Effective Date
July 27, 2021

For prior version, please click here

Freshworks is committed to protecting your privacy. This Privacy Notice (“Notice”) describes how Freshworks processes personal data in connection with our business, including the provision of our website at (https://www.freshworks.com/) (“Website”) and our Services.

This Notice explains Freshworks’ approach to any Personal Data that we might collect from you, or which we have obtained about you from a third party, and the purposes for which we process your Personal Data in our capacity as a Controller (i.e. when Freshworks determines the purposes and means of the processing of personal data). It also describes your rights in respect of our processing of your Personal Data.

This Notice only applies to the use of your Personal Data by us or on our behalf. It does not apply to:

DEFINITIONS

The capitalized terms used in this Notice are defined in Annex 1.

QUICK LINKS

We recommend that you read this Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Notice, you can click on the relevant link below to jump to that section.

WHO IS THE DATA CONTROLLER? WHO WE COLLECT PERSONAL DATA ABOUT? WHAT PERSONAL DATA DOES FRESHWORKS COLLECT, HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE RELY ON?

4. WITH WHOM DO WE SHARE PERSONAL DATA?

5. INTERNATIONAL TRANSFER OF DATA

6. HOW DOES FRESHWORKS KEEP PERSONAL DATA SECURE

7. EEA AND SWISS SPECIFIC RIGHTS

8. CALIFORNIA-RESIDENT SPECIFIC RIGHTS

9. BRAZILIAN GENERAL DATA PROTECTION LAW (LGPD)

10. OPTING OUT PROCEDURE

11. OTHER COMMUNICATIONS

12. RETENTION OF PERSONAL DATA

13. LINKS TO THIRD PARTY SITES

14. GOOGLE API DISCLOSURE

15. CHILDREN'S PERSONAL DATA

16. AMENDMENTS

17. EFFECT OF MERGER OR ACQUISITION

18. CONTACTING FRESHWORKS 

2. WHO WE COLLECT PERSONAL DATA ABOUT

We collect and process Personal Data about the following people:

we may collect and process your Personal Data in connection with our provision of those Services to you, our receipt of those Services from you and/or our partnership. This may include Personal Data included in any email or telephone communications or recorded on any document relating to an order for the Services.

We also make available a Market Place platform where individuals can download applications developed by Freshworks or by third parties (the “Applications”). This Notice will apply to our processing of your Personal Data during your use of the Applications when the Applications are provided by us, and the Application shall include a link to this Notice. When Applications are provided by a third party, the privacy statement of the relevant third party will apply.

Hosted Data

Some of our Services include processing of data on behalf of our Customers in relation to applications, tools or software that we provide (“Hosted Data”). Save for the limited circumstances set out in this Notice, we are not the data controller of this Hosted Data as we do not determine the purposes or the means of the processing. If you believe your Personal Data is being processed by us in this way you should refer to the privacy notice of the data controller on whose behalf we are acting. 

3. WHAT PERSONAL DATA DOES FRESHWORKS COLLECT, HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE RELY ON?

What Personal Data we collect and how we use your Personal Data What legal basis do we rely on to process your Personal Data 
A) Personal Data we collect directly from you (“Collected Data”)
Purpose: providing you with the Services We may use your Personal Data for the following purposes when providing our Services:
  • administering your account (including when you subscribe and sign-up to any of our Services), assessing the needs of your business to suggest suitable Services and respond to service requests, questions or concerns. 
  • facilitating your transactions with other users when you use our Services.
  • to prevent or respond to any misuse of our Services or Applications or any violations of our Terms and any applicable laws.
  • collection of subscription fees.
The data processed includes: 
  • contact information such as name, e-mail address, mailing address, IP address, geographic location, or phone number of the Account admin; 
  • billing information, such as credit card number and billing address details about payments made between you and us; details of Services purchased from us; 
  • name and e-mail address when Account admin/Agent(s) provide feedback from within the Service(s); 
  • unique identifiers, such as username, account number or password
  • your feedback and survey responses; and
  • the content of any messaging you send us in a service request, question or concern including via email, telephone or via the Website.
We process your Personal Data for these purposes based on our legitimate interests or a third party’s legitimate interest to ensure we provide our Services in an effective, safe and efficient way.  Where we process your Personal Data to administer your account, or to the extent necessary to collect your subscription fees, we do so for the purposes of our contract with you.
Purpose: Recruitment, Freshworks Careers.  When you apply for an open position by either populating the application form, by email or by hard copy and whether submitted directly by you or by a third-party recruitment agency on your behalf, we will use such data to evaluate you for the open position that you have applied for or any position that we consider you suitable for at the time you submit your resume or at any later date. For the purposes of evaluating you for an open position, you understand that we may internally rate you based on parts of your resume and your information. If you do not wish to be rated by us, please do not provide us your information. The data processed includes: 
  • contact information, such as name, email address, mailing address, phone number, and (subject to local laws) links to your social networking profiles;
  • any other information you volunteer, including during any interview or your interactions with us and contained in the resume that you submit to us;
  • personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation (and subject to local laws), recruitment agencies, background check providers, credit reference agencies and your referees; and
  • details of your education, qualifications and employment history, any other personal data which is contained in any reference about you that we receive. Such information may also include special categories of personal data (such as information about your health, any medical conditions and your health and sickness records) and information relating to criminal convictions and offences (only if that information is relevant to the role you are applying for and subject to local laws).
Subject to local laws, we may also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit. We will retain data from applications for a limited period for record keeping and legal (or, subject to local law, regulatory) purposes. We may (subject to laws in your jurisdiction) also retain your data in order to contact you if a role arises for which we think you would be suitable. Further information about this will be provided during the application process and we will ask for consent where necessary according to local law.
Where we use your Personal Data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions.  We will not process any special (or sensitive) categories of Personal Data or Personal Data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.
Purpose: Freshworks hosting or managing Events and programs. From time to time, we may organize and host events for the purpose of promoting our business or other reasons. The data processed includes:
  • We may process your name, email address, designation and company name to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you.
  • When you attend an event conducted by Freshworks, including webinars or seminars, we may collect your contact information such as name, e-mail address, phone number, designation and company name to record your attendance at the event and for related record-keeping purposes.
  • If you attend any user conferences hosted by us at physical location where we serve food and other refreshments, we collect information about your food preferences and allergies.
  • You may also feature in photographs taken at our events and such photographs may appear in publications that we make available.
When you register for any of our programs through a registration form on our Site, we may collect information such as your name, e-mail address, company name, designation, company website URL, IP address, location and contact information.
It is necessary for us to use your Personal Data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use Personal Data in such a way to ensure that the event is operated in a secure and effective way. We may specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event. Where this is the case, our processing of such Personal Data will be based on consent (or,  if we enter into a contract with you for this purpose,  on the performance of said contract)
Purpose: Prize draws, prize competitions and other promotions.  
  • From time to time, we may run prize draws, prize
  • competitions and other promotions on our Site and/or on our social media accounts.
The data processed includes:
  • For the purposes of administering such promotions, we may process:
  • your name, e-mail address, company name, designation, company website URL, IP address, location and contact information, banking details;
  • information about when your current or previous sessions started, IP address; browser type and operating system; geolocation, any other unique numbers assigned to a device and other data that is collected through your interactions with third party websites and services; and
  • any other personal data volunteered by you or that we ask for in relation to your promotion entry. 
  Our promotions are subject to separate terms and conditions, which you may be required to accept as a condition of entry.
It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you (e.g. the promotion terms and conditions) or it is in our legitimate interest to use your personal data to enable us to administer our promotion fairly and effectively and to ensure that we comply with self-regulatory codes governing the operation of promotions.
Purpose: Participation in Public forums, Community platform, Forms and using of your statements for testimonials. When you visit or register our publicly accessible community forums and blogs or submit any forms on our Site, you should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We may post your testimonials/comments/reviews on our Websites which may contain your Personal Data. The data processed includes:
  • contact information such as name, e-mail address, mailing address, or phone number;
  • information about your business, such as company name, company size, business type; and
a short bio about you to identify you as the author of the post.
We may post your testimonials/comments/reviews on our Websites which may contain your Personal Data. Where we use your content in connection with Services that we provide via our Website, it is in our legitimate interest to use any Personal Data that you provide to us to ensure that we provide the relevant Services in an effective way. Prior to posting the testimonial, we will obtain your consent to post your name along with the testimonial. If you do not consent we are only allowed to use the testimonial in an fully anonymized way. If you want to revoke your consent and your testimonial to be removed, please contact us at support@freshworks.com. If we enter into a contract with you for this purpose, our legal basis may be the performance of said contract.
Purpose: Newsletters.   When you actively subscribe to our newsletters, we collect your e-mail address to share our newsletters with you. If you have requested content from us, i.e. a newsletter, it is in our legitimate interest to use your Personal Data in such a way to ensure that we process your request in an effective way.
Purpose: Advertising and marketing to our Customers and prospective leads - sending marketing communications by post and/or email.   The data processed includes:   We use your name, email address, job title; and organization that you represent, social media handle and details of any marketing preferences that you have communicated to us to send you (or the organization you represent) marketing communications by post and/or email. Our marketing will include press releases and information about us, our Website and our Services, any events we may hold and any offers or promotions we offer from time to time. Our marketing communications will include personalized and non-personalized marketing. Personalized marketing has been specifically tailored to you and will include content that we think is most relevant to you, based on what we know about you. We may use technology to do this, but generally all our marketing methods involve human intervention . Non-personalized marketing is marketing that is not tailored to you.  Where we are sending you personalized marketing, we may also use other types of Personal Data to help us decide what sort of personalized marketing to send you (please see the “Cookies and Similar Technologies”, “Usage Data” and “Mobile Applications” sections below for more details). In the UK, EU and Brazil we will rely on your consent when sending marketing communications. Otherwise, it is in our legitimate interest to use your Personal Data for marketing purposes, for example to decide what marketing content we think may appeal to you or for postal or email marketing (except where we are required by applicable law to obtain your consent).
Purpose: Advertising and marketing to our Customers and prospective leads: Online personalized marketing. The data processed includes: We and our third party partners may use your data relating to your behaviors, interests and preferences, including data collected as a result of your browsing activity and/or interaction with our Website and/or our emails,  which is obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started, IP address; browser type and operating system; geolocation, any other unique numbers assigned to a device and other data that is collected through your interactions with third party websites and services to provide you with, and analyze the effectiveness of, personalized ads when you visit other websites and/or use other services (including the social media and other platforms described in the “advertising to you on social media and other platforms” section. By “personalized ads”, we mean advertisements for services that you have shown an interest in when you have used our Website or which we or our partners otherwise think you might be interested in based on your browsing habits. Note, our third-party partners may also use the data that is collected to show personalized ads for products and services offered by third parties. Please see the “Cookies and Similar technologies” section to learn about the legal basis that we rely on to collect data via the use of cookies. https://www.freshworks.com/list-of-cookies/ Where we use your personal data to display online personal advertising to you, we rely on the consent that you have provided in respect of the collection of such data, or, subject to local law, it is otherwise in our legitimate interests to promote our Website and our Services to you.
Purpose: Advertising and marketing to our Customers and prospective leads - advertising to you on social media and other platforms. We share your email address and other identifiers such as your phone number or device ID (usually in an encrypted or ‘hashed’ form) with third-party providers of social media platforms and other services, such as [Facebook, LinkedIn] and other similar platforms (“Social Platforms”), so that the third party providers can try to “match” your data with the data of their registered users of their Social Platforms. Where there is a successful match, we will display our advertising to you when you use the relevant Social Platform (e.g. on your Facebook newsfeed). This is known as “custom audience” advertising, because we “customize” the audience that we want to reach on the relevant service. Some of the advertising that you see may be personalized to you. The data that we use to personalize our advertising, will include:
  • Data relating to your browsing activity or interaction with our emails, obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started; details about any products you viewed through the Site; and
  • IP address; browser type and operating system; geolocation; any other unique numbers assigned to a device.
Such data used to personalize advertising will not be provided to the third-party providers of the Social Platforms for this purpose but please see the “Cookies and Similar Technologies” section for details of where we may share such data. This activity is also subject to the privacy choices you have elected to make on such Social Platforms.
We will only share your Personal Data with the third-party providers of the Social Platforms, so that we can advertise our Services to you when you use those Social Platforms, where you have provided your consent [or where it is otherwise in our legitimate interests to do so in order to promote our Services]. Where this activity is undertaken through the use of Cookies please see the “Cookies and Similar Technologies” section) to learn about the legal basis that we rely on. You can opt-out of our sharing of your personal information with the third-party providers by exercising your rights as a data subject as set out below.
Purpose: Advertising and marketing to our Customers and prospective leads - advertising to other people who share similar interests and characteristics to you (or if you are someone that sees such advertising). We will provide your Personal Data to third-party providers of Social Platforms as described in the “advertising to you on social media and other platforms” and the “Cookies and Similar Technologies” sections. If you are a user of those Social Platforms, we may ask the third-party providers of those Social Platforms to find other registered users of their services who share similar interests and characteristics to you, which will be based on information that the third party holds about you and its other registered users. This is known as “lookalike” audience advertising because we are trying to show our advertising to people who “look like” you. If you are someone who has seen this advertising on a Social Platform, please note that this activity is based on data that you have provided to the Social Platform (which we do not receive) and is also subject to the privacy choices you have elected to make on such third-party services. Please see the “advertising to you on social media and other platforms” section for details of the lawful basis that we rely on to share your personal data with the Social Platforms. It is in our legitimate interests to further use your Personal Data to advertise our Services to other individuals that use those Social Platforms and who share similar interests and characteristics with you. If you are someone who has seen this advertising on a Social Platform, it is in our legitimate interests that the Social Platform uses the data that you have provided to it to advertise our Services, although please note that we do not receive this data and you should exercise your rights in respect of such data in accordance with the privacy notice of the relevant Social Platform.
Purpose: Service Analytics. We perform analytics on Personal Data that we process in order to: assess the needs of our Customer’s business to determine or suggest suitable Service(s); send Customers requested information about the Service(s) and improve the quality of this information; respond to customer service requests, questions and concerns and improve the quality of these responses; and for product improvement purposes. The data processed includes: Email addresses; mobile or landline telephone numbers; IP address; chat identifiers and chat content; widgets.  As set out above we are generally not a data controller of any Hosted Data – i.e.. data which we process on behalf of our customers.  However, some Hosted Data may be used as part of our analytics for the above purposes. It is necessary for us to use your Personal Data in this way to perform our obligations in accordance with any contract that we may have with you to provide our Services. It is also in our legitimate interests to process Personal Data in this way in order to perform analytics, train our algorithms, improve, enhance, develop, support and operate the Services and its availability, compile statistical reports and record insights into usage patterns, develop new products and services using machine learning technologies and more generally to better serve our Customers and be able to provide customized content and features.
Purpose: Cookies and Similar Technologies, Mobile Applications, Usage Data, Single Sign on and Social Media. We use commonly used tools to automatically collect information that may contain Personal Data from your computer or mobile device as you visit our Websites, use our application or in general use our Services. a) Cookies and Similar Technologies. We and our third party advertising partners use cookies, web beacons, pixel tags and similar technologies (which we generically refer to as ‘cookies’) to collect data from the devices that you use to access our Website. Data collected via these cookies are used for the purposes of:
  • analyzing trends;
  • administering the Website;
  • to count users who have visited our Site and collect other types of information including insights about visitors’ browsing habits on the Websites; 
  • gathering demographic information about our user base as a whole;
  • to learn what parts of our Website are most popular and what kind of features and functionalities our visitors like to see;
  • to help us understand the type of marketing content that is most likely to appeal to our visitors and Customers; and
  • to help us with the selection of future product and service lines, website design and to remember your preferences.
We may receive reports from third party companies based on the use of these technologies on an individual and aggregated basis. Most web browsers support cookies and users can control the use of cookies at the individual browser level. Please note that if you choose to disable cookies, it may limit your use of certain features or functions on our Websites and Services. As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our Websites (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We link this automatically collected data to other data we collect about you. Please see our Cookies Policy  https://www.freshworks.com/list-of-cookies/ for further information about our use of Cookies and similar technologies.
Cookies and Similar Technologies: Where your data is collected through the use of non-essential cookies, we rely on consent to collect your personal data and for the onward processing purpose. Please see our Cookie Policy https://www.freshworks.com/list-of-cookies/ for further details.
  b) Mobile Applications.   When you download, install and use our Mobile Applications, we automatically collect information on the type of device you use, operating system version, and the device identifier (or “UDID”). We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This Software may record certain information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personal data you submit within the Mobile Applications. When you open the Mobile Applications for the first time, you may be asked for permission to send you push notifications. If you allow this feature, our Mobile Applications will send you push notifications, for example, reminders, alerts, updates and other information. You can configure and turn off push notifications via your device settings at any time. Mobile Applications: Functionality: It is in our legitimate interest to use the data collected here in order to send error messages (if applicable) and in order to secure our Mobile Applications and to detect and resolve errors and cyberattacks. Mobile Analytics: Where we use mobile analytics software to understand the functionality of our Mobile Software on your phone, we rely on our legitimate interests in order to secure our Mobile Applications and ensure the proper functioning of our Mobile Applications and ensure the effective provision of our Services. Where this involves the use of cookies, please see the “Cookies and Similar Technologies” section) to learn about the legal basis that we rely on.  https://www.freshworks.com/list-of-cookies/ Push notifications: In the UK, EU and Brazil, where we send push notifications about any events or promotions that we may be running and/or update you about new features to our Services we will do so on the basis of your consent. Otherwise, we will rely on our legitimate interests in doing so.
  c) Usage Data. In addition to the information mentioned in the Cookies and Similar Technologies https://www.freshworks.com/list-of-cookies/ section above that we automatically collect, we also collect clicks, scrolls, conversion and drop-off on our Websites and Service(s) to monitor user journey in real-time (“Usage Data”). Subject to this Notice, we will use such Usage Data and Service Data, including without limitation, to (i) assess the needs of your business to determine or suggest suitable Services; (ii) send you requested information about the Services; (iii) respond to customer service requests, questions and concerns; and (iv) for any analytical purposes.
  • For Freshinbox users only: whenever an email is linked with Freshinbox manually by you, we collect information you filled in the fields From, To, CC, Subject, Thread ID, Message ID and Label ID.  We will create a copy of the email thread in the inbox of all your team members. If any team member access is revoked by you, we will delete the created email from the corresponding team member's inbox. We will never delete the original email which was linked to Freshinbox originally.
  • For Freshcaller users only: your calls will be recorded, subject to the consent of both parties to the call, and this recording will be used for product improvement, including to train our applications to better recognize human speech
  • For Freshchat, Freshworks and Freshmarketer customers: you will have the option to opt out of analytics or tracking certain events from within these products.
  • For FreshworksCRM users only: Your calls made using FreshworksCRM will be recorded, subject to the consent of both parties to the call, and this recording will be used for product improvement, including to train our applications to better recognize human speech. You will have the option to opt out of analytics or tracking certain events from within FreshworksCRM.
  • Analytics opt-out for products other than Freshchat, Freshworks and Freshmarketer: Customers may opt-out of analytics by writing to dpo@freshworks.com.
Usage Data: We will rely on our legitimate interests to process Usage Data for the purposes outlined, except for call recording which we base on consent exclusively. Where Usage Data is collected via cookies or similar technologies please see the “Cookies and Similar Technologies” section) to learn about the legal basis that we rely on. https://www.freshworks.com/list-of-cookies/
  d) Single sign-on You can log in to our Websites using sign-in services such as Google, Facebook Connect and LinkedIn. These services will authenticate your identity and provide you the option to share certain Personal Data with us such as your name and e-mail address. Services like Google, Facebook Connect, Twitter, LinkedIn give you the option to post information about your activities on our Websites to your profile page and to share information with others within your network. Single sign on: Where you have opted to use single sign on – it is in our legitimate interest to process your Personal Data in order to facilitate the single sign on function.
  e) Social media features and third party cookies. Our Websites includes social media features, such as the Facebook “Like” button, the “Share This” button or interactive mini-programs. Where you interact with these features, those third parties may collect your IP address, which page you are visiting on our Websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Websites. Your interactions with these features are governed by the privacy notice of the company providing them. If the widget is shown on our Websites, our Privacy Notice applies.  Please see our Cookies Policy for further information. If you provide us or our service providers with any Personal Data relating to other individuals, including End-User data or your employee’s data, you represent that you have the authority to do so and acknowledge that it will be used in accordance with this Notice. Social media features: Where this activity is undertaken through the use of Cookies on our Website we rely on consent to collect your personal data and for the onward processing purpose. Please see our Cookie Policy https://www.freshworks.com/list-of-cookies/ for further details. Where we use social media features we do so in line with the terms and conditions of those providers.
Purpose: Business administration and legal compliance.
  • We may use your Personal Data to: a) respond to lawful requests by public authorities, including meeting national security or law enforcement requirements; b) when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, police request or other legal process served on us; c) to protect the rights of third parties; and d) in connection with a business transition such as a merger, reorganization, acquisition by another company, or sale of any of our assets.
Where we use your Personal Data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your Personal Data to comply with any legal obligations imposed upon us, such as a court order. In some jurisdictions the applicable legal basis will be the exercise of legal rights in judicial, administrative or arbitration proceedings. We will not process any special (or sensitive) categories of Personal Data or Personal Data relating to criminal convictions or offences except where we are able to do so under applicable legislation and/ or with your explicit consent.
Purpose: Receipt of products and services from our suppliers. If we have engaged you or the organization you represent to provide us with products or services (for example, if you or the organization you represent provide us with services such as IT support or financial advice), we will collect and process your Personal Data in order to manage our relationship with you or the organization you represent, to receive products and services from you or the organization you represent and, where relevant, to provide our Services to others. The data processed includes: The Personal Data we collect from you may include your name, email address, telephone number, designation, billing address and any other personal data you volunteer which is relevant to our relationship with you or the organization you represent. It is necessary for us to use your Personal Data to perform our obligations in accordance with any contract that we may have with you or the organization you represent, or it is in our legitimate interest to use Personal Data in such a way to ensure that we have an effective working relationship with you or the organization you represent and are able to receive the products and services that you or your organization provides, and provide our Services to others, in an effective way.
Purpose: Security. We may process your Personal Data in connection with the administration of our security measures. We have security measures in place at our premises, including CCTV and building access controls. There are signs in place showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft). We may require visitors to our premises to sign in on arrival and where that is the case we will keep a record of visitors for a short period of time – normally only for as long as is necessary for legitimate security purposes. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to look into an incident). It is in our legitimate interests to process your Personal Data so that we can keep our premises secure and provide a safe environment for our personnel and visitors.
What Personal Data we collect and how we use your Personal Data? What legal basis we rely on to process your Personal Data?
B) Information that we collect from third parties.
From time to time, we may receive Personal Data about you from third party sources like databases and social media but only where we have checked that these third parties either have your consent to or are otherwise legally permitted or required to disclose your personal information to us. The types of information we obtain from such third parties include your name, e-mail address, postal address, location, designation, telephone number and we use the information we receive from these third parties to maintain and improve customer support experience, improve the accuracy of the records we hold about you and for our sales and marketing purposes. When processing your Personal Data received by third parties for these purposes, we will rely on the consent that you have given such third party to share data with us. Otherwise, subject to local law, our processing activities will rely on our legitimate interests to improve our customer service and ensure our marketing databases are accurate.

4.  WITH WHOM DO WE SHARE PERSONAL DATA?

We process Personal Data in the countries in which we are established, including the United States, the United Kingdom and the European Economic Area (“EEA”) and in other countries where third parties that we may use are based.

You may refer to the Freshworks Data Hosting page here for more information about the locations in which the Hosted Data (i.e., that which we process as a Processor during the provision of our Services) is stored.

When processing your Personal Data, we may need to share it with other third parties (including other entities within our Group of Companies), as set out below. This list is non-exhaustive and there may be circumstances where we need to share Personal Data with other third parties:

Where necessary (such as when we transfer data to service providers) we put in place appropriate contractual arrangements and security mechanisms to protect the Personal Data shared and to comply with our data protection, confidentiality and security standards and obligations. Further details can be provided upon request.

5. INTERNATIONAL TRANSFER OF DATA

When making any transfers of Personal Data from the EEA, Switzerland and the UK to countries which do not have the same data protection laws as the EEA, Switzerland and the UK we will comply with our legal and regulatory obligations in relation to your Personal Data, including having a lawful basis for transferring Personal Data and putting appropriate safeguards in place to ensure an adequate level of protection for the Personal Data. We will take reasonable steps to ensure the security of your Personal Data in accordance with applicable data protection laws.

When transferring your Personal Data outside the EEA, Switzerland and the UK, we will, where required by applicable law, implement at least one of the safeguards set out below:

Adequacy decisions: We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK and/or European Union authorities. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

Model Clauses: Where we use certain service providers we may use specific contracts approved by the UK and/or European Authorities which give Personal Data the same protection it has in the UK and the EEA. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data- transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

This is true whether or not the transfer is within our group, or to a third party.

With respect to Personal Data received or transferred to the United States, Freshworks Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

With respect to Personal Data subject to LGPD’s jurisdiction, Freshworks Inc. will also accomplish LGPD’s requirements for transfers of Personal Data to countries which do not have the same data protection laws.  

In certain situations, Freshworks Inc. and/or its Group Companies may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

6. HOW DOES FRESHWORKS KEEP PERSONAL DATA SECURE?

We use appropriate technical and organizational measures to protect the Personal Data that we collect and process. We have implemented information security policies, rules and technical measures to protect the Personal Data under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your Personal Data on our behalf) are obliged to respect the confidentiality of the Personal Data of all users of our Website and those who purchase our Services. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data.

While information security risks are always evolving, so are the controls. The controls, so implemented, are periodically reviewed as part of internal and external audits. If you have questions about the security of your Personal Data, please contact us using the details in section 18.

7. EEA, UK AND SWISS SPECIFIC RIGHTS

A) Collected Data (excluding Hosted Data)

If you are an individual resident in EEA, UK or Switzerland, you have the following data protection rights regarding Collected Data:

If you wish to exercise any of the following rights in relation to your Personal Data (hereinafter referred to as a “Request”), you can do so at any time by contacting us using the details in section 18:

Your right of access If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.
Your right to rectification If the Personal Data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your Personal Data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your Personal Data with so that you can contact them.
Your right to erasure You can ask us to delete or remove your Personal Data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your Personal Data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your Personal Data with so that you can contact them directly.
Your right to restrict processing You can ask us to “block” or suppress the processing of your Personal Data in certain circumstances such as where you contest the accuracy of that Personal Data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your Personal Data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your Personal Data to stop us processing it further. If we’ve shared your Personal Data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your Personal Data with so that you can contact them directly.
Your right to data portability You have the right, in certain circumstances, to obtain Personal Data you have provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.
Your right to object You can ask us to stop processing your Personal Data, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your Personal Data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your Personal Data for direct marketing purposes.
Your rights in relation to automated decision-making and profiling You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.
Your right to withdraw consent If we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
Your right to opt out of marketing communications You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the details in section 18.
Your right to lodge a complaint with the supervisory authority If you have a concern about any aspect of our privacy practices, including the way we have handled your Personal Data, please contact us using the details in section 18. You also have the right to complain to a data protection authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. The UK data protection regulator is the Information Commissioner’s Office and contact details can be found at https://ico.org.uk.
If you are residing in France: your right to give instructions regarding the processing of your data after your death You have the right to give instructions regarding the retention, deletion and disclosure of your Personal Data after your death. You may designate a person to carry out these instructions. This person is then entitled to be informed of the directives and to request their implementation from us.

We respond to all Requests we receive from individuals wishing to exercise their data protection rights within a reasonable timeframe in accordance with applicable data protection laws. We can only process requests after we have verified your identity which may mean requesting further information from you.

B) Hosted Data

As explained above, some of our Services including processing data on behalf of our customers in relation to Applications, tools or software that we provide. Save for the limited circumstances set out in this Notice, we are not the Data Controller of this Hosted Data as we do not determine the purposes or the means of the processing. 

If you wish to access, correct, update, modify or delete Hosted Data or if you would no longer like to be contacted by one of our Customers you should direct your query to the Customer, who is the Data Controller of your data. If requested by the Customer to action a Request, we will respond within a reasonable timeframe.

If you are a Customer of our Services and wish to raise a Request on behalf of data subjects in connection with Hosted Data, you may raise a ticket on the support portal of the relevant Service. Please note that if a Customer has subscribed to more than one Service, a Request on a particular Service support portal is specific to that Service only and separate Requests need to be raised across other relevant Service support portals.

8.  CALIFORNIA-RESIDENT SPECIFIC RIGHTS

To the extent you are a 'consumer' as defined under the California Consumer Privacy Act of 2018 ("CCPA") and Freshworks is a 'business' as defined under CCPA, the following applies to you:

Under the CCPA, “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Subject to the provisions of the CCPA, you have the right to request that we disclose certain information to you about our collection, use, disclosure, or sale of your personal information over the past 12 months.

Right to request for information

You have the right to request information about:

 The list of categories of Personal Information collected and disclosed about consumers during the prior 12 months, and that may be collected and disclosed going forward, are listed under the section 'WHAT PERSONAL DATA DOES FRESHWORKS COLLECT, HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE RELY ON' and the list of categories of third parties to whom the Personal Information was or may be disclosed are listed under the heading 'WITH WHOM DO WE SHARE  PERSONAL DATA?'.

b. Right to request for deletion of any Personal Information collected about you by Freshworks.

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

c.  How to submit an access or deletion request:

If you seek to exercise the foregoing rights to access or delete Personal Information, please contact us at dpo@freshworks.com or write to us here. We respond to all requests we receive from you wishing to exercise your CCPA rights within a reasonable timeframe in accordance with applicable data protection laws. By writing to us, you agree to receive communication from us seeking information from you in order to verify you to be the consumer from whom we have collected the Personal Information and such other information as reasonably required to enable us to honor your request.

Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an “authorized agent”), may make the requests set forth above. The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative of that person. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity, and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.

We will not discriminate against you for exercising any of your CCPA rights.

d.  Sale of Personal Information.  Freshworks does not sell your Personal Information, as that term “sell” is defined under the CCPA.

 

Freshworks does not sell your Personal Data.

9. LGPD

The LGPD grants control and self-determination to data subjects and provides compliance responsibilities for organizations such as Freshworks in regard to personal data whose data subject is located within Brazilian territory at the moment of data collection or to any offering or providing of goods or service for individuals located within Brazilian territory. The LGPD gives national regulators powers to impose significant fines and indemnification liabilities on organizations that breach this law. All content of this notice and Freshworks’s processing of personal data are in strict compliance with LGPD, where applicable. At Freshworks we take a global approach to ensure all members benefit from increased control and clarity, which is in line with our commitment to putting our Customers first and working every day to maintain the trust they put in us. 

LGPD grants the following rights to those individuals subject to its jurisdiction: 

Confirmation of data processing and access You have right to know and have access to the data we process about you.
Data correction You have the right to request a correction of any incomplete, inaccurate or outdated data of yours that we process.
Anonymization, blocking or deletion You have the right to request anonymization, blocking or elimination of unnecessary or excessive data or of any data being processed contrary to   the law.
Data portability You have the right, in certain circumstances, to reuse the Personal Data you have provided to us elsewhere or to ask us to transfer it to your chosen third party.
Information on data sharing You have the right to be informed about the public and private entities with which we may share your Personal Data.
Withdraw Consent
  • If we have collected and processed your Personal Data with your consent, you can withdraw your consent at any time, for all or part of the data. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent, in case which (as other applicable situations) you have the right to know what data we can retain.
  • You also have the right to know what the  consequences of you withdrawing consent will be (for example, if  it will prevent you from receiving a service).
File a complaint You have the right to file a complaint with a supervisory authority about our collection and processing of your Personal Data. The Brazilian data protection regulator is the Autoridade Nacional de Proteção de Dados and contact details can be found at https://www.gov.br/anpd/pt-br.
12

10. OPTING OUT PROCEDURE

If you no longer wish to receive marketing communications from Freshworks, you may click on the “unsubscribe” link located on the bottom of our marketing emails or you can contact us at support@freshworks.com. When using our Mobile Applications, you also have the option to turn off push notifications.

If you would like to object to the use of your Personal Data for analytics, you can contact us at support@freshworks.com

To opt out of the use of cookies, please see update your preferences here [LINK TO PREFERENCE CENTRE]. 

11. OTHER COMMUNICATIONS

If you are our Customer, we will send you announcements (email or in product notifications related to the Services) on occasions when it is necessary to do so. For instance, if our Services are temporarily suspended for maintenance, we might send you an e-mail. Generally, you may not opt-out of such communications as they are a key part of delivering our Services to your effectively. If you do not wish to receive them, you may deactivate your Account.

12. RETENTION OF PERSONAL DATA

We will retain Personal Data only as long as is necessary for the purposes for which it is collected, as set out in this Notice. We will also retain it as necessary to comply with our legal obligations, for legal and litigation purposes, to maintain accurate financial and other records, deal with complaints, and enforce our agreements.

Generally, in respect of Personal Data that we process in connection with the supply of our Services, we may retain your Personal Data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.

Where we process any other Personal Data, we will generally retain relevant Personal Data for up to three years from the date of our last interaction with you (and in compliance with our data protect obligations). We may then destroy such files without further notice or liability.

If any Personal Data is only useful for a short period (e.g., for a specific activity, promotion or marketing campaign), we will not retain it for longer than the period for which it is used by us.If you have opted out of receiving marketing communications from us, we will need to retain certain Personal Data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. However, we will not use this Personal Data to send you further marketing unless you subsequently opt back in to receive such marketing.

Should you apply to work for us, we will retain data from your application for a limited period for record keeping and legal purposes.  We may (subject to laws in your jurisdiction) also retain your data in order to contact you if a role arises for which we think you would be suitable. Further information about this will be provided during the application process and we will ask for consent where necessary according to local law.

The above examples may vary in some cases due to local laws, liability periods and mandatory retention requirements. For example, if certain information needs to be retained for longer according to local laws, regulations or because different legal limitation periods apply, then we will keep the Personal Data for these longer periods.  

13. LINKS TO THIRD PARTY SITES

Our Websites contain links to other websites that are not owned or controlled by Freshworks. Please be aware that we are not responsible for the privacy practices of such other websites or third parties. We encourage you to be aware when you leave our Websites and to read the privacy policies of each and every website that collects Personal Data.

14. GOOGLE API DISCLOSURE

Freshworks has developed a functionality that allows its customers to connect their Gmail mailbox using Oauth with our products.  Connecting your Gmail mailbox to your Freshworks account allows Freshworks to  associate your account with your personal information on Google, to see your personal information, including any personal information you have made available, to  view your email address and access your emails in order to create them as a ticket in our products, and to transmit the Service Data to third-party applications listed on Freshworks’ Marketplace that you integrate with your Account.  The connection will further allow you to respond to your emails directly from our product and to delete them once they are fetched into our product.

Freshworks's use of information received from Google APIs will adhere to Google API Services User Data Policy's App's, including the Limited Use requirement.

15. CHILDREN'S PERSONAL DATA

Freshworks does not knowingly collect any Personal Data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Websites or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Notice by instructing their children never to provide Personal Data through our Services or Websites without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Websites or Services, please contact us using the details in section 18 and we will endeavor to delete that information and terminate the child's account from our databases.

16. AMENDMENTS

Amendments to this Notice will be posted to this URL and will be effective when posted. If we make any material changes, we will notify you by means of a conspicuous notice on this Website or via e-mail or via in-product notification, but we encourage you to review this Notice periodically to keep up to date on how we use your Personal Data. You should frequently visit this Notice to stay fully informed. Your continued use of our Websites or the Service(s) following the posting of any amendment, modification, or change to this Notice shall constitute your acceptance of the amendments to this Notice. You can choose to discontinue use of the Websites or Service(s), if you do not accept the terms of this Notice, or any modified version of this Notice.

17. EFFECT OF MERGER OR ACQUISITION

In the event Freshworks goes through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, Customers’ Accounts, Collected Data and Service Data will likely be among the assets transferred. A prominent notice will be displayed on our Websites to notify you of any such change in ownership or control and Customers will be notified via an e-mail

18. CONTACTING FRESHWORKS

If you have any questions about this Privacy Notice or our privacy practices, you can contact us at  dpo@freshworks.com  or via postal mail at Freshworks Inc., 2950 S.Delaware Street, Suite 201, San Mateo, CA 94403 at  the attention of the Data Protection Officer with a copy to dpo@freshworks.com.

Annex 1 – Definitions

"Controller""Data Subject""Personal Data Breach""Processor" and "Process" shall have the meaning given to them in the GDPR or other applicable law.

“Account”:  means any accounts or instances created by or on behalf of Customer for access to and use of any of the Service(s).

“Affiliate”: means, with respect to a Freshworks entity, any entity that directly or indirectly controls, is controlled by, or is under common control with such Freshworks entity, whereby “control” (including, with correlative meaning, the terms “controlled by” and “under common control”) means the possession, directly or indirectly, of the power to direct, or cause the direction of the management and policies of such person, whether through the ownership of voting securities, by contract, or otherwise.

“API”: means the application programming interfaces developed, enabled by, or licensed to Provider that permits a User to access certain functionality provided by the Service(s).

“Apps”: mean the software applications listed on the Market Place which are created, developed, licensed, or owned by third-party developers. The term also includes any updates, upgrades and other changes to such software applications and versions thereof.

“Documentation”: means any published data sheet provided by Freshworks detailing the functionalities of the Software.

"GDPR" shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and any legislation relating to the processing of personal data effective in the UK and/or Switzerland that is intended to replicate or maintain some or all of the provisions, rights and obligations set out in Regulation (EU) 2016/679, as relevant.

LGPD” means “Lei Geral de Proteção de Dados Pessoais”, which corresponds to the Brazilian data protection law no. 13.709/2018.

“Market Place”: means an online marketplace for Apps that interoperate with the Service(s). Its Website(s) is https://www.freshworks.com/apps/.

“Mobile Applications”: mean the software applications created, developed, and owned by Freshworks to enable access and use of the Service(s) through mobile or other handheld devices (such as apps on iOS or Android devices).

"Personal Data" shall mean any information relating to an identified or identifiable natural person as defined by the General Data Protection Regulation of the European Union ("GDPR" EC-2016/679).

‘Processing”/“To Process”: means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

“Service Data": means all electronic data, text, messages or other materials, including without limitation Personal Data of Users and End-Users, submitted to the Service(s) by Customer through Customer’s Account in connection with Customer’ use of the Service(s).

“Service(s)”:  mean and include Freshdesk, Freshservice, Freshsales, Freshchat, Freshcaller, Freshteam, Freshmarketer, Freshconnect, Freshinbox, Freshsuccess, Freshping or Freshstatus and/or any new services that Provider may introduce as Service(s) to which Customer may subscribe to and any Updates, modifications or improvements to the Service(s), including individually and collectively, Software, the API and any Documentation, but exclude any Apps or APIs that belong to third parties. Software: means software provided by Freshworks (either by download or access through the internet) that allows Customer to use any functionality in connection with the Service(s) and includes Mobile Application(s), but excludes any Apps or APIs that belong to third parties.

“User”: means an individual who is authorized by Customer to use the Service(s) including an Account administrator, employees, consultants, contractors, and agents of Customer, and third parties with which Customer transacts business.