Information You provide
When You sign up for Choreo, use Choreo to create an application, pay for our services or register for an event, newsletter or activity on our site, we ask that You give us all or some of the following information about Yourself:
Some of the services on Choreo- such as paid services, may make it mandatory that You provide some personal details. This is because we won’t be able to process Your payments or provide You with certain services without them. You’re completely free to opt out of this, but that means that You may not be able to fully access those services.
Information collected automatically
When You visit our site, there is some generic information that we can see automatically. This includes Your IP address, Your browser type, device info, the time and frequency You access our site and the URL You came from. This type of generic information won’t reveal Your identity as a visitor but is still useful to us to analyse and improve the way our site is being used.
When You use Choreo to create and run applications, we store data such as application logs so that You have the option to view them. We also aggregate non-personally identifiable information about how You use Choreo. This information is important to us to analyse the ways in which Choreo is used to develop applications, to understand what users’ needs are and to make our service better suited to those needs. Such usage data never identifies You personally.
Information we get from third parties about You
We may obtain information from other sources and combine that with information we collect through our services. For example if You create or log into Your account through one of our integration partners ( such as Google or Github), we will have access to basic information from that sign on service, such as Your name and account information.
When You create applications using Choreo, You may choose to integrate with various third party services (like messaging services, email or calendar services). In those scenarios, Choreo’s access to the third party service will be limited to performing the functions that You specify. Choreo doesn’t store any data that resides on these third party services nor does it access that data in any way outside of Your instructions . Choreo’s use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
We use the data we collect to:
We don’t sell Your information to anyone.
We do share Your information within the WSO2 group, because our affiliate entities also help provide our services. WSO2 LLC is located in the United States of America. Our current affiliates are WSO2 UK Limited (located in the United Kingdom), WSO2 Lanka (Private) Limited (located in Sri Lanka), WSO2 Brasil Tecnologia E Software Ltda (located in Brazil), WSO2 Germany GmbH ( located in Germany) and WSO2 Australia Pty Limited ( located in Australia).
Data transferred from the European Union and United Kingdom to other affiliate entities located around the world is transferred on the basis of Data Transfer Agreements containing EU Standard Contractual Clauses set out by the European Commission. These clauses guarantee certain levels of physical, administrative and technical safeguards of Your data.
WSO2 has also certified to the US Department of Commerce that it adheres to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
We may share data with verified technology partners who provide additional services that enhance our services. Your information may also be visible to our service providers who help us run our platform and provide certain services, such as our customer support platform, marketing, analytics and CRM tools. They are only authorized to use information that is strictly relevant for them to perform their tasks, and we make sure that they are under obligations of confidentiality and security to us so that Your data is secure. Our hosting provider is Microsoft Azure. To see more details on how MS Azure protects Your privacy visit https://azure.microsoft.com/en-us/support/legal/.
If You use our paid services, we also use a third party payment card processor. We don’t actually see any of Your payment card information and this goes directly to Your payment card processor.
We will only collect and process personal data about You where we have lawful bases. Lawful bases include consent (where You have given consent on one of our forms), contract (where processing is necessary for the performance of a contract with You) and legitimate interests (such as to protect You, us, or others from security threats, comply with laws that apply to us and to administer our business through consolidated reporting, or marketing our services etc.) See the “WHAT ARE YOUR RIGHTS TO YOUR PERSONAL INFORMATION?” section below if You wish to withdraw Your consent or object to any processing of Your personal data.
We implement industry standard security safeguards designed to protect Your data. We encrypt all data at rest ( including credentials/tokens to external systems). All our data transfers are done securely through encrypted channels using Transport Layer Security (TLS) technology. We regularly monitor our systems for possible vulnerabilities and attacks and conduct testing. However, we cannot warrant the security of any information that You send us. There is no complete guarantee that data may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or administrative safeguards.
WHAT ARE YOUR RIGHTS TO YOUR PERSONAL INFORMATION?
We store the information we collect about You for as long as is necessary for the purpose(s) for which we originally collected it. For instance, we may retain Your information during the time in which You have an account to use our website or services. We also may retain Your information during the period of time needed for WSO2 to pursue our legitimate business interests, conduct audits, comply with our legal obligations, resolve disputes, and enforce our agreements. At the end of these periods, we ensure that Your data is deleted securely using an industry standard methodology.
WSO2 acknowledges Your right to access Your data. If information pertaining to You as an individual has been submitted to us then You have the right to access, correct, or edit Your data. If You wish, we can provide all the personal information on our records to You or to someone You nominate in a portable format as well.
You can ask us to stop using all or some of Your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if Your personal data is inaccurate or unlawfully held).
You may also choose to delete Your data from our website or service at any time You choose, and unsubscribe from any Choreo mailing lists You are on. You can unsubscribe from our emails by clicking on the unsubscribe link which is at the bottom of every marketing email we send. You can click on Your account within the Choreo user portal, which will let You do certain functions like deleting Your account or You can reach out to us as [email protected] for any of the above requests.
We only ever retain Your personal data after You have ceased using our services, or sent us a request to unsubscribe or delete Your data if it is reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or fulfill Your request to “unsubscribe” from further messages from us.
When You choose to integrate certain functionalities with sites or applications outside of WSO2, you are bound by the terms of the particular site or application.
If You are located within the European Union,the United Kingdom or the European Economic Area, WSO2 UK Limited will be the controller of Your personal data provided to, or collected by or for, or processed in connection with our services.
If You have any issues with regard to Your data security on our website, then in addition to informing us, You also have the right to write directly to the independent data protection monitoring organization in Your country. Within the UK, this is the Information Commissioner's Office (ICO). The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Please do email our data protection officer at [email protected] if You have any issues, concerns or questions regarding Your personal data and we are happy to help.
Effective April 20, 2021