Private. Secure.
ISO 27001 Certified.
GDPR Compliant.
Microsoft 365 Certified.
Privacy Policy
9th May 2023
Summary
What information we collect from you, and how we use it
You have our promise to protect your privacy with advanced technology and strict privacy policy. Joye is ISO 27001 certified for global standards of Information Security.
Our Joye for Microsoft Teams offering uses Microsoft’s Active Directory Single-Sign-On (SSO) authentication, and needs a few basic information and permissions to provide a secure, personalized and engaging wellbeing experience for the users. These permissions fall in three categories:
- Basic user profile – email, time zone and some unique identity parameters
- Analyze users free-busy time in the calendar – we don’t store the content
- Send messages to the user inside the Teams chat
We don’t read or store emails or chat messages, nor do we send unsolicited advertisements to the user. During the use of Joye, we collect information that you provide to us, and use it to provide you a better experience. In line with our strict privacy policy the employee information is encrypted and is anonymised for any analytics shared with the employer.
If you’re using Joye in Entomo, or our demo web app(s), like https://anonymous.joye.ai/, we use an anonymised technology and that doesn’t receive any of your PII information other than your company or department name in come cases. We identify you with a pseudo identity and we’ll not know any of your Personal Identifiable Information.
If you’re using Joye embedded in Rewardz, we use single-sign-on from the Rewardz sign-in, that’ll provide Joye basic information like your email, name, company and department name.
Disclosure of your information to third parties
Joye’s data is independently managed by Joye Pte Ltd Singapore, and your employer will not be able to see your private information. We do not intend to use your personal information for advertisements.
Where is your data stored and how we ensure that it is secure
Joye’s architecture uses advanced technology and high security standards. Joye is ISO 27001 certified for Information Security. We store your data in a secure data center of leading Cloud Service Provider(s). Our default locations are between USA, Singapore, or India. In line with GDPR guidelines we could also host your company’s data in any of these or any other location that you choose.
Contact information
Please contact us at [email protected]
Detailed
This Privacy Policy will inform you of the basis on which we collect personal information from you and the basis on which it is used, processed or disclosed by us. This Privacy Policy does not apply to any third-party websites, services or applications, even if they are accessible through our product.
Joye Pte Ltd (Joye, Us, We, Our or Company) is committed to protecting and respecting your privacy in connection with your use of our Products (App or Site) and accompanying services and features thereof. In this Privacy Policy, references to You, or User indicates the person whose personal data we collect, use and process.
At the outset, please be assured that we will use your personal data only for the purposes and in the manner outlined below, and in compliance with applicable laws. We request that you read this Privacy Policy carefully to understand our treatment and use of personal data. Please note that by using our Product, you acknowledge that you have read and understood this Privacy Policy.
In case of any further doubts and clarifications, you can reach us at [email protected] and we will endeavor to address your concern at the earliest.
Information we collect from you and how we use
Signing in. Data Collected.
You have our promise to protect your privacy with advanced technology and strict privacy policy. Joye is ISO 27001 certified for global standards of Information Security.
Joye for Microsoft Teams offering uses Microsoft’s Active Directory Single-Sign-On (SSO) authentication, and needs basic information and permissions to provide secure, personalized and engaging wellbeing experience to the users. These permissions fall in three categories:
- Basic user profile – email, time zone and some unique identity parameters
- Analyze users free-busy time in the calendar – we don’t store the content
- Send messages to the user inside the Teams chat
We don’t read or store emails or chat messages, nor do we send unsolicited advertisements to the user. During the use of Joye, we collect information that you provide to us, and use it to provide you a better experience. In line with our strict privacy policy the employee information is encrypted and is anonymised for any analytics shared with the employer.
If you’re using Joye in Entomo, we use an anonymised technology that doesn’t receive any Personal Identifiable Information (PII) information – other than your company or department name in some cases. We identify you with a pseudo identity and don’t know your PII.
If you’re using Joye embedded in Rewardz, we use single-sign-on from the your Rewardz sign-in, that could provides your email, name, company and department name.
By using Joye’s in-app Journal text entry service, you grant Joye consent to store your text recording in its secure database to enable you to revisit it within the app.
Data Retention and Removal of Data
Joye’s standard data retention policy is that Joye reserves the right to maintain the data for the paid clients (organisations that has contracted with Joye and has multiple users, or a direct paying individual users) for up to 24 months after the termination of the paid-subscription, unless the client requests for deleting the records earlier. After 24 months Joye will delete the data for these clients. Though Joye will not have any liability to maintain the data for longer than 90 days after the termination of the paid-subscription.
For non-paying clients, Joye will delete the data after 24 months. Though Joye has no liability to maintain the data from longer than the agreed trial period.
Clients may request removal of all or some of your content by contacting us at [email protected] and specifically identifying the content to be removed. Please be advised that despite our best efforts, this may take time. We’ll try to do this within 90 days from the date of the request. Please note that any such removal may not ensure complete or comprehensive removal of all traces of the content posted. If you Your request may also be conditional to your organisations policies and terms agreed with Joye.
Notifications
If you are using Joye for Microsoft Teams, we may track your basic calendar schedule to access the pattern of free/busy time. We use this information to time the prompts – in our endeavour of providing you the right care at the right time. We do not use this information to ‘guess’ your emotion health. We don’t save this information once we send our the prompt.
Financial Information
Within the app, Joye does not collect or process credit or debit cards or any other payment-related information.
General information
Just like any other application, we may also have access to the operating system version on your device, the device type and system performance information etc. This will enable us to understand your broad, non-specific geographic location to help us identify groups of users by general geographic market (such as state or country).
We may use analytics software to allow us to better understand the functionality of our software. This software may record information such as how often you engage with the Products, the events that occur within the Products, aggregated usage and performance data, and where the Applications were downloaded from. We may link the information we store within the analytics software to other information available to us.
We gather certain information automatically and store it in log files. This information may include Internet Protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. Details of your visits to and interactions with the Products including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
Legal basis for processing your personal data
We will use your Personal Data for the purposes for which we collect it as listed below, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will update this Privacy Policy and we will explain the legal basis, which allows us to do so.
In respect of each of the purposes for which we use your Personal Data, we ensure that we have a ‘legal basis’ for that use. Most commonly, we will rely on one of the following legal bases:
Where we need to perform a contract we are about to enter into or have entered into with you (Contractual Necessity).
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests (Legitimate Interests).
Where we need to comply with a legal or regulatory obligation (Compliance with Law).
Where we have your specific consent to carry out the processing for the Purpose in question (Consent).
Your rights related to your Personal Data
The right to access your Personal Data
This right enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
The right to rectification of errors
In the event that any information that we hold about you is incomplete, partially incorrect or incorrect in its entirety, this right enables you to have any such data corrected.
The right to removal of data
This right enables you to ask us for deletion or removal of your Personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
The right to object to processing of your Personal Data
This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to processing on this ground.
The right to data portability
We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
The right to withdraw consent
This right only exists where we are relying on consent to process your Personal Data (“Consent Withdrawal”). If you withdraw your consent, we may not be able to provide you with access to the certain specific functionalities of our Products. We will advise you if this is the case at the time you withdraw your consent.
Please note that whenever you request any of the above, we will take necessary steps to verify your identity in accordance with the applicable law. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. Further, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within 30 days. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests.
Disclosure of your information to third parties
You have our promise to protect your privacy with advanced technology and strict privacy policy. Joye is ISO 27001 certified for global standards of Information Security. Joye’s data is independently managed by Joye Pte Ltd Singapore, and your employer or third parties will not be able to see your private information, except in certain cases highlighted below.
We may disclose your information, to third parties as follows:
In some circumstances, based on your specific requests, we may need to disclose your personal information to a third party so that they can provide a service you have requested from such a party, or fulfil a request for information from such a party.
In the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets.
If Joye or substantially all of our assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal information in order to comply with any legal obligation such as to comply with a subpoena, bankruptcy proceedings, similar legal process, or in order to enforce or apply our agreements with you; or to protect the rights, property, or safety Joye, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection or similar scenarios.
Minors using Joye
Joye is designed for users 15 years of age and above. Individuals under the age of 15, or otherwise the applicable age of majority, can use the services offered by the Product only with the involvement and consent of a parent or legal guardian and under such parent or legal guardian’s account who is otherwise subject to this Privacy Policy. However, the Products are not intended to be used by children under 15 and we do not knowingly collect personal data from minors. If a parent or legal guardian learns that their child has provided us with personal data without their consent, they may contact us as set forth below. If we learn that we have collected any personal data in violation of applicable law, we will promptly take steps to delete such personal data and terminate the minor’s account.
Where your data is stored and how we ensure it's security
Joye’s architecture uses advanced technology and high security standards. Joye is ISO 27001 certified for Information Security. We store your data in a secure data center of leading Cloud Service Provider(s). Our default locations are between USA, Singapore, or India. In line with GDPR guidelines we could also host your company’s data in any of these or any other location that you choose.
Any online payment transactions, if any, will be encrypted using SSL technology; all payment information is stored with our payment processor and is never stored on Joye’s servers.
Just like it can be said of any other application or any form of the web, the transmission of information via the Internet is never completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to the Products; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
Joye operates and uses appropriate technical and physical security measures to protect your personal data. We have partnered with leading cloud service providers to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. All your personal data by which you can be identified, we will destroy, as per our policies, after you have requested to deactivate your Joye account.
You are also responsible for helping to protect the security of your personal data. Furthermore, you are responsible for maintaining the security of any device on which you utilize the Services. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any personal data you provide to us. To the fullest extent permitted by applicable law, we do not accept liability for unintentional disclosure.
Revisions to Privacy Policy
Any information that is collected via our Product is covered by the Privacy Policy in effect at the time such information is collected. We may revise this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we’ll notify you of those changes by posting them on the Product or by sending you an email or other notification as required by applicable law, and we will update the “Last Updated Date” above to indicate when those changes will become effective. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you use the Product after the updated Privacy Policy is posted on the Product. Additionally, before we use Personal Information for any new purpose not originally authorized by you, we will endeavor to provide information regarding the new purpose and give you the opportunity to opt-out. Where consent of the individual for the Processing of Personal Information is otherwise required by law or contract, Joye will endeavor to comply with the law or contract.
Contact information
We will be happy to provide any other information that you consider relevant to enable you to exercise your rights, or hear back from you if you have any queries or suggestions about this Privacy Policy.
Joye Pte Ltd is a Singapore registered company. UEN: 201835963H. 261 Arcadia Road, #08-01, Singapore 289853
Please contact Joye’s Data Protection Officer at: [email protected]
