EazeWork - Privacy

Last Updated : 05th September 2023

At Mobius Solutions Pvt. Ltd. (henceforth also referred as “EazeWork”, “We” or “Company”), we respect your need privacy and know that you have a right to know the practices with respect to the information we collect and how we use it when you use our website, our services or interact with us in any manner.

EazeWork is a SaaS solution provider and you can use our services through our website www.eazework.com (“Website”) or through our mobile applications which are available on Android and IOS platforms (“Mobile Applications”). This Privacy Policy covers any of your Personal Information which is provided to us and which is used in connection with the marketing of the services, features or content we offer (“Service” / “Services”) to our Customers and/or the support that we may give you in connection with the provision of our Services.

Users of EazeWork services can be a company which has an agreement with EazeWork (“Customer”), or individuals who are employees, contractors, consultants, interns, trainees working with the Customers (“End Users”), or external partners which have been authorized by Customers to participate in the workflows (“Customer Partners”) and their End Users, or EazeWork’s resellers / distributors (“Resellers) and their End Users. All these categories will be collectively referred to as “Users” or “You”.

This privacy policy describes the policies and procedures of EazeWork on the collection, storage, use and disclosure of your Personal Information on the website and mobile applications. This privacy policy does not include any personal information that EazeWork collects on behalf of, or under the direction, of its clients. When you register to use EazeWork services you will have to explicitly accept EazeWork’s privacy policy and terms of use. If you are an End User you will also be governed by the privacy policy or your employer who is an EazeWork Customer. You should make sure that you understand your employer’s policies before you register with EazeWork. EazeWork may be asked by Customers to update, delete, modify, handover your personal information which we will do in accordance with our terms of contract. We may be asked by Government Agencies to handover your personal information which we might do in accordance with the law.

Your personal information will include any information which, either alone or with other data, is reasonably available to us and relates to you (“Personal Information”).

This Privacy Policy does not apply to any third-party applications or software that can be accessed from the Website, the Services or the Mobile Applications, such as external applicant tracking systems, social media websites or partner websites (“Third Party Services”). By using our Services, you acknowledge that you have read and understood this privacy policy. For the purposes of EU GDPR (General Data Protection Regulation), the data controller of the data processed through the Service is the customer of EazeWork who makes available and permits end users to access and use the service or anyone on its behalf. For data collected directly on its website (for marketing and communication purposes), EazeWork is the “Data Controller”.

Information Collected

Basis of Data Collection – EazeWork collects data since we are a SaaS provider, we collect information as per the Customers requirements. Our Customer Agreement governs the storage, retention and deletion of information collected. The Customer controls the configuration of various processes and decides the type of data they want the End Users to provide either optionally or mandatorily. If you are an End User and have any queries about specific data which is being collected or overall processing of Personal Information needed to deliver the Service, please contact your employer. If you are a Customer Partner please contact the Company.

Customer and End User data shall be used by EazeWork in accordance with the Customer’s instructions, applicable terms in the Agreement, Customer’s requirement and configuration of Services functionality, and as required by applicable law. Under applicable GDPR, EazeWork is a processor of Customer data and Customer is the controller.

Information which is collected can be categorized in the following categories.

  1. Personal Information – Personal information consists of details provided consciously and voluntarily by our Customer, End Users or the Customer’s administrator through the use of our services. This may include your name, phone numbers, email ids, date of birth, gender, nationality, address, family details, employment details, employee ID/ national ID, bank account details, salary details, attendance details including biometric data shared by the Customer, leave details, tour details, work from home details, outdoor duty details, payment details, income tax details, performance details, training details, expense details, advance details, employment / contract termination details, probation details, survey responses, poll responses, company asset information, job application details, IP address and other unique identifiers, any other information the Customer chooses to collect and other information End Users may choose to provide to EazeWork and to Customer. The GDPR legal basis for storing this information your contractual obligation to the Customer. The GDPR legal basis for processing this information your explicit consent.
  2. Location Information – We do not access, track or store any location-based information from your browser or mobile device at any time without your permission. Location information is needed if your employer has requested for location tracking for attendance and work monitoring purposes. Location information is also captured when you update your location or create geo tagged office locations in the mobile application. The GDPR legal basis for storing this information your contractual obligation to the Customer. The GDPR legal basis for processing this information your explicit consent.
  3. Contact Information - When you express an interest in obtaining additional information about the services through Website or Mobile Application, EazeWork asks you to provide your contact information, such as name, company name, email address, phone number. This information is used to communicate with you by responding to your requests, comments and questions. The GDPR legal basis for storing and processing this information is your interest in our services.
  4. Device Information – To use the Mobile Application, we may request access to your device’s camera and storage. This allows you to upload pictures or other stored documents. You may at any time revoke access at the device level.
  5. Application Monitoring - We use application monitoring software to allow us to better understand the functionality of our Website and Mobile Application and to handle any bugs / issues. This software may record frequency of use, types of events occurring, performance data. The data collected by the application monitoring software is not connected with any Personal Information. When you download and use the Mobile Apps, we automatically collect your device information such as operating system version, type, hardware usage statistics, etc. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services.

Information Sharing

External information sharing is covered in the following categories

  1. Information shared for business processing with external service providers
  2. Information shared to enable third party services
  3. Information sharing for business transactions
  4. Information shared as mandated by law

Business Processing – If the Company choses to outsource Payroll to EazeWork as separate Payroll Outsourcing Agreement is executed which governs the scope of storing, using, retaining personal information. We may share your information with third party service providers like Background Verification agencies or Placement consultants, this information is shared through your explicit consent and for your specific business purpose.

Third Party Services – End Users might access third party services while using our services on the website or mobile application. Some of these services are enabled by Customer Application Administrator through the Marketplace. We are not responsible for privacy policies or work practices of any of these third parry service providers. You are responsible for ensuring that you understand the policies of these third-party service providers.

EazeWork Service Providers – We share your information with service providers who are a part of our eco system. The list of third-party services being used by us and they nature of data being shared and service being provided by them is mentioned below.

Service Provider Business Purpose Data Shared
Elastic Email For sending our email notifications and marketing emails Company name, Email ID, notification email text
Zendesk For chat support Name, Roles in EazeWork, Email ID, Phone number, Company URL
Google APIs For tracking employee’s location and showing it on the map. Finding out address. Employee’s location
Cloud4C For hosting customer’s data All the data which is shared by the customer
Razorpay For receiving payments Customer name, Accounts contact details
2Factor For sending SMS notifications to end users SMS text, Mobile number
Jio SMS Gateway For sending SMS notifications to end users SMS text, Mobile number
Mailchimp Marketing emails Company name, Email id
Google / Microsoft Oauth 2.0 is used to allow users to login with their Google / Microsoft accounts Email ID

Information shared for business transactions – As and when we get into a business transaction with a third party which involves sale, transfer or purchase of company assets we will share the user information. The information will be shared as an asset and you acknowledge that were such a transaction to occur, the acquirer may continue to use the personal information as set forth in this privacy policy. Customers will be informed through email and through prominent notification on our website whenever such a sale or transfer of asset is going to happen. At any stage you will always have the choice to terminate your agreement with us as per the termination clause.

Information shared as mandated by law – We might be requested / ordered by the Government or a Public authority to share personal information to comply with a law enforcement requirement. We also reserve the right to access, read, store, and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request (ii) enforce this Privacy Policy, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to user support requests; or (v) protect our rights, property, or safety. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

We require all third parties to respect the security of your personal information and to treat it in accordance with applicable laws. We do not allow third party service providers and Sub-Processors we share your personal information with, to use it for their own purposes and only permit them to process your personal information for specified purposes in accordance with our instructions. Unless we otherwise have your consent, we will only share your Personal Information in the ways that are described in this Privacy Policy.

Personal Information Retention

EazeWork will store and retain the personal information as long as it is needed to provide the services and as necessary comply with our legal / accounting requirements and to enforce our agreements. After a Customer cancels its subscription the customer data including generated files, uploaded documents is deleted within 30 days. This data deletion is done through an automated process and cannot be reversed.

Customers may retain personal information of their End Users even after the end user no longer has access to the services. If you have any question regarding the retention of your data by your employer you should raise it directly with your ex / current employer. You hereby agree not to assert any claim against EazeWork in this regard and waive any rights regarding such data and personal information including the right to view and control such data and information.

EazeWork has a modular design and it gives the Application Administrator the flexibility of activating / deactivating modules. Module specific data is deleted when a module is deactivated. This deletion cannot be reversed.

EazeWork retains the account level information which includes – Company name, License details, Email ID, Phone numbers of key accounts personnel, Bank details, Invoice details.

Customer data is stored in two locations.

  1. Primary location - Navi Mumbai, India – here we keep a full system backup which is taken at 1 am India time, this backup is kept for 7 days in past. This is a physical online backup.
  2. Secondary location – Hyderabad, India – a snap shot of the production systems is taken every hour and is kept in this location. This is a physical online backup.
  3. The datacenter is ISO 27001 compliant and has implemented advanced security and privacy standards.

Access Of Personal Information

EazeWork limits access to personal data to those of its personnel who: (i) require access in order for EazeWork to fulfil its obligations under this Privacy Policy and agreements executed with EazeWork and (ii) have been appropriately and periodically trained on the requirements applicable to the processing, care and handling of the Personal Information (iii) are under confidentiality obligations as required under applicable law. EazeWork takes steps to ensure that its staff who have access to personal data are honest, reliable, competent and periodically properly trained.

EazeWork shall act in accordance with its policies to promptly notify Customer in the event that any personal data processed by EazeWork on behalf of Customer is lost, stolen, or where there has been any unauthorized access to it subject to applicable law and instructions from any agency or authority. Furthermore, EazeWork undertakes to co-operate with Customer in investigating and remedying any such security breach. In any security breach involves Personal Information, EazeWork shall promptly take remedial measures, including without limitation, reasonable measures to restore the security of the Personal Information and limit unauthorized or illegal dissemination of the Personal Information or any part thereof.

Your Rights

In certain countries End Users may have the right to request access, modification or deletion of certain personal information held by us. Or you might like to restrict the usage of certain personal data, or you might require your personal data in a usable electronic format. As EazeWork is only the processer of your data and Customer is the controller you will have to get in touch with your employer / ex employer with respect to such requests.

If any third party services have been used then you will need to make the request to these third parties in line with the instructions given in their privacy policy. If you want to discuss or exercise any of your rights under this policy you may send us your queries on chintan@eazework.com.

Changes To Privacy Policy

The terms of this privacy policy will govern the use of EazeWork services and any information collected in connection therein. EazeWork may amend this privacy policy from time to time, the amended policy will be posted at www.eazework.com/privacy-and-security.aspx. It is the responsibility of users to ensure that they periodically visit this link to read the updated policy. If we make any substantial changes in the way we use your Personal Information we will make that information available by posting a notice on www.eazework.com site.