Privacy policy.

Nintex Promapp is committed to protecting the privacy of people whose data we deal with. This privacy policy will help you understand what information we collect at Nintex Promapp, how we use it, and what choices you have.

When we talk about the “Sites” in this policy, we are referring to the Nintex Promapp websites at www.promapp.com, site.promapp.com, content.promapp.com and pages.promapp.com and associated free trial services at freetrial.promapp.com, client.promapp.com and demo.promapp.com.

When we talk about the “Services” in this policy, we are referring to our online Nintex Promapp application (used by organisations to store and manage their business processes).

Our Sites and Services are currently available for use via a web browser specific to your desktop or mobile device.

When we talk about “personal data”, we are referring to information that identifies you as an individual or relates to an identifiable individual, which can include (for example) name, title, company name, job function, expertise, postal address, telephone number, and email address.

Structure of this policy

This privacy policy is provided in a layered format so you can click through to the section which relates to the information that we collect about you below.

  1. IMPORTANT INFORMATION AND WHO WE ARE
  2. CATEGORIES OF DATA SUBJECTS

(A)        USERS OF OUR SERVICES

(B)        JOB APPLICANTS

(C)       VISITORS TO OUR SITES

(D)       BUSINESS CONTACTS/CUSTOMERS/SUPPLIERS

  1. PROMOTIONAL COMMUNICATIONS
  2. DISCLOSURES OF YOUR PERSONAL DATA
  3. INTERNATIONAL TRANSFERS
  4. DATA SECURITY
  5. YOUR LEGAL RIGHTS

 

  1. IMPORTANT INFORMATION AND WHO WE ARE

Nintex Promapp Solutions Limited is the company which provides the Sites and Services, and our group is made up of different legal entities, including Nintex Promapp IP Limited, Nintex Promapp Holdings Limited, Nintex Promapp Pty Limited (Australia), Nintex Promapp Inc (US), and Nintex Promapp Europe Limited (Europe). When we talk about the "Nintex Promapp Group" in this privacy policy we mean all of these companies.

This privacy policy is issued on behalf of the Nintex Promapp Group so when we mention "Nintex Promapp", "we", "us" or "our" in this privacy notice, we are referring to the relevant company in the Nintex Promapp Group responsible for processing your data.

This privacy policy aims to give you information on how we collect and process your personal data as (a) a processor through your use of our Services, or (b) controller, through your use of our Sites, by applying to work with us, by sending us correspondence, or providing us with products or services.

In addition, if you are located in the European Economic Area, it outlines your data protection rights under the EU data protection regime introduced by the General Data Protection Regulation (Regulation 2016/679) (the “GDPR").

The Sites and Services are not intended for children and we do not knowingly collect data relating to children.

Please contact Nintex Promapp Solutions Limited (registered number 9429036383924), at Eden 3, 16 Normanby Road, Mount Eden, Auckland, 1024, New Zealand or at privacy@promapp.com if you have any queries in relation to the processing of your personal data under this policy including any requests to exercise your legal rights.

We sometimes update this policy. Please refer back to this page regularly to see any changes or updates to this policy.

 

  1. CATEGORIES OF DATA SUBJECTS

(A)          USERS OF THE Nintex Promapp SERVICES

This section of this policy describes how we process personal data about the users of our Services (the "Users").

Data we collect

We may hold personal data provided to us by Users directly, or by administrators on your behalf, through using our Services, by completing application forms, through our Site, through telephone calls or other correspondence with us, or where provided to us by third parties.  

We may collect, store, and use the following categories of personal data about you: contact details (including name, title, address, telephone number, personal email address), log in details, passwords, name of employer, job title, expertise, process information, feedback you provide and files you upload.

The Service also includes customer support, where you may choose to submit information regarding a problem you are experiencing with the Service. When you email our support team, open a support ticket, speak to one of our representatives directly or otherwise engage with our support team, you will be asked to provide contact information, a summary of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue. Examples include emails sent to our support staff regarding issues or enhancements.

We may collect personal data about Users from the following sources: you (the User) directly; administrators through the use of the Services.

How we use your data

We may store or use your personal data for the following purposes:

  • to provide the Services to you, including to authenticate you and to present information relevant to you when you are using the Services;
  • to hold your personal data on our system and to contact you as necessary in accordance with our contractual obligations, or on the basis of our legitimate interests;
  • to provide you with information about Nintex Promapp and our Services;
  • to allow us to administer and manage your access to our Services;
  • to monitor, develop and improve the Sites and Services;
  • to send administrative information to you to inform you of changes to the Services and our terms and policies, to administer accounts and track billing payments. We will also use information to investigate any complaints relating to the misuse of the Sites or Services and to respond to queries and/or comments you have forwarded to us;
  • to allow us to process payments in relation to our Services;
  • to update and maintain our records, including details of people that have accessed our Services;
  • to comply with our legal obligations (including detecting, preventing or investigating fraud or crime);
  • to scan and monitor emails sent to us for viruses or malicious software, to process and encrypt personal data and to protect and manage email traffic;
  • for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our Sites and Services, identifying usage trends; and
  • such other actions as are necessary to manage our activities and/or to comply with our legal and/or regulatory requirements.

We will only use and store your data where this is in our legitimate interests or is necessary for us to comply with our legal obligations. We will only process data on the basis that it is necessary to pursue legitimate interests if those legitimate interests are not overridden by your legitimate interests, fundamental rights or freedoms.  

We do not anticipate needing to obtain your consent for the processing of your personal data as listed above. If we wish to use your personal data for other purposes which do require your consent, we will contact you to request this.

If you don’t provide information when requested, which we need to enable your access to the Services, then we may not be able to provide you with access to the Sites or the Services.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

How long we keep your data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If the Services are made available to you through an organisation (e.g., your employer), we retain your data as long as required by the administrator of your account. Organisation administrators are responsible for deactivating or disabling accounts for Users that belong to their organisation. If a user account is deactivated or disabled, some of the information and the content provided will remain to allow other Users to make full use of the Services. For example, we continue to display your comments and show changes you have made on processes even after your user account has been disabled.

All data input into the Services for an organisation will be deleted within 3 months following the termination of the contract for the organisation to use the Services (unless a longer period is agreed in the relevant contract).

(B)          JOB APPLICANTS

The following section of this policy sets out how we process personal data about applicants for jobs, placements and contracts at Nintex Promapp.

Data we collect

If you apply for work with us, we will collect, store, and use the following categories of personal data about you: name, title, address, telephone number, personal email address, date of birth, gender, employment history, qualifications, information provided to us during telephone calls, video interviews, face to face interviews and/or meetings with you, information contained in your CV and cover letter or email, information obtained from social media (including LinkedIn) and references.

We, or our HR service providers, may also collect, store and use the following "special categories" of sensitive personal data: Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions, information about your health, including any medical condition, health and sickness records and/or information about criminal convictions and offences.

We may collect personal data about candidates from the following sources: you (the candidate) directly; recruitment agencies; background check providers; credit reference agencies; relevant authorities for criminal record checks; your named referees; and data from third parties if from a publicly accessible source including social media (such as LinkedIn).

How we use your data

We, or our HR service providers, may use your personal data for the following purposes:

  • to assess your skills and qualifications, to consider your suitability for the position and to decide whether to enter into a contract with you;
  • to carry out background and reference checks;
  • to communicate with you about the recruitment process;
  • to keep records related to our hiring processes;
  • to comply with legal or regulatory requirements;
  • to scan and monitor emails sent to us (including attachments) for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic, and to store personal data on our systems to pursue our legitimate interests including for document retention purposes; and
  • such other actions as are necessary to manage our activities and/or to comply with our legal and/or regulatory requirements.

We process this personal data on the basis of our legitimate interests (to decide whether to appoint you to work for us) and to comply with applicable laws.

Once we receive your CV and covering letter or your application form, we may process that information to decide whether we have any suitable vacancies and if you meet the basic requirements to be shortlisted for that role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to contact you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the work. If we decide to offer you the work, we will then take up references and we may carry out criminal record or other checks before confirming your appointment.

If you don’t provide information when requested (which is necessary for us to consider your application, such as evidence of qualifications or work history) we will not be able to process your application. For example, if we require references for the role and you fail to provide us with relevant details, we will not be able to take your application further.

We may use your sensitive personal data in the following ways:

  • we will use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during the interview or to provide accessibility features at the workplace; and
  • we will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure equal opportunity monitoring and reporting.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

We may share your personal data with the following third parties for the purposes of processing your application: the Nintex Promapp Group and HR and IT service providers.

How long we keep your data

If your application is successful, the information you provide during the application process will be retained by us as part of your employee file and held in accordance with our employee policies and our data retention policy or applicable laws.

If your application is unsuccessful, the information you have provided will be retained after we have communicated our decision to you. We retain your personal information for as long as reasonably necessary so that we can show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for as long as reasonably necessary for that purpose.

(C)          VISITORS TO OUR SITES

The following section of this policy sets out how we process personal data about visitors to our Sites.

Data we collect

We may collect, use, store and transfer different kinds of personal data about you which you provide to us though our Site: name, address, email address, telephone numbers, technical data (including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website, usage data (including information about how you use our website, products and services, and marketing and communications preferences (including your preferences in receiving marketing from us and your communication preferences).

We use different methods to collect data from and about you including through:

  • Direct interactions with you, including by filling in forms. This includes personal data you provide when you subscribe to our publications or request marketing to be sent to you.
  • Automated technologies or interactions. As you interact with our Sites, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites by employing our cookies – see our Cookie Policy.

How we use your data

We may use your personal data for the following purposes:

  • to use data analytics to improve our Sites, marketing, and customer experience;
  • to comply with legal or regulatory requirements;
  • to scan and monitor emails sent to us for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic;
  • for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our Sites and Services, and identifying usage trends.

If we consider we need your consent in relation to our use of your personal data, we will contact you to request this consent and provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to give consent, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purposes you originally agreed to, unless we have another legitimate legal basis for doing so.

Where the Sites provide links to other websites, we are not responsible for the data protection/privacy/cookie usage policies of these other websites, and you should check these policies on the other websites. If you use one of these links to leave our Site, you should note that we do not have any control over that other website.

How long we keep your data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Cookies

We use cookies on our Site. Please see our Cookie Policy  for more information on how we use cookies.

(D)          BUSINESS CONTACTS

The following section of this policy sets out how we process personal data about our business contacts, service providers and customers (and their employees and representatives) and people who have corresponded with our employees.

Data we collect

We may collect, use, store and transfer different kinds of personal data about you which you provide to us including: name, address, email address, telephone numbers, place of work, job title.

How we use your data

We may use your personal data for the following purposes:

  • to hold your personal data on our system and to contact you as necessary in accordance with our contractual obligations, or on the basis of our legitimate interests;
  • to provide you with information about Nintex Promapp and our Services;
  • in respect of suppliers, to allow us to process payments and orders in respect of any goods and services provided;
  • to comply with legal or regulatory requirements;
  • to scan and monitor emails sent to us for viruses or malicious software, to process and encrypt personal data to protect and manage email traffic; and
  • for our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our Sites and Services, and identifying usage trends.

If we consider we need your consent in relation to our use of your personal data, we will contact you to request this consent and provide you with full details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to consent, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purposes you originally agreed to, unless we have another legitimate legal basis for doing so.

How long we keep your data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

  1. PROMOTIONAL COMMUNICATIONS

We may use your personal data and information about how you use the Sites and Services to send promotional communications that may be of specific interest to you. These communications are aimed at driving engagement and maximising what you get out of the Sites and Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you including via email and text messaging about new product offers, promotions, general business and marketing purposes relating to the Sites and Services.

You can opt-out of receiving marketing messages from Nintex Promapp or our Group by sending an email to privacy@promapp.com, by unsubscribing through the unsubscribe link in an email, or by unsubscribing via the Subscription Center at: https://pages.promapp.com/UnsubscribePage.html.

We will try to comply with your request as soon as reasonably practicable. If you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages.

 

  1. DISCLOSURES OF YOUR PERSONAL DATA

We will not disclose personal data we hold about you to any third party except as set out below.

Within the Services

If your personal data is added to the Services through an organisation, that organisation is the data controller and will determine the policies for sharing and disclosure of the data within our Services. Configurations to limit disclosure within the Services are managed by your organisation. For example, organisations can configure who can see process information and what data their users can share.

You (as a User of the Services) can input data which will allow other users within the organisation to view certain information about you. For example, when you place feedback on a process, your name and avatar will be associated with that feedback and will be visible to viewers of that process.

Service Providers

We work with third-party service providers to provide hosting, maintenance, backup, storage, infrastructure, payment processing, analysis and other services for us, which may require them to access information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under instruction from us, including abiding by policies and procedures designed to protect your information. Some of these service providers may be located internationally.

Legal Obligations

In exceptional circumstances, we may share information about you with a third party if we believe that sharing is reasonably necessary to (a) comply with any applicable law, regulation, legal process or governmental request, including to meet national security requirements, (b) enforce our agreements, policies and terms of service, (c) protect the security or integrity of our Services, or (d) protect Nintex Promapp, our customers or the public from harm or illegal activities.

Sale of our business

Where any member of the Nintex Promapp Group sells a business, we may provide your personal data as part of a database to the buyer, so that they can contact you about their plans for the business.  In that case, we may also retain your information within the Nintex Promapp Group and use it in accordance with this privacy policy (or any other terms we agree with you).

 

  1. INTERNATIONAL TRANSFERS – EEA USERS

Some of the Nintex Promapp Group and our external service providers are based outside the European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever your personal data is transferred out of the EEA by us, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (for example, New Zealand).
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Please contact us if you want further information on the specific mechanism used when transferring your personal data out of the EEA.

 

  1. DATA SECURITY

We have put in place measures to ensure the security of the personal data we collect and store about you. We strive to protect your personal data from unauthorised disclosure or access, including through the use of network and database security measures, but cannot guarantee the security of any data we collect and store.

 

  1. YOUR LEGAL RIGHTS

In certain circumstances, by law you may have the right to:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction or updating of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected or updated.
  • Request deletion of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.
  • Withdraw your consent. If we are processing your personal data on the basis of your consent, you have the right to withdraw such consent at any time. Withdrawing your consent will not affect the lawfulness of processes based on consent before its withdrawal. To withdraw your consent or to opt out of receiving marketing communication, please contact us at privacy@promapp.com, by unsubscribing through the unsubscribe or opt-out link in an email, or by unsubscribing via the Subscription Center at https://pages.promapp.com/UnsubscribePage.html. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate legal basis for doing so.

If you wish to exercise any of the rights set out above, please email privacy@promapp.com.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one week. Occasionally it may take us longer than a week if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to make a complaint at any time to the relevant supervisory authority for data protection issues in your country. We would, however, appreciate the chance to deal with your concerns before you approach them so please contact us in the first instance.

If you have any queries about this policy or your personal data, or you wish to submit an access request or raise a complaint about the way your personal data has been handled, please email privacy@promapp.com.

 

 

 

See Nintex Promapp in action.

Try it for 30 Days and see why teams love Nintex Promapp.

Get started

Learn more about Nintex Promapp.

Learn why Nintex Promapp is the process platform that teams love to use.

learn more

Sign up for our free trial!

Try it for 30 days and see why teams love Nintex Promapp.

Sign up now