account set up or be invited to work collaboratively as a team. The Team creator can assign rights, viewing rights and permissions of each team member.
You have received an invite to participate in a service or tool powered by Wevalgo in which you are either invited as a viewer or to create content by responding to one of our services and tools.
- Website Visitor:
You are visiting our website without necessarily having an account.
Information we may collect about you.
- Contact Information (for example an email address).
You might provide us with your contact information, whether through use of our services, a form on our website, or simply through interaction with our team.
- Usage information.
We collect some usage information about you when you interact with our websites and services. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, and so on.
- Device and browser data.
We collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type.
- Log Data.
Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.
For account holders specifically, we also collect:
- Registration information.
You need a Wevalgo account before you can use Wevalgo services. When you register for an account, we collect your first and last name, username, password and email address.
- Billing information.
If you make a payment to Wevalgo, we require you to provide your billing details, a name, address, email address and financial information corresponding to your selected method of payment
Use of some of our services will also result in us collecting the following data on your behalf:
- Services and tools data.
We store your Data responses from our services and tools available to you as services. Any data inputted by yourself or invitee, in order to provide analysis tools for you to use with respect to this data.
Some services are benchmarkable and for these we will collect data which will vary depending if you are a person (such as: age, occupation/position, name of organisation, location, size of organisation) or business (such as: occupation/position, name of organisation, location, size of organisation (revenue, number of employees).
- Contact form
If you want to get in touch with us regardless of who you are, we would like to collect some information in order to better answer your queries and improve our services, this will include apart from the nature of query and query itself: name, email, country, job title, organisation, and telephone.
If you provide data or personal data from third parties data subjects through our Wevalgo platform, you need to have previously obtained the rights to do so by the data subject. You hereby warrant Wevalgo that you have the right to include such data or personal data on our platform, and thus divulging it to us, against any claim to the contrary by third parties.
3. How we use the information we collect
Whether you are an account holder, invitee or just a visitor the below section describes how, and why, we use the information we collect. In the case of invitees and visitors less information is gathered (for example billing information is not gathered).
We process personal data about you either with your consent or to:
- Fulfil our responsibility to deliver the services to you;
- To pursue Wevalgo interests of:
- Understanding our market and customers
- improving the service experience; and
- developing new products and service features.
The information we process is to pursue our legitimate interests. We are clearly placing limitations on each of the collection points to ensure your privacy is respected and we use only the necessary information to achieve these.
- Contact Information.
We use contact information to respond to your inquiries, send you information as part of the services, and possibly in the future send marketing information.
- How you use our services.
We use information about how you use our services to improve our services for you and all users.
We will look at the services and tools you use to continually improve them and our content and layout.
- Device data.
We use device data both to troubleshoot problems with our service and to make improvements to it. We also infer your geographic location based on your IP address.
- Log data.
We use log data for many different business purposes to include:
- To monitor abuse and troubleshoot.
- To create new services, features, content or make recommendations.
- To track behaviour at the aggregate/anonymous level to identify and understand trends in the various interactions with our services.
- To fix bugs and troubleshoot product functionality.
- Service and Marketing uses.
Profiling. We may combine information about you from third party sources with information we hold about you to create a user profile, which will help us to make our sales and marketing efforts more relevant to you and to personalize and improve your service experience. We will only use your Data for automated profiling purposes if you expressly agree to it.
To manage our services, we will also internally use your information and data, for the following limited purposes:
- To enforce our agreements where applicable.
- To prevent potentially illegal activities.
To respond to legal requests, for accounting purposes or prevent fraud, we may need to use and disclose information or data we hold about you. If we receive a valid legal request, we may need to inspect the data we hold to determine how to respond.
We collect and use the following data on the basis that we have to use this information in order to fulfil our contract with you:
- Your Account Information.
We need to use your account data to run your account, provide you with services, bill you for our services, provide you with customer support, and contact you about your service or account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies). You cannot opt out of these communications since they are required to provide our services to you.
- Your Profile.
We process other aspects of your account information for legitimate interests like providing you with a personalized experience and relevant and useful marketing information as well as to make other product, feature and service recommendations to you to optimize your use of the services we offer.
You can object to us using your data as described above but our ability to fully and properly provide our services to you may be impacted if you do not want us to collect or use the above data.
In relation to data collected in our services and tools:
In general data collected in our services and tools are controlled and managed by the account holder who sent or deployed the service. In those instances, Wevalgo is only processing those responses on behalf of that account holder, as a data processor and not data controller. Correspondingly, that account holder is responsible for the content it collects and must ensure that you they have all the rights and permissions needed to use that content in connection with the services. The account holder is considered the data controller under GDPR rules.
Wevalgo has put processes in place to work with account holders to ensure they are aware of the obligations as data controllers (especially relevant for those doing so which may fall under GDPR rules).
We do provide a service, which is defined as benchmark which allows for analysis on data in two ways:
“Data comparisons”: this allows account holders to compare data across all services they have purchased, by organisation, project time or other data sets. This is only relevant for data they have acquired in their capacity as a controller of this data. When shared teams have multiple account holders, it is still the same account holder who sent or deployed the service who controls the data in addition to controlling the rights and permissions of those invited to participate in the team.
“Wevalgo Benchmark”: This is when we gather answers and content on an aggregated and anonymized basis to provide useful and insightful trends and comparisons. In case that not enough data is collected to provide a fully anonymised Wevalgo benchmark, we do not provide the “Wevalgo benchmark”. We consider that less than 10 data points is not enough to provide benchmark data on a single measure in any possible split or analysis.
Information we may collect about you.
- No anonymity – The participants name can / may be found or displayed in the results.
- Only service mangers – Answers and results remain anonymous to other participant; the service manager and creator can have access to participants name (linked to answers)
- Only external managers – As per above but only external (to the organisation) service users can have access to participants name (linked to answers) – designed for consultants
- Answers remain anonymous
Account holders and service creators can decide to collect responses anonymously or to track participants. They may invite participant either in an:
“open” basis: when the service is created, a link is generated. This can then be shared by the creator to anyone to participate (restricted in number by the options) – participant will be notified that they are free to input their name or not if they wish to remain anonymous
or “strict” basis: where the service creator defined the participants by name and email – only these invitees will be able to participate – The service creator will be notified which of these participants has started and completed the evaluation
In both cases the service creator will have the ability to assign a degree of anonymity to respondent answers through the following options:
Note that personal information can be collected in two way: (1) by expressly asking respondents for personal details in a service and (2) by configuring the service anonymity options to collect certain information as described above.
We also remind you that service creators may have their own privacy policies which apply to services and content that they create using our services and that details how they handle your personally identifiable information.
We encourage you to read any such policy, or to contact the service creator directly to ask them any questions about their privacy practices.
If the service creator has not disclosed the collection method in the introduction of the survey, please contact them to verify if the response is anonymous.
4. Information you share
Many of our services may let you share information with others. Remember that when you share information publicly, it can be indexable by search engines. Our services provide you with different options on sharing and deleting your content, but we cannot delete content from search engines, so you need to be careful about information you make public.
We are not responsible for any data or information that you decide to share. You must ensure that you agree to disseminate such data or information to third parties, and their privacy policies, prior to doing so.
- Information we share: Partners and Integrations
We do not share your information or data with third parties outside Wevalgo except in the following limited circumstances:
- If you are an account holder that is part of an organisation team using Wevalgo, your account information and data will be shared with the primary administrator(s) and your data may also be visible to other members in your team with whom you share your services and tools or with whom you collaborate.
- To help us provide certain aspects of our services we use our affiliates and trusted key partners – in particular, we engage third parties to:
- Facilitate customers in making credit card payments. Our partners are the following companies:
- Help us track website conversion success metrics. Our partners are not yet defined but will be included in this document when such tracking begins.
- Host our website in secured and world class facilities. Our partners are the following companies:
- In motion hosting
We may also have relationships with Companies located in the US. In this case we always ensure our partners confirm they comply with the terms of the Privacy shield and therefore the same standard of EU law.
We enter into confidentiality and data processing terms with partners to ensure they comply with high levels of confidentiality and best practice in privacy and security standards.
- We also have to share information or data, on the basis of legal, regulatory or judicial requests, in order to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable policies, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of our users, the public or to Wevalgo and/or as required or permitted by law.
- To make our site easier to use.
Account holder: if you use the “Remember me” feature when you sign into your account, we store your username in a cookie to make it quicker for you to sign in whenever you return to Wevalgo.
- For security reasons.
- To track the functionalities of the content and tools and diagnostics as part of continuous improvement of services.
- For legitimate marketing reasons to ensure that as we grow we can understand customer profiles and ensure we can target and market our products efficiently and effectively.
The following cookies will be installed upon your visit:
Name of the cookie
Type of cookie
Technical cookies cannot be refused as they are necessary to provide the services. Commercial cookies of any kind may be refused.
Cookies will be installed for a maximum duration of thirteen (13) months.
You may delete or prevent the installation of cookies as follows:
- By refusing their installation on your first visit on the website.
- By deleting them on your browser, as follows:
- Google Chrome : https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
- Internet Explorer : https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
- Mozilla Firefox : https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari : https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac
At Wevalgo we take security seriously, it forms a core part of our development strategy. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.
Despite best efforts, it must be stated that no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Wevalgo learns of a security breach, we will notify affected users so that they can take appropriate protective steps. We will also notify the information commissioner’s Office (ICO) as soon as possible (in any case earlier than seventy-two (72) hours from discovery of such breach)
As well as working with our trusted partners who work with best in class equipment and techniques in fraud & hacking prevention. Some of the ways we can mitigate this is by implementing preventive tools such as, amongst others, parameter and data encryptions, Cross site Request Forgery tokens, Cross-site Scripting and SQL protection amongst other forms of security.
The website uses an SSL certificate with a 2048 bit signatures which provides up to 256 bit encryption of customer data.
Development & Testing and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
Keeping your data secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.
Logging and Monitoring
Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized Wevalgo personnel. We will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.
7. Data Retention
If you hold an account with Wevalgo we do not delete the data in your account – you are responsible for and control the time periods for which you retain this data. If you delete your account with Wevalgo, your data will be fully deleted or anonymized forty-five (45) days from the date of deletion of your account, and we will not be able to provide a backup.
We may keep some of your data in an anonymized manner, in order to enrich our analysis model. Such data does not allow us to identify any data subject and is therefore no longer considered personal data.
Wevalgo may terminate your account and delete or anonymise any content or data contained in it if there is no account activity (such as a log in event or payment) for over eighteen (18) months.
If you are an invitee, you will need to ask the account holder that invites you how long your responses will be stored in Wevalgo services. If you are part of a shared team, you will need to ask the account holder that invites you how long your responses will be stored in Wevalgo services. If you wish for your data to have your data forgotten, you will need to contact us through the Wevalgo contact form.
8. Safety of Minors
Our services are not intended for and may not be used by minors. “Minors” are individuals under the age of eighteen (18) (or under a higher age if permitted by the laws of their residence). Wevalgo does not knowingly collect personal data from Minors or allow them to register. If it comes to our attention that we have collected personal data from a Minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us.
You will need to read these changes and accept them by ticking a box to this effect.
If you do not agree with these changes, you must delete your account and no longer use our services.
10. Changes of Business ownership and control
11. Your rights and exercising your rights
As a user you have certain legal rights to obtain information about whether we hold personal information about you, to access personal information we hold about you, and to obtain its correction, update, amendment or deletion in appropriate circumstances. Some of these rights may be subject to some exceptions or limitations. We will respond to your request to exercise these rights within a reasonable time (and in all cases within thirty (30) days of receiving a request).
Rights which you are entitled to are:
- Data access rights
- Right to restrict processing
- Right of Rectification
- Right to Erasure (Right to be Forgotten)
- Right to object to processing
- Right to withdraw consent; and
- Data portability rights
Our Contact Information for Privacy Inquiries is through our contact form on our website, please select “Privacy and data enquiry”, as a topic so we ensure this is picked up asap.
If you are resident in the European Union and you are dissatisfied with how we have managed a complaint you have submitted to us, you are entitled to contact your local data protection supervisory authority.