1. Data Controller Identification

This Privacy Policy is issued by:
Differentworks Inc.
899, Pine Street, San Francisco CA 94108
Website: www.differentworks.io
For privacy-related inquiries, please contact us at: info@differentworks.io

2. Jurisdiction and Compliance

This Privacy Policy is designed to comply with applicable data protection laws, including but not limited to:

• General Data Protection Regulation (GDPR) (EU Regulation 2016/679) for individuals in the European Economic Area (EEA)
• UK General Data Protection Regulation (UK GDPR) for individuals in the United Kingdom
• California Privacy Rights Act (CPRA) and California Consumer Privacy Act (CCPA) for California residents
• Personal Data Protection Act (PDPA) of Sri Lanka (Act No. 9 of 2022) for individuals in Sri Lanka
• Other applicable regional and national data protection laws

Depending on your location, you may have specific rights under these laws, as detailed in Section 8 below.

3. Information We Collect

We may collect the following personal information when you use our website www.differentworks.io, including any data you provide through contact forms or other interactions:

• Name
• Email address
• Phone number
• Company name
• Any other information you voluntarily provide (e.g., job title, message content, preferences)

We also automatically collect certain technical information when you visit our website, including:

• IP address
• Browser type and version
• Device information
• Pages visited and time spent on pages
• Referring website addresses
• Cookies and similar tracking technologies (see Section 10)

4. Lawful Basis for Processing (GDPR Article 6)

We process your personal data on the following lawful bases:

1. Consent (Article 6(1)(a)): When you provide explicit consent (e.g., subscribing to newsletters, opting in for marketing communications). You may withdraw consent at any time.
2. Contract (Article 6(1)(b)): When processing is necessary to perform a contract with you or to take steps at your request before entering into a contract (e.g., responding to service inquiries, delivering requested services).
3. Legitimate Interests (Article 6(1)(f)): When we have a legitimate interest in processing your data that is not overridden by your rights (e.g., website analytics to improve user experience, security monitoring, business development).
4. Legal Obligation (Article 6(1)(c)): When we must process your data to comply with legal or regulatory obligations (e.g., tax laws, responding to lawful requests from authorities).

For marketing communications, we rely on consent or legitimate interests where permitted by law. You can opt out at any time using the unsubscribe link in our emails or by contacting us.

5. How We Use Your Information

We use your personal information for the following purposes:

• To respond to inquiries or contact form submissions
• To provide information about our products or services
• To improve our website and user experience
• To communicate with you regarding updates or news (if you opt in)
• For analytics and performance monitoring to understand how visitors use our website
• To comply with legal obligations and enforce our terms of service
• To protect against fraud, security threats, and abuse

6. Data Sharing and Third-Party Processors

We do not sell or rent your personal information. We may share your data with the following categories of third parties who act as data processors or sub-processors on our behalf:

a) Trusted Service Providers:

• Trusted service providers (e.g., CRM platforms, email marketing tools) who assist in operating our website and services
• Analytics providers such as Google Analytics
• Authorities if required by law (e.g., to comply with legal obligations or enforce site policies)

Processor Compliance:

All third-party processors are contractually required to process data only on our instructions, implement appropriate technical and organizational security measures, comply with applicable data protection laws, and notify us of any data breaches.

7. International Data Transfers

Your personal information may be transferred to and processed in countries outside your country of residence, including the United States and other jurisdictions where our service providers operate.

For EEA/UK users: When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), Adequacy decisions, or Binding Corporate Rules.

8. Your Data Subject Rights

Depending on your location, you may have the following rights under applicable data protection laws:

• Right to Access: Request access to the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data in certain circumstances
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Additional Rights for California Residents (CPRA/CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to opt-out of the sale or sharing of personal information (Note: We do not sell personal information)
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights

Exercising Your Rights

How to Submit a Request: Email us at info@differentworks.io

We will verify your identity before responding. We aim to respond within 30 days. We do not charge a fee unless the request is excessive or repetitive.

9. Children's Privacy

Our website is not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe your child has provided us with personal information, please contact us immediately.

10. Cookies and Tracking Technologies

We use cookies to analyze website traffic, personalize your experience, and remember your settings.

Types of Cookies We Use:

• Strictly Necessary Cookies: Essential for the website to function properly.
• Analytics/Performance Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics).
• Functionality Cookies: Remember your preferences and settings.
• Marketing/Targeting Cookies: Used to deliver relevant advertisements (if applicable).

You can control cookie settings through your browser or our cookie consent banner. For more details, please see our Cookie Policy.

11. Data Security

We implement appropriate technical and organizational security measures including encryption (SSL/TLS), access controls, regular security assessments, and employee training. However, no method of transmission over the internet is 100% secure.

12. Data Breach Notification

In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the relevant Supervisory Authority within 72 hours and affected individuals without undue delay.

13. Data Retention

We retain your personal data only as long as necessary. Contact form submissions are retained for 2 years or until the purpose is fulfilled. Marketing data is retained until you unsubscribe. Analytics data is retained for 26 months. Legal records are retained for the period required by law.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page with a revised "Last Updated" date. By continuing to use our website after changes are posted, you accept the updated Privacy Policy.

15. Contact Us