A separate agreement governs delivery, access and use of the Platform (the “Customer Agreement”), including the processing of any files or other content submitted through Platform accounts (collectively, “Customer Data”). The organisation (e.g., your employer or another entity or person) that entered into the Customer Agreement (“Customer” or “Employer”) controls their instance of the Platform (their “CustomerZone”) and any associated Customer Data. If you have any questions about specific CustomerZone settings and privacy practices, please contact the Customer whose CustomerZone you use.
Information we Collect and Receive
Axonify may collect and receive Customer Data and other information and data (“Other Information”) in a variety of ways and in different capacities. For all personal information included in Customer Data, we will be the responsible “data processor,” the party that carries out activities on behalf of the “data controller,” the party who controls the means and purposes of the processing of personal information. When we collect Other Information from you, we will be the data controller.
- Customer Data. Customers or individuals granted access to a CustomerZone through a Customer (“Authorised Users”) routinely submit Customer Data to Axonify when using the Platform.
- Other Information. Axonify also collects, generates and/or receives Other Information:
- CustomerZone and Account Information. To create or update a CustomerZone account, you or your Employer supply Axonify with your name, email address, employee ID, hire date, job title, department, line of business and/or similar account details.
- Usage Information.
- Platform Metadata. When an Authorised User interacts with the Platform, metadata is generated that provides additional context about the way Authorised Users work. For example, Axonify logs activity audit records and usage statistics.
- Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Platform and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Platform, browser type and settings, the date and time the Platform were used, information about browser configuration and plugins, language preferences and cookie data. For our Websites personal information collected include name, email address, phone number and information about the organisation you work for
- Device information. Axonify collects information about devices accessing the Platform, including type of browser or device and what operating system is used.
- Location information. While using our Websites we receive information from you and other third-parties that helps us approximate your location. We may, for example, use an IP address received from your browser or device to determine approximate location.
- Additional Information Provided to Axonify. We receive Other Information when submitted to our Websites or if you participate in a focus group, contest, activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Axonify.
Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as CustomerZone setup details, is not provided, we may be unable to provide the Platform.
How we Use Information
Customer Data will be used by Axonify in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Platform functionality, and as required by applicable law. In these respects, Axonify is a data processor of Customer Data and Customer is the controller of that data. Customer may, for example, use the Platform to grant and remove access to a CustomerZone, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Platform.
Axonify uses Other Information it collects in furtherance of our legitimate interests in operating our Platform, Websites, and business. More specifically, Axonify uses Other Information:
- To provide, update, maintain and protect our Platform, Websites and business. This includes use of Other Information to support delivery of the Platform under a Customer Agreement, prevent or address service errors, security or technical issues, analyse and monitor usage, trends and other activities or at an Authorised User’s request.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
- To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Platform, our Platform offerings and important Platform-related notices, such as security and fraud notices. These communications are considered part of the Platform and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Axonify. These are marketing messages so you can control whether you receive them.
- In addition, we may contact you about new product features, promotional communications or other news about Axonify. We will only send you commercial messages if you agree to receive them. You can control this process and have the ability to opt-in to these messages or unsubscribe should you no longer wish to receive any commercial messages from us.
- We may de-identify and aggregate Other Information.
- To investigate and help prevent security issues and abuse.
If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person (that is, no longer considered personal information), Axonify may use it for any business purpose.
How we Share and Disclose Information
This section describes how Axonify may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Axonify does not control how they choose to share or disclose Information.
- Customer’s Instructions. Axonify will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Platform functionality, and in compliance with applicable law and legal process.
- Customer Access. Administrators, Authorised Users and other Customer representatives and personnel may be able to access, modify or restrict access to Other Information. This may include, for example, your employer using Platform features to export logs of CustomerZone activity, or accessing or modifying your profile details.
- Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services.We will ensure that any third party processing your information on our behalf does so in compliance with this Policy and applicable law.
- Corporate Affiliates. Axonify may share Other Information with its corporate affiliates, parents and/or subsidiaries.
- Aggregated or De-identified Data. We may use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Axonify customer the average amount of time spent within a typical CustomerZone.
- To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- With Consent. Axonify may share Other Information with third parties when we have consent to do so.
Axonify makes reasonable efforts to ensure that any Information you provide is maintained in a secure environment. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. While we strive to protect your Information, Axonify cannot warrant the security of any Information you transmit to us or from our Platform or Websites, and you do so at your own risk.
Axonify has implemented and maintains reasonable and appropriate security measures, procedures and practices to protect against the loss and unauthorised access, use, modification, destruction or disclosure of your Information while it is in our custody or under our control. For example, we use TLS encryption, firewalls, anti-virus and system security monitoring.
We also limit access to your Information to those employees, contractors and agents who have a business need to know.
Data Residency and Global Access – Platform
Data protection laws in certain jurisdictions differentiates between the data controller and data processor of information. In the case of the Platform the Customer is the data controller and Axonify is the data processor.
Each Customer has a data residency choice to make when the account is established. Currently they can select to have data stored in the US region or in the EU region (Belgium with back-up in the Netherlands).
While the data will be stored as chosen by each Customer based on the above, Axonify personnel may access the data from other locations outside of the specified region. The data will continue to reside in the region selected by the Customer.
Data Residency and Global Access – Websites
Axonify processes and stores personal information and may use third party providers who may have server(s) based in Canada and the U.S.
Links to third party Websites
The Website may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Axonify neither owns nor controls these third-party websites and accordingly assumes no responsibility for the information practices of those websites. You should inform yourself with the privacy policies (if any) of those third-party websites.
Withdrawal of Consent
If you wish to withdraw (revoke) your consent for the collection, use or of your Information or Personal Information through the Website at any time, please contact us at firstname.lastname@example.org. Your withdrawal of consent is not retroactive, since Axonify may already have used your information for the purposes described here; it will be applied on a go-forward basis.
If you wish to withdraw (revoke) your consent from the Platform you will need to contact your Employer.
Notice to California Residents
Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. To request a copy of this information or to opt out of these disclosures, please contact our Privacy Officer at email@example.com.
European Economic Area (EEA) Notice
Transfers of Personal Information
For Customer Data, Axonify is a data processor and responsible for your personal information, which Axonify processes and stores in the region selected by the Customer. Any personal data for which we are the data controller, including “Other Information,” will be processed by us and any third parties we engage in this respect. This includes transferring and otherwise processing data outside of the EEA, which will only be done in accordance with this Policy.
The European Commission has decided that Canada ensures an adequate level of protection of individuals’ personal information. Axonify may use the following safeguards when transferring your personal information to a country, other than the Customers’ selected region, that is not within the EEA:
(a) Only transfer your personal data to countries that have been deemed by the European Commission to provide an adequate level of protection for personal information;
(b) Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EU.
Your Legal Rights
Under certain circumstances, you may have rights under the data protection laws in relation to your personal information, including the right to:
- Request access to your personal information
- Request correction of your personal information
- Request erasure of your personal information
- Object to processing of your personal information
- Request restriction of processing your personal information
- Request transfer of your personal information
- Right to withdraw (revoke) consent
If you wish to exercise any of these rights, please contact our Privacy Officer and/or click here to find out more information about what we may need from you and the time in which we should respond.
Contact our Privacy Officer
In relation to our Websites users may contact us with requests that we delete their personal information from our systems, or to request access or correction to their personal information. We will attempt to accommodate such requests to the extent possible. In relation to the Platform user must contact your Employer to request the deletion of personal information from the Platform. If all such information is deleted from our systems, your account may become deactivated. In any event, we may retain an archived copy of your records as required by law or for legitimate business purposes.
The Privacy Officer may be contacted at:
450 Philip St., Waterloo, Ontario Canada
519-585-1200 ext 208
You may also contact the Privacy Commissioner of Canada at: http://www.priv.gc.ca/ or by telephone at: 1-800-282-1376.
[Last reviewed December, 2021]
Details for Clicks Through – European Economic Area (EEA) section
Your Legal Rights
Right to request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Right to request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
Right to request erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
Right to object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
Right to request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to use it.
Right to request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Information for EU residents who wish to exercise their legal rights
No Fee Usually Required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need From You
We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
UK Supervisory Authority
The UK supervisory authority for data protection issues is the Information Commissioner’s Office www.ico.org.uk
Last reviewed December, 2021