1. Privacy Policy
How we protect your privacy on wan-tech.com and/or wpluserp.com and when you use our services.
WANTECH Innovation Technology Ltd and its
affiliates offer many services to help you run your business, including a
platform to host your own Odoo Enterprise and/or Wplus ERP (hereforth known as W+ERP) database.
As part of running those services we collect data about you and your business.
This data is not only essential to run our services, but also critical for the
safety of our services and all our users.
This policy explains what information is collected, why it is collected, and
how we use it.
Information we collect
Most of the personal data we collect is
directly provided by our users when they register and use our services. Other
data is collected by recording interactions with our services.
Account & Contact Data:
When you register on our website to use or download one of our
products, or subscribe to one of our services (W+ ERP lite, W+ ERP,
or any other producs
etc.), or fill in one of our contact forms, you voluntarily give us
certain information. This typically includes your name, company name,
email address, and sometimes your phone number, postal address (when
an invoice or delivery is required), business sector, as well as
a personal password.
We never record or store credit card information from our customers,
and always rely on trusted third-party PCI-DSS-compliant payment processors for
credit card processing, including for recurring payment processing.
Job Application Data: When you apply for a job on our website or
via an employment agency, we usually collect your contact information (name,
email, phone), and any information you choose to share with us, in
your introduction letter and Curriculum Vitae. If
we decide to send you a job proposition, we will also ask you to provide extra
personal details, as required to fulfil our legal obligations and personnel
management requirements.
We will not ask you to provide information that is not
necessary for the recruitment process. In particular, we will never collect
any information about your racial or ethnic origin, political opinions,
religious beliefs, trade union membership or sexual life.
Browser Data: When you visit our website and access our online
services, we detect and store your browser language and geolocation, in
order to customize your experience according to your country and preferred
language. Our servers also passively record a summary of the information sent
by your browser, for statistical, security and legal purposes: yourIP
address, the time and date of your visit, yourbrowser
version and platform, and the web page that referred you to
our website.
Customer Database: When you subscribe to an Odoo Enterprise and/or W+ERP
Cloud service and create your own Odoo Enterprise or W+ERP database (for
example by starting a Free Trial), any information or content you submit or
upload into your database is your own, and you control it fully.
Similarly, when you upload an on-premises database to the Odoo Enterprise
and/or W+ ERP website, you own the data in it.
This data will often include personal information, for example: your
list of employees, your contacts and customers, your messages, pictures,
videos, etc . We only ever collect this information on your
behalf, and you always retain ownership and full control on this
data.
How we use this information
Account & Contact Data:
We use your contact information in order to provide our
services, to answer your requests, and for billing and account management reasons.
We may also use this information for marketing and communication purposes (our
marketing messages always come with a way for you to opt-out at any time). We
also use this data in aggregated/anonymised form in order to analyse service
trends.
If you have registered to participate in an event published on our website, we
may transfer your name, email address, phone number and company
name to our local organizer and to the sponsors of the event, for both
direct marketing purposes and in order to facilitate the preparations and
booking for the event.
If you have expressed interest in using Odoo Enterprise and/or W+ ERP or
otherwise asked to be contacted by a Odoo Enterprise and/or W+ERP service
provider, we may also transfer your name, email address, phone number and company
name to one of our official partners in your country or region, for
the purpose of contacting you to offer their local assistance and services.
Job Application Data: We will only process this information for our
recruitment process, in order to evaluate and follow-up with your application,
and in the course of preparing your contract, if we decide to send you a job
proposition. You may contact us at any time to request the deletion of your
information.
Browser Data: This automatically recorded data is anonymously
analyzed in order to maintain and improve our services. We will only correlate
this data with your personal data when required by law or for security
purposes, if you have violated our Acceptable Use Policy.
Acceptable Use Policy
à Usage of W+ERP Cloud Services is subject to this Acceptable Use Policy (AUP). This AUP is incorporated by reference into, and governed by the W+ERP Subscription Agreement between you (Customer) and Wantech Innovation Technology Limited. Customers who are found to be violating these rules may see their subscriptions suspended without prior notice. The subscription fees will usually not be refunded.
You may not use W+ERP services for storing, displaying, distributing or otherwise processing illegal or harmful content. This includes:
- Illegal Activities: promoting gambling-related sites or services, or child pornography.
- Harmful or Fraudulent Activities: Activities harmful to others, promoting fraudulent goods, services, schemes, or promotions (e.g., make-money-fast schemes, ponzi and pyramid schemes, phishing, or pharming), or engaging in other deceptive practices.
- Infringing Content: Content that infringes the intellectual property of others.
- Offensive Content: Content that is defamatory, obscene, abusive, invasive of privacy, or otherwise objectionable, including content that constitutes child pornography, relates to bestiality, or depicts non-consensual sex acts.
- Harmful Content: Malicious and malware content, such as viruses, trojan horses, worms, etc.
- Spam Content: Content that is published for "black hat SEO" purposes, using tricks such a link building / link spam, keyword spam, in order to exploit the reputation of Odoo services for promoting third-party content, goods or services.
You may not use W+ERP services for spamming. This includes:
- Unsolicited messages: sending or facilitating the distribution of unsolicited bulk emails and messages, either directly via Odoo Cloud or indirectly via third-party email services. This includes the use of bulk emails lists. Any mass-mailing activity is subject to the applicable legal restrictions, and you must be able to show evidence of consent/opt-in for your bulk email distribution lists.
- Spoofing: sending emails or messages with forged or obfuscated headers, or assuming an identity without the sender's permission
You may not attempt to compromise W+ERP services, to access or modify content that does not belong to you, or to otherwise engage in malicious actions:
- Unauthorized access: accessing or using any W+ERP system or service without permission
- Security research: conducting any security research or audit on W+ERP systems without written permission to do so, including via scanners and automated tools. Please see our Responsible Disclosure page for more information regarding WANTECH security research.
- Eavesdropping: listening to or recording data that does not belong to you without permission
- Other attacks: non-technical attacks such as social engineering, phishing, or physical attacks against anyone or any system
You may not abuse the resources and systems of W+ERP. In particular the following activities are prohibited:
- Network abuse: causing Denial of Service (DoS) by flooding systems with network traffic that slows down the system makes it unreachable, or significantly impacts the quality of service
-
Unthrottled RPC/API calls
:
sending large numbers of RPC or remote API calls to our systems without
appropriate throttling, with the risk of impacting the quality of service
for other users.
Note: W+ERP provides batch APIs for imports, so there should be no need for this. Throttled calls are typically acceptable at a rate of 1 call/second, with no parallel calls. Exceptions may be authorized on a case-by-case basis – please contact us if you think you need one. - Overloading : voluntarily impacting the performance or availability of systems with abnormal content such as very large data quantities, or very large numbers of elements to process, such as email bombs.
- Crawling: automatically crawling resources in a way that impacts the availability and performance of the systems
- Attacking: using the W+ERP services to attack, crawl or otherwise impact the availability or security of third-party systems
- Abusive registrations: using automated tools to repeatedly register or subscribe to W+ERP services, or registering or subscribing with fake credentials, or under the name of someone else without their permission.
Customer Database: We only collect and process this data on your
behalf, in order to perform the services you have subscribed to, and based on
the instructions you explicitly gave when you registered or configured your
service and your Odoo Enterprise and/or W+ERP database.
Our Helpdesk staff and engineers may access this information in a limited and
reasonable manner in order to solve any issue with our services, or at your
explicit request for support reasons, or as required by law, or to ensure the
security of our services in case of violation of our Acceptable Use Policy, in
order to keep our services secure.
Accessing, Updating or Deleting Your Personal Information
Account & Contact Data:
You have the right to access and update personal data you have
previously provided to us. You can do so at any time by connecting to your
personal account on wplueserp.com. If you wish to permanently delete your
account or personal information for a legitimate purpose, please contact our
Helpdesk to request so. We will take all reasonable steps to permanently delete
your personal information, except when we are required to keep it for legal
reasons (typically, for administration, billing and tax reporting reasons).
Job Application Data: You may contact us at any time to request
access, updates or deletion of your application information. The easiest way to
do it is to reply to the last message you exchanged with our Human Resource
personnel.
Customer Database: You can manage any data collected in your
databases hosted on wplueserp.com at any time, using your administration
credentials, including modifying or deleting any personal data stored therein.
At any time you can export a complete backup of your database via our control
panel, in order to transfer it, or to manage your own backups/archive. You are
responsible for processing this data in compliance with all privacy
regulations. You may also request the deletion of your entire database via your
control panel, at any time. When you use the W+ERP Database Upgrade service,
your data is automatically deleted after your upgrade was successfully
completed, and may also be deleted upon request from you.
Safety Retention Period: we retain a copy of your data in our
backups for safety reasons, even after they are destroyed from our live
systems. See Data Retention for more details.
Security
We realize how important and sensitive your personal data is, and we take a great number of measures to ensure that this information is securely processed, stored and preserved from data loss and unauthorized access. Our technical, administrative and organizational security measures are described in details in our Security Policy.
In order to support our operations we rely
on several Service Providers. They help us with various services such as
payment processing, web audience analysis, cloud hosting, marketing and
communication, etc.
Whenever we share data with these Service Providers, we make sure that they use
it in compliance with Data Protection legislation, and that the processing they
carry out for us is limited to our specific purpose and covered by a specific
data processing contract.
Here is a list of the Service Providers we are currently using, why we use
them, and what kind of data we share with them:
|
Service Provider |
Purpose |
Share Data |
|
Paypal |
Payment processing on wpluserp.com |
Shared with Paypal
: Order details (amount, description, reference), Customer
name and email |
|
AliCloud |
Infrastructure and hosting, DDOS Protection |
Hosted by AliCloud : Production data from wpluserp.com and its affiliate services, including Customer Databases. |
|
Google Analytics |
Anonymous website audience analysis |
Shared with Google Analytics : Non-personal browser data, anonymized IP, geolocation info, language (no identifiable information) |
|
Google Calendar |
Calendar data syncrhonisation |
Shared with Google Calendar: Any contact and personal information entered by the user for calender purposes |
|
SendGrid |
Email sending services |
Shared with SendGrid : Any contact and personal information entered by the user for email sending services |
|
Woztell |
WhatsApp business solution provider |
Shared with Woztell: Any contact and personal information entered by the user for Whatsapp business solution services |
Account & Contact Data
: we will only retain such data as long as necessary for the
purpose for which it was collected, as laid out in this policy, including any
legal retention period, or as long as necessary to carry out a legitimate and
reasonable promotion of our products and services.
Job Application Data: If we do not hire you, we may keep the
information you provide for up to 2 years in order to contact you again for any
new job proposition that may come up, unless you ask us not to do so. If we
hire you, your personal information will be stored for the duration of your
employment contract with us, and afterwards, during the applicable legal
retention period that applies in the country where we employed you.
Browser Data : we will only retain this data for a short period of
time, generally 2 months, unless we need to keep it in relation with a
legitimate concern related to the security or performance of our services, or
as required by law.
Customer Database : we will only retain this data as long as
necessary for providing the services you subscribed to. For databases hosted on
the W+ERP Cloud, if you cancel the service your database is kept deactivated
for 3 weeks (the grace period during which you can change your mind), and then
destroyed. For databases uploaded to the W+ERP Database Upgrade website, your
database is kept for up to 4 months after the last successful upgrade, and may
be deleted earlier upon request.
Safety Retention Period:
As part of our Security Policy, we always try to preserve your data from accidental or malicious deletion. As a result, after we delete any of your personal information (Account & Contact Data) from our database upon request from you, or after you delete any personal information from your database (Customer Database), or if you delete your entire database, it is not immediately deleted from our backup systems, which are secured and inalterable. The personal data could remain stored for up to 12 months in those backups, until they are automatically destroyed.
We commit not to use those backup copies of your deleted data for any purpose
except for maintaining the integrity of our backups, unless you or the law
require us to do so.
Hosting Services
Hosting Locations : Customer databases are hosted in the W+ERP data
center closest to where they are based: Hong Kong or Singapore. Customers can
request that their data be moved to one of the other data centers.
Backup Locations : We utilize a "Triplicate technology", which automatically stores all of the data copies across different servers and provide 99% data reliability for Elastic Compute Service(Server) instances.
Backups are are replicated in an additional separate server in order to meet our Disaster Recovery objectives, see our Cloud Hosting SLA.
Third Party Disclosure
Except as explicitly mentioned above, we do not sell, trade, or otherwise transfer your personal data to third parties. We may share or disclose aggregated or de-identified information, for research purposes, or to discuss trends or statistics with third-parties.
Cookie Policy
Cookies
are
small bits of information sent by our servers to your computer or device when
you access our services, and unique to you. They are stored in your browser and
later sent back to our servers so that we can provide contextual content. We
use them to support your activities on our website, for example your session
(so you don't have to login again) or your shopping cart.
Cookies are also used to help us understand your preferences based on previous
or current activity on our website (the pages you have visited), your language
and country, which enables us to provide you with improved services. We also
use cookies to help us compile aggregate data about site traffic and site
interaction so that we can offer better site experiences and tools in the
future.
We also use third-party services such as Google Analytics, who set and use
their own cookies to identify visitors and provide their own contextual
services. For more information regarding those third-party providers and their
Cookie Policy, please see the relevant references in the Third-Party Service
Providers section.
You can choose to have your computer warn you each time a cookie is being sent,
or you can choose to turn off all cookies. Each browser is a little different,
so look at your browser's Help menu to learn the correct way to modify your
cookies, or look at the links below.
Chrome: https://support.google.com/chrome/answer/95647?hl=en
Explorer: https://support.microsoft.com/en-us/products/windows?os=windows-10
Safari: https://support.apple.com/kb/PH21411
Firefox: https://support.mozilla.org/products/firefox/cookies
Opera: http://www.opera.com/help/tutorials/security/cookies/
We do not currently support Do Not Track signals, as there is no industry standard for compliance.
Policy Updates
We may update this Privacy Policy from time to time, in order to clarify it, or to comply with legal obligations. The "Last Updated" mention at the top of the policy indicates the last revision, which is also the effective date of those changes. If you continue to use our services after such a change, you agree to our updated policy.
Contacting Us
If you have are any question regarding this Privacy Policy, or any enquiry about your personal data, please contact us via email at enquiry@wan-tech.com
WANTECH Innovation Technology Limited
Room 1105, 11/F, Century Centre, 44-46 Hung To Road,
Kwun Tong, Kowloon.,
Hong Kong