- “Affiliates” means the legal entities owned directly or indirectly by Wrike, Inc. or that are otherwise in Wrike, Inc.’s corporate family.
- “Controller” means the entity that has certain legal rights to determine the purposes for which Personal Data will be Processed and the means by which that Processing will happen.
- “Customer” means the entity that has contracted with Wrike to receive a free, trial, or paid Platform Plan or other Service Offerings. For example: When a business purchases a Platform Plan and sets up accounts under that Platform Plan for employees, the business is the Customer, and each individual using the Platform under the Plan is a User. If a one-person business signs up for its own free Platform Plan, that person is both the Customer and the User. If that person invites others to set up accounts under that Plan, those other people will be Users as well.
- “GDPR” means the EU General Data Protection Regulation.
- “Personal Data” means any information about an identified or identifiable individual, such as their name or contact information.
- Platform” means the work management and collaboration platform on wrike.com and the Wrike desktop and mobile apps.
- “Platform Plan” means a Customer’s subscription to the Platform
- “Service Offerings” means the Platform and Wrike’s related support and professional services.
- “Privacy Shield” means EU-U.S. and Swiss-U.S. Privacy Shield frameworks described here.
- “Process,” “Processed,” and “Processing” refer to any means any operation or set of operations that can be performed on Personal Data or on sets of Personal Data. This includes, for example, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure and destruction.
- “Processor” means an entity that Processes Personal Data on behalf of a Controller.
- “Service Data” is Personal Data or other information that Users: input directly into the Platform; create within the Platform; send to the Platform through our Chrome browser extension or through other apps and integrations; or provide to Wrike through authorized methods as part of other Service Offerings.
- “Service Offerings” means the Platform and Wrike’s related support and professional services.
- “User” means an individual who uses a Service Offering. Within the Platform, there are three types of Users: Regular Users, External Users, and Collaborators. Those User types are defined at that hyperlink.
- “Workspace” means the Platform instance to which Customer gains access when entering into a Platform Plan. The Workpace may contain one or more projects administered by Customer.
Wrike Processes Personal Data in the Service Data under the instructions of the relevant Customer or as required by applicable law, as described in the Wrike Terms of Service at https://www.wrike.com/security/terms or the alternative agreement (if applicable) signed by Wrike and that Customer for the Service Offerings. For any Workspace on the Platform, the relevant Customer is the one that Wrike authorizes to control the administrator account. Specifically, that Customer is the Controller for all information submitted by any User to that Workspace, including Regular Users, External Users, and Collaborators. The foregoing is true even when those Users happen to be employees of another Customer, as each Customer is a Controller of only its own Workspaces. Regular Users of a Workspace can find contact information for the relevant Customer’s administrator(s) by logging in to the Workspace and selecting “Profile”, then “Profile Settings”, and then “Account Information”. Other individuals may contact Wrike to ask Wrike to forward a request or inquiry to a particular Workspace’s administrator.
Wrike may disclose any Service Data, including certain deleted Service Data, or data previously received from deactivated Users, to the relevant Customer, and Wrike provides the Customer with certain tools for modifying, deleting or taking other steps with Service Data. Accordingly, Users and other individuals should contact the relevant Customer with any requests relating to Personal Data about them that may appear in that Customer’s Service Data. If Wrike receives a request from a User to exercise rights in Service Data, we will refer the User’s request to the relevant Customer and cooperate with that Customer’s handling of the request, subject to any special contractual arrangement with that Customer. For requests from Customer account administrators relating to their own Personal Data, Wrike may handle the request directly.
- Visitors to our websites and events;
- Prospective Customers and their personnel;
- People who sign up for our newsletters or other marketing; and
- Current Customers and Users, in relation to their procurement of Service Offerings and management of the relationship with Wrike.
Because we designed the Platform to be content- and data-agnostic, our Customers are empowered to provide us with any kind of Personal Data in the Service Data.
In addition to Service Data, we collect contact details, professional details such as title and name of company, information about the browsers and devices and individuals use to interact with us, information about an individual’s interactions with Wrike or our partners, and payment information.
We obtain much of this data directly from the relevant individuals, including in some cases with the technology described in the “Cookies and Automated Data Collection” section further below.
Wrike uses Personal Data as follows:
- To provide and improve our Service Offerings, including internal analysis of aggregate usage patterns;
- To respond to questions, concerns, or customer service inquiries, and to otherwise fulfill individuals’ requests;
- To send information about our current and future Service Offerings, including marketing communications by phone, email, online display advertising, and other channels;
- To analyze market conditions and use of our Service Offerings;
- To customize the content and advertising individuals see on our websites, across the Internet, and elsewhere;
- To enforce the legal terms that govern our business and online properties;
- To comply with law and legal process and protect rights, safety and property; and
- For other purposes requested or permitted by our Customers, Users or other relevant individuals, such as website visitors.
We share Personal Data as follows:
- For the uses of information described above, including to make appropriate disclosures in response to lawful requests by public authorities, such as to meet national security or law enforcement requirements; and
- In connection with a business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization.
For those purposes, we may share information with our Affiliates and other entities that help us with any of the above.
The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to use or disclose your Personal Data. To the extent those laws apply, our legal grounds for Processing Personal Data are as follows:
- To honor our contractual commitments to an individual: Some of our Processing of Personal Data is to meet our contractual obligations to the individuals to whom the Personal Data relate, or to take steps at their request in anticipation of entering into a contract with them. For example, when an individual purchases admission to a Wrike event, we may Process their payment information on this basis.
- Consent: Where required by law, and in some other cases, we handle Personal Data on the basis of consent. For example, some of our direct marketing activities happen on the basis of opt-in consent, such as sending marketing emails to individuals who have requested them.
- Legitimate interests: In many cases, we handle Personal Data on the ground that it furthers our legitimate interests in commercial activities, such as the following, in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals: Customer support; Marketing, including, in some cases, direct marketing such as via email; Protecting our Customers, Users, personnel and property; Analyzing and improving our business and Service Offerings; and Managing legal issues. We may also Process Personal Data for the same legitimate interests of our Customers and business partners.
- Legal compliance: We need to use and disclose Personal Data in certain ways to comply with our legal obligations.
This information includes unique browser identifiers, unique device identifiers such as the Apple Advertising Identifier or Android Advertising ID, IP address, browser and operating system information, geolocation, other device information, Internet connection information, as well as details about individuals’ interactions with our apps, websites and emails. Such details include, for example, the URL of the third-party website from which you came, the pages that you visit on our websites, and the links you click on in our websites.
The cookies and other technologies described here fall into four basic categories:
- Essential: These are strictly necessary to provide you with our online presence, such as access to secure areas that require registration. Users cannot refuse them without impacting functionality.
- Functional: These allow Users to browse or benefit from some of its features, such as setting language preferences. Similar to the essential technology described above, if these are disabled, it could impact your experience to use some functionality.
- Analytics: These allow us or our third-party analytics providers to collect statistics on the use of our Service Offerings and website.
- Advertising: These cookies and other technologies, administered primarily by our third-party advertising partners, track users’ online activities over time and use this information to show users ads that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we or they know, infer or have collected from the users. For example, we and these providers may use different types of cookies, other automated technology, and data to (i) recognize users and their devices; (ii) inform, optimize and serve ads; and (iii) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services, including how they are related to visits to specific sites or apps.
To learn more about interest-based advertising, including how to opt out from the targeting of interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from each of your browsers on each of your devices. You can opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page and installing the Google Analytics Opt-out Browser Add-on from each browser on each device. If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals. Please visit your mobile device manufacturer's website, or the website for its operating system, for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
You may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent. Some browsers offer similar settings for HTML5 local storage, and Flash storage can be managed here.
All Users can:
- Review and update certain User information by logging in to the relevant portions of the Platform.
- Deactivate their accounts by contacting us at support at team.wrike.com, subject to any contractual provisions between Wrike and the Customer responsible for the account. Except when the Customer has requested closure of all its User accounts, information in a deactivated User account may be available to the Customer for some time.
- Deactivate data collection by our browser extension by uninstalling it.
Controls related to cookies and other automated data collection are described in the “Cookies and Automated Data Collection” section above. Anybody can unsubscribe from marketing emails by clicking the unsubscribe link they contain.
Residents of the European Economic Area and many other jurisdictions have certain legal rights (including, in certain cases, under the EU-U.S. and EU-Swiss Privacy Shield Frameworks) to do the following with Personal Data we control:
- Obtain confirmation of whether we hold Personal Data about them, and to receive information about its Processing;
- Obtain a copy of the Personal Data, and in some cases, receive it in a structured, commonly used and machine-readable format, or have it transmitted to a third party in such form;
- Update, correct or delete the information;
- Object to the Processing of the information;
- Withdraw consent previously provided for the Processing of the information;
For example, those individuals have a right to opt out of Wrike’s Processing of their Personal Data for direct marketing purposes.
To exercise any rights relating to Service Data, Users should contact the relevant administrator for the Workspace associated with the Service Data, not Wrike. Regular Users of a Workspace can find contact information for the relevant Customer’s administrator(s) by logging in to the Workspace and selecting “Profile”, then “Profile Settings”, and then “Account Information”. Other individuals may contact Wrike to ask Wrike to forward a request or inquiry to a particular Workspace’s administrator. If you are a Customer account administrator or Customer account owner and require assistance with this process, such as if you want to make a request with respect to your own User data, you may contact us as described below.
Many of the rights described here are subject to significant limitations and exceptions under the Privacy Shield Frameworks and applicable law. For example, objections to the Processing of Personal Data, and withdrawals of consent, typically will not have retroactive effect.
To provide security for Service Data within the Platform, we maintain physical, organizational and technical safeguards, which are subject to periodic changes. The specific Platform security options available to Customers depend on their Platform Plan. Customers’ use of available safeguards will impact the level of protection available for the Service Data. Communications with Wrike through other methods such as email or phone are not subject to those protections. Third-party software and services integrated into our Service Offerings, such Google Drive, Box, Dropbox and other integrations, are handled by such third parties subject to their own privacy and security procedures, which we do not control. We use different safeguards to help secure the other Personal Data we handle. No security method is perfect, and we cannot guarantee that any data will remain secure.
Wrike complies with legal requirements for cross-border data protection, including through the use of European Commission-approved Standard Contractual Clauses and contract language required by the Privacy Shield, which is described below. As a business subject to the investigatory and enforcement authority of the United States Federal Trade Commission, Wrike has certified that its U.S. operations adhere to the Privacy Shield with respect to the Service Data and other Personal Data that Wrike receives in reliance on the Privacy Shield, which includes Personal Data we receive from the UK.
Our Privacy Shield certification is available at https://www.privacyshield.gov/list. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov. When Wrike receives Personal Data under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on Wrike’s behalf, Wrike may have certain responsibility under the Privacy Shield if both (i) the agent Processes the information in a manner inconsistent with the Privacy Shield, and (ii) Wrike is responsible for the event giving rise to the damage.
Covered European residents should direct any questions, concerns or complaints regarding Wrike’s compliance with the Privacy Shield to Wrike as described at the bottom of this Policy. Wrike will attempt to answer your questions and satisfy your concerns in a timely and complete manner as soon as possible. If, after discussing the matter with Wrike, your issue or complaint is not resolved, Wrike has agreed to participate in the Privacy Shield independent dispute resolution mechanisms listed below, free of charge to you. Please contact Wrike first.
- For human resources Personal Data that Wrike receives under the Privacy Shield (defined under Privacy Shield essentially as information about an employee collected in the context of the employment relationship): cooperation with the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC).
- For other Personal Data Wrike receives under the Privacy Shield: Wrike has further committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield for more information and to file a complaint
If your complaint still is not resolved through these channels, under limited circumstances, an additional binding arbitration option may be available before a Privacy Shield panel, as described at https://www.privacyshield.gov. Every individual also has a right to lodge a complaint with the relevant supervisory authority.
Please note that Wrike’s Customers may transfer Personal Data to Wrike on the basis of other legal mechanisms approved by the European Commission and other relevant authorities for cross-border data transfers, such as Standard Contractual Clauses. To exercise any legal right to see copies of the data transfer mechanism documents that Wrike uses to transfer data to third parties, please contact us. Our Service Offerings allow our Customers and Users to make international data transfers to third parties, such as to other Users, or to providers of integrations, for which they are solely responsible.
70 North Second Street
San Jose, CA 95113
+1 877-779-7453 or +1 650-318-3551
Attention: Legal and Compliance
80 Harcourt Street
Attention: Legal and Compliance
Effective Date: May 24, 2019. Wrike, Inc.