Introduction

Overview: RooTree Analytic Inc. and RooTree Analytic LLP (collectively referred to as “RooTree,” “we,” “us,” or “our”) are committed to safeguarding your privacy, whether you use our services online as a cloud service or offline through custom or on-premise installations. This Privacy Policy outlines how we collect, use, and protect your personal information and ensures compliance with applicable data privacy laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant data protection laws. 

Contact Information: If you have any questions or concerns regarding this Privacy Policy or your personal data, please contact us at privacy@rootreeinc.com.. 

2. Definitions

• Personal Data: Any information that can reasonably associate or link to an identifiable natural person. It includes identifiers such as names, identification numbers, location data, or factors specific to an individual’s identity. 

• Personal Information (California Residents): Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, excluding publicly available government records and de-identified or aggregate customer information as defined by CCPA/CPRA. 
• Sensitive Personal Data: Information revealing an identified or identifiable natural person’s sensitive attributes, such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health information, and more. 
• Process, Processes, Processed, or Processing: Any operation performed on Personal Data, including collection, recording, organization, storage, retrieval, use, disclosure, alignment, combination, restriction, erasure, or destruction, whether automated or manual. 
• Consent: Freely given, specific, informed, and unambiguous indication of a Data Subject’s wishes, signifying agreement to the processing of their Personal Data. 
• Data Subject: An identified or identifiable natural person to whom the Personal Data relates. This includes Xoxoday employees, prospective candidates, customer personnel, partner/vendor personnel, website visitors, sub-contractors, and visitors. For CCPA/CPRA, Data Subject includes California residents. 

• Data Controller: A person or organization determining the purposes and means of Personal Data processing, which, in this Policy, refers to RooTree and its affiliates, where relevant. 
• Data Processor: A person or organization processing Personal Data on behalf of and under the instruction of the Data Controller. 
• Third Party: Any person other than the Data Subject, Data Controller, Data Processor, or other authorized data processing entities. 

3. Personal Information We Collect and Process and How We Use It

Information from Customer Companies: When a Customer Company expresses interest in our Service, we collect information through our sign-up form, including full names, email addresses, company names, and phone numbers. This information is collected via a landing page accessible through various directory services detailed in our Third-Party Provider. 

Personal Data from Employee Users: We collect HR information and other Employee User data from Customer Companies, which may include full names, email addresses, phone numbers, and other necessary information. This data is provided by the Customer Company’s HR department directly or indirectly through system connections, allowing analytics. We also collect Employee User opinions when they participate in surveys or peer conversations on our platforms. Certain tracking data, including email addresses, device IDs, and IP addresses, are collected through Google Analytics and Freshdesk for analytical purposes. 

Payment Information: If a third party is not paying for the service on your behalf, we collect billing and financial information, including postal and email addresses, necessary to process charges for our services. This information may also be received when purchases are processed by third-party payment processors. 

Technical and Usage Information: When you access our websites or use our Services, we collect technical information about your devices, including IP addresses and mobile device IDs, as well as usage statistics to enhance your experience. 

Cookies and Automated Information Collection: We collect certain technical information through cookies and automated tracking technologies to analyze site usage, provide personalized experiences, and manage testimonials. You can configure your web browser to manage cookies. 

Other Sources: We may collect information from third-party sources to supplement user profiles and enhance connectivity. 

4. How We Use the Information We Collect

We use collected information to provide, maintain, and improve our Service, respond to inquiries and requests, communicate with users, monitor trends, personalize and improve our offerings, and ensure data security. We will not sell, rent, or share Personal Data without consent, except for legal, enforcement, or internal operational purposes. 

5. Data Recipients, Transfer, and Disclosure of Personal Information

We do not share Personal Information for direct marketing purposes without your consent. We may disclose Personal Information when required by law, to protect our rights or safety, investigate fraud, or comply with legal processes. In the event of a business transfer, Personal Data may be shared. 

6. How Is My Data Protected?

We implement administrative, technical, and physical security measures to protect your Personal Data from unauthorized access, destruction, or alteration. These measures include SSL encryption, password protection, secure server storage, restricted staff access, non-disclosure agreements, staff training, and more. 

7. Retention and Disposal of Personal Data

We retain User Data for seven years from the termination of the contract, employee data for eight years as per the Indian Companies Act, financial data for eight years, audit logs for one year, and other records for three years. 

8. Children’s Personal Information

We do not knowingly collect personal information from children under the age of 16. Parents and legal guardians are encouraged to monitor their children’s online activities and guide them in using our services. 

9. Your Rights in Relation to Your Information

You have various rights regarding your information, including access, objection, rectification, erasure, restriction of processing, rights related to automated decision-making, and portability. To exercise these rights, please contact us at privacy@rootreeinc.com.. 

10. GDPR Compliance

RooTree is committed to GDPR compliance and will process Personal Data based on consent or other lawful bases as defined in the GDPR. We respect individuals’ rights under the GDPR and will respond to requests accordingly. 

11. California Privacy Rights

If you are a California resident, you have specific rights related to your Personal Information under CCPA/CPRA. You can exercise these rights by contacting us at privacy@rootreeinc.com.. We do not discriminate against users for exercising their rights. 

12. Complaints and Grievances

For any complaints or grievances related to your privacy rights, please contact our Data Protection Officer at privacy@rootreeinc.com.. 

13. Updates to Our Policy

We may amend or update this Privacy Policy and will notify you of significant changes. Please review this Privacy Policy periodically. 

This Privacy Policy was last updated on [Date]. 

14. Canadian Privacy Compliance

Overview: Rootree acknowledges its commitment to complying with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws. PIPEDA governs the collection, use, and disclosure of personal information by private sector organizations. 

15. Consent

In accordance with PIPEDA, Rootree seeks consent for the collection, use, and disclosure of personal information. Consent may be obtained orally, electronically, or in writing, depending on the sensitivity of the information and the reasonable expectations of the  

individual. We will also provide the option to withdraw consent where applicable. 

16. Purpose Limitation

Personal information collected by Rootree will only be used for the purposes specified at the time of collection. Any additional uses will require the individual’s consent, except as permitted or required by law. 

17. Data Subject Access Rights

Canadian residents have the right to access their personal information held by Rootree Upon request, we will provide individuals with access to their information, information about the purposes for which it is being used, and information about third parties to whom it has been disclosed. 

18. Data Retention

Rootree will retain personal information only as long as necessary for the fulfillment of the purposes for which it was collected and as required by Canadian law. When personal information is no longer needed, it will be securely destroyed, erased, or made anonymous. 

19. Cross-Border Data Transfers

Rootree may process personal information outside of Canada, including in the United States. Such transfers will be made in compliance with applicable privacy laws. We will take reasonable steps to ensure that personal information is treated securely and in accordance with this Privacy Policy. 

20. Contact Information

For any inquiries or complaints related to privacy or data protection in Canada, please contact our Privacy Officer at privacy@rootreeinc.com.. 

21. Office of the Privacy Commissioner of Canada (OPC)

Canadian residents have the right to contact the Office of the Privacy Commissioner of Canada (OPC) if they have concerns about Rootree’s privacy practices. The OPC is responsible for overseeing PIPEDA compliance and can be reached at [OPC Contact Information].