Privacy Policy

This Privacy Statement describes how we – RAYATT Australia Pty. Ltd. (collectively, “RAYATT”, “we”, “our”, or “us”) collect, store, use, and disclose personal data about individuals (“you”) who: I visit or otherwise interact with our websites (“Visitors”), available at docotive.com or any other website, webpage, e-mail, text message, or online advertisement under our control (collectively – “Sites”); (ii)

Your privacy is critical to us, and we are committed to increasing the transparency and fairness of our procedures respecting your personal data. Please take the time to carefully read this Privacy Statement and ensure that you completely understand and agree to it.

You are not compelled by law to provide us with any Personal Data (as defined below) and may do so (or refrain from doing so) at your discretion.

If you do not wish to provide us with such Personal Data or to have it processed by us or any of our Service Providers (as defined below), you may simply avoid our Sites and Services. You may also choose not to give us “optional” Personal Data, but bear in mind that we may be unable to provide you with the full range of our services or the optimal user experience when using our Service without it.

This Privacy Statement is included in our Terms of Service (“Terms”). Any capitalized term in this Privacy Policy that is not specified shall have the meaning set forth in the Terms.

1. Data Gathering

We acquire technical data, profile data, customer data, content, and other information about you and your business from you, your organisation, and third-party sources.

We collect a variety of different sorts of personal data about our Users and visitors to our Sites. Typically, such data is gathered and created during your connection with us or our Service, either automatically or directly from you, other Users, our customers, or other third parties (including Service Providers, as hereinafter defined).

Specifically, we gather the following categories of data (which is termed “Personal Data” if it refers to an identified or identifiable individual):

When you visit, interact with, or use our Service, we may automatically collect, record, or generate certain technical data about you. We do so independently or in collaboration with third-party Service Providers (as described in Section 4 below), including through the use of “cookies” and other tracking technologies (as detailed in Section 5 below).

This data includes connectivity, technical, and aggregated usage information, such as IP addresses and general geographic locations, device information (such as type, operating system, mobile device identifier, browser version, locale, and language settings used), date and time stamps of usage, cookies and pixels installed or utilized on such device, and the recorded activity (sessions, clicks, and other interactions) of Visitors and Users in connection with our Service. Additionally, phone calls (e.g., with our customer success or product consultants) may be recorded, logged, and analyzed automatically for purposes such as analytics, service-, operations-, and business-quality control and improvement, and record-keeping.

When you contact us or register for the Service and create your own profile (“User Profile”), you may give us Personal Data. This includes your name, employer, and position, contact information (such as e-mail, phone, and address), account login information (e-mail address and hashed passwords), and any other data you choose to supply when you use our Service, contact us or connect with others via our Service. For example, when you sign up or log in to the Service, you may connect your Google account, which may provide us with your name, e-mail address, image, and other information stated in your profile there. Additionally, you may give us information about your profile photo, location, time zone, skills, device, general location, and activity logs and data; as well as your preferences, characteristics, and purposes for using the Service (collectively, “User Data”).

You may also send us “Contact Us” or support requests or provide us with feedback, reviews, or responses to surveys or promotions, including by submitting an online form on our Service or social media channels, by posting on any of our online public forums or communities, or by sending an e-mail to any of our designated addresses. This data may include specifics about the issue you’re having, your contact information, and any other documentation, as well as screen recordings, screenshots, and other information.

Additional User Data may be provided by our customers, such as invoicing information, business needs, and preferences. To the extent that such data relates to a non-human entity (e.g., a company or business’s bank account), it will not be considered “Personal Data” and will be exempt from this Privacy Policy.

Users may opt to upload or submit Customer Data to our Service that contains Personal Data (for example, by uploading the Customer’s client or employee directory). Customer Data will be processed by RAYATT on behalf of our Customer (who owns the Customer’s Account), in compliance with our Data Processing Agreement (to the extent applicable), and other agreements with such Customer, as well as this Privacy Policy.

Customers and Users may give us with the contact information for their workers, team members, and colleagues in order for us to contact, invite, or subscribe them as Users to our Service. These persons’ names, phone numbers, and work e-mail addresses are normally included in this data, but more data may be offered at the discretion of those providing it. This data will also be referred to as “User Data” for the purposes of this Privacy Policy.

We may get Personal Data about you from other sources. For instance, if you attend an event, webinar, or promotion that we support or participate in, we may obtain your Personal Data from the event’s organisers. Additionally, we may obtain your contact and professional information (e.g., your name, company, position, contact information, and professional experience, preferences, and interests) from our business partners or service providers, as well as through tools and channels commonly used to connect businesses and individuals to explore potential business and employment opportunities, such as LinkedIn.

If you or your Admin choose to integrate the Customer’s Account with a third-party service while using the Service (and the third-party service is supported by our Service), we will connect and integrate the third-party service with ours. Depending on the nature and purpose of the integration, the third-party provider may receive certain relevant data about or from your Customer’s Account (including User Data) or may share certain relevant data from your Customer’s Account on their service with our Service. Please keep in mind that we do not receive or store any of your credentials for these third-party services (but do typically require your API key to integrate with them). Please notify your Admin if you do not intend for your data to be shared with such third-party service(s)

Data Collected Through Analytics Tools: We collect data about how our Sites and Service are used through analytics tools (e.g., Google Analytics). Analytics technologies gather information about how frequently Users and Visitors visit or use the Sites and Services, which pages they visit and when, and which website, advertisement, or e-mail message directed them there.

2. Data Utilization

We use Personal Data to operate, improve, and secure our Service; to conduct analytics, marketing, and sales; to comply with relevant laws; and to further our legitimate business interests.

We use Personal Data to the extent necessary for the performance of our Service; to comply with our legal and contractual obligations; and to further our legitimate interests in maintaining and improving our Service, including understanding how our Service is used and how our campaigns perform and gaining insights that enable us to allocate our resources and efforts more efficiently; marketing, advertising, and selling our Service to you and others; and providing customer service.

If you reside in or use the Service in a territory governed by privacy laws that establish “consent” as the sole or most appropriate legal basis for processing Personal Data (in general, or specifically with respect to the types of Personal Data you choose to share via the Service), your acceptance of our Terms and this Privacy Policy will be deemed as your consent to the processing of your Personal Data for the purposes set forth in this Privacy Policy. To revoke this consent, please contact us by email at legal@rayatt.com .

To the extent permitted by the California Consumer Privacy Act, we do not sell your personal information (CCPA).

We use Personal Data for the following purposes: • To facilitate, operate, and provide our Service; • To authenticate the identity of our Users and to grant them access to our Service; • To provide assistance and support to our Visitors, Users, and Customers; and • To gain a better understanding of how Visitors and Users evaluate, use, and interact with our Service, and how we can improve their and others’ user experience. These activities enable us to emphasise the advantages of our Service, so increasing your involvement and overall pleasure with it. This includes contextual, behavioural, and interest-based advertising based on a Visitor or User’s activity, preferences, or other data we or our business partners have about them; • To contact our Visitors, Users, and Customers (whether existing or prospective) with general or personalised service-related messages, as well as promotional messages that may be of particular interest to them (as further described in Section 6 below);

Regardless of the foregoing, our use of Personal Data obtained from Google OAuth API Scopes for the purpose of integrating with certain Google services (the “Integrated Google Services”), as well as data aggregated, anonymized, or derived from such Personal Data (the “Restricted Personal Data”), is limited to the following:

• Facilitating, operating, supporting, providing, and improving the Integrated Google Service;
• Troubleshooting or security purposes (such as investigating a bug or abuse);
• Compliance with applicable law and regulation;
• For our internal operations, provided that Restricted Personal Data (including derivations thereof) has been aggregated and anonymized;
• Transfer of Restricted Personal Data to third parties: (1) in accordance with this Privacy Policy, s.

3. Data Storage and Retention

We retain personal data in numerous locations worldwide for as long as necessary to meet our reasonable business needs (as required to deliver our Service or to support and exercise our legitimate interests); and to comply with our legal responsibilities.

Data Location: We and our authorised Service Providers (defined below) may maintain, process, and store your Personal Data in a variety of locations, including the United States of America, Israel, and other jurisdictions, as reasonably necessary for the proper performance and delivery of our Service or as required by law.

While privacy regulations differ by jurisdiction, RAYATT, its affiliates, and Service Providers are all committed to protecting Personal Data in line with this Privacy Policy and generally accepted industry standards, regardless of any reduced legislative requirements applicable in their jurisdiction.

We will retain your Personal Data for as long as is reasonably necessary to maintain and expand our relationship and provide you with our Service and offerings; to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e. as required by applicable laws governing log-keeping, records, and bookkeeping, and in order to have proof and evidence regarding our relationship, should any legal issues arise).

Please be aware that, except as required by applicable law or our specific agreements with you, we are not required to preserve your Personal Data for any period of time and are free to securely delete or restrict access to it for any reason and at any time, with or without notification to you. Please contact us by e-mail at legal@rayatt.com if you have any questions concerning our data retention policy.

4. Data Exchange

We share your data (and feedback) with our Service Providers, our Customers, within our group, as required by law, and with other Users on your shared boards.

In extreme instances, we may disclose or grant access to your Personal Data to government and law enforcement officials in response to a subpoena, search warrant, or court order (or equivalent requirement), or in accordance with relevant laws and regulations. Such disclosure or access may occur if we believe in good faith that: (a) disclosure is necessary to comply with legal requirements; (b) disclosure is necessary to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) disclosure is necessary to protect the security or integrity of our products and services.

Service Providers: We may contract with carefully selected third-party firms and individuals to provide complementary services to our own. Third-Party Service Providers, hosting and server co-location services, communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, fraud detection and prevention services, web analytics, e-mail distribution, and monitoring services, session or activity recording services, remote access services, performance measurement, data optimization, and marketing services, social and ad-tech services.

These Service Providers may have access to your Personal Data in accordance with their respective roles and responsibilities in supporting and enhancing our Service, and may only use it for the restricted purposes specified in our agreements with them. When our Service Providers contact you to offer or promote our Service, they may also contact you to promote their own. If you choose to engage in such activities with RAYATT’s Service Providers, please be aware that such interaction will fall beyond the scope of docotive’s Terms and Privacy Policy and will be governed by the terms and privacy policies of our Service Providers.

Our Service Providers shall be considered ‘Data Processors’ in the event that RAYATT acts as the ‘Data Controller’; and in the event that RAYATT acts as the ‘Data Processor’ for our Customer, the Service Provider shall be considered our ‘Sub-Processor’ (as further described in Section 9 below). RAYATT’s Sub-Processors can be found at docotive Sub-Processors.

Third-Party Websites and Services: Our Service may also feature links to and integrations with third-party websites and services (as defined in the Terms). These websites and Third Party Services, as well as any information you process, submit, transmit, or otherwise use in connection with them, are governed by the terms and privacy practices and policies of the third party, not by this Privacy Policy. We strongly advise you to read the terms and privacy policies associated with such websites and Third-Party Services carefully.

Sharing Personal Data with Customers and Other Users: We may share your Personal Data with the Customer whose Account you are a User of (including data and communications concerning your User Profile). Sharing such data in this situation implies that the Account’s Admin(s) will have access to it on the Customer’s behalf and will be able to monitor, process, and analyze your Personal Data. This includes occasions in which you may approach us for assistance in resolving an issue with a team to which you belong (and which is managed by the same Customer).

Customer Data and other content that you submit to private Boards may still be accessed, copied, and processed by the Customer’s Admin (s). Additionally, your User Profile and User Data will be visible to all authorized users who have access to the same Board(s) as you. Please be aware that RAYATT is not liable for and has no control over any additional disclosure, use, or monitoring of such data by or on behalf of the Customer, who serves as the “Data Controller” of such data (as further described in Section 9 below).

If you register for or access the Service using an e-mail address associated with a domain owned by your employer or organization (our Customer), and another team within such Customer’s organization wishes to create an account on the Service, certain information about you, such as your name, profile picture, contact information, and general use of your account, may become accessible to the Customer’s Admins and Users.

Sharing your Feedback or Recommendations: If you submit a public review or recommendation, please be aware that we may keep and publish your review to other users of our Sites and Services (at our discretion) (including other Customers). Please email us at legal@rayatt.com if you desire to have your public review removed. If you choose to send an e-mail or message to others inviting them to use the Service, we will use the contact information you supply to send the invitation e-mail or message on your behalf. The invitation e-mail or message may include your name and e-mail address.

Our Sites have public blogs or forums, such as the docutive.com Community. Any information you contribute to these forums, blogs, or communities – including profile information linked with the Account you use to publish the information – may be accessed, collected, and utilized by other users of these Sites. Due to the public nature of such forums, your posts and certain personal information may be visible to all users even after you cancel your Account. To request that your information be removed from our publicly available Sites, please contact us as specified in Section 10 below. In some instances, we may be unable to delete your information; in this situation, we will notify you and explain why.

Protecting Rights and Safety: We may share your Personal Data with other parties if we think in good faith that doing so will assist in protecting the rights, property, or personal safety of RAYATT, any of our Users or Customers, or any members of the public.

Subsidiaries and Affiliated Companies of RAYATT: We may share Personal Data within our group of companies for the purposes mentioned in this Privacy Policy. Additionally, if RAYATT or any of its subsidiaries or affiliates changes control, whether via a merger, acquisition, or the purchase of substantially all of its assets, your Personal Data may be shared with the parties involved in such an event. If we feel that such a change in control would materially affect your Personal Data that we have kept with us, we will tell you via e-mail or a prominent notice on our Service of this event and any choices you may have.

For the avoidance of doubt, RAYATT may share your Personal Data in additional ways with your specific consent, if we are legally required to do so, or if we effectively anonymize and de-identify such data. We reserve the right to transmit, share, or otherwise utilize non-personal data at our sole discretion and without obtaining additional authorization.

5. Utilization of Cookies and Tracking Technologies

Cookies and other technologies are used by us and our Service Providers for performance, tracking, analytics, and personalization purposes.

Our Sites and Service (as well as some of our Service Providers) make use of “cookies,” anonymous identifiers, container tags, and other technologies to help us deliver and maintain our Service, assess our performance and marketing operations, and personalize your experience. Additionally, similar cookies, files, or tags may be briefly stored on your device. Certain cookies and other technologies are used to retrieve previously stated Personal Data, such as an IP address, from a User. To understand more about our Cookie and Tracking practices, please review our Cookie Policy.

Please be aware that we do not alter our policies in response to a “Do Not Track” signal in the HTTP header sent by a browser or mobile application; nevertheless, the majority of browsers allow you to manage cookies, including whether to accept them and how to delete them. Most browsers allow you to configure them to inform you when you receive a cookie, or you can choose to ban cookies entirely.

6. Communications

We communicate with customers and prospects via e-mail, phone, SMS, and push notifications.

We may contact you with critical information about our Service. For example, we may notify you (through any of the various channels) of modifications or updates to our Service, billing issues, service changes, log-in attempts or password reset alerts, and so on. Additionally, our customers and other Users sharing an Account with you may send you notifications, messages, and other updates about their or your usage of the Service. Your User Profile options allow you to manage your messages and notification preferences. Please keep in mind, however, that you will be unable to opt out of receiving certain service notifications that are necessary for your use (like password resets or billing notices).

Additionally, we may remind you about new features, expanded offers, upcoming events, special opportunities, or any other information we believe our users will find useful. We may provide such warnings via any of our available communication methods (e.g., phone, mobile, or e-mail), through the Service, or through our marketing campaigns on other websites or platforms.

If you do not wish to receive such promotional communications, you may notify RAYATT at any time by sending an e-mail to legal@rayatt.com, changing your communications preferences in your User Profile settings, or following the “unsubscribe”, “stop”, “opt-out”, or “change e-mail preferences” instructions included in the promotional communications you receive.

7. Data Protection

We safeguard your Personal Data by implementing industry-standard physical, administrative, and technical safeguards.

To safeguard the Personal Data we collect and store, we employ industry-standard physical, procedural, and technical security measures, including encryption where necessary. Please be aware, however, that regardless of the security measures in place, we cannot and do not guarantee the complete protection and security of any Personal Data held with us or any third parties as indicated in Section 4 above.

8. Rights of Data Subjects

Individuals have certain rights with regards to their Personal Data. You may exercise your rights by contacting us or the administrator of your account.

If you wish to exercise any of your legal rights under applicable law, including the EU General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), including the right to access, rectify, or erase your Personal Data held by RAYATT, or to restrict or object to the processing of such Personal Data, or to port such Personal Data, or the right to equal services and prices (each to the extent permitted by applicable law), please contact us at legal@rayatt.com.

Please keep in mind that once you contact us via email, we may instruct you on how to independently fulfill your request via your User Profile settings; or we may require additional information and documents, including certain Personal Data, to authenticate and validate your identity and process your request. Such additional data will subsequently be maintained by us for legal purposes (e.g., as verification of the requestor’s identity), in accordance with Section 3 above.

If you have any requests or questions about Personal Data that we process on behalf of your Account owner (our Customer), please contact the Account’s Admin directly. For instance, if you are a User seeking access to, correction of, or deletion of data processed by RAYATT on behalf of a Customer, please send your inquiry to the applicable Customer (who is the “Data Controller” of such data – see Section 9).

9. Controller/Processor of Data

We are the Controller of the Personal Data of our Visitors and Customers, as well as certain types of User Data; we are the Processor of any Personal Data contained in Customer Data and User Data processed on our Customer’s behalf.

Certain data protection laws and regulations, such as the GDPR or the CCPA, typically distinguish between two primary roles for parties processing Personal Data: the “Data Controller” (or “business” under the CCPA), who determines the purposes and means of processing; and the “Data Processor” (or “service provider” under the CCPA), who processes the data on the Data Controller’s behalf (or business). The next sections discuss how these duties apply to our Service, to the degree that applicable laws and regulations do.

RAYATT is the “Data Controller” for the Personal Data of its Visitors and Customers, as well as User Data, which includes profile and contact information, as well as usage, preferences, engagement, and analytics data. We accept the duties of Data Controller (to the extent permitted by law) with respect to such data, as set forth in this Privacy Policy. In these cases, our Service Providers acting as “Data Processors” will assume the position of “Data Controller.”

If any of our Users upload or submit Customer Data or other content to our Service that contains Personal Data (for example, by submitting their own clients’ contact information to one of their Boards), such data will be processed by RAYATT on behalf of our customer, the owner of the respective Account, along with all other User Data processed on such Customer’s behalf.

In such circumstances, our Customer will be regarded the “Data Controller” of such data, and RAYATT will process it on the Customer’s behalf, as “Data Processor,” in accordance with the Customer’s reasonable instructions, subject to our Terms, our Data Processing Agreement, and applicable law.

Agreement with such Customer (as applicable), as well as any other commercial arrangements. In certain cases, RAYATT’s Service Providers will operate as designated Sub-Processors. The Customer is responsible for adhering to all applicable legal obligations for Data Controllers (such as establishing a legal basis for processing and responding to Data Subject Rights requests concerning the data they control).

10. Additional Notifications

We reserve the right to alter this policy at any time; we are not responsible for the privacy policies of other websites or services; we have established a Data Protection Officer and designated a Representative in the European Union.

Updates and Amendments: We reserve the right to modify and update this Privacy Policy at any time by posting an amended version on our Service. The modified version will take effect on the date of publication. When we make major changes to these Terms, we will notify Customers appropriately, such as by posting a prominent notice within the Service or sending an email to the Customer. Continued use of the Service following the implementation of the changes constitutes acceptance of the changes.

While our Service may contain links to other websites or services, we are not responsible for the privacy practices of such websites or services. We recommend you exercise caution when leaving our Service in favor of a third-party website or application and to read the privacy policies of each website and service you visit. This Privacy Statement is applicable solely to our Service.

Our Service is not intended for children under the age of sixteen: we do not intentionally collect Personal Data from children and have no intention of doing so. If we become aware that a child under the age of 16 is using the Service, we will take reasonable measures to restrict and block such usage, as well as to quickly erase any Personal Data held with us about such child. If you believe we may be in possession of such information, please notify us via e-mail at legal@rayatt.com.

EU Representation: In accordance with Article 27 of the GDPR, RAYATT has not yet designated a representative in the European Union for data protection matters.

If you have any comments or questions about this Privacy Statement, or if you have any concerns about your Personal Data that we hold, please contact us at legal@rayatt.com. You also have the right to make a complaint with an EU regulatory authority if you are a GDPR-protected individual.