Privacy Policy - Sencia Canada Ltd.

PL-01 Privacy Policy

Effective Date and Revisions

Effective from: May 25, 2018

Sencia may amend or modify this Privacy Policy at any time at our discretion to reflect changes in the law, our data collection and use practices, products or services features, or advances in technology. We will make our Privacy Policy readily available so that individuals may review the information about our practices relating to the management of personal information. Revisions to the Privacy Policy will be posted at www.sencia.ca/privacy-policy with a new effective date at the top of the page. 

Changes to the Policy are exlained below.

May 25, 2018 Revisions

To support the recent changes in the European Union data protection law known as the GDPR (General Data Protection Regulation), we’ve rewritten our Privacy Policy.

Highlights

At Sencia Canada Ltd. we care about your privacy. You should read this policy in full, but here are important highlights:

Introduction

Sencia Canada, Ltd, is committed to protecting privacy and safeguarding the information entrusted to us by clients of our products service sites and visitors to our websites. For this reason, we employ a dedicated data privacy program. We do not and will not sell or rent your data unless required in the context of changes to our business structure such as a merger or acquisition.

We collect and use personal information to allow us to provide our products and services to our clients and individuals associated with our clients (e.g. customers, employees, trainees, or learners). In most cases, we do this at the direction of our clients. 

This Privacy Policy explains the information we collect, what we do with that information, how we share it, and how we handle information and content that our clients provide to Sencia in relation to and through interaction with our SaaS offerings and services. It also explains your options to control how your personal information is used. Generally, we will process personal information as described in this Privacy Policy or otherwise under the direction of our clients. However, we reserve the right to conduct additional processing to the extent required by law, or in support of any legal or criminal investigation.

As you review our policy, keep in mind that it applies to all Sencia brands, SaaS offerings, and services that do not have a separate privacy policy or that link to this policy.

Who We Are

Sencia is a global company headquartered in Canada. We provide several products through a Software-as-a-Service (SaaS) model, that is, our products are delivered through cloud-based centralized hosting and licensed on a subscription basis. The data we collect data is based on either a business need or as directed by our clients. We store and process information and content that our clients create, input, submit, post, upload, transmit, store, or display in the process of using our products. Such content includes any personal information or other sensitive information that a client chooses to include. 

When we refer to “us,” “we,” “our,”  “Sencia,” or “Informetica” in this Policy, we mean Sencia Canada Ltd. 

Scope

This Privacy Policy applies to all information provided to us in relation to and through use of and interaction with our websites, SaaS offerings, and services.

Client Users

This Privacy Policy governs the services that we provide directly to you. Whether you are browsing our websites, using one of our SaaS offerings, testing a trial version, or using any of our services, this policy governs the use of personal information for all offerings and services that we provide directly to you as our client who is the information Controller. A Data Controller is an entity that, alone or jointly with others, determines the purposes and means for the processing of personal information (e.g. Sencia’s clients).This policy does not apply to any third-party products or services that clients may choose to integrate with our SaaS offerings or services, such as add-ons, plugins, or software. Clients are responsible for reviewing the policies of third-party products are services.

Non-Client Users

Non-client users (also known as end users) are individuals associated with our clients through the use of our SaaS offerings. Examples of non-clients users include our clients' customers, employees, trainees, or learners. When you are a non-client user, we provide our SaaS offerings and services to you on our client’s behalf, in the role of a data processor. A data processor is an entity that processes personal information based on the instructions of a Data Controller. In this case the privacy policy of your organization, employeer, or storefront governs the use of personal information. Our Privacy Policy does not supersede any agreements between Sencia and your organization, employeer, or storefront (or any other client or third party), nor does it affect the terms of any agreement between you and your organization, employeer, or storefront. 

Links to External Websites

Our products may contain links to websites not associated with our products and services. We are not responsible for the protection and privacy of any information that individuals provide when visiting external websites. These sites are not governed by this Privacy Policy and we encourage individuals to read the Privacy Policy of each external website they visit.

Information Retention

We will retain information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. We will retain your personal information for a period of time consistent with the original purpose of collection. After expiry of the retention periods, your personal information will be destroyed. If there is any information that we are unable to delete entirely from our systems (for technical, contract, or legal reasons), we will use appropriate measures to prevent any further use of the data.

The Information We Collect

The information Sencia collects depends upon the products and services used, how they are used, and what individuals choose to provide. Some of Sencia's SaaS offerings and services require individuals to register or create an account. When an account is created, our clients may require that certain fields be completed (some are required and some are optional), as well as choose a username and password or provide other personal information. In these situations, an individual is not required to provide the information, however, withholding any of the required information will make it impossible to gain access to functionality. 

Please view the relevant section below to learn more.

 

Website Visitors

Sencia has various websites for different services (i.e. Sencia.ca, Sencia.com, and Informetica.com) that are accessible to anyone. Individuals can visit our websites without having to log in or otherwise identify themselves. On some of our websites, you may need to log in to benefit from the service or to make use of all the functionalities and be able to communicate with us or other users of our SaaS offerings or products.

Information We Collect

Some of our websites may require you to sign up for an account. When you do, we ask you for information that we need to set up your account, such as your name and email address. You may also voluntarily provide additional information, such as your phone number, address, and other contact information. We also collect information you provide by completing forms or surveys on our websites.

Through Google Analytics, we analyze usage information for sales and marketing purposes, trends about our visitors, visitor demographics, and how visitors use our websites. This analysis is necessary to further our legitimate interest in understanding our users and how they interact with us and our websites, improving our websites and communication with you.

If you use a form on one of our websites, we use the contact details you provide to communicate with you and to let you communicate with us. 

We collect information about the pages you visit and how you access and use our websites using cookies and third-party analytics tools. This information includes information about the device(s) you use to access the websites including unique device identifiers, IP address, operating system, browser, and cookies. Depending on your device settings, we may also collect information about your geographical location. Learn more about our use of cookies in our Cookie Policy. 

Credit card transactions are processed through a payment gateway. These payment gateways are third-party merchants that are responsible for using secure encryption. We do not store credit card information in our systems. 

How the Information is Used

We may use your information to:

  • Complete your purchase. If you makes purchases via our websites or register for an event, we may require you to provide us with financial information and billing information, such as billing name and address, credit card number, or bank account information.
  • Contact you regarding our services, promotions, or special events.
  • Customize the advertising and content you see.
  • Engage in analysis, research, and reports regarding use of our services.
  • Respond to your request for information.
  • Protect our services and our users.
  • Provide, manage, and improve our services.
  • Provide customer service.
  • Understand and resolve reported errors.

Users of Our SaaS Offerings & Trial Versions

The majority of information we process is provided directly to us by clients and individuals associated with those clients (such as our clients' customers, employees, trainees, or learners) through the use of our SaaS offerings. Clients and their users may upload or input various types of content, including but not limited to: videos, images, courseware, text, design elements, group names, and file attachments. If you are using a Sencia product in connection with an account created by one of our clients (e.g., employer, organization, or an individual), we collect and process the content submitted on behalf of the client.

Information Provided Directly to Us:

  • Account information (such as name and email address). 
  • Passwords, security questions, and similar information.
  • Requests or questions submitted to us via telephone, forms, or email.
  • Communications and dealings with Sencia.
  • Participation in assessments, contests, or research.
  • Uploads or posts to our products.
  • Requests for customer support and technical assistance. 

Information Provided Indirectly to Us

  • Our servers may automatically record certain information in server logs. These server logs may include information such as your web request, IP address, browser type and settings, referring / exit pages and URLs, metadata associated with uploaded content, domain names, landing pages, pages viewed, date and time stamp information, and other such information.
  • We collect specific device information, including your MAC address and other unique device identifiers. We also collect information such as the type of device you are using, its operating system, and mobile network information, which may include your mobile phone number. We may associate this device identifier with your account and will use data associated with your device identifier to customize our services to your device and to analyze any device-related issues.
  • We process general information about the location of the device from which you are accessing our products (e.g. approximate geographic location inferred from an IP address).
  • We collect information about the pages you visit and how you access and use our websites using cookies and third-party analytics tools. This information includes information about the device(s) you use to access the websites including unique device identifiers, IP address, operating system, browser, and cookies. Depending on your device settings, we may also collect information about your geographical location. Learn more about our use of cookies in our Cookie Policy.
  • Some of our clients choose to use third-party integrations through our products. Such providers may allow Sencia to have access to and store additional information about your interaction with those services and platforms as it relates to the use of our products. 
  • Credit card transactions are processed by the client's chosen payment gateway (e.g. Moneris). These payment gateways are third-party merchants that are responsible for using secure encryption.We do not store credit card information in our systems. 

How the Information is Used

 We may use your information to:

  • Authenticate and provide account access. Passwords, security questions, and similar information is automated for authentication and account access.
  • Complete a purchase via eCommerce. If you make purchases via our SaaS offerings, we may require you to provide us with financial information or billing information.
  • Create an account. Your first and last name, email address, and similar information is entered during account registration (either by you or on your behalf created by one of our clients (e.g., employer). In many products and services, you can choose to provide more information for your account profile that may be shared with others through the products and services. 
  • Disseminate content. We store the files you submit or upload (including audio and video files), your responses to tests, assignment grades and other training activity, and as well as your activity and actions within our products and services. In some SaaS offerings, you also can provide comments in discussion forums and chats and can send messages to your peers and instructors. We also collect information such as instructor's feedback, appraisal answers,  and similar actions within our products.
  • Provide you with updates and information about the products you license from us.
  • Provide, manage, and improve our SaaS offerings.
  • Provide you with service notifications.
  • Provide you with technical support or to understand and resolve reported issues. When you contact us, your phone conversations, emails, and service request logs may be monitored and recorded for training and quality purposes.
  • Respond to your request for information.
  • Send email alerts. Some of our SaaS offerings will send automated email notifications, as defined by our clients. Examples of these are a course completion or the award of a certification.

Job Applicants

We collect information on individuals applying for a job with Sencia and other information you submit to Sencia for the recruiting process.

Information Provided Directly to Us

  • Your name, contact details, and candidate status.
  • Information included in your resume, CV, or cover letter such as job history, academic background, skills and competencies, personal interests, languages spoken,
  • Questionnaire results.
  • Job preferences and type of employment sought.
  • Willingness to relocate.
  • Reference names and contact details. Please note that it is your responsibility to obtain consent from your references prior to providing us personal information about them.
  • Current and historic salary details together with salary expectations.

Information Provided Indirectly to Us

Sencia may collect data directly from you or from third parties, for example when doing a background check or employment reference. This is subject to your consent where required by law. Sencia does not request to receive any confidential or proprietary information that you have received from your previous employers.

Other Information Collected

Client Engagement

We collect and store limited contact information from our clients for the purposes of invoicing, notifications of product updates, maintenance notifications, and similar purposes. We will retain personal information that we store and process on behalf of our clients for at least as long as needed to provide services to our clients. 

Referrals

If you choose to refer someone to our SaaS offerings, we will store that person’s name, email address, or phone number for the purpose of making initial contact with the referred individual, tracking the success of our referral program, and other marketing activities. Your referral may contact us at privacy@sencia.ca to request that we remove their information from our database.

Testimonials

We may post testimonials on our websites that contain your name, organization, and company logo. We will obtain your consent prior to posting your testimonial. If you wish to update or delete your testimonial, you can contact us at privacy@sencia.ca.

Business Contact Information

We collect and store limited contact information from our business contacts and suppliers including mailing address, job title, email address, phone number, social handles, LinkedIn URL, etc. for the purposes of delivering relevant email content, responding to requests, making a business request, and event promotion.

 

Who Sees Your Information?

This section provides more information on how we protect your information when we engage with third parties, marketing, and legal obligations. We do not sell, use, or disclose your personal information or content for purposes other than those identified in this Privacy Policy. 

Note that our clients, and not Sencia, determine who in their organization can access and see the personal information they collect. For example, a client may run provide reports that contain personal information and share those reports at their discretion. Please contact your organization, employeer, or storefront about their policies with respect to any information they collect about you using our SaaS offerings.

Sencia In-House

We may share information, including personal information, with relevant Sencia staff. For example, information from Sales may be provided to Marketing to send product and other promotional communications to you. In addtion, system administrators, client designates, and Sencia support personnel may be able to:

  • Access information from an individual's account.
  • Access communications history, including file attachments, for individual accounts.
  • Disclose, restrict, or access information provided by individuals, including content.
  • Control how an account may be accessed or deleted.
  • Access information from reports generated from our products.

Third Parties

Personal information may be transferred to third-parties who act for or on our behalf of Sencia or our clients for further processing as permitted by clients and in accordance with lawful processing, such as data storage, service providers, maintenance services, database management, web analytics, and payment processing. These third parties have access to personal information only for purposes of performing these tasks on our behalf.

Partners

Some of our SaaS offerings allow you to access functionalities or content provided by technology partners or integrations with our SaaS offerings. For example, Informetica's integration with Salesforce allows clients to bring information about their employees from Salesforce into the Informetica Learning Management System. With our client's permission, we will share information about you, such as your name and email as required for you to access these partner functionalities or content from our products and services.

We also work with technology and content partners with whom we may share information such as contact information and event attendance if we have permission to do so.

Suppliers & Service Providers

We use suppliers to help us provide our services to our website visitors and users of our SaaS offerings or to perform work on our behalf. We share information with our contracted suppliers and service providers that provide services such as IT and system administration, hosting, credit card processing and other necessary business activities. Where this requires access to personal information, we are responsible for the data privacy practices of the suppliers. Our suppliers must abide by our strict data privacy and security requirements and instructions. They are not allowed to use personal information they access or receive from us for any other purposes than as needed to carry out their work for us. Suppliers undergo regular audits to ensure they continue to perform at standards. 

Events and Webinars

If you use our websites to register for an event or webinar we organized, we may share your personal information to the extent required to process your registration and ensure your participation in the event. We may use suppliers to help us organize and conduct events. We will share with them only the personal information that is necessary and ensure that they follow our strict requirements for suppliers.

eCommerce

Where you use our SaaS offerings and services to make a purchase or transaction, we will share your payment and transaction data with banks, payment gateways, and other organizations to process the transactions and for fraud detection and prevention or anti-money laundering purposes.

Other Third parties

Any information, including personal information, that you choose to submit in forums, blogs, or chat rooms on our websites may be read, collected, and/or used by others who visit these forums, depending on your account settings.

Where we use third-party tools, these third parties may have access to some of your personal information. These third parties include Google Analytics and advertising tools such as Facebook Business.

We may disclose information that is no longer associated with an identifiable individual for research or to enhance and promote our products and services. For example, we may share aggregated or de-identified information with our partners for business or research purposes like partnering with a research firm to explore how our products are being used and how such data can be used to enhance our functionalities and further help our clients. 

Legal Compliance & Protection of Our Rights

Legal Compliance

Personal information is subject to the laws of the jurisdiction in which it is located. We may be required to disclose personal information to comply with lawful requests by government authorities, court order, law, regulation, or if such disclosure is otherwise necessary for the support of a criminal investigation or legal process or exercise our legal rights or defend against legal claims. Personal information may also be disclosed if, based solely on our discretion, we consider there is a risk to the safety of the public or any person, to prevent or stop any activity we may consider to pose a risk of being illegal, unethical, inappropriate, or legally actionable. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

Where such disclosures relate to personal information we hold on behalf of our clients, we will defer such requests to our clients where permissible.

Our Rights, Fraud Prevention, and Security

We may need to disclose your information to protect and defend the rights, property, or safety of Sencia, our clients, or third parties, including enforcing contracts or policies or in connection with investigating and preventing fraud.

Changes to Business Structure

If we are involved in a merger or acquisition, sell a portion of our business or assets to another company, or similar transactions, we may transfer some or all of your personal information to such third party. This also holds true for in the event of an insolvency, bankruptcy, or receivership. In accordance with applicable laws, we will use reasonable efforts to notify you of any such transfer of personal information to an unaffiliated third party. 

Marketing & Advertising

 

We do not use or disclose the personal information of individuals associated with our clients (e.g. customers, employees, trainees, or learners) that we collect through the use of our SaaS offerings for advertising or marketing purposes.

Online and Interest-Based Advertising

We partner with third-party advertising networks to either display advertising on our websites or to manage our advertising on other websites. These ad network partners do not collect and do not have access to any personal information. They may, however, anonymously track your internet usage by various means, for example, through the use of cookies. Learn more about cookies.

Marketing  

We conduct marketing to promote our SaaS offerings and services. This marketing is generally aimed at client administrators and potential clients. We will use your personal information to send you marketing information, product recommendations, and other non-transactional communications about Sencia, including information about our services, SaaS offerings,  promotions, or events as necessary for our legitimate interests to conduct direct marketing or to the extent you have provided your prior separate consent. You may opt-out of receiving marketing emails from us by selecting on the "Unsubscribe" link in the email footer.

Social Networks

We may share your personal information with third–party social networks, advertising networks, and websites that usually act as separate controllers, so that Sencia can market and advertise on third party platforms and websites.

 

Your Data Rights

Individuals with personal information stored by our SaaS offerings and services may have certain rights regarding their personal information, subject to local data protection laws. Sencia will comply with and uphold the individual's rights to their own data. These may include the following rights:

  • to view your personal information held by us (right to access)
  • to rectify inaccurate personal information and ensure it is complete (right to rectification)
  • to erase/delete your personal information to the extent permitted by other legal obligations (right to erasure; right to be forgotten)
  • to restrict our processing of your personal information (right to restriction of processing)
  • to request a copy of your personal information in a common readable format (right to data portability)
  • to object to any processing of your personal information carried out on the basis of our legitimate interests (right to object). Where we process your personal information for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection
  • to the extent we base the collection, processing, and sharing of your personal information on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal

Note that many of these rights are not absolute. In some circumstances, we (or your organization, employeer, or storefront) are not legally required to comply with your request because of relevant legal exemptions. 

Exercise Your Data Rights

Client administrators may facilitate data right requests from individuals (e.g. customers, employees, trainees, or learners) within their organization. Accounts managed by a client administrator have control with regards to how account information is retained, suspended, and deleted. Non-client users of our SaaS offerings and services that we provide on behalf of our clients should contact their sorganization to process their request and exercise their data rights. Non-client users that email us at datasecurity@sencia.ca will have their request forwarded to the appropriate client administrator.

Clients using our SaaS offerings and services may exercise their rights by contacting us at datasecurity@sencia.ca. Requests to access, change, or remove your information will be handled within 15 days.

Information Security

Sencia is committed to ensuring that the confidentiality of personal information is protected and maintained. We have dedicated information security programs and work hard to continuously enhance our technical and operational security measures. We process personal information securely, and apply and maintain appropriate technical and organizational measures to protect personal information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Our measures consider the sensitivity of the information we collect, use, and store, and the current state of technology. Our security measures include data encryption, firewalls, data use, and access limitations for our personnel and suppliers and physical access controls to our facilities.

Personal information may be displayed on profile pages and elsewhere in our products according to the requirements established by our clients. We recommend that clients guard and restrict the anonymity of personal information and think carefully about what information they collect from their users.

Our clients, and not Sencia, determine their own policies regarding storage, access, modification, deletion, sharing, and retention of information and content that may apply to an individual's use of the product. For example, a client may provide or remove access, manage permissions, transfer users, or control access to content. If you are a non-client user, please check with your organization, employeer, or storefront about the policies and settings that they have instituted with respect to information and content that you provide when using our products and services.

All SaaS offerings and services that use payment are processed through a payment gateway. These payment gateways are third-party merchants that are responsible for using secure encryption. We do not store credit card information in our systems. 

Data Transfer

Your personal information may be collected, transferred to and stored by us in Canada and by in data centres we employ in other countries.We have adopted policies compliant with Canadian and European law in an effort to ensure effective levels of data protection relating to transfers of personal information outside of  the European Economic Area (EEA) or Canada (this is known as data transfer). We host locally or via a virtual server, but may need to access your information from locations outside of your region and country for support and maintenance purposes where permitted under applicable law and our client contracts. We obtain a client's consent prior ro such international data transfers.

Children's Privacy

We do not knowingly collect any information from children under the age of 16. We expect our clients working with children to obtain consent and authorization the relevant institution or guardian proior to their use of our SaaS Offerings and services. Please contact us at datasecurity@sencia.ca if you believe we have inadvertently collected personal information from a child under 16 without proper consent . This will allow us to remedy this data collection as soon as possible. 

Contact Us

If you have questions about this policy, how we collect or process your personal information, or anything else related to our privacy practices, you can email us at datasecurity@sencia.ca.

Note that if you are a non-client user of our SaaS offerings, contact your organization, employeer, or storefront. Their privacy statement and data privacy practices will determine how Sencia uses personal information on their institution’s behalf.