HYAS Infosec Inc. Privacy Statement (V1.8.2018)
1. We care about your privacy
This Privacy Notice has been prepared by HYAS Infosec Inc. (“HYAS,” “we,” “us,” or “our”) and sets out the manner in which HYAS collects, uses, stores, transfers, discloses and otherwise manages your personal information, including data collected through our website (located at http://www.hyas.com; “Website”), and through other interactions.
Our visitors’ privacy is very important to us:
- The privacy and protection of the data we hold is of the utmost importance.
- We have a duty of care to the people whose personal information we have.
- We only collect and process the data we need – nothing more.
- We will not sell, rent, distribute or make the data we collect from you public.
We ask that you read through this policy, so as to familiarize yourself with our privacy-related practices and policies. Please do not hesitate to contact us, should you have any questions.
2. Relevant legislation
This Website, and our internal data policies, are intended to comply with the following pieces of legislation:
- EU General Data Protection Regulation 2018 (GDPR)
- Applicable Privacy Laws
By complying with the above legislation, we and this Website should also comply with the data protection and privacy requirements of many other countries and territories. However, if you have any concerns regarding our Website’s handling of data, please contact us per the contact information found below (see section 14: “Contact Information and Data Protection Officer”).
3. PERSONAL INFORMATION: WHAT WE COLLECT AND WHY
This Website collects and uses personal information for the following reasons:
The term “personal information” means information about an identifiable individual, including name, address, email address. For example, we may collect personal information when you:
- Request a data sheet or schedule a demonstration on our Website;
- Enter into a contract with us;
- Sign up to receive promotional communications;
- Participate in our surveys or customer research;
- Apply for employment at HYAS; and
- Contact us with a comment, question or complaint.
Requesting Data Sheets and Scheduling Demonstrations: You do not have to register to visit and browse certain features of the Website. However, to view data sheets or schedule a demonstration, you are required to provide your name, company, title, email address and regional location. You may additionally be asked for your contact preferences.
Entering into a Contract with HYAS: If you are or become our client (via a separate contract for our products and/or services), or if we enter into negotiations concerning other agreement., whether or not we enter into such an agreement, then we may need to collect certain personal information from you so as to refine and process contractual terms or for the purpose of fulfilling our contractual obligations to you. Please refer to section 5 (“Client/Contractual Information”), below, for further details.
Promotions: When you participate in a promotion, we may collect your name, company name, email address, phone number, address and any other information that you may provide. We use this information to administer your participation in a contest or promotion. At the time you enter the contest or promotion, we may obtain your consent to send you future promotional communications.
Surveys and Customer Research: From time to time, we may offer you the opportunity to participate in one of our surveys or other customer research. The information obtained through our surveys and customer research is used in an aggregated, non-personally identifiable form. We use this information to help us understand our customers, to enhance our product and service offerings, promotions and events, and/or to assist in the selection of store locations.
Employment at HYAS: In connection with a job application or other inquiry regarding potential employment with HYAS, you may provide us with certain personal information about yourself (such as that contained in a resume, cover letter, LinkedIn profile or similar employment-related materials). We use this information for the purpose of processing and responding to your application for current and future career opportunities.
Customer Service: When you contact us with a comment, question or complaint, you may be asked for information that identifies you (such as your name, company name, title, email, phone number and address) along with additional information we need to help us promptly answer your question or respond to your comment or complaint. We may also retain this information to assist you in the future and to improve our customer service, product and service offerings, and events and promotions.
A. SITE VISITATION TRACKING
We use this data to understand how our Website is being used, for example:
- The number of people using it;
- The pages visitors visit;
- Where visitors enter the site;
- Where visitors come from;
- Where visitors exit; and
- The demographics of our visitors.
We consider Google to be a third-party data processor (please refer to the below section 6, “Our Third-Party Data Processors”, for further details):
- GA records data, such as: geographical location, device, internet browsers and operating system. It does not personally identify you to us. While GA also records your device’s IP address, which could be used to personally identify you, GA does not grant us access to this data.
- You can prevent the storage of data relating to your use of the Website and created via the cookie (including your IP address) by GA, as well as the processing of this data by GA, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can also obtain additional information on GA’s collection and processing of data and data privacy and security at the following links: https://policies.google.com/technologies/partner-sites and https://support.google.com/analytics/topic/2919631.
B. CONTACT FORMS AND LINKS PRESENTED IN AN EMAIL TO YOU
If you contact us by using the contact form on our Website or via an email link, we may ask you to provide us with your personal information and that you consent to this Privacy Statement. You are not required to do so, but if you elect not to provide us with this information, we may not be able to provide you with an answer to your inquiry, and this could also prevent us from delivering products or services to which you had subscribed.
The data you provide (including your email address, if you use an email link) will be sent over to us.
If you choose to provide us with your contact information via another means (for example: business card), we may send an email to you requesting that you further consent to be contacted by us.
None of the data that you supply will be stored by this Website. It may be passed to/processed by any of our third-party data processors, who are identified in section 6 (“Our Third-Party Data Processors”), below.
4. ABOUT THIS WEBSITE’S SERVER
This Website is hosted on a server, which is provided by Dynamic Hosting, which is located in Canada.
The data center has on-site staff and 24×7 security.
Our server retains access logs, error logs, security logs and service logs to allow us to monitor service, in order to maintain this information and keep a level of security. These logs may store personal information in plain text on the platform. All logs are deleted after ninety (90) days.
The personally identifiable information that these logs may store includes:
- IP address;
- Request URL;
- Protocol; and
- Referrer paths.
Our Website and server are protected by a password, malware scanning, a managed firewall and brute force protection.
5. CLIENT/CONTRACTUAL INFORMATION
If we enter into contractual negotiations with us, including for example, if you are or should you become our client (via an agreement for our provision to you of our products and/or services), then there will likely be certain details that we will need to obtain from you that will permit us to fulfil our contractual obligations to you and/or complete certain tasks prior entering into a contract with you (e.g. providing a quote or performing due diligence).
We will only ask for those details that concern your personal information that we need.
This may include:
- Your name;
- Your email address;
- Your personal home or cellular phone number; and/or
- Your postal address.
Any details that you elect to supply to us may be stored and accessed by us, on HYAS-owned or approved devices.
6. OUR THIRD-PARTY DATA PROCESSORS
We use some third parties to process personal data on our behalf. We only do this where it would be impractical to do otherwise. As such, we have chosen these third parties carefully, since we look for them to be compliant with the legislation set out in section 2, above. This includes where they are not based within the EU.
The aforementioned third-parties are as follows:
- Google (includes use of: GSuite [Gmail, Drive, Sheets, Docs, Meet, Calendar, etc.], Google Analytics, and Google Webmaster Tools)
- Microsoft (for file storage, includes: Azure, Compute and Microservices)
- Amazon (for file storage, includes: AWS Compute Services, Lambda Services and S3)
- Dropbox (for file storage)
- GitHub (for ongoing software development)
- GanttPro (for project planning)
- Hubspot (for the majority of our communications, including for example: tracking consents to this and subsequent versions of our Privacy Statement, password changes, product updates and maintenance of client information)
- Mailchimp (for communication)
- Zoom (for communication)
- Skype (for communication)
- WhatsApp (for communication)
- Slack (for communication)
- Twitter (for communication)
- Facebook for Business (for management of Facebook Pages)
- LinkedIn (for sales leads and human resource searches)
- Dynamic Hosting (for hosting our cloud platform)
7. DISCLOSURE OF PERSONAL INFORMATION
We will not disclose, trade, rent, sell or otherwise transfer your personal information, without your consent, except as set out herein.
Service Providers: We may transfer (or otherwise make available) your personal information to third parties who provide services on our behalf. For example, we may use service providers to send our emails, host our Website and operate certain of its features. Your personal information may be maintained and processed by third party service providers in the US or other jurisdictions. Our service providers are given the information they need to perform their designated functions, and we do not authorize them to use or disclose personal information for their own marketing or other purposes.
Partners: From time to time, we may partner with third parties to provide benefits to registered members of the Website. With your consent, we may exchange certain personal information with these third parties. We may also share aggregated, non-identifiable profile and usage data with third parties for marketing and analytics purposes.
Business Transactions: We may transfer any information that you provide to us, in connection with a proposed or completed merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of HYAS or as part of a corporate reorganization or other change in corporate control.
Business Purposes: We may transfer, as necessary, personal information that was collected in conjunction with, or is reasonably necessary to, enforce contractual terms and conditions, or where such transfer is necessary to support or protect HYAS’ business operations and/or its users.
Legal Requirements: HYAS and our service providers may provide your personal information in response to a search warrant or other legally valid inquiry or order, or to an organization in the case of a breach of an agreement or contravention of law, or as otherwise required or permitted by applicable law. We may also disclose personal information where necessary for the establishment, exercise or defense of legal claims, to detect, suppress or prevent fraud, and to investigate or prevent actual or suspected loss or harm to persons or property.
We have implemented reasonable administrative, technical and physical safeguards in an effort to protect against unauthorized access, use, modification and disclosure of personal information in our custody and control, including limiting access to our database to legitimate users.
We have personal information retention processes designed to retain personal information for no longer than necessary for the purposes stated above or to otherwise meet legal requirements.
9. DATA BREACHES
We will report any unlawful data breach of this Website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities, as required by law.
10. DATA RETENTION
We pride ourselves on only storing the data we need. With that in mind, we conduct an (annual) data review of the information we hold and delete anything we no longer need, or which we have held for at least twelve (12) months, without usage.
We will only hold personal information for a longer period in order to fulfil our contractual or legal obligations.
11. DATA ERASURE REQUESTS & DATA SUBJECT ACCESS REQUESTS
You may access, update and correct inaccuracies in your personal information in our custody or control at any time, subject to limited exceptions prescribed by law. You can request access, corrections or updates to all personal information by contacting us as set out in section 14: (“Contact Information and Data Protection Officer”), below.
In order to make a data erasure request or data subject access request, please contact our Data Protection Officer whose details are listed below.
We may request certain personal information for the purposes of verifying the identity of the individual seeking access to their personal information records.
13. DATA CONTROLLER
Our Website’s data controller is:
HYAS Infosec Inc.
A Canadian company, with business number: 791411127RC0001
The data controller’s registered office is:
HYAS Infosec Inc.
320-250 Wallace Street
Nanaimo, British Columbia V9R 5B3
The data controller’s operating office is:
HYAS Infosec Inc.
100 – 838 Fort Street
Victoria, British Columbia V8W 1H8
14.CONTACT INFORMATION & DATA PROTECTION OFFICER
Our data protection officer (DPO) & EU-registered data protection agent, Ariel Silverstone (of Data Protectors, LLC), may be reached by sending an email to the above address.