Last updated on: May 22, 2018
This privacy and data protection policy (this “Policy”) describes SustaiNet Software International Inc.’s and its subsidiaries’ and affiliates’ (collectively, “SustaiNet”, “we”, “us” or “our”) practices with respect to the collection, use, storage and disclosure of personal information and data it collects about the users of its software, services and website (“you”, “your”, or “User”).
1. Introduction
SustaiNet respects and upholds your right to privacy and the protection of personal information.
“Applicable Privacy Legislation” regulates the way we collect, use, keep, secure and disclose your personal information.
If you are in Canada, for example, the Personal Information Protection and Electronic Documents Act (Canada), as amended from time to time, is the Applicable Privacy Legislation that applies to you, your personal information or data (as it does to us).
If you are in the European Union, the General Data Protection Regulation, as amended from time to time (“GDPR” or “EU Data Protection Legislation”), as well as any applicable EU Member State regulations, as amended from time to time, are all the Applicable Privacy Legislation for you, your personal information and data.
As required by Applicable Privacy Legislation, we have appointed a Privacy Officer who is responsible for compliance with this Privacy Policy and Applicable Privacy Legislation. Information on how to contact the Privacy Officer can be found in Section 13 below.
2. Collection and Use of Personal Information
SustaiNet collects and processes your personal information and data (“Personal Data”) in accordance with, and as defined under, the Applicable Privacy Legislation.
SustaiNet offers a variety of services (the “Services”) including (a) public access to the SustaiNet website (the “Website”), (b) access to web-enabled software applications (the “Software”) for use by organizations in tracking, monitoring and reviewing public participation, stakeholder consultations and community engagement projects (“Consultation Projects”), and (c) outsourced hosting of Consultation Projects.
SustaiNet collects and uses Personal Data from Users who have the right to use the Software on the Internet in connection with managing Consultation Projects or who have set up an account to access the Services as well as Users who visit the Website.
3. Personal Data Collected Directly From You
The Personal Data that SustaiNet may collect directly from you when using our Services include your name, email address, telephone number, other contact information, credit card number and other billing information, a password (which is irreverasbly encrypted with a salted one-way hash and stored this way) you choose for your account, and any secret question(s) and answer(s) in case you forget your password. We will only collect such information with your consent, except for the situations described in Section 6.
SustaiNet may also collect from you Personal Data that you choose to post to or upload into a Consultation Project, which may include: name, address, phone, fax, email, contact information, organization, stakeholder group, land parcel (property) location, land interest, comments, issues, concerns, objections, interests, attitudes, demographics and any other such information as is required by the Project Client for the purposes of managing its Consultations Projects. If such information includes Personal Data of third parties, you must ensure that you are authorized under applicable law (including but not limited to Applicable Privacy Legislation such as the GDPR if applicable to that person) to collect and use such Personal Data prior to posting or uploading same.
4. Information We Collect Automatically Through Cookies and Similar Technologies
SustaiNet may also collect data concerning traffic on, and use of, the Website, the Software or the Services and may include non-personal data such as, IP addresses, page tags, user site or Software performance, and other such information required for logfile analysis and web analytical purposes.
You can find out more about our use of cookies by accessing our Cookie Policy.
5. Purposes for Which We Collect, Use and Process Personal Information
SustaiNet limits the Personal Data it collects and uses to that which is necessary to fulfill the purposes identified below. SustaiNet will not collect, sell, distribute or use Personal Data for any other purposes without your further consent, as required by law or as authorized by Applicable Privacy Legislation.
We may collect Personal Data in the following situations for the following purposes:
- when you request information via the Website, SustaiNet may collect Personal information (e.g. name, address, company, contact information) to enable a direct response to your request;
- when you subscribe to or purchase a license to use the Software, SustaiNet may collect Personal Data (e.g. name, address, contact information, credit card number) to verify your identity and to charge you for the license;
- when you subscribe to or purchase a license to use the Software, Personal Data are collected on individuals using the Software and on individuals entered into the Software database in order to manage Consultation Projects;
- if you wish to set up an account with SustaiNet to access the Services, SustaiNet will collect Personal Data from you to verify your identity and to determine which Consultation Projects you are entitled to access;
- when you login to your account, SustaiNet will collect Personal Data from you to verify your identity and to prevent unauthorized access to the Services and any Consultation Projects;
- if you request support, additional information about the Software, or if you request a demonstration version of the Software, SustaiNet may collect Personal Data from you so that SustaiNet can contact you and provide you with these services;
- for statistical analysis in order to improve the Website and the Services, we collect data concerning traffic on, and use of, the Website;
- to provide the Services; and
- to inform you of product updates, special offers, new services and products, partners, promotions, events and updated information that may be pertinent to you and to generally keep you informed about SustaiNet and its customers via newsletters.
6. Legal Bases Upon Which We Process Your Personal Data
As set out above we only process your Personal Data:
- with your consent;
- for performing the Services you have ordered or, upon your request, to take the steps necessary to provide you with such Services;
- in the furtherance of our legitimate interests in maintaining business relationships and communicating with you as a business contact, about SustaiNet activities and Services. For greater certainty, if the GDPR applies to you, we consider that our legitimate interests are in compliance with EU Data Protection Legislation and your legal rights and freedom, and you have the right to object to any of this processing—if you wish to exercise the right to object, please contact our Privacy Officer, or
- to comply with a legal obligation set up by an applicable regulator, such as in Canada to comply with the requirements of a privacy commissioner or in the EU to comply with an EU Member State law or the requirements of a data protection authority.
7. Sharing of Personal Data
The only circumstance under which SustaiNet may disclose your Personal Data to a third party is for the fulfillment of any of the purposes identified above, as required by applicable law or as authorized by Applicable Privacy Legislation.
In order to provide the Services, SustaiNet may hire other companies or contractors to provide certain services on its behalf, for example to provide Website and Software hosting and support services or for marketing purposes. Such service providers are only permitted to access and use Personal Data necessary to provide such services. They are required to protect your Personal Data and must agree to adhere to this Policy.
If you participate in a Consultation Project, any Personal Data you submit may be accessed, used or otherwise processed by other individuals, groups or organizations, including (if permitted in respect of such Consultation Project) the public at large. The Client that has engaged us to host the Consultation Project (the “Project Client”) has control over all information submitted to the Consultation Project (this includes those who may participate in the Consultation Project, what data and other information may be accessible through the Consultation Project and who may access, post, modify or delete such data and other information). If you have any questions about who may access the Personal Data you submit in a Consultation Project, you should contact the Project Client.
8. Transfer of Personal Data
You authorise SustaiNet to transfer, process, store and use the Personal Data we collect about you and other information you submit as part of a Consultation Project in countries other than your own in accordance with this Policy. Some of these countries may not have the same data protection safeguards as the country where you are located.
SustaiNet processes the information collected through its Software in Canada. For the purposes of the GDPR, Canada provides an adequate level of protection to personal data pursuant to EU Data Protection Law and other Applicable Privacy Legislation.
SustaiNet may transfer your Personal Data to third party services providers located abroad, including in the United States. These service providers assist us with the operation of the Website as well as with our marketing and business communications efforts. We ensure, through contractual provisions, that these service providers process Personal Data in accordance with Applicable Privacy Legislation to guarantee a high data protection level, even if Personal Data aretransferred into a country in which another data protection level is common and for which no decision of adequacy by the European Commission exists.
9. Withdrawing Consent
Where you have provided your consent to our use of your Personal Data, you have the right to withdraw your consent to our processing of your Personal Data at any time. Please contact our Privacy Officer to exercise such right. Similar to the way in which you can give consent by interacting with our Services, you can also withdraw your consent through our Services. You can choose to delete your SustaiNet account via your account settings and we will delete your information.
If you withdraw your consent to the use or sharing of your Personal Data for the purposes set out in this Policy, you may not have access to all (or any) of our Services and we might not be able to provide you with all (or any) of the Services. In certain cases, we may continue to process your Personal Data and the information you submitted as part of a Consultation Project after you have withdrawn consent if we have a legal basis to do so, or if your withdrawal of consent was limited to certain processing activities. For example, we may keep information if we need to do so to comply with a legal obligation, to resolve disputes and to enforce our agreements.
10. Security of Personal Information
SustaiNet has implemented technical, organisational and administrative measures to protect your data from unauthorized access, loss or theft, modification and other threats. Personal Data are protected by security safeguards that are appropriate to the sensitivity level of the information. Our employees, affiliates and third party providers are required to sign contracts obliging them to protect the privacy and confidentiality of Personal Data provided to them, and is to observe the intent of this Policy, in order to perform their function. This obligation remains in effect even after employees, affiliates and third party services providers leave the employ of or association with SustaiNet. Appropriate controls are in place over computer systems and these controls are reviewed on an ongoing basis to ensure compliance with our security and privacy policy.
11. Personal Data Subject Rights
SustaiNet will only retain Personal Data for as long as necessary to fulfill the purposes identified in this Policy or as long as required for legal or business purposes. You can also review or correct your account information, including the Personal Data you provided us with, on your account page.
In other circumstances, you may have other rights depending on your jurisdiction and the Applicable Privacy Legislation, which allows you the right to access your Personal Data that is in the custody or under the control of SustaiNet as well as the right to request the correction of inaccuracies of same. SustaiNet’s Privacy Officer will assist you with these requests. Applicable Privacy Legislation will always govern, but these rights include:
- identifying your Personal Data;
- informing you about how your Personal Data may be or has been used by SustaiNet;
- providing you with the names of those organizations to which we have or may have disclosed your Personal Data;
- granting you access to your Personal Data; and
- correcting or amending any Personal Data which is factually incorrect or incomplete.
If the GDPR applies to you then, in accordance with the GDPR, SustaiNet will assist you in exercising the rights afforded to you under the GDPR, including:
- in certain circumstances, such as those described in the ‘legitimate interests’ paragraph of Section 6 above, you also have the right to object to the processing of your Personal Data by us,
- you can request the rectification of your information by SustaiNet,
- you can request that we delete your information, and we will carry out this request unless Applicable Privacy Legislation or other laws applicable to us mandate that we retain the data,
- you also have the right to obtain a copy of your information in an easily accessible format, and
- in certain circumstances, you can also request that we transfer some of your information to third parties.
Please contact our Privacy Officer should you need any assistance in exercising any of the above rights.
12. Changes to this Policy
The Services and our business may change from time to time. As a result, at times it may be necessary for SustaiNet to make changes to this Policy. We reserve the right to update or modify this Policy at any time and from time to time without prior notice. Please review this policy periodically. This Policy was last updated on the date indicated above. Your continued use of the Services after any changes or revisions to this Policy shall indicate your agreement with the terms of such revised Privacy Policy.
13. Privacy Officer and Questions
Questions or concerns regarding this Policy should be directed to our Privacy Officer:
Howard Adam, President
SustaiNet Software International Inc.
400-1681 Chestnut Street
Vancouver, BC V6J 4M6 Canada
howard@sustainet.com
(604) 717-4327