A separate agreement governs delivery, access and use of the Platform (the “Customer Agreement”), including the processing of any files or other content submitted through Platform accounts (collectively, “Customer Data”). The organization (e.g., your employer or another entity or person) that entered into the Customer Agreement (“Customer” or “Employer”) controls their instance of the Platform (their “CustomerZone”) and any associated Customer Data. If you have any questions about specific CustomerZone settings and privacy practices, please contact the Customer whose CustomerZone you use.
Axonify may collect and receive Customer Data and other information and data (“Other Information”) in a variety of ways and in different capacities. For all personal information included in Customer Data, we will be the responsible “data processor,” the party that carries out activities on behalf of the “data controller,” the party who controls the means and purposes of the processing of personal information. When we collect Other Information from you, we will be the data controller.
Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as CustomerZone setup details, is not provided, we may be unable to provide the Platform.
Customer Data will be used by Axonify in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Platform functionality, and as required by applicable law. In these respects, Axonify is a data processor of Customer Data and Customer is the controller of that data. Customer may, for example, use the Platform to grant and remove access to a CustomerZone, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Platform.
Axonify uses Other Information it collects in furtherance of our legitimate interests in operating our Platform, Websites, and business. More specifically, Axonify uses Other Information:
If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person (that is, no longer considered personal information), Axonify may use it for any business purpose.
This section describes how Axonify may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Axonify does not control how they choose to share or disclose Information.
Axonify makes reasonable efforts to ensure that any Information you provide is maintained in a secure environment. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. While we strive to protect your Information, Axonify cannot warrant the security of any Information you transmit to us or from our Platform or Websites, and you do so at your own risk.
Axonify has implemented and maintains reasonable and appropriate security measures, procedures and practices to protect against the loss and unauthorized access, use, modification, destruction or disclosure of your Information while it is in our custody or under our control. For example, we use TLS encryption, firewalls, anti-virus and system security monitoring.
We also limit access to your Information to those employees, contractors and agents who have a business need to know.
Data Residency and Global Access – Platform
Data protection laws in certain jurisdictions differentiates between the data controller and data processor of information. In the case of the Platform the Customer is the data controller and Axonify is the data processor.
Each Customer has a data residency choice to make when the account is established. Currently they can select to have data stored in the US region or in the EU region (Belgium with back-up in the Netherlands).
While the data will be stored as chosen by each Customer based on the above, Axonify personnel may access the data from other locations outside of the specified region. The data will continue to reside in the region selected by the Customer.
Data Residency and Global Access – Websites
Axonify processes and stores personal information and may use third party providers who may have server(s) based in Canada and the U.S.
Links to third party Websites
The Website may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Axonify neither owns nor controls these third-party websites and accordingly assumes no responsibility for the information practices of those websites. You should inform yourself with the privacy policies (if any) of those third-party websites.
Withdrawal of Consent
If you wish to withdraw (revoke) your consent for the collection, use or of your Information or Personal Information through the Website at any time, please contact us at email@example.com. Your withdrawal of consent is not retroactive, since Axonify may already have used your information for the purposes described here; it will be applied on a go-forward basis.
If you wish to withdraw (revoke) your consent from the Platform you will need to contact your Employer.
Notice to California Residents
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To request a copy of this information or to opt out of these disclosures, please contact our Privacy Officer at firstname.lastname@example.org.
European Economic Area (EEA) Notice
Transfers of Personal Information
For Customer Data, Axonify is a data processor and responsible for your personal information, which Axonify processes and stores in the region selected by the Customer. Any personal data for which we are the data controller, including “Other Information,” will be processed by us and any third parties we engage in this respect. This includes transferring and otherwise processing data outside of the EEA, which will only be done in accordance with this Policy.
The European Commission has decided that Canada ensures an adequate level of protection of individuals’ personal information. Axonify may use the following safeguards when transferring your personal information to a country, other than the Customers’ selected region, that is not within the EEA:
(a) Only transfer your personal data to countries that have been deemed by the European Commission to provide an adequate level of protection for personal information;
(b) Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EU.
Your Legal Rights
Under certain circumstances, you may have rights under the data protection laws in relation to your personal information, including the right to:
If you wish to exercise any of these rights, please contact our Privacy Officer and/or click here to find out more information about what we may need from you and the time in which we should respond.
Contact our Privacy Officer
In relation to our Websites users may contact us with requests that we delete their personal information from our systems, or to request access or correction to their personal information. We will attempt to accommodate such requests to the extent possible. In relation to the Platform user must contact your Employer to request the deletion of personal information from the Platform. If all such information is deleted from our systems, your account may become deactivated. In any event, we may retain an archived copy of your records as required by law or for legitimate business purposes.
The Privacy Officer may be contacted at:
450 Philip St., Waterloo, Ontario Canada
519-585-1200 ext 208
You may also contact the Privacy Commissioner of Canada at: http://www.priv.gc.ca/ or by telephone at: 1-800-282-1376.
[Last reviewed December, 2021]
Details for Clicks Through – European Economic Area (EEA) section
Your Legal Rights
Right to request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
Right to request erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
Right to request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to use it.
Right to request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Information for EU residents who wish to exercise their legal rights
No Fee Usually Required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need From You
We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
UK Supervisory Authority
The UK supervisory authority for data protection issues is the Information Commissioner’s Office www.ico.org.uk
Last reviewed December, 2021