PERSONAL INFORMATION MANAGEMENT POLICYLast updated on May 24, 2019
GVE GlobalVision Inc.’s (“GlobalVision”) Personal Information Management Policy (the “Policy”) is modelled after the principles set out in the national standard of Canada entitled “Model code for the protection of personal information” (CAN/CSA-Q830-96) and takes into account provisions of the General Data Protection Regulation of the European Union (“GDPR”, entitled “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Information and on the free movement of such data, and repealing Directive 95/46/EC”).
Nothing in this Policy has the effect of creating obligations for GlobalVision beyond those imposed by applicable laws and regulations pertaining to management of Personal Information.
TABLE OF CONTENTS
This Policy covers the following aspects of Personal Information management:
- Purposes and Purpose Limitation
- Limited Collection, Data Minimization, Fairness and Lawfulness
- Limited Use, Disclosure and Retention
- Accuracy, Integrity, Confidentiality and Right to Rectification
- Openness and Transparency
- Individual Access and Other Rights
- Challenging Compliance
In this Policy:
Your “Consent” means any freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the Processing of Personal Information relating to you.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Information.
“Intermediary”means a natural or legal person, public authority, agency or other body which processes Personal Information on behalf of GlobalVision.
“Personal Information” means any information relating to an identified or identifiable natural person.
“Personal Information Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored or otherwise processed.
“Processing”means any operation or set of operations performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Profiling” means any form of automated Processing of Personal Information consisting of the use of PersonalInformation to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Pseudonymisation”means the Processing of Personal Information in such a manner that the PersonalInformation can no longer be attributed to a specific individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal Information is not attributed to an identified or identifiable natural person.
“Recipient”means a natural or legal person, public authority, agency or another body, to which the Personal Information is disclosed, whether a Third Party or not.
“Restriction of Processing” means the marking of stored Personal Information with the aim of limiting it Processing in the future.
“Third Party” means a natural or legal person, public authority, agency or body other than you (as the data subject), a Controller, a Processor and persons who, under the direct authority of a Controller or Processor, are authorised to process Personal Information;
“You” refers to you or any specific individual as an identified or identifiable natural person.
SUMMARY OF THE POLICY
- ACCOUNTABILITY: GlobalVision is responsible for, and will be able to demonstrate compliance with this Policy, and has designated an individual or individuals accountable for GlobalVision’s compliance with the Policy.
- PURPOSES AND PURPOSE LIMITATION: The purposes for which Personal Information is collected will generally be identified by GlobalVision at or before the time the Personal Information is collected, for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- CONSENT: Your knowledge and Consent are required for the Processing of your Personal Information, except where inappropriate.
- LIMITED COLLECTION, DATA MINIMIZATION, FAIRNESS AND LAWFULNESS: The collection of Personal Information will be adequate, relevant and limited to that which is necessary for the purposes identified by GlobalVision for which it is processed. Personal Information will be collected by fair and lawful means.
- LIMITED USE, DISCLOSURE AND RETENTION: Personal Information will not be processed for purposes other than those for which it was collected, except with your Consent or as required by law. Personal Information will be retained only as long as necessary for the fulfillment of those purposes in a form which permits your identification for no longer than is necessary for the purposes for which the Personal Information is processed.
- ACCURACY, INTEGRITY, CONFIDENTIALITY AND RIGHT TO RECTIFICATION: Personal Information will be as accurate, complete and kept up-to-date as is necessary for the purposes for which it is to be used. Every reasonable step will be taken to ensure that Personal Information that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
- SAFEGUARDS: Personal Information will be protected by security safeguards appropriate to the sensitivity of the Personal Information, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
- OPENNESS AND TRANSPARENCY: GlobalVision will make readily available to you specific information about its policies and practices relating to the management of your Personal Information, which will be processed in a transparent manner.
- INDIVIDUAL ACCESS AND OTHER RIGHTS: Upon request, you will be informed of the existence and Processing of your Personal Information and will be given access to that Personal Information. You will be able to challenge the accuracy and completeness of the Personal Information and have it amended as appropriate.
- CHALLENGING COMPLIANCE: You may address a challenge concerning GlobalVision’s compliance with this Policy to the designated individual(s) accountable for such compliance.
FOR MORE DETAILS PLEASE CONTACT GLOBALVISION’S DATA PRIVACY OFFICER AT: email@example.com
Last Revised: 07-16-2021
1. PURPOSE AND SCOPE OF THIS POLICY
2. PERSONAL INFORMATION WE COLLECT
We obtain personal information in different ways, as further outlined below. Some personal information is provided by you. Other personal information is automatically collected by us through our products and services. We may also obtain personal information about you from third parties.
Information you provide to us. We collect information directly from you, such as when you purchase and use a product or service, register a product, register for an online demonstration of a product, download content from our website, sign up for our newsletter or for one of our events, complete any surveys, chat with us via our website or offerings, or otherwise contact us. The types of information we may collect from you include, without limitation:
- Contact information, such as your full name, professional title, telephone number, business mailing/shipping address, and email addresses.
- Other identifiers, such as internet protocol (IP) address, account username, and account password.
- Commercial information, such as details about the products and services that you have purchased, used and/or expressed interest in, and events you have attended.
- Communications, such as information you provide when you respond to surveys, engage with our representatives, or otherwise communicate with us.
- Payment and billing information, such as credit card or other payment information which we collect via a secure payment processing service, as well as billing contact information. Please note we do not store credit card or other payment information. For more information you can contact our payment processor as set forth in their privacy notices.
- Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them.
- Support information, such as records of our interactions, including correspondences and details of the problems you are experiencing and any documents or information that would be helpful in resolving the issues.
- Content, such as the documents or other materials you upload into our products or provide in connection with our services.
Information collected automatically. We automatically collect or generate information about you when you use our products or services, including browsing our websites. The types of information we may collect about you include, without limitation:
- Usage data, such as the features in our products that you use and the number of times such features are used, error reports, the number and type of differences found by our product, the type, size, file names, DPI and dimensions of any documents uploaded in our product, the date and time the data event was collected by our product, the version of the product you are using, the files uploaded and removed in our product, the reports generated by and downloaded in our product, login username or user ID, your email address, your first and last name, your address and phone number, the date of activation or creation of your account, account type, and information about product licenses.
- Device data, such as the computer Mac address, the computer IP address, general location information, the computer model, the operating system type and version number, the CPU architecture, the total amount of RAM of the computer, the timestamp, the browser type, and other unique identifiers.
Social networking data. We may include tags, buttons, or other tools on our website that link to another company’s platform (“Plugins”). If you use any Plugins on our website, information can be transferred directly from your device to the respective third party platform. We may not control the data collected by Plugins. If you are logged in to a social network, the social network may be able to link your use of our website to their platform.
Information from third party sources. We may receive information about you from third party sources, such as other users of the products and services, business partners, channel partners (i.e. resellers), and social networking services and platforms. The types of information we may collect about you include, without limitation:
- Contact information, such as your full name, telephone number, business mailing/shipping address, email addresses, and social media profiles.
- Professional information, such as occupations, industries, professional title, professional licenses, work experience, and other qualifications.
- Commercial information, such as details about the products and services that you have purchased, used and/or expressed interest in.
- Billing information, such as billing contact information.
- Delivering our products and providing our services: We collect, use and process your personal information to fulfill our contractual obligations towards you, such as to issue licenses to our software, or to create, administer and manage your user accounts. In the event that we have not entered into a contractual agreement with you, we process your personal information in furtherance of our legitimate interests to make our products and services available to you.
- Communicating with you about our products and services: We collect, use and process your personal information to send you important information regarding our products and services in reliance on our legitimate interests. This may include communication of technical notices, updates, security alerts, support and administrative messages, as well as responses to your questions, comments and requests.
- Providing customer support: We collect, use and process your personal information to provide our support services in reliance on our legitimate interests, which include troubleshooting and resolving technical issues and responding to your requests for assistance.
- Improving our products and services: We collect, use and process your personal information to improve our products and services and to understand how you use our products and services in furtherance of our legitimate interests or, where needed, with consent. To that end, we monitor your usage and we analyze trends in order to improve the overall user experience and to develop new products, features, functionality and other services.
- Sending marketing communications: We collect, use and process your personal information to send you advertising and marketing communications about our products, services and events, in reliance on our legitimate interests or, where needed, with consent.
- Organizing events: We collect, use and process your personal information upon your registration to events organized by us or following your attendance at such events.
- Maintaining security of our products and services: We collect, use and process your personal information in reliance on our legitimate interests to protect our business, including preventing the unauthorized use or misuse of our products and services; identifying, investigating or deterring against harmful or fraudulent activities violating our policies or applicable laws; and detecting, preventing, and responding to potential or actual security incidents.
- Fulfilling other legitimate business purposes: We may collect, use and process your personal information for other legitimate business purposes such as invoicing and audits.
- Complying with our legal obligations: We collect, use and process your personal information to fulfill our legal obligations under applicable laws. If required by law or upon the lawful request of government authorities, courts or regulators, we may use and disclose your personal information to such authorities to cooperate with them and to comply with our legal obligations. As such, your personal information may be used, as required or permitted by law, to protect our, your and third parties’ rights, property, safety and privacy.
- Other service users:
- Administrators, such as your employer or another organization who may require your personal information for the management of the accounts.
- Community forums, such as publicly accessible blogs and forums accessible on our website, which may be read, collected and used by any member of the public who accesses our website.
- Third parties:
- Service providers, such as consultants, vendors, third party hosting providers, or other subcontractors engaged by us to support the provision of our products and services or help us operate our business.
- Payment processors, such as Moneris, which collect and process credit card or other payment information on our behalf.
- Business partners, such as channel partners (i.e. resellers), integration partners, and event sponsors and partners with whom you interact in connection with our products and services.
- Professional advisors, such as lawyers, accountants, insurers, or auditors, where necessary in the course of the professional services they render to us.
- Third party websites, such as those for which links have been included on our website. Your personal information shared on such third party websites shall be subject to their respective data privacy policies.
- With your consent, such as with other third parties not specified herein. For example, in the event you provide us with a testimonial regarding our products and services, we will display your name alongside such testimonial on our website. - For compliance purposes, such as (a) to protect, our, your or others’ rights, privacy, security or property; (b) to comply with applicable laws, lawful requests or legal process, including to respond to subpoenas or requests from government authorities; (c) to cooperate with any legal investigation, where permitted by law; (d) to prosecute or defend legal claims; (e) to enforce our agreements, policies and terms of service; and (f) to prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
- For business transfers, such as in connection with a business deal or potential business deal, namely a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business, assets, or equity interests of GlobalVision (including, as part of a bankruptcy or similar proceeding).
- physical measures (such as restricted access to our offices);
- organizational measures (such as security clearances); and
- technological measures (such as the use of passwords and the encryption of your personal information).
- Access, correct, update, delete, receive a copy of, or restrict use of your personal information.
- Withdraw your consent at any time, in the event that we have collected, used and processed your personal information with your consent. However, any collection, use, and processing of your personal information prior to such withdrawal shall not be affected.
- Object to the processing of your personal information.
- Request that we block or anonymize your personal information, as appropriate.
- Request a copy of your personal information in a machine-readable copy to transfer it to you or a third party.
- Opt-out of marketing communications we send you at any time, by clicking on the “unsubscribe” or “opt-out” link in the communications. It may, however, not be possible to opt-out of certain service-related and other non-marketing communications.
- Opt-out of certain disclosures of your personal information to third parties.
- Complain to the relevant data protection authority in the jurisdiction in which you are located about our collection and use of your personal information.
- require you to reset your account password;
- restrict, suspend or terminate your access to the products and services;
- access and retain information in and about your account;
- access or retain information stored as part of your account;
- change your information, including profile information; and
- restrict your ability to edit, restrict, modify or delete information.
- Information. You can request the following information about how we have collected and used your personal information during the past twelve (12) months
- The categories of personal information we have collected.
- The categories of sources from which we collected the personal information.
- The business or commercial purpose for collecting and/or selling personal information.
- The categories of third parties with whom we share the personal information.
- The categories of personal information that we sold or disclosed for business purposes.
- The categories of third parties to whom the personal information was sold or disclosed for business purposes.
- Access. You can request a copy of the personal information that we have collected about you during the past twelve (12) months.
- Deletion. You can ask us to delete the personal information that we have collected from you.
- Opt-out. You have the right to opt-out of any “sale” of your personal information as defined in the CCPA.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination prohibited by the CCPA.
- Identifiers, such as your full name, email addresses, phone numbers, company name, professional title, social media profile information, photo ID that you provide if we ask you to verify your identity, and document signatures.
- Commercial information, such as details about the products and services that you have purchased, used and/or expressed interest in, communications, and marketing information.
- Financial information, such as credit card information, billing and mailing address and other payment-related information.
- Online identifiers, such as computer Mac address, the computer IP address, the computer model, the operating system type and version number, the CPU architecture, the total amount of RAM of the computer, the timestamp, the browser type, account username and passwords, and other unique identifiers.
- Internet or network information, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens; information about your activity on a page or screen, access times, duration of access, and other information about your interaction with our sites, products and services.
- Geolocation data, such as the general location information associated with your IP address.
- Professional or employment information, such as occupations, industries, professional title, professional licenses, work experience, and other qualifications.
- Education information, such as your educational background.
- Sensory information, such as electronic, visual or similar information.
- Inferences, such as user preferences drawn from any of the information listed above.
- Social networking data, such as your profile information and any other information you share on such platforms.
- Via email: firstname.lastname@example.org
- Via postal mail: GVE Global Vision Inc. Legal Department
16800 Route Trans-Canada
Kirkland, Quebec, H9H 4M7
In accordance with applicable laws, we may combine your personal information with information we collect from other parties to help keep our databases current and accurate, and to provide you with more relevant content, experiences, applications, and other offerings.
Changes to your personal information. Please advise us if your personal information changes during your relationship with us, by contacting us at email@example.com.
3. HOW WE USE PERSONAL INFORMATION
We collect, use and process your personal information for the following purposes, and if you are from the European Economic Area (EEA), the UK or Switzerland, on the following legal bases:
Legal Bases for Processing. The legal bases on which we process your personal information depend on the type of personal information and the context in which we process it. We may collect, process and use your personal information on a different legal basis than the bases specified above. In such event, we shall provide you with a notice detailing how and why we use your personal information before or at the time we collect such information.
Withdrawal of Consent. In the event that you provide your consent for the collection, use and processing of your personal information, your consent may be withdrawn at any time by contacting us. However, any collection, use, and processing of your personal information prior to such withdrawal shall not be affected.
Legitimate Interests. In the event that we collect, use and process your personal information in furtherance of our legitimate interests, your rights are balanced against ours in order to ensure that your interests to the protection of your personal information take precedence over our interests. Although you retain the right to object to the collection, use and processing of your personal information, this may result in your inability to use our products and services or our inability to fulfill our contractual obligations towards you.
For all inquiries regarding our legal bases for processing your personal information, please contact us at firstname.lastname@example.org.
4. HOW WE SHARE PERSONAL INFORMATION
5. HOW WE STORE AND SAFEGUARD PERSONAL INFORMATION
Your personal information may be held in our offices, stored on our servers or stored on the servers of our service providers, such as but not limited to NetSuite and SalesForce.
Protecting your personal information is very important to us. We have reasonable and appropriate physical, organizational and technological security measures in place to ensure the protection of your personal information that we collect, use, process and store. However, given that no security system is perfectly impenetrable, we cannot guarantee the security of your personal information.
Access to your personal information is limited to those of our employees, service providers, subcontractors and agents that require such access for the purpose of carrying out their duties.
Security measures. Our security measures protect your personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. The nature of the measures will vary depending on different factors, such as the sensitivity of your personal information that has been collected, the purposes for which it is to be used, the risks associated to the processing of your personal information, and the medium on which it is stored.
Our security measures, which are reviewed and updated as necessary, include:
We make our employees aware of the necessity of maintaining the confidentiality of your personal information and ensure that care is used in the return or destruction of your personal information to prevent third parties from gaining unauthorized access to the same.
Our security measures ensure that your personal information is collected, used, processed and stored only for the specific purposes outlined hereinabove.
Third Parties. Where processing is to be carried out on our behalf by a third party, such third party shall provide us with sufficient guarantees that appropriate physical, organizational and technological measures are in place to meet the requirements of the applicable laws and to ensure the protection of your rights.
Notification of a data breach. Any data breaches will be documented by us and you will be made aware of such data breaches in accordance with the requirements of the applicable laws.
6. RETENTION OF PERSONAL INFORMATION
We only retain your personal information for as long as necessary to fulfill the purposes for which it was collected. Some of your personal information is also retained for the purposes of complying with our legal obligations, resolving potential disputes, enforcing our agreements, supporting our business operations, and for the ongoing development and improvement of our products and services. Where we retain your personal information for ongoing development and improvement of our products and services, we will only use such information to gain general insights about the use of our products and services.
Your personal information may be retained in copies made for backup and business continuity purposes for additional time. If you have opted to receive marketing communications from us, information related to your marketing preferences will be retained for a reasonable period of time. Information that we derive from cookies and other tracking technologies is also retained for a reasonable period of time.
If our products and services are made available to you through your employer or another organization, and such organization acts as the administrator of the accounts, we retain your information for as long as they may require.
For more information about specific retention periods, you can contact us at email@example.com.
7. YOUR PRIVACY RIGHTS AND CHOICES
Depending on where you live or to the extent permitted by law, you may have the right to:
In accordance with applicable laws, in order for you to exercise any of your rights above, we may ask for proof of your identity and additional forms of verification depending on the nature of the personal information in question.
Subject to applicable laws, some of these rights may be limited in certain circumstances. For example, we may not be able to fulfill your request to delete your personal information if we need to retain this information in order to comply with our legal obligations, or for other limited business purposes as required or permitted by law. We may also not be able to fulfill your request if by doing so, we would be required to disclose information about another person.
In the circumstances where we process your personal information on behalf of a customer, your request may be referred to such customer, subject to the terms of the applicable contractual agreement we have in place with them.
If you do not provide information indicated by us as required for the use of our products and services, or that is otherwise necessary in order for us to provide our products and services, that portion or all of the products and services may be unavailable to you or you may be provided a different level of service.
You may opt-out of certain cookie-based tracking activities on our website by consulting our Cookie Statement.
Some browsers have incorporated “Do Not Track” features that can send a signal to the online services that you visit indicating that you do not wish to be tracked. We currently do not respond to “Do Not Track” or similar signals on some of the pages of our website. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
You may exercise any of your rights herein by submitting a request to firstname.lastname@example.org.
8. TRANSFER OF YOUR PERSONAL INFORMATION
GlobalVision is headquartered in Canada and has services providers located in Canada as well in other countries, such as the United States, and your personal information may be transferred, processed and stored in Canada, the United States or other locations outside of your country or region as we deem appropriate from time to time. Your personal information may become subject to the laws of such other jurisdictions, which may not be as protective as the privacy laws in your home country or region. Where required by applicable laws, measures have been put in place to protect your personal information that we transfer across borders.
If you are from the European Economic Area (EEA), the UK or Switzerland, we will protect your personal information when it is transferred outside your home country or region by processing it in a territory deemed by the European Commission to provide an adequate level of protection for personal information, or by using the standard contractual clauses or other appropriate legal mechanisms to safeguard the transfer of your personal information.
All inquiries regarding transfer of your personal information may be submitted to email@example.com.
9. CHILDREN’S PRIVACY
Our products and services are not intended to be used by individuals under the age of 18 and we do not knowingly collect or use personal information from such individuals. If we become aware that any such individual’s personal information has come into our possession without verification of parental consent, we will delete such information promptly. If you become aware that an individual under the age of 18 has shared their personal information with us, please contact us at firstname.lastname@example.org.
10. ORGANIZATION-ADMINISTERED ACCOUNTS
If our products and services are made available to you through your employer or another organization, and such organization acts as the administrator of the accounts, in order to adequately manage the accounts, it will be permitted to do the following:
11. YOUR CALIFORNIA PRIVACY RIGHTS
For purpose of this Section, “personal information” has the meaning given in the California Consumer Privacy Act.
Your rights. If you are a California resident, there are some additional rights that may be available to you under the CCPA, which include:
How to Exercise Your Rights. You may submit a request to exercise your rights outlined above by contacting us at email@example.com. We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. Government identification may be required. In some instances, we may be required or permitted by law to deny your request. For example, in order to protect your information from unauthorized access or deletion, we may require you to provide additional information for verification. If we cannot verify your identity, we will not provide or delete your information. If you wish for your authorized agent to make a request on your behalf, both of your identities will need to be verified and your agent must provide a copy of a valid power of attorney or other proof of authority acceptable to us in our reasonable discretion.
Sale of personal information. We do not “sell” your personal information as defined in the CCPA.
Categories of Personal Information. The categories of personal information we collect are specified below by reference to the statutory categories outlined in the CCPA (California Civil Code §1798.140(o)):
If you have any questions or would like to exercise your rights under the CCPA, you can contact us at firstname.lastname@example.org.
12. CHANGES TO THIS POLICY
13. CONTACT US
For all inquiries about your personal information and how it is handled by GlobalVision, you can reach us at:
Our Data Protection Officer, or Privacy Officer, who is our Legal Counsel, may be contacted at the email or postal address provided above.