This Privacy Policy describes how Torq Technologies Ltd. (together with its affiliated companies, “Torq”, “we”, “our” or “us”) collects, stores, uses and discloses information associated with an identified or identifiable individual (“Personal Data”). Torq greatly respects your privacy, so we make every effort to provide services that comply with the highest privacy standards. This Privacy Policy explains our practices in relation to Personal Data, and the choices that you can make about the way your Personal Data is collected and used in connection with Torq’s services.

Specifically, this Privacy Policy covers the following:

  1. WHO WE COLLECT PERSONAL DATA FROM
  2. CATEGORIES OF PERSONAL DATA THAT WE COLLECT
  3. WHAT WE USE PERSONAL DATA FOR
  4. WHO WE DISCLOSE PERSONAL DATA TO
  5. DATA RETENTION
  6. SECURITY
  7. COOKIES AND TRACKING TECHNOLOGIES
  8. INTERNATIONAL TRANSFERS OF PERSONAL DATA
  9. TORQ AS A DATA CONTROLLER AND DATA PROCESSOR
  10. YOUR RIGHTS AS A DATA SUBJECT
  11. YOUR RIGHTS UNDER US PRIVACY LAWS
  12. COMMUNICATIONS FROM TORQ
  13. ADDITIONAL NOTICES
  14. CONTACTING US

This Privacy Policy addresses the information we collect about you when you use our security management software-as-a-services product and related services (“Product”), visit our website (https://torq.io/) (“Website”), or otherwise interact with us (for example, by attending our events or by communicating with us) (collectively referred to as “Services”). This Privacy Policy does not apply to Personal Data that we process on behalf of our business customers (“Customers”) when accessing and using our Product. In this case, we process Personal Data in our capacity as a “data processor”, in accordance with instructions provided by our Customer and the terms of our Master Service Agreement (“MSA”) and Data Processing Agreement (“DPA”) entered into between Torq and Customer. For more information, please refer to Section ‎9 below.

Please note that you are not legally obligated to provide us with any Personal Data. If you do not agree with this Privacy Policy, please do not access or use our Services or interact with any other aspect of our business.

We reserve the right, at our discretion, to change this Privacy Policy at any time. The amended version will be effective as of the date it is published. When we make material changes to this Privacy Policy, we will give notice as appropriate under the circumstances (e.g. by displaying a prominent notice on our Website or by sending an email). Your continued use of our Services after the changes have been implemented will constitute your acceptance of the changes.

1. WHO WE COLLECT PERSONAL DATA FROM

Torq collects Personal Data relating to the following:

  • Customer Personnel: We collect the Personal Data of individuals engaging with Torq on behalf of our Customers, including each user accessing and using our Product and procurement and billing personnel (collectively, “Users”).
  • Prospects: We collect the Personal Data of prospective customers, channel partners or technology partners; individuals who interact with our website, social media accounts, digital ads and content, emails or communications under our control; and participants at our events (collectively, “Prospects”).
  • Partners and Vendors: We collect Personal Data relating to our channel partners, technology partners, service providers and vendors.
    As explained above, any Personal Data submitted by our Customers to our Product is processed by Torq in our capacity as a data processor, in accordance with Customer instructions and our MSA and DPA. Please refer to Section ‎9 below for more information.

2. CATEGORIES OF PERSONAL DATA THAT WE COLLECT

We collect or generate the following categories of Personal Data in respect of the Services:

  • Information about you: We may collect any of the following: full name, email address, phone number, company name, job title, profile picture (avatar), login credentials from third-party authentication providers (user name and password), social media profile, contractual and billing details, and any other information submitted or otherwise made available to us by Customers, Users and Prospects. We may also collect your resume/CV and LinkedIn profile in connection with any job application you make through our website and/or social media accounts. We collect this information directly from you, or from other sources and third parties that we engage, such as our Customers (your employer), organizers of events or promotions that both you and us were involved in, third party service providers offering services to be used in conjunction with our Services (such as our learning management service provider, support and ticketing services), and tools and channels we use to connect with individuals in order to explore potential employment and business opportunities, including for example LinkedIn, Greenhouse, ZoomInfo, and Nextroll.
  • Communications: We collect your communications as part of any of the following: interactions through our website, social media channels, and event registration; surveys, feedback and testimonials that you complete; support requests, including voice call and video conference recordings (e.g., with our customer success personnel and solution architects), as well as written correspondences, screen recordings, screenshots, documentation and related information that may be automatically recorded, tracked, transcribed and analyzed, for purposes including analytics, quality control and improvements, training, and record-keeping purposes. We engage third party service providers to assist us in communicating with you, such as Slack, Atlassian, Salesforce, Hubspot and Gong.
  • Usage and device information: We collect technical, connectivity and usage data, such as IP addresses and approximate general locations derived from such IP addresses, device and application data (like type, operating system, mobile device or app ID, browser version, location and language settings used); system logs of actions and events attributed to those IP addresses, devices and applications; the relevant cookies and pixels installed or utilized on your device; and the recorded activity (sessions, clicks, use of features, logged activities and other interactions) of Users and Prospects in connection with our Services. We collect and generate this information automatically, including through the use of analytics and system monitoring tools (including cookies and pixels), which collect data such as: how often Prospects visit or use our Website; which pages they visit and when; which website, ad or email message brought them there; how Users interact with and use the Services and its various features, and technical data concerning the performance, functionality and stability of the Services. We may also collect hashed email addresses derived from emails or other online identifiers collected on our Website, which allows certain service providers to recognize and deliver ads across devices and browsers. To read more about the technologies used by NextRoll, a service provider we engage to provide such marketing services, please refer to NextRoll’s Privacy Notice.

3. WHAT WE USE PERSONAL DATA FOR

Legal Bases: We collect Personal Data as necessary for the performance of our agreements with our Customers (“Performance of Contract”); to comply with our obligations under applicable laws, regulation and standards, as well as contractual obligations (“Legal Obligations”); and to support our legitimate interests in maintaining and improving our Services, to market, advertise and sell our Product to you and others, to provide support services, to effect billing and administrative functions, and to protect the security and integrity of the Services (“Legitimate Interests”); or for any other lawful purpose, or other purpose that you consent to in connection with the provisioning our Services.

If you reside or are using the Services in a territory governed by privacy laws under which consent is the only or most appropriate legal basis for processing Personal Data as described in this Privacy Policy (either in general, based on the types of Personal Data you expect or elect to process or have processed by us or via the Services, or due to the nature of such processing), your acceptance of our MSA and of this Privacy Policy will be deemed as your consent to the processing of your Personal Data for all purposes detailed in this Privacy Policy, unless applicable law requires a different form of consent. If you wish to revoke such consent, please email [email protected].

Uses: We use Personal Data for the following purposes, each in reliance upon one or more of the legal bases for processing noted above:

  • To facilitate, operate, provide and enhance the Services (Performance of Contract; Legitimate Interests);
  • To provide our Customers, Users and Prospects with assistance and support, and to train our Customers and Customer-facing staff (Performance of Contract; Legitimate Interests);
  • To test and monitor the Services, and diagnose or fix technical issues (Performance of Contract; Legitimate Interests);
  • To invoice and process payments (Performance of Contract; Legitimate Interests);
  • To communicate with our Customers, Users and Prospects with general or personalized Services-related messages, as well as promotional messages that may be of specific interest to them (Performance of Contract; Legitimate Interests);
  • To gain a better understanding on how Users and Prospects evaluate, use, and interact with the Services, and to utilize such information to continuously improve the Services, and the overall performance, user-experience and value generated therefrom. We collect such information automatically through such individuals’ usage of the Services (Legitimate Interests);
  • To create aggregated, statistical data and anonymized or pseudonymized data (which cannot be used to identify individuals), which we or others may use to provide and improve our Services, or for any other business purpose such as business intelligence (Legitimate Interests);
  • To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our Services more effectively, including on other websites and applications. This includes contextual, behavioral and interests-based advertising based on User and Prospect activities, preferences or other data available to us or to our service providers and business partners (Legitimate Interests);
  • To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity (Performance of Contract; Legal Obligations; Legitimate Interests);
  • To explore and pursue growth opportunities, including through partnerships with resellers, distributors, MSSPs and other business partners related to our Services; to communicate and perform our obligations under our agreements with our channel partners (Performance of Contract; Legitimate Interest);
  • To facilitate, sponsor and offer certain events, webinars, contests and promotions (Legitimate Interest);
  • To provide you access to resources and assets (Performance of Contract; Legitimate Interest);
  • To process your job application and assess your candidacy (Performance of Contract; Legitimate Interest);
  • To publish your feedback and submissions to our Website, public forums and blogs (Legitimate Interest);

4. WHO WE DISCLOSE PERSONAL DATA TO

We may disclose Personal Data as follows:

  • Service Providers: We engage selected third parties to perform services on our behalf. Our service providers may have access to Personal Data, depending on each of their specific roles in facilitating the provision of our Services or other activities, and may only use Personal Data as set forth in our service agreements with them. These include providers of third party products, services, applications and tools used in connection with the Services, including third party applications which interoperate with the Product (“Third Party Services”); our hosting providers; data, security and fraud detection services; web analytics services; session or activity recording services; performance measurement services; billing and payment processing services; customer relationship and customer service management services; learning management services; support and ticketing services; video conferencing services; sales engagement services; content, lead generation and marketing services; social media services; hiring management services; and our legal, compliance, financial and other professional advisors and auditors. If you wish to receive a detailed list of our service providers, please contact us.
  • Customers and Other Users: Your Personal Data may be shared with our Customer in respect of which you are a User (including data and communications concerning your user profile), as well as other Users within the same organization.
  • Third Party Service Integrations: You may choose to integrate the Product with certain Third Party Services. Depending on the nature and purpose of such integration, a Third Party Service provider may receive and/or share relevant Personal Data with us about you. Note that we do not receive or store your passwords for any of these Third Party Services, but we do typically require your API key in order to integrate with them. Third Party Services are independent of Torq, and each Third Party Service provider has their own privacy policies and practices in place for its collection, use, and sharing of your Personal Data. Please check the permissions, privacy settings, and notices for these Third Party Services or contact the provider directly with any questions.
  • Channel Partners: We engage selected resellers, distributors, MSSPs, and other business partners in order to explore and pursue growth opportunities. In such instances, we may share certain relevant Personal Data with the respective channel partner to allow them to engage with those Customers for such purposes. If you directly engage with any of our channel partners, any aspect of that engagement which is not directly related to our Services and/or directed by Torq is not subject to the terms of this Privacy Policy, and is governed by the relevant channel partner’s terms and privacy policy.
  • Events: If you register to any event that we host, organize or sponsor, we may share your registration details with others, including the hosts, organizers, speakers, service providers and sponsors of that event, so that they may contact you with relevant information and offers related to the event.
  • Feedback: If you submit a public review or feedback, we may store and present your review publicly, on our Website or on another public platform, at our discretion. If you wish to remove your public review, please contact us.
  • Legal Compliance: In exceptional circumstances, we may disclose or allow government, judicial or law enforcement officials access to your Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect the security or integrity of the Services.
    Protecting Rights and Safety: We may share your Personal Data with others if we believe in good faith that this will help protect the rights, property or safety of Torq, any of our Customers or Users, or any members of the general public.
  • Torq Affiliates: We share Personal Data internally within our affiliates, for the purposes described in this Privacy Policy. In addition, should Torq or any of its affiliates be the subject of any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets, your Personal Data may be shared with the parties involved in such an event. If we believe that such change in control might materially affect your Personal Data then stored with us, we will notify you of this event and the choices you may have via email or prominent notice.

Torq may also share your Personal Data in ways other than those mentioned above, if you provide your consent or if we are legally obligated to do so, or if such data has become non-personal and anonymous.

5. DATA RETENTION

We retain your Personal Data for as long as it is reasonably needed in order to maintain our relationship and provide you with our Services; in order to comply with our legal and contractual obligations; and to protect ourselves from any potential disputes, all of which is further set forth in Torq’s data retention policy. We determine our retention periods by taking in account the amount, nature, and sensitivity of the applicable Personal Data, the purposes for which we process it, the potential risk of harm from unauthorized use or disclosure of such data, and applicable legal requirements.

6. SECURITY

We use industry-standard physical, procedural and technical security measures, including encryption as appropriate, to protect your Personal Data from loss, misuse and unauthorized access or disclosure. However, regardless of any security measures used, we are unable to guarantee the absolute protection and security of any Personal Data stored with us or with any third parties as described in Section 4 above. To learn more about our current practices and policies regarding security, please visit Torq’s Trust Centre.

7. COOKIES AND TRACKING TECHNOLOGIES

We, as well as certain service providers, utilize cookies and other similar technologies in our Services to assist us in collecting certain other information about you. To learn more about our practices concerning cookies and tracking, and your opt-out controls and other options, please refer to our Cookies Notice.

8. INTERNATIONAL TRANSFERS OF PERSONAL DATA

In order to facilitate our Services, we may transfer your Personal Data to countries other than the one in which you live. Torq Technologies Ltd. is headquartered in Israel. We and our service providers collect, process, maintain and store Personal Data in Israel, the United States, Europe, and other locations as reasonably necessary for the proper performance and delivery of the Services or as may be required by applicable law. Torq ensures compliance with the requirements of appliable data protection laws and regulations with regards to the transfer of Personal Data overseas.

For individuals located in the EEA, the UK and Switzerland, Israel is considered by the European Commission, the United Kingdom Secretary of State, and the Swiss Federal Data Protection and Information Commissioner (FDPIC), as a jurisdiction which offers an adequate level of protection for Personal Data of individuals of EU Member States, the UK and Switzerland. We transfer Personal Data from the EEA, the UK and Switzerland to Israel on this basis. With regards to transfer of Personal Data to countries which are not considered to offer an adequate level of data protection, we and the relevant data importers enter into Standard Contractual Clauses as approved by the European Commission, UK Information Commissioner’s Office, and the FDPIC (as appropriate).

When Torq processes Personal Data on behalf of a Customer, such Personal Data is processed in the locations as permitted in our MSA and DPA with such Customer (as further described in Section ‎9 below).

9. TORQ AS A DATA CONTROLLER AND DATA PROCESSOR

Data protection laws and regulations, including the EU and UK General Data Protection Regulation (GDPR), and California Consumer Privacy Act (including the California Privacy Rights Act) (“CCPA”), make a distinction between the party determining the purposes and means of processing of Personal Data (the “data controller”, or “business” under the CCPA); and the party processing Personal Data on behalf of the data controller (or business) (the “data processor” or “service provider” under the CCPA).

With respect to Personal Data that Torq collects from its Customers, Users and Prospects as set forth in this Privacy Policy, Torq is a data controller.

With respect to Personal Data that Users submit when accessing and using our Product, Torq is a data processor.  We process Personal Data on behalf of our Customers (who are the data controllers of such Personal Data) in accordance with our Customers’ reasonable instructions and subject to our MSA and DPA. When using our Product, our Customers are solely responsible for determining how they wish to use our Services, and for ensuring that all Users, as well as all individuals whose Personal Data may be processed through the Product, have been provided with adequate notice and given their informed consent to the processing of their Personal Data, where such consent is necessary or advised, and that all legal requirements applicable to the collection, use or other processing of data through our Product are fully met by the Customer. Our Customers are also responsible for handling data subject rights requests under applicable law, by their Users and other individuals whose data they process through the Product.

If you would like to make any requests or queries regarding Personal Data we process as a data processor on our Customers’ behalf, including accessing, correcting or deleting your Personal Data, please contact us.

10. YOUR RIGHTS AS A DATA SUBJECT

You are entitled to exercise your privacy rights under data protection laws and regulations applicable to you, such as the EU and UK GDPR, CCPA, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act and any other applicable data protection law. These rights may include the following:

  • Your right to access Personal Data held by Torq. Your right of access may normally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
  • Your right to request that we rectify any Personal Data we hold that is inaccurate or misleading;
  • Your right to request the deletion of your Personal Data. Please note that there may be circumstances in which we are required to retain your Personal Data, for example for the purposes of legal claims and proceedings;
  • Your right to object to or to request restriction of the processing;
  • Your right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller (data portability);
  • Your right to object to profiling;
  • Your right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, such as if the processing is required to meet our legal and regulatory obligations. Please also be aware that the withdrawal of consent shall not affect the lawfulness of processing based on consent prior to withdrawal;
  • If you are protected by EU GDPR, you also have a right to request certain details regarding the transfer of your Personal Data outside of the EEA, it being clarified that any data transfer agreements and/or other details requested may need to be partially redacted for reasons of commercial confidentiality;
  • Your right to lodge a complaint with your local data protection supervisory authority. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution.

You can exercise your rights by emailing [email protected]. You may use an authorized representative to submit a request on your behalf if you provide the authorized representative written permission signed by you. To protect your privacy, we may take steps to verify your identity before fulfilling your request. Subject to legal and other permissible considerations, we will make every reasonable effort to respond your request promptly in accordance with applicable law or inform you if we require further information in order to fulfill your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing your request. We will not be able to fulfill your request unless you have provided sufficient information that enables us to reasonably verify that you are the individual about whom we collected the Personal Data, and that such data is processed on behalf of any of our Customers, so that we may forward it to such Customer for their further handling. Such additional information may then be retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request, and of how each request was handled), in accordance with Section ‎5 above. We reserve the right to charge a fee where permitted by law, for instance if your request proves to be unfounded or excessive.

In the event that your request would adversely affect the rights of others (for example, confidentiality) or if we are legally entitled to deal with your request in a different way than initial requested, we will address your request to the maximum extent possible, all in accordance with applicable law. This may include redacting data which we make available to you.

If your request relates to Personal Data that is processed on our Customer’s behalf in our capacity as a data processor (please refer to Section ‎9 above), please note that it is the Customer who exclusively determines how Personal Data is processed, as well as if and how your request should be handled. We recommend that you submit your request directly to the relevant Customer.

11. YOUR RIGHTS UNDER US PRIVACY LAWS

We describe in this Privacy Policy, the categories of personal information we may collect and the sources of such information (Section ‎2), and details of what we use your information for, and who we provide your information to (Sections ‎3‎4), which includes “business purposes” under the CCPA and similar US state laws, as applicable. We also provide describe our retention of Personal Data (Section ‎5) and the rights of data subjects in relation to the Personal Data that we collect (Section ‎10).

We do not “sell” or “share” your Personal Data for the intentions and purposes of the CCPA, nor disclose personal information to any third party for their direct marketing purposes. We may disclose Personal Data to certain third parties, and allow certain third parties to collect Personal Data from our Services, as follows: (a) our service providers or partners who have agreed to our terms regarding retention, use, and disclosure of such Personal Data; (b) Third Party Service providers with whom you have integrated our Product; (c) third parties to whom we disclose your Personal Data on your instruction; or (d) any other third party as otherwise described in Section 4 above. You may also designate an authorized representative to request to exercise your privacy rights on your behalf. We will not penalize you by withholding our Services or providing a lower quality of service to you for requesting to exercise your rights under the law.

If you would like to exercise your rights under any applicable US Privacy Law or have any questions in this regard, please email [email protected].

12. COMMUNICATIONS FROM TORQ

Communications regarding our Services: We may contact you with important information regarding our Services For example, we may send you notifications (through any of the means available to us) of changes or updates to our Services, billing issues, log-in attempts or password reset notices, etc. You can control your communications and notifications settings in accordance with the instructions that may be included in the communications sent to you. However, please note that you will not be able to opt-out of receiving certain Services communications which are required for your use of the Services (like password resets or billing notices).

Promotional Communications: We may also notify you about new features, additional offerings, events and special opportunities or any other information we think you will find valuable, as a Customer, User or Prospect. We may provide such notices by posting the same of our Website; by contacting you by phone, mobile, or email; or through our marketing campaigns on any other sites or platforms. If you do not wish to receive such promotional communications, please contact us or follow the “unsubscribe”, “stop”, “opt-out” or “change email preferences” instructions contained in the promotional communications you receive.

13. ADDITIONAL NOTICES

Third Party Websites and Services: Our Services includes links to third party websites and services, including integrations of Third Party Services. Such third party websites and services, and any information you submit to such third party websites and services, are governed by such third party’s terms and privacy practices and policies, and not by this Privacy Policy. Please carefully read the terms and privacy policies of such third party websites and services.

Children under the age of 16: We do not knowingly collect Personal Data of children under the age of 16, and do not wish to receive such Personal Data. We will attempt to block any use of our Services by any child under the age of 16, and use best efforts to promptly delete any Personal Data stored with us pertaining to such child. If you believe that we may be in possession of any such Personal Data, please notify us immediately.

14. CONTACTING US

If you have any comments, questions or complaints regarding our Privacy Policy or our privacy practices, or if you have any concerns regarding your Personal Data held with us, please contact Torq by emailing [email protected], or at our mailing address at 3 HaMelacha St., Tel Aviv, 6721503, Israel.

Last update: October 24, 2023

Last Updated: 31 December 2024

This privacy policy (“Privacy Policy”) describes how Torq Technologies Ltd. (together with its affiliated companies, “Torq”, “we”, “our” or “us”) collects, stores, uses and discloses information relating to identified or identifiable individuals (“Personal Data”) when: 

  1. entering into our Torq Technologies Master Service Agreement, or other service agreement for the use of our software-as-a-services product (“Product” and “Customer” respectively);
  2. working as a channel partner (such as reseller, distributor, MSSP, and other business partners) or supplier of Torq and interacting with our company in the course of doing business or contemplating doing business with us (“Channel Partner” or “Vendor” respectively);
  3. using the Product as an authorized user (“Authorized User”); or
  4. exploring our Product and similar offering while visiting our website available at: or other landing pages, registering for, attending and/or otherwise taking part in our events, webinars, public community, trainings and certification courses (collectively “Sites”), interacting with digital ads and content we publish, etc. (collectively, “Prospects”). 

The “Product” and the “Sites” are collectively referred to in this Privacy Policy as “Properties”. Customers, Authorized Users, Partners and Prospects may be referred in this Privacy Policy, individually and collectively, as “you”. 

Our Properties are intended to be used by businesses and their representatives. We do not offer any products or services to individuals for personal, family or household use. All Personal Data that we process is treated as belonging to individuals in a business capacity.

This Privacy Policy does not apply to: (i) Personal Data that we process on behalf of our Customers that is uploaded, submitted or otherwise made available through the Product by Authorized Users, which is governed by Torq’s Data Processing Agreement or other data processing agreement entered into between the Customer and Torq; (ii) Personal Data that we process in connection with our recruitment activities, which is covered by Torq Job Candidates Privacy Notice; and (iii) Personal Data collected by third parties whose services are accessible through our Properties.

This Privacy Policy also provides information on privacy choices, how to exercise these rights and how to contact us with any questions. If you do not agree with this Privacy Policy, please do not access or use our Properties or any other aspect of our business.

This Privacy Policy applies to our operations globally. To the extent you are a California resident, additional information regarding our privacy practices is provided to you in Section ‎9 – Supplemental Information for California Residents. For the purpose of this Privacy Policy, any reference to “Personal Data” shall mean and include “Personal Information” as defined under applicable data protection laws.

  1. 1. Contact Information and Data Controller Information

  2. Torq Technologies Ltd., incorporated under the laws of the State of Israel, is the controller (as such term is defined under the EU and UK General Data Protection Regulations “GDPR” or equivalent privacy legislation) of certain Personal Data it collects and processes about you.

    If you have any questions, inquiries or concerns regarding the processing of your Personal Data, or would otherwise like to contact us in connection with this Privacy Policy, you can contact us through the following means:

    By email: [email protected]

    By mail: 3 HaMelacha St., Tel Aviv 6721503, Israel

  3. 2. Categories of Personal Data Collected, Purpose of Use, Source of Collection and Lawfulness

  4. Source of Collection Type of Personal Data Purpose of Use Lawful Basis under the GDPR
    Customers, Channel Partners and Vendors
    Information provided directly by you or by our Channel Partner  Onboarding Information: 

    We collect certain personal information relating to Customer, Channel Partner and Vendor personnel during onboarding, which may include full name, business email address, job title and business phone number. 

    We use your onboarding information to facilitate our legal contract with you, and for account management purposes, including billing and invoices, as well as other service-related communication. We process your onboarding information for the performance of our contract with you. 
    Authorized Users
    Information provided directly by you or as provided by third party authentication providers  Login Information:

    We will collect your login information used to access the Product including your email address and password, or your login credentials from third-party authentication providers, including your Avatar.

    We use this information to facilitate your access to the Product and for authentication purposes. We process your login information for the performance of our contract with you. 
    We use your email address for direct marketing purposes – i.e., to send you marketing-related emails including materials and content regarding the services you are currently using or other new services we may offer in the future. We use this information for direct marketing subject to our legitimate interest. You can opt-out of receiving direct-marketing emails at any time by selecting the “unsubscribe” option at the bottom of the email. Please note that if you choose to unsubscribe from our direct marketing emails, we will still retain your email address to send you service-related emails regarding event registration, service announcements or security information.
    Information we collect automatically  User and Device-Related Data:

    We use standard automated data collection tools, such as cookies, web beacons, tracking pixels, tags, and similar tools, to collect technical information about how you interact with our Product. 

    While such data is mostly technical and non-personal in nature, it may be combined with Personal Data such as your user ID, email address, IP address, etc. 

    This technical data may include the following: the type and number of workflows and/or cases you have created; the pages or features you have accessed or used, and the time spent on those pages or features; terms entered; commands executed; etc. 

    We collect this user and device-related data to generate and analyse aggregated non-personally identifiable information, which is then used as follows: to provide support and to ensure continued proper functioning of our Product; to protect the security and integrity of the Product, including to detect, prevent, and respond to potential or actual security incidents and to monitor and protect against other malicious, deceptive, fraudulent or illegal activity, including any violations of our use  limitations, Acceptable Use Policy or other terms and policies; to enhance and improve our Product by using information for internal training and research to analyse how Authorized Users use the Product.

     

    We collect this information subject to our legitimate interest.
    We also use standard automated data collection tools to collect information about how Authorized Users interact with our emails.  For example, we may place a pixel in our emails that notifies us once you have opened the email or clicked on a link within an email.  We use these technologies to improve our communications with you. We collect this information subject to our legitimate interest.
    Prospects
    Information provided directly by you or provided by third-party sources including data brokers, social media platforms and from our Channel Partners. Contact Information:

    We will collect certain personal information pertaining to Prospect personnel, including full name, country and state of residency, business email address, job title, phone number, social media profile, as well as additional information you may choose to provide to us directly (for example, when sending us inquiries or when interacting with our public community). 

    We use this information to respond to your enquiries, questions, comments and requests; to facilitate our public community (including to allow your login to such community, where you have created an account not as an Authorized User), targeted advertising campaigns; for lead generation; events promotion, etc.

    This information helps us to update and improve our records and identify new prospects.

    We collect this information subject to our legitimate interest.
    Information we collect automatically Usage and Behavioral Data:

    We use standard automated data collection tools, such as cookies, web beacons, tracking pixels, tags, and similar tools, to collect information about how individuals use our Sites and interact with our emails. For example, when you visit our Sites, we may collect certain information about your computer or device (such as operating system, device identifier, browser language, and Internet Protocol (IP) address), and information about your activities on our Sites (such as how you came to our Site, referring URLs and browsing behaviour, access times, the links you click on, clicks and cursor movements, and other statistical information). 

    We may also use web beacons and pixels in our emails. For example, we may place a pixel in our emails that notifies us once you have clicked on a link within an email. We may also use your IP address to derive your general location information.

    The types of data collection tools we use may change over time as technology evolves. You can learn more about our use of cookies and similar tracking tools, as well as how to opt out of certain data collection practices, by visiting our Cookie Notice.

    We use this information to help us understand how you are using our Sites, how to improve our Sites, and to facilitate targeted advertising campaigns. We also use these technologies in our emails to improve our communications with you. Strictly necessary cookies which are required for the proper and basic operation of the Sites are used based on our legitimate interest of operating our Sites. Additional data collected use for analytics and marketing will be processed based on your consent which we will obtain through our consent management platform.
    Information we collect directly from you Audio and/or Visual Recordings:

    We may collect visual recording of your attendance at events or audio and/or visual recordings of your meetings with our team, in compliance with applicable laws.

    We use visual recordings from events to market Torq and our Product. We use recordings of your meetings with our team for internal training and research.  We collect audio and/or visual recordings subject to your consent.

    Please note that meeting recordings will only occur subject to applicable law – by way of explicit consent or subject to our legitimate interest.

  5. 3. Disclosure to Third Parties

  6. We disclose Personal Data to third parties that help us operate, provide, improve, integrate, customize, support and market our Properties, as detailed below.

    Recipient Purpose of Disclosure
    Torq Affiliates We may share certain Personal Data internally within our group of companies, for the purposes described in the table above under Section ‎2. In addition, should Torq or any of its affiliates be the subject of any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets, your Personal Data may be shared with additional parties as necessary to fulfill such reorganization. 
    Service Providers We may disclose Personal Data to third party service providers for general business purposes and to support our internal operations, including IT solutions vendors; hosting services; customer relationship and customer service management services; learning management services; sales engagement services; event sponsors; content, lead generation and marketing services; billing and payment processing services; as well as other consultants and professional advisers including lawyers, bankers, auditors and insurers. We may also disclose Personal Data where we believe it necessary in order to protect, exercise, establish or defend our legal rights.

    If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including appropriate security and confidentiality procedures designed to protect your information.

    Other Authorized Users At the direction of an Authorized User, Personal Data may be shared with other Authorized Users within the same organization (for example when communicating through the Product or sending an invite to an individual who is not a User yet, to access and use the Product).
    Shared Communities  Any Personal Data or other information you choose to submit in our public community, forums or blogs on our Sites may be read, collected and used by others who visit these forums, including other users of the Sites.
    Integrations When integrating third-party services directly within Torq workflows, Torq may disclose certain data with the external third-party service. 

    Third-party services are independent of Torq, and each third-party service provider has its own privacy policies and practices in place for its collection, use, and sharing of your Personal Data. Please check the permissions, privacy settings, and notices for these external services or contact the provider directly with any questions.

    Channel Partners We engage selected Channel Partners in order to explore and pursue growth opportunities. In such instances, we may share certain relevant Personal Data with the respective Channel Partner to allow them to engage with those Customers for such purposes. If you directly engage with any of our Channel Partners, any aspect of that engagement which is not directly related to our Product and/or directed by Torq is not subject to the terms of this Privacy Policy, and is governed by the relevant Channel Partner’s terms and privacy policy.
    Law Enforcement  We may disclose Personal Data to a third party where we are legally required to do so in order to comply with any applicable law, regulation, legal process or governmental request, including government authorities, law enforcement and others; or where we have a legitimate interest in disclosing such data to enforce our and our personnel’s rights.

    We may also share your Personal Data in ways other than those mentioned above, if you provide your consent or if we are legally obligated to do so, or if such data has become non-personal and anonymous.

  7. 4. Data Retention

  8. We retain your Personal Data for so long as we have an ongoing legitimate business need to do so (in connection with the purposes set out in Section ‎2 above). We determine our retention periods by taking in account the amount, nature, and sensitivity of the applicable Personal Data, the original purposes for which such Personal Data was collected, the potential risk of harm from unauthorized use or disclosure of such data, and applicable legal requirements. When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize your Personal Data.

  9. 5. Cookies and Other Tracking Technologies

  10. You can manage your cookie preferences by visiting our consent management platform to customize your cookie settings. Please see our Cookie Notice for further information on cookies and other tracking technologies.

  11. 6. Security

  12. We use industry-standard physical, procedural and technical security measures, including encryption as appropriate, to protect your Personal Data from loss, misuse and unauthorized access or disclosure. However, regardless of any security measures used, we are unable to guarantee the absolute protection and security of any Personal Data stored with us or with any third parties as described in this Privacy Policy. To learn more about our current practices and policies regarding security, please visit Torq’s Trust Centre.

  13. 7. International Transfers of Personal Data

  14. In order to facilitate our business operations, we may transfer your Personal Data to countries outside of your country of residence. We, as well as our Vendors, collect, process, maintain and store Personal Data in Israel, the United States, Europe, and other locations as reasonably necessary for the proper performance and delivery of the Properties or as may be required by applicable laws. Torq ensures compliance with the requirements of appliable data protection laws and regulations with regards to the transfer of Personal Data overseas.

    For individuals located in the EEA, the UK and Switzerland, Personal Data is transferred to Israel on the basis that Israel is considered by applicable data protection authorities as a jurisdiction which offers an adequate level of protection for Personal Data. With regards to transfer of Personal Data to countries which are not considered to offer an adequate level of data protection, we and the relevant data importers enter into Standard Contractual Clauses as approved by the European Commission, UK Information Commissioner’s Office, and the FDPIC (as appropriate). 

    When we process Personal Data on behalf of a Customer, such Personal Data is processed in the territories as permitted in our MSA and DPA with such Customer. 

  15. 8. Your Privacy Choices

  16. You have certain choices available to you when it comes to Personal Data that Torq collects in accordance with this Privacy Policy. 

    Not all jurisdictions grant the same privacy rights, and the nature of those rights will be determined by multiple factors, including the lawful purpose under which we process your Personal Data as detailed in the table under Section ‎2 above, as well as the location, country, state, or your place of residence. Below is a summary of those choices, how to exercise them and any limitations. 

    • Information: you can request more information about how we process your Personal Data. 
    • Access: you can request access to the Personal Data we hold about you.
    • Rectification: you can request us to modify or correct your Personal Data which is currently inaccurate or incomplete.
    • Erasure: you can request that we delete any Personal Data we hold about you.
    • Restriction: you can request that we restrict the use of your Personal Data.
    • Objection: you can object to the processing of your Personal Data based on legitimate interests.
    • Portability: you can request a copy of your Personal Data in a structured, commonly used, machine-readable format, to allow you to transfer your Personal Data to another provider. Note that where you have asked us to disclose data to third parties, you will need to contact those third-party service providers directly to have your information deleted or otherwise restricted. 
    • Automated decision making: you can request not to be subject to a decision based solely on automated processing, where it produces a legal or similar effect.
    • Opt out from the “sale” or “sharing” of Personal Data and targeted advertising.
    • You have the right to exercise any of those applicable privacy rights free from discriminatory treatment and retaliation. If you wish to exercise any of these requests, please fill out our Data Subject Request Form. For certain rights, such as where you request access to Personal Data, we will need to confirm your identity, by requesting your ID or otherwise. 

    • Promotional communications & cookies and other tracking technologies: At any time, you have the right to opt-out from: (i) the collection of your Personal Data for behavioural advertising and analytics by using the consent manager platform settings within our Site, (ii) any marketing communications that we send by clicking the ‘Unsubscribe’ link at the footer of the communication. 

    The above-mentioned rights are not absolute, and in certain cases we may decline, in whole or in part, your request as permitted by law (for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we are permitted by law or otherwise have compelling legitimate interests to retain). Also note that your rights may generally be exercised free of charge, however we reserve the right to charge an appropriate administrative fee were permitted by law.

    If you have unresolved concerns, you may have the right to file a complaint with a data protection authority in the country where you live, where you work or where you feel your rights were infringed. You may also contact us as provided in the “Contact Us” Section ‎12 below to appeal any decision we make relating to your request to exercise your rights.

    If your request relates to Personal Data that is processed on our Customer’s behalf in our capacity as a data processor, please note that it is the Customer who exclusively determines how Personal Data is processed by Torq, as well as if and how your request should be handled. We recommend that you submit your requests directly to the relevant Customer. 

  17. 9. Supplemental Information for California Residents

  18. If you are a California resident, this information provided in this section applies to you in addition to the rest of the Privacy Policy. It provides further details on how we collect, use and disclose Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this Section 9, the term “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”). However, this Section 9 does not apply to:

    • Information exempted from the scope of the CCPA; and
    • Information exempted from the scope of this Privacy Policy as detailed in the preamble of this Privacy Policy.
  19. 9.1 Categories of Personal Information Collected, Purpose of Use, and Recipients

  20. The table below describes the categories of Personal Information we have collected in the past 12 months, the purposes for which we have collected this information, the categories of recipients of disclosures made for business purposes in the past 12 months, and the categories of recipients of disclosures made in the past 12 months that may be considered “sale” of Personal Information or “sharing” of Personal Information for cross-context behavioural advertising under the CCPA.

    Category of Personal Information Purpose(s) for Collecting & Disclosing Recipients of Disclosures for Business Purposes Recipients of “Sales” or “Sharing”
    Identifiers, such as name, email address, phone number, unique identifiers associated with a User or a User account, IP address, and UID.
    • User authentication
    • Service access controls
    • Billing
    • Analytics and research
    • Responding to inquiries
    • Marketing purposes such as direct marketing, lead generation and personalized communications
    • Detecting security incidents
    • Debugging
    • Internal research
    • Properties enhancements
    • Torq affiliates 
    • Service providers
    • Channel Partners and Vendors
    • Shared communities
    • Other Users
    We share this information for cross- context behavioural advertising with our third-party advertising providers
    Commercial information, about what an
    individual has
    purchased or
    obtained from
    Torq, including
    tickets to Torq
    sponsored events, or about publications and
    content where an
    individual has
    attended webinars, joined our courses,
    or downloaded
    content.
    • Facilitating access to the applicable service, webinar, course, etc.
    • Billing
    • Analytics and research
    • Marketing
    • Detecting security incidents
    • Debugging
    • Internal research
    • Site enhancements
    • Torq affiliates 
    • Service providers
    NA
    Internet or other electronic network activity information, such as information about your usage of the Properties, clickstream data, device and connection information, browser information, crash data, referring/exit URLs, IP address, etc.
    • Internal research
    • Security operations
    • Properties enhancements
    • Torq affiliates 
    • Service providers
    We share this information for cross- context behavioural advertising with our third-party advertising providers
    Visual information, such as photos or avatars, with your consent, recordings of your attendance at our events; and audio information, such as recordings from our call and meetings.
    • Internal research
    • Marketing 
    • Torq affiliates 
    • Service providers
    NA
    Professional or employment information, such as job title, company name, company domain.
    • Facilitate our legal contract with you and comply with your inquiries
    • account management purposes, including billing and invoices, as well as other service-related communication
    • Torq affiliates 
    • Service providers
    • Channel Partners
    NA
    Geolocation data, such as your approximate location, IP address, and time zone.
    • User authentication
    • Service access controls
    • Analytics and research
    • Marketing purposes
    • Detecting security incidents
    • Debugging
    • Internal research
    • Properties enhancements
    • Torq affiliates 
    • Service providers
    We share this information for cross- context behavioural advertising with our third-party advertising providers
    Inferences (drawn about you based on other Personal Information we collect), such as preferences, interests, user behaviour data.
    • Personalized targeted advertising
    • Lead generation
    • Internal research
    • Torq affiliates 
    • Service providers
    We share this information for cross- context behavioural advertising with our third-party advertising providers
    Sensitive Personal Information which is your access credentials to our Sites.

    Note – this type of Sensitive Personal Information is treated as Personal Information, therefore you do not have the right to direct us to limit our use of such information for the business purposes mentioned in this table. 

    • User authentication
    • Service access controls
    • Torq affiliates 
    • Service providers
    NA
  21. 9.2 Your California Privacy Choices

  22. As a California resident, you have information, access, rectification, erasure, and non-discrimination rights as described in Section 8. 

    • The Sale and Sharing of Personal Information
    • In addition to those rights mentioned above in Section ‎8, you have the right to opt-out of the “sale” or “sharing” of Personal Information as those terms are defined by the CCPA. We do not “sell” Personal Information in the traditional sense of exchanging information for monetary payment. However, we share your Personal Information for cross-contextual behavioural advertising as detailed in the table above. You have the right to opt out of these activities by: 

      1. clicking the “Do not Sell or Share My Personal Information” link in the footer of our website and follow the instructions therein, to opt out from the use of your Personal Information for targeted advertising through cookies and other online tracking technologies within our Sites.
      2. use the consent management platform settings within our Sites to opt out of the sharing of Personal Information for behavioural advertising.
      3. set your device settings to opt out of the sharing of Personal Information for behavioural advertising.
      4. submit this Data Subjects Rights Form.
      5. enabling Global Privacy Control (“GPC”) in your web browser or browser extension, which we recognize to the extent required by applicable law. Enabling GPC will automatically set your cookie settings to opt out of the sharing of Personal Information for behavioural advertising. If you choose to use GPC, you will need to turn it on for each supported browser or browser extension you use. 

      Please note that your opt-out from sharing your Personal Data for targeted advertising shall not affect our right to request your consent to such share again after twelve (12) months.
      Also note that we do not knowingly “sell” or “share” the Personal Information of individuals under 16 years of age.

    • De-Identified Data
    • We do not to attempt to re-identify de-identified information that we derive from Personal Information, except for the purpose of testing whether our de-identification processes comply with applicable law.

    • Authorized Agent
    • If you have appointed an authorized agent to act on your behalf, your authorized agent may request to exercise these rights on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to applicable California law. If you have not provided your authorized agent with such power of attorney, we may ask you and/or your authorized agent to take additional steps permitted by law to verify that your request is authorized, such as information required to verify your identity and that you have given the authorized agent permission to submit the request.

  23. 10. Children

  24. We do not knowingly collect Personal Data of children under the age of 16, and do not wish to receive such Personal Data. We will attempt to block any use of our Services by any child under the age of 16 and use our best efforts to promptly delete any Personal Data stored with us pertaining to such child. If you believe that we may be in possession of any such Personal Data, please notify us immediately.

  25. 11. Amendments 

  26. We reserve the right to periodically change this Privacy Policy. The amended version will be effective as of the date it is published and appears in the header of this Privacy Policy. When we make material changes to this Privacy Policy, we will give notice as appropriate under the circumstances. Your continued use of our Properties after the changes have been implemented will constitute your acceptance of these changes.

  27. 12. Contact Us

  28. If you have any comments, questions or complaints regarding our Privacy Policy or our privacy practices, or if you have any concerns regarding your Personal Data held with us, please contact Torq by emailing [email protected], or at our mailing address at 3 HaMelacha St., Tel Aviv, 6721503, Israel.