CandorWorks (“Candorworks,” “company,” “organization,” “we,” “our,” or “us”) respects the privacy of our users. We are dutiful of data privacy and adopt the best practices in compliance with applicable privacy laws and regulations, including the EU General Data Protection Regulation (“GDPR”), Personal Information Protection Law (“PIPL”) of the People’s Republic of China, and California Consumer Privacy Act (“CCPA”).
WHAT OUR PRIVACY POLICY COVERS
Our privacy policy aims to make it easier for our users to understand how and where their data is used. We consider the information our users share as assets, and protecting it is our sole concern. This privacy statement shall discuss which privacy rights we comply with and how your data has been utilized.
We have a consent mechanism procedure in place that ensures our users are informed and give their consent before we collect their user data and use it for any purpose. You will be asked to give your consent through checkboxes, which will allow you to give or withdraw the right to use your personal information. As per this guideline, we are obligated to use only the data for which you have given us permission and not more than that.
EUROPEAN PRIVACY RIGHTS
The European Privacy Rights enacted the General Data Protection Regulation (“GDPR”) in 2018. To protect the privacy of personal data, this policy is determined to provide the maximum control of data to its owner only.
Key Principles:
Lawfulness, Fairness, and Transparency:
As per GDPR, the personal data of individuals must be used lawfully and fairly, maintaining transparency. The concerned individual should know how, when, and for what purpose their information is being used.
Purpose Restriction:
The policy suggests that the personal data of individuals should be collected for clear and justified purposes. Once the purposes are met, the information shouldn’t be used any further for other purposes.
Data Minimization:
Organizations or any other party should collect data as much as required to meet their defined purposes.
Accuracy:
Personal information for individuals should be correct while sharing. In case of any changes in personal events that influence the shared information, it has to be modified or corrected.
Storage Limitation:
The information collected has to be stored in a method that assists in recognizing the concerned individuals as long as the defined purposes are met.
Integrity and Confidentiality:
Organizations collecting the personal information of individuals should provide the utmost security to the data so that there is no chance of any damage or destruction. Additionally, it restricts illegal usage of the data.
Accountability:
Organizations or other parties who are collecting data from individuals to meet their purposes must adhere to the GDPR principles and policies.
Key Units:
Data Subject:
The people whose personal information has been collected.
Data Controller:
The organization or other parties who collect the personal data of individuals to meet their purposes.
Data Processor:
The unit that uses and processes collected data for the data controller.
Supervisory Authority:
Independent and unbiased public control bodies to observe GDPR compliance.
Rights of Data Subjects:
Right to Access:
The people whose data has been collected possess the right to know whether their information is being used. If they find out any data usage, they can access it.
Right to Rectification:
If there is any wrong information, individuals can request corrections.
Right to Erasure:
Under specific situations, individuals can request deletion or erasure of their personal information.
Right to Restriction of Processing:
Under specific situations, individuals can request limitations on the usage of their personal information
Right to Object:
GDPR allows individuals to object to the usage of their personal information.
Data Transfer
When you submit your information, you give us consent to transfer it to third parties if required. The privacy of your data then relies on which guidelines third parties comply with. Moreover, when you share your personal data with us, you also allow us to transfer it to other nations of other continents if required. On such occasions, the security of your data may depend on that country’s privacy policies, which can be different from yours. By submitting your data, you allow us to transfer, store, and process it whenever needed.
Data Subject Rights
If you are a resident of any European country that follows GDPR to protect users’ personal information, you are entitled to
Appeal to access your personal information. This will help you receive the data we have stored about you and check where and how we are using it.
Request modification or rectification of any personal data you have shared with us. This helps in keeping track of whether any wrong information about you is processed.
Appeal to delete your personal information. If you feel uneasy about processing your data with us for any reason, you can request deletion of it. In case of any failure in erasing your data entirely or partially, you will be notified.
Appeal to withdraw your consent to process your personal data for any marketing or third-party usage. However, we may also decline your appeal on the legitimate grounds of data processing on certain occasions.
Request limitation on using your personal information in the circumstances of data inaccuracy, unlawful usage, longer time to store and process information, and usage after objection.
Appeal to transfer your personal information to other parties. The data will be provided well-structured and easy-to-use to any sources you want.
Data Security
We respect the security of our users’ information, for which we are committed to implementing a standard protection system and making enhancements whenever required. This system protects your personal information from unwanted circumstances. We are in Pune, India, where your personal information is stored and processed. We continuously upgrade our security measures to protect your user data. We adhere to the privacy guidelines of different nations and regions to safeguard the privacy of your data from cross-border thefts.
Nevertheless, you need to consider that data on the internet is not 100% secure all the time. Therefore, if you have any doubts or need clarification about our data policies or security measures, you can reach out to us at info@candorworks.com.
Data Retention
We may retain your personal data for a long period until our requirement is over. We shall store and use your data for a long time for appropriate purposes only. Where there will be no requirement, we assure erasing or deleting your user data.
CandorWorks ensures maintaining your privacy with the utmost security. Adhering to GDPR policies, we respect our users’ right to privacy.
PEOPLE’S REPUBLIC OF CHINA PRIVACY RIGHTS:
Under the Personal Information Protection Law (“PIPL”), citizens residing in the People’s Republic of China (“PRC”) have the right to access and make changes to their personal information. Individuals possess the entitlement to formally request limitations on or express objections to the processing of their personal information. Furthermore, there exists a prerogative to obtain a copy of one’s personal data. In instances where an individual is a close relative of a deceased person within the People’s Republic of China (PRC), the individual retains the right to formally access, rectify, and erase the deceased person’s personal information.
To exercise the regulations under the PIPL, click here or contact us at info@candorworks.com. To address your queries, we may require additional information to verify your identity in accordance with the applicable regulation. We assure you that we revert you back within the timeframe required to assess the applicable regulation or hardly within 30 days. Additionally, if you accept or submit any regulation by us, you allow us to deliver your personal data to third parties wherever it is required. Additionally, individuals are vested with the right to solicit comprehensive details concerning the third parties with whom CandorWorks shares their personal information.
If you encounter difficulties understanding any privacy policies, you have the complete right to request a detailed demonstration of how we can manage your personal data. If you have any queries, please contact us at info@candorworks.com.
(如果您无法理解本隐私政策并希望获得更多信息,请发送电子邮件至 info@candorworks.com)
CALIFORNIA CONSUMER PRIVACY ACT (CCPA) POLICIES:
If you are a citizen of California, the CCPA offers you essential privacy rights, which are as follows:
Residents of California may request certain information regarding CandorWorks’ disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please write to info@candorworks.com. Ensure that you include your name, residential address, and email address if you want to receive a response by email. Otherwise, we will respond to you by postal mail within the time required by applicable law.
California residents may request that CandorWorks not sell any of their personal information by writing to us mentioning the ‘Do not share my information’ on the given mail ID.
Suppose you are a resident of California and below 18 years of age and are a registered user of any of the Services. In that case, you may request that we remove any content you created and publicly posted on our website (“User Content”). To request the removal of your User Content, please email a detailed description of the specific User Content to info@candorworks.com. Candorworks is dutiful to the right to request that you provide information that will enable us to confirm that the User Content that you want to be removed was created and posted by you.
CandorWorks will delete or remove your User Content from public view as soon as reasonably practicable. Please note, even if we delete your User Content following your request, it does not ensure complete or comprehensive removal of your User Content. Your User Content may remain on backup media, cached, or otherwise retained by Candorworks for administrative or legal purposes, or your User Content may remain publicly available if you or someone else has forwarded or re-posted your User Content on another website or service before its deletion. CandorWorks may also require not to remove (or allow removal) of your User Content if enforced by law.
Cookies and Similar Technology
Cookies are used as collections of user details and are positioned in various places on your devices with the intention of gathering information. Such components may include your last browsing history, the browser you are using, your IP address, the links you click, the location of your device, etc. Cookie policy also enhances communication between individuals and the websites they visit. As per the cookies collected, we can customize the elements on your site at your convenience. Cookies are similar to pixels, clear gifs, web beacons, tags, and others that are placed on your devices to collect data.
Third-Party Sources/Links:
We may gather your personal data from third-party sources and links to complete our business needs. Before collecting your information from other sources, we ensure checking your consent on such transfers.
Data Collection, Management, and Regulation in Compliance with Anti-Spam Laws
Adhering to our dedication to standard privacy and data protection of user data as described in our core privacy policy, we are determined to showcase the details related to how we collect, manage, and regulate data, complying with the anti-spam regulations of different nations.
Data Collection:
- Consent Mechanism:
- We ensure following a vivid consent procedure before obtaining user data by informing and asking users with checkboxes to allow utilizing their data while maintaining transparency. They can further withdraw their consent at any time.
- Purpose Restriction:
- User data is obtained for justified reasons and leveraged for the purpose permission is granted strictly following the regulations.
- Data Minimization:
- Data minimization is applied when user information is collected to ensure only required data is collected to fulfill clarified reasons.
- Accuracy:
- Users are encouraged to provide accurate personal information. They have the right to request corrections if any inaccuracies are identified.
- Users are supposed to provide correct information. In case of inaccuracy, they possess the right to request modifications and corrections, imparting accurate information.
- Storage Limitation:
- The collected data will be stored until the defined purposes are met per the storage limitation guidelines.
- Integrity and Confidentiality:
- Stringent security measures are in place to ensure the integrity and confidentiality of the data collected, preventing unauthorized access or usage.
Data Management:
- Data Subject Rights:
- Respect for the rights of data subjects as outlined in anti-spam regulations. As data subjects, users have the right to access, rectify, erase, restrict processing, object, and request data portability.
- Data Security:
- A commitment to data security with continuous upgrades to protect user data from unauthorized access, ensuring compliance with various national and regional privacy guidelines.
- Data Retention:
- Personal data is retained for as long as necessary for defined purposes. When no longer required, assurance is provided for the erasure or deletion of user data.
Regulation in Compliance with Anti-Spam Laws:
Canada: Canada’s Anti-Spam Legislation (CASL)
- Consent Requirement:
- In compliance with CASL, we strictly adhere to obtaining express consent before sending commercial electronic messages (CEMs).
- Identification Information:
- Our communications include proper identification information as required by CASL, including contact details and an unsubscribe mechanism.
- Unsubscribe Mechanism:
- Users are provided with a clear and easily accessible unsubscribe mechanism, allowing them to opt out of receiving future communications.
Australia: Spam Act 2003
- Consent Requirement:
- In compliance with the Spam Act 2003, we ensure that users have consented to receive commercial electronic messages (CEMs) before sending them.
- Identification Information:
- Our communications include accurate sender identification information, as the Spam Act 2003 requires.
- Unsubscribe Mechanism:
- Users are provided with a functional and precise unsubscribe mechanism, allowing them to opt-out of receiving further communications.
Regulation in Compliance with Anti-Spam Laws:
North America:
Canada: Fighting Internet and Wireless Spam Act 2010 (CASL)
- Consent: Express consent is required for sending commercial electronic messages.
- Identification: Communications include accurate sender identification and contact information.
- Opt-out: Recipients have the right to unsubscribe from communications.
United States: (CAN-SPAM Act of 2003)
- Consent: Commercial emails should not be misleading and include an opt-out mechanism.
- Identification: Accurate sender identification and physical address are required.
- Opt-out: Recipients have the right to opt-out from receiving future emails.
South America:
Argentina: Personal Data Protection Act (2000) – § 27
- Consent: Explicit consent is required before sending electronic communications.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Colombia: Law of Habeas Data – § 6
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Europe:
Austria: Austrian Telecommunications Act 1997 – § 107
- Consent: Best practices for obtaining user consent before sending electronic communications are followed.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Belgium: Law of March 11, 2003, concerning certain legal aspects of information society services
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Croatia: Electronic Communications Act – § 107
- Consent: Best practices for obtaining user consent before sending electronic communications are followed.
- Identification: Communications include accurate sender identification, as per the legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Cyprus: Regulation of Electronic Communications and Postal Services Law of 2004 – § 6
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Czech Republic: Act No. 480/2004 Coll., on Certain Information Society Services – § 7
- Consent: In alignment with Act No. 480/2004, best practices are followed to obtain user consent.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Denmark: Danish Marketing Practices Act – § 10
- Consent: Obtaining consent before sending electronic communications is essential.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Estonia: Electronic Communications Act – § 103
- Consent: Best practices for obtaining user consent before sending electronic communications are followed.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
European Union: Directive on Privacy and Electronic Communications – Art. 13
(Note: EU directive provides general guidelines for privacy and electronic communications. Individual member states may have specific regulations.)
Finland: Act on Data Protection in Electronic Communications (516/2004)
- Consent: Obtaining consent before sending electronic communications is essential.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
France: Law of June 21, 2004, for confidence in the digital economy – Art. 22
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Germany: Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb – UWG) – § 7
- Consent: Best practices for obtaining user consent before sending electronic communications are followed.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Hungary: Act CVIII of 2001 on Electronic Commerce – Art. 14
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Ireland: European Communities (Electronic Communications Networks and Services) (Data Protection and Privacy) Regulations 2003 – Section 13 (1) (b)
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and compliance with legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Italy: Data Protection Code (Legislative Decree no. 196/2003) – § 130
- Consent: Best practices for obtaining user consent before sending electronic communications are followed.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Netherlands: Dutch Telecommunications Act – Art. 11.7
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Norway: Lov om kontroll med markedsføring og avtalevilkår mv. (markedsføringsloven) – Chap. 3 – § 15
- Consent: Obtaining consent before sending electronic communications is essential.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Spain: Act 34/2002 of July 11 on Information Society Services and Electronic Commerce
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Sweden: Swedish Marketing Act (Marknadsföringslagen 1995:450) – § 13b
- Consent: Best practices for obtaining user consent before sending electronic communications are followed.
- Identification: Communications include accurate sender identification and compliance with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Switzerland: Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb – UWG) (2007) – Art. 3, Buchst. o
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Turkey: Act About Regulation of E-Commerce (Elektronik Ticaretin Düzenlenmesi Hakkında Kanun)
- Consent: Best practices for obtaining user consent before sending electronic communications are followed.
- Identification: Communications include accurate sender identification and compliance with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Asia-Pacific:
Australia: Spam Act 2003 – Part 2
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
China: Regulations on Internet Email Services
- Consent: Consent is obtained before sending commercial electronic messages.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Users are provided with an opt-out mechanism.
Hong Kong: Unsolicited Electronic Messaging Ordinance
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Indonesia: Undang-undang Informasi dan Transaksi Elektronic (ITE) (Internet Law)
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
Japan: The Law on Regulation of Transmission of Specified Electronic Mail – April 2002
- Consent: Obtaining consent before sending electronic communications is essential.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Malaysia: Communications and Multimedia Act 1998
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
New Zealand: Unsolicited Electronic Messages Act 2007 – All
- Consent: Obtaining consent before sending electronic communications is essential.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Singapore: Spam Control Act 2007
- Consent: Clear and unambiguous consent is obtained before sending electronic communications.
- Identification: Communications include accurate sender identification and adhering to legal requirements.
- Opt-out: Recipients have a straightforward opt-out mechanism.
South Korea: Act on Promotion of Information and Communication and Communications Network Utilization and Information Protection – Art. 50
- Consent: Obtaining consent before sending electronic communications is essential.
- Identification: Communications include accurate sender identification complying with legal requirements.
- Opt-out: Users have a precise opt-out mechanism.
Africa:
South Africa: Electronic Communications and Transactions Act, 2002 – § 45
- Consent: As per this act, distinct and transparent consent is acquired to process electronic communication.
- Identification: The communication should have the correct information about the sender, complying with the lawful regulations.
- Opt-out: The communication recipients possess the right to modify or opt-out option.
South Africa: Consumer Protection Act, 2008 – § 11
- Consent: This act facilitates the practice of acquiring users’ consent to send electronic communication.
- Identification: Adhering to the lawful regulations, the communication must possess the accurate identification of the sender.
- Opt-out: The recipients have modification and opt-out rights.
ADDITIONAL ELEMENTS OF OUR PRIVACY POLICY
- Data We Collect
1.1 Personal Information We may collect personal information, including but not limited to names, email addresses, phone numbers, job titles, and company information. This information is provided voluntarily when you interact with us, such as when you fill out a form on our website, correspond with our team, or provide information in the course of our business relationship.
1.2 Automatically Collected Information When you visit our website, we may automatically collect certain information about your device, browsing actions, and patterns. This information may include your IP address, browser type, referring/exit pages, operating system, and date/time stamps. We use cookies and similar tracking technologies to gather this data.
- Use of Data
2.1 Providing and Improving Services We use the collected information to deliver our services, communicate with you, and fulfill your requests. This includes responding to inquiries, managing accounts, providing marketing materials, and improving our offerings based on customer feedback.
2.2 Marketing Communication With your consent, we may send you promotional emails or newsletters about our products, services, or industry insights. You have the right to opt out of receiving such communications at any time by following the unsubscribe instructions included in each email or by contacting us directly.
2.3 Business Purposes We may use personal information for legitimate business purposes, such as data analysis, audits, security monitoring, fraud prevention, and improving our website and services.
- Data Sharing
We may share personal information with third parties in the following circumstances:
3.1 Service Providers We may engage third-party service providers to assist us in delivering our services and operating our business. These providers have access to personal information as necessary to perform their functions but are obligated to maintain its confidentiality and security.
3.2 Business Transfers In the event of a merger, acquisition, or sale of all or a portion of our assets, personal information may be transferred or disclosed as part of the transaction. We will make reasonable efforts to notify you of any such change in ownership or control of your personal information.
3.3 Legal Compliance We may disclose personal information to comply with applicable laws, regulations, legal processes, or governmental requests. This includes responding to lawful requests from public authorities to meet national security or law enforcement requirements.
- Data Retention and Security
We retain personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. We take reasonable measures to protect personal information from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
- Your Rights and Choices
5.1 Access and Update You have the right to access, update, and correct inaccuracies in your personal information held by us. You may exercise this right by contacting us using the information provided below.
5.2 Opt-out If you no longer wish to receive marketing communications from us, you can opt out by following the unsubscribe instructions included in each email or by contacting us directly.
5.3 Cookies and Tracking Technologies Most web browsers are set to accept cookies by default. You can modify your browser settings to block cookies or alert you when cookies are being sent. However, please note that disabling cookies may impact your ability to access certain features or functions of our website.
- Third-Party Links
Our website may contain links to third-party websites. We have no control over the content or practices of these websites and are not responsible for their privacy policies. We encourage you to review the privacy policies of these third-party sites before providing any personal information.
- Children’s Privacy
Our services are not directed toward individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us, and we will promptly remove the information from our records.
- Changes to the Privacy Policy
We may update this Privacy Policy from time to time. Any changes will be effective immediately upon posting the revised policy on our website. We encourage you to review this policy periodically for any updates.
- Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at the following Email: info@candorworks.com
We are obliged to respond to your queries at your earliest convenience.