"Controller" means the entity that has certain legal rights to determine the purposes for which Personal Data will be Processed and the means by which that Processing will happen.

"Customer" means the entity that has contracted with WIP Systems to receive a free, trial, or paid Platform Plan or other Service Offerings. For example: When a business purchases a Platform Plan and sets up accounts under that Platform Plan for employees, the business is the Customer, and each individual using the Platform under the Plan is a User. If a one-person business signs up for its own free Platform Plan, that person is both the Customer and the User. If that person invites others to set up accounts under that Plan, those other people will be Users as well.

"GDPR" means the EU General Data Protection Regulation.

"Personal Data" means any information about an identified or identifiable individual, such as their name or contact information.

"Platform" means the work management and collaboration platform on wipsystem.com.

"Platform Plan" means a Customer's subscription to the Platform.

"Process", "Processed", "Processing" refer to any operation or set of operations that can be performed on Personal Data or on sets of Personal Data. This includes, for example, collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure and destruction.

"Processor" means an entity that Processes Personal Data on behalf of a Controller.

"Service Data" is Personal Data or other information that Users: input directly into the Platform; create within the Platform; send to the Platform through other apps and integrations; or provide to WIP Systems through authorised methods as part of other Service Offerings.

"Service Offerings" means the Platform and WIP Systems related support and professional services.

"User" means an individual who uses a Service Offering. Within the Platform, there are two types of Users: Regular Users, Guest Users.

"Template" means the Platform instance to which a Customer gains access when entering into a Platform Plan. The Template may contain one or more projects administered by the Customer.

"WIP Systems" means WIP Systems Australia Pty Ltd, whose contact information is at the end of this Privacy Policy.

Where indicated, this Privacy Policy applies to Service Data. We do not control the content of Service Data, and, because of security features in the Platform, in most cases we are unable to read such content. Under the GDPR and similar laws, WIP Systems is considered the Customer's Processor of any Personal Data in the Service Data.

WIP Systems Processes Personal Data in the Service Data under the instructions of the relevant Customer or as required by applicable law, as described in the WIP Systems Terms of Service or the alternative agreement (if applicable) signed by WIP Systems and that Customer for the Service Offerings. For any Template on the Platform, the relevant Customer is the one that WIP Systems authorises to control the administrator account. Specifically, that Customer is the Controller for all information submitted by any User to that Template, including Regular Users and Guest Users.

WIP Systems may disclose any Service Data, including certain deleted Service Data, or data previously received from deactivated Users, to the relevant Customer, and WIP Systems provides the Customer with certain tools for modifying, deleting or taking other steps with Service Data. Accordingly, Users and other individuals should contact the relevant Customer with any requests relating to Personal Data about them that may appear in that Customer's Service Data. If WIP Systems receives a request from a User to exercise rights in Service Data, we will refer the User's request to the relevant Customer and cooperate with that Customer's handling of the request, subject to any special contractual arrangement with that Customer. For requests from Customer account administrators relating to their own Personal Data, WIP Systems may handle the request directly.

The Privacy Policy also applies to our handling of Personal Data that is not Service Data, such as Personal Data about:

1. visitors to our websites;
2. prospective Customers and their personnel;
3. current Customers and Users, in relation to their procurement of Service Offerings and management of the relationship with WIP Systems.

Because we designed the Platform to be content- and data-agnostic, our Customers are empowered to provide us with any kind of Personal Data in the Service Data.

In addition to Service Data, we collect contact details, professional details such as title and name of company, information about the browsers and devices that individuals use to interact with us, information about an individual's interactions with WIP Systems, payment information, and inferences drawn other Personal Data.

We obtain much of this data directly from the relevant individuals, including in some cases with the technology described in the "Cookies and Automated Data Collection" section further below.

WIP Systems uses Personal Data as follows:

1. to provide and improve our Service Offerings, including internal analysis of aggregate usage patterns;
2. to respond to questions, concerns, or customer service inquiries, and to otherwise fulfill individuals' requests;
3. to enforce the legal terms that govern our business and online properties;
4. to comply with law and legal process and protect rights, safety and property; and;
5. for other purposes requested or permitted by our Customers, Users or other relevant individuals, such as website visitors.

We share Personal Data as follows:

1. for the uses of information described above, including to make appropriate disclosures in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements; and;
2. in connection with an actual or potential business sale, merger, consolidation, change in control, transfer of substantial assets or reorganisation.

For those purposes, we may share information with:

1. other entities that help us with any of the above, such as our sub-processors, our CRM system provider, data storage and backup providers, marketing service providers, customer relationship management providers, accounting providers, technical service providers, and our payment processor;
2. other entities involved in the legal-related matters described above.

We rely on the third parties listed below to host our customer data and to provide specific functionalities within our platform services.

1. Microsoft, Inc. for our cloud computing, managed databases, and security services.
2. Cloudflare for CDN.

For those purposes, we may share information with:

1. other entities that help us with any of the above, such as our sub-processors, our CRM system provider, data storage and backup providers, marketing service providers, customer relationship management providers, accounting providers, technical service providers, and our payment processor;
2. other entities involved in the legal-related matters described above.

In our websites, apps and emails, we and third parties may collect certain information by automated means such as cookies, JavaScript, mobile device functionality, browser-based or plugin-based local storage such as HTML5 storage or Flash-based storage, and other similar techniques and technologies.

This information includes unique browser identifiers, IP address, browser and operating system information, geolocation, other device information, Internet connection information, as well as details about individuals' interactions with our apps, websites and emails. Such details include, for example, the URL of the third-party website from which you came, the pages that you visit on our websites, and the links you click on in our websites.

As part of this, we and third parties may use automated means to read or write information on your device, such as in various types of cookies and other local storage. Cookies and local storage are files that can contain data, such as unique identifiers or other information, that we or a third party may transfer to or read from an individual's device for the purposes described in this Privacy Policy.

The cookies and other technologies described here fall into two categories:

1. Essential: These are strictly necessary to provide you with our online presence, such as access to secure areas that require registration. Users cannot refuse them without impacting functionality.
2. Functional: These allow Users to browse or benefit from some of its features, such as setting language preferences. Similar to the essential technology described above, if these are disabled, it could impact your experience to use some functionality.

All Users can:

1. Review and update certain User information by logging in to the relevant portions of the Platform.<
2. Deactivate their accounts by contacting us, subject to any contractual provisions between WIP Systems and the Customer responsible for the account. Except when the Customer has requested closure of all its User accounts, information in a deactivated User account may be available to the Customer for some time.
3. Deactivate their accounts by contacting us, subject to any contractual provisions between WIP Systems and the Customer responsible for the account. Except when the Customer has requested closure of all its User accounts, information in a deactivated User account may be available to the Customer for some time.

Controls related to cookies and other automated data collection are described in the "Cookies and Automated Data Collection" section above. Anybody can unsubscribe from marketing emails by clicking the unsubscribe link they contain.

Residents of the European Economic Area, the UK and many other jurisdictions have certain legal rights to do the following with Personal Data we control:

1. obtain confirmation of whether we hold Personal Data about them, and to receive information about its Processing;
2. obtain a copy of the Personal Data, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it transmitted to a third party in such form;
3. update, correct or delete the information;
4. object to our Processing of the information for direct marketing purposes;
5. object to other Processing of the information; and/or
6. withdraw consent previously provided for the Processing of the information.

To exercise any of those rights with respect to the Personal Data WIP Systems controls, individuals should contact us as described at the end of this Privacy Policy.

To exercise any rights relating to Service Data, Users should contact the relevant administrator for the Template associated with the Service Data, not WIP Systems.

Many of the rights described above are subject to significant limitations and exceptions under applicable law. For example, objections to the Processing of Personal Data, and withdrawals of consent, typically will not have retroactive effect.

Every individual also has a right to lodge a complaint with the relevant supervisory authority.

If you are located in the EEA or the United Kingdom, we only process your personal information when we have a valid "legal basis", including when:

• Consent. You have consented to the use of your personal information, for example to use Cookies.
• Compliance with a legal obligation. We have a legal obligation to use your personal information, for example to comply with tax and accounting obligations.
• Legitimate interests. We or a third party have a legitimate interest in using your personal information. In particular, we have a legitimate interest in using your personal information for product development and internal analytics purposes, and otherwise to improve the safety, security, and performance of the Services. We only rely on our or a third party's legitimate interests to process your personal information when these interests are not overridden by your rights and interests.

To provide security for Service Data within the Platform, we maintain physical, organisational and technical safeguards, which are subject to periodic changes. The specific Platform security options available to Customers depend on their Platform Plan. Customers' use of available safeguards will impact the level of protection available for the Service Data. Communications with WIP Systems through other methods such as email or phone are not subject to those protections. Third-party software and services integrated into our Service Offerings, such as Google Drive, One Drive, Dropbox and other integrations, are handled by such third parties subject to their own privacy and security procedures, which we do not control.

No security method is perfect, and we cannot guarantee that any data will remain secure.

We hold Personal Data for as long as necessary to fulfill the purposes set forth in this Privacy Policy. Information may persist in copies made for backup and business continuity purposes for additional time.

WIP Systems may change this Privacy Policy to reflect changes in the law, our data handling practices or the features of our business. The updated Privacy Policy will be posted on wipsystem.com.

If you have questions, requests or complaints relating to a Customer's handling of your Service Data, please contact the relevant Customer. If you have questions regarding our practices or this Privacy Policy, or to send us requests or complaints relating to Personal Data, please contact us:

WIP Systems Australia Pty Ltd.
535 Heidelberg Road, Alphington
Victoria 3078 Australia

or

privacy@wipsystem.com