EXPEFLOW Inc. ("EXPEFLOW", "we", "us"), is committed to protecting your privacy and safeguarding your Personal Information. EXPEFLOW's privacy practices are governed by the federal statute, the Personal Information Protection and Electronic Documents Act ("PIPEDA"). This statement is part of our Terms and Conditions of Use and is subject to all of its terms and conditions.
This Privacy Statement applies to Personal Information (as defined below) that we collect about our customers, partners, potential customers and partners, website and platform users and employees.
BY USING THIS WEBSITE OR EXPEFLOW'S SERVICES YOU CONSENT AND AGREE TO THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION AND TO THE PRIVACY PRACTICES IN THIS STATEMENT. EXPEFLOW EXPRESSLY RESERVES THE RIGHT TO MODIFY THIS STATEMENT AT ANY TIME. PLEASE CONSULT THIS STATEMENT REGULARY.
EXPEFLOW will treat Personal Information in a manner consistent with the Privacy Statement, unless we have your consent to treat it differently. This Privacy Statement applies to any information we collect or receive about you from any source.
"Agreement" means a Master Application Services Agreement, between EXPEFLOW and a customer for use of EXPEFLOW's Services.
"Business Contact Information" means any information that is used for the purpose of communicating or facilitating communication with an individual in relation to their employment, business or profession, including the individual's name, position name or title, work address, work telephone number, work fax number or work electronic address.
"Content" means all information, links, emails, postings, code, data, text, software, music, sound, images, graphics, video, chat, messages, files, works of authorship, applications, or other materials submitted, displayed, published and all Intellectual Property Rights related thereto.
"Customer Data" means any information (including information of a third party), data, communication or Content (as defined above) other than Public Data that is uploaded, submitted, inputted, generated, stored or transmitted by or on behalf of a customer of EXPEFLOW as part of, or in conjunction with, the use of EXPEFLOW's Services;
"Employee" means an individual seeking to be employed, currently employed or formerly employed by EXPEFLOW;
"Hosted Service" means the EXPEFLOW hosted offering as set forth in an applicable Agreement to which Customer acquires rights to access and use.
"Personal Information" means, collectively: (i) any information about an identifiable individual, other than the person's business title or Business Contact Information when used or disclosed for the purpose of business communications; and/or (ii) "Personal Health Information" as defined in applicable health information protection legislation. Personal Information does not include anonymous or non-personal information (i.e., information that cannot be associated with or linked to a specific individual).
"Privacy Officer" means the individual or individuals who have been designated responsibility to be accountable for EXPEFLOW's compliance with its privacy obligations.
"Professional Services" means all professional services that EXPEFLOW provides to a customer pursuant to an Agreement and may include but is not limited to training, graphic design, consulting and project management, third party integrations and web development.
"Services" means any of the Hosted Service (as defined above), Professional Services (as defined above) and/or Support Services (as defined below) provided by EXPEFLOW under this Agreement.
"Support Services" means the support services provided by EXPEFLOW in respect of the Hosted Service to a customer.
- WHAT PERSONAL INFORMATION DO WE COLLECT?
EXPEFLOW collects the following types of Personal Information about its customers, partners, potential customers and partners, website and software platform users and employees:
Personal Contact Information:
EXPEFLOW uses a commercially available CRM software platform to store Personal Contact Information. Generally, Personal Contact Information is business contact information such as your name, title, business address, business email and business telephone number.
Website Use and Hosted Service Information:
EXPEFLOW may collect IP information related to your use of our website or Hosted Service including how you found the website, what pages you view and how long you spend on the website.
EXPEFLOW may collect the following information about its employees, which includes but is not limited to:
- name, home address and telephone number;
- date of birth, gender, marital and family status;
- beneficiary and emergency contact information;
- resumes and/or applications;
- third party references (if recorded) and interview notes;
- letters of offer and acceptance of employment;
- mandatory policy acknowledgement sign-off sheets;
- payroll information, including but not limited to social insurance number, pay cheque and deposit information;
- wage and benefit information;
- forms relating to the application for, or in respect of changes to, Employee health and welfare benefits, including short and long term disability, medical and dental care;
- monitoring information based on Employee use of or access to EXPEFLOW's assets, such as recorded e-mails, voicemails, telephone calls, web access logs, premise access logs (where permitted by law); and
- other information that Employees voluntarily provide in the course of employment that is necessary to hold or use for the business purposes of EXPEFLOW.
- HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
We will collect your Personal Information by fair and lawful means (for example, when you register with us). We may collect Personal Information from you directly and/or from third parties, where we have obtained your consent to do so or as otherwise required or permitted by law.
We may collect standard internet log information about how and when you use the EXPEFLOW website or Hosted Service. This information may include but, not be limited to, your IP address and location data, weblogs, time, date, browser used, referring web addresses, other communication data, searches conducted and pages visited.
The EXPEFLOW website and Hosted Service may use "cookies" to collect information about how our website and Hosted Service is used. Cookies are only used for the limited purposes of enhancing your visit to our website and Hosted Service and to enable us to track and target the interests of our users. We may use both "session" cookies and "persistent" cookies. A session cookie is only active while the user is on the website and is deleted once they close their browser. Unlike a session cookie, a persistent cookie is not deleted when a user closes their browser and will it stay on their computer indefinitely. You may not be able to use certain features on our website or software platform if you choose not to accept or disable cookies.
- DISABLING COOKIES
By default, most browsers will automatically accept cookies but by altering their browser’s settings, a user can either disable cookies completely or be prompted prior to a cookie being loaded. Consult each individual browser’s “help” feature for more information on how these actions can be done.
- ACCESS TO, STORAGE, PROCESSING AND MANAGEMENT OF CUSTOMER DATA
EXPEFLOW provides a Hosted Service that allows its customers to manage their workflows. Customers may upload into the Hosted Service Customer data, which may contain the Personal Information (including Personal Health Information) of individuals.
- WHERE DO WE ACCESS, STORE OR TRANSFER YOUR PERSONAL INFORMATION?
We will keep the Personal Information that we collect, use or disclose at the EXPEFLOW offices located in Canada or at the offices of our third party service providers that may be located in or outside of Canada, as applicable. Accordingly, your Personal Information may be accessed, stored or transferred within the United States or other foreign jurisdictions, and may be accessible to law enforcement or other authorities within those jurisdictions.
- HOW DO WE USE YOUR PERSONAL INFORMATION?
We identify the purposes for which we use your Personal Information at the time we collect such information from you and obtain your consent, in any case, prior to such use. We generally use the Personal Information we collect from you for the following purposes (the "Purposes"):
- to provide you with our products and services;
- to develop and maintain strong business relationships with customers, partners and potential customers and partners;
- to manage your account with the EXPEFLOW Hosted Service;
- to respond to questions, comments or concerns regarding EXPEFLOW and its products, services or website;
- to provide you with information about events;
- to allow for more meaningful and useful sales and marketing initiatives;
- to use Google Analytics to better understand our web traffic and marketing effectiveness (more information on Google Analytics can be found at: http://www.google.com/analytics/);
- to collect opinions and comments in regard to EXPEFLOW's operations;
- to perform demographic analysis for planning purposes (but only on an aggregate and anonymous basis);
- to recruit for positions at EXPEFLOW and for other employment-related tasks;
- to administer any EXPEFLOW Hosted Service;
- such purposes for which EXPEFLOW may obtain consent from time to time; and
- to comply with a law or regulation, court order or other legal process, or as otherwise permitted or required by applicable law.
- DIRECT COMMUNICATIONS BY EMAIL AND TEXT MESSAGES
As permitted under applicable law, including Canada's Anti-Spam Legislation (CASL), we may contact you periodically by e-mail or text messages. If you do not want us to use your Personal Information to promote our products or services or third-party products or services, you can opt out. You may also opt out of further marketing communications by using the unsubscribe options in promotional emails or text messages that you receive from us.
- TO WHOM DO WE PROVIDE YOUR PERSONAL INFORMATION?
We will not share your Personal Information collected by EXPEFLOW without your consent, except as described below.
In the ordinary course of business, we may transfer your Personal Information to third party service providers with whom we have a contractual agreement that includes appropriate privacy standards, where such third parties are assisting us with the Purposes – such as service providers that provide telephone support, data storage or processing, or hosting. In all cases in which we share your Personal Information with a third party, we will only allow them to keep, disclose or use your information to provide the services we asked them to provide.
We will not sell, exchange or publish your Personal Information, except in conjunction with a corporate sale, merger, dissolution, or acquisition, and in accordance with the requirements of applicable privacy legislation.
In certain circumstances we may be required or permitted to release your Personal Information without your consent. Please note that there are circumstances where the use and/or disclosure of personal information may be justified or permitted or where we are obliged to disclose information without consent. Such circumstances may include:
- Where required by law or by order or requirement of a court, administrative agency or governmental tribunal;
- Where we believe, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
- Where it is necessary to permit us to pursue available remedies or limit any damages that we may sustain;
- Where the information is public as permitted by law;
- Where it is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity; or
- Where it is necessary for the purpose of a prospective business transaction if the information is necessary to determine whether to proceed with the transaction or to complete the transaction, or a completed business transaction where the information is necessary to carry on the activity that was the object of the transaction. A "business transaction" includes:
- the purchase, sale or other acquisition or disposition of an organization or a part of an organization, or any of its assets;
- the merger or amalgamation of two or more organizations;
- the making of a loan or provision of other financing to an organization or a part of an organization;
- the creating of a charge on, or the taking of a security interest in or a security on, any assets or securities of an organization;
- the lease or licensing of any of an organization's assets; and
- any other prescribed arrangement between two or more organizations to conduct a business activity.
Where obliged or permitted to disclose information without consent, we will not disclose more information than is required.
- WHEN AND HOW DO WE OBTAIN YOUR CONSENT?
We generally obtain your consent prior to collecting your Personal Information for any purpose. You may provide your consent to us either orally, electronically or in writing. The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the Personal Information and the reasonable expectations you might have in the circumstances.
With respect to Customer Data, which was collected and inputted, generated, stored or transmitted by EXPEFLOW customers in the course of using the EXPEFLOW Hosted Service, EXPEFLOW does not obtain the individual data subject's consent with respect to the Personal Information (including Personal Health Information) contained therein. Obtaining all appropriate consents in this regard is the sole responsibility of EXPEFLOW customers.
- HOW DO WE ENSURE THE PRIVACY OF YOUR PERSONAL INFORMATION WHEN DEALING WITH OUR AFFILIATES AND OTHER THIRD PARTIES?
All affiliates and other third parties that are engaged to perform services on our behalf and are provided with Personal Information are generally contractually required to comply with applicable privacy legislation in order to provide adequate protection to the Personal Information provided to them by EXPEFLOW.
- THIRD PARTY SOLUTIONS AND CUSTOMER DATA
The EXPEFLOW Hosted Service may contain features provided by, supported by or designed to interoperate with third party products or services, including third party applications ("Third Party Solutions"), which may be installed or enabled by EXPEFLOW's customers. In some cases, EXPEFLOW will allow the Third Party Solutions access to the Customer Data as required for the interoperation of the Third Party Solution with the EXPEFLOW Hosted Service. EXPEFLOW is not responsible for any disclosure, modification or deletion of Customer Data that may occur as a result of such access by a Third Party Solution.
- HOW LONG WILL WE RETAIN YOUR PERSONAL INFORMATION?
- Personal Contact Information and Website Use Information
We may keep a record of your Personal Contact Information and Website Use Information, correspondence or comments, in a file specific to you. We will utilize, disclose or retain this information for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by law.
- Employee Information
We retain employee information in accordance with applicable employment legislation.
- Customer Data
We will retain Customer Data for a period specified in an EXPEFLOW Agreement with the customer and will return it to the customer or dispose of it in a manner specified in the agreement.
- Personal Contact Information and Website Use Information
- HOW CAN YOU REVIEW YOUR PERSONAL INFORMATION THAT WE HAVE COLLECTED, UTILIZED OR DISCLOSED?
If you make a written request to review any Personal Information about you that we have collected, utilized or disclosed, we will provide you with any such Personal Information to the extent required by law. We will attempt to make such Personal Information available to you in a form that is generally understandable.
Note that EXPEFLOW will not provide any access to any Customer Data collected, inputted, generated or transmitted by its customers in the course of their use of the EXPEFLOW Hosted Service. All requests for access to such data should be made to the entities that originally collected the data.
- HOW DO YOU KNOW THAT THE PERSONAL INFORMATION WE HAVE ON YOU IS ACCURATE?
We will attempt to ensure that your Personal Information is kept as accurate, complete and up-to-date as possible. We will not routinely update your Personal Information, unless such a process is necessary. We expect you, from time to time, to supply us with written updates to your Personal Information, when required.
EXPEFLOW does not review or monitor the content of Customer Data and therefore has no control over the accuracy of this data. All inquiries in this regard should be made to the entities that originally collected the data.
- WHAT IF THE PERSONAL INFORMATION WE HAVE ON YOU IS INACCURATE?
At any time, you can challenge the accuracy or completeness of your Personal Information, excluding Customer Data the content of which is not monitored by EXPEFLOW, in our records. If you successfully demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required. Where appropriate, we will transmit the amended information to third parties having access to your Personal Information.
- HOW FAST WILL WE RESPOND TO YOUR WRITTEN REQUESTS?
We will attempt to respond to each of your written requests not later than thirty (30) days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit. You have the right to make a complaint to the Privacy Commissioner of Canada or the applicable provincial privacy commissioner in respect of this time limit.
- ARE THERE ANY COSTS TO YOU FOR REQUESTING INFORMATION ABOUT YOUR PERSONAL INFORMATION OR OUR PRIVACY PRACTICES?
We generally respond to individual requests for access at minimal or no cost to you. We will not charge any costs for you to access your Personal Information in our records without first providing you with an estimate of the approximate costs, if any.
- HOW DO WE KNOW THAT IT IS REALLY YOU REQUESTING YOUR PERSONAL INFORMATION?
We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Information. Any such identifying information shall be used only for this purpose.
- WHAT SAFEGUARDS HAVE WE IMPLEMENTED TO PROTECT YOUR PERSONAL INFORMATION?
EXPEFLOW has implemented appropriate administrative, physical, and technical safeguards to protect your Personal Information and Customer Data from loss or theft, unauthorized access, disclosure, copying, use or modification. The only employees who are granted access to your Personal Information are those with a business ‘need-to-know' or whose duties reasonably require such information.
- PRIVACY BREACH REPORTING AND RECORD KEEPING
A "breach of security safeguards" is defined as the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization's security safeguards or from a failure to establish those safeguards.
In case of a breach of security safeguards involving Personal Information under our control, we will notify you and the Privacy Commissioner of Canada and/or the appropriate provincial Information and Privacy Commissioner, if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to you, including physical, financial or reputational harm.
We will keep a record of every breach of security safeguards in accordance with the applicable privacy legislation.
With respect to any breach of security involving Customer Data, we will notify the customer that provided us with the Customer Data in question as soon as reasonably feasible, and will collaborate with the customer in regards to fulfilling any notification and record keeping requirements under the applicable privacy legislation.
- HOW DO YOU CONTACT US TO CORRECT, REQUEST ACCESS TO, OR MAKE INQUIRIES ABOUT YOUR PERSONAL INFORMATION?
Subject to exemptions that we may be permitted or required to apply under applicable privacy laws, you have the right to request access to the Personal Information that we hold about you. You may also withdraw your consent to our collection, use and disclosure of your Personal Information, though such withdrawal will not operate retroactively and is subject to legal and contractual restrictions. In addition, if you withdraw your consent, we may be unable to continue to offer you our products and services.
If you would like to request access to or correction of your Personal Information or withdraw your consent or have comments, questions, concerns or complaints regarding this Privacy Statement or our privacy practices, please contact our Privacy Information Officer as follows:
Attn: Privacy OfficerEXPEFLOW Inc.1 – 103 Bauer Pl.Waterloo, ON N2L 6R5
- RIGHT TO COMPLAIN TO THE PRIVACY COMMISSIONERS(S)
If we cannot resolve your complaint, you may contact the federal Privacy Commissioner or the offices of provincial Information and Privacy Commissioners. You may contact the Office of the Privacy Commissioner of Canada at:Office of the Privacy Commissioner of Canada30 Victoria St.Gatineau, PQ K1A 1H3Toll-free: 800.282.1376Phone: 819.994.5444TTY: 819.994.6591
Last revised date: January 20, 2020