Privacy Statement
AdvisorConX Privacy Statement, July 17, 2020
This AdvisorConXPrivacy Statement ("Privacy Statement") describes how we collect, use, share and process information relating to individuals ("Personal Data"), and your rights and choices regarding our processing of your Personal Data.
“AdvisorConX”, “ADVISORCONX”, “BenefitSimple”, "we", "us" or "our" means BenefitSimple Ltd., a corporation incorporated in the Province of Ontario, whose registered office is at 7611-11 Pine Valley Drive, Vaughan, ON L4L 0A2.
-
Processing activities covered
This Privacy Statement applies to the processing of Personal Data collected by us when you:
- Visit our websites that display or link to this Privacy Statement;
- Receive communications from us, including emails, phone calls, or texts;
- Use our cloud products and services as an authorized user (as a customer or as an employee of one of our customers who provided you with access to our services) where we act as a controller of your Personal Data;
-
Personal Data we collect
2.1. The Personal Data that we collect directly from you includes the following:
- If you register to use our websites, or download certain content, we may require that you provide your contact information, such as name, job title, company name, address, phone number, email address, or username and password;
- If you make purchases via our websites, we may require that you provide your financial and billing information, such as billing name and address, credit card number or bank account information;
- If you use and interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails through cookies, web beacons or similar technologies, such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data;
- If you use and interact with our services, we automatically collect information about your device and your usage of our services, through log files and other technologies, some of which may qualify as Personal Data.
2.2. If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so and acknowledge that it will be used in accordance with this Privacy Statement. If you believe that your Personal Data has been provided to us improperly, or to otherwise exercise your rights relating to your Personal Data, please contact us by using the information set out in the “Contacting us” section below.
-
Device and usage data we process
We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons and similar technologies to automatically collect information that may contain Personal Data from your computer or mobile device as you navigate our websites, our services or interact with emails we have sent to you.
3.1. Device and usage data.
We may gather certain information automatically on connection with the use of the website by individual users, or cloud products and services. This information may include:
- IP address (or proxy server),
- Device and application identification numbers,
- Location,
- Browser type,
- Internet service provider and/or mobile carrier,
- Pages and files viewed,
- Searches,
- Operating system and system configuration information,
- Date/time stamps associated with your usage.
3.2. Cookies, web beacons and other tracking technologies on our website and in email communications.
We may use cookies and similar technologies such as web beacons, tags and JavaScript, alone or in conjunction with cookies, to compile information about the usage of our websites and interaction with emails from us.
We may use both session-based and persistent cookies on our websites. You can control the use of cookies at the individual browser level, but choosing to disable cookies may limit your use of certain features or functions on our websites and services.
We may also use web beacons on our websites and in email communications. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such technologies are used to operate and improve our websites and email communications. For instructions on how to unsubscribe from our marketing emails, please see 10.4 below.
3.2.1. Required cookies are necessary for basic website functionality (for example, session cookies to transmit the website, authentication cookies, and security cookies). If you identify yourself to us, we may place a cookie on your browser that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
You cannot opt out of these.
3.2.2. Functional cookies are used to enhance functions, performance, and services on the website (for example, to analyze site traffic, or do market research).
We may use our own technology or third-party technology (for example, Google Analytics) to track and analyze usage information to provide enhanced interactions and more relevant communications.
You can opt out of these using your individual browser settings.
-
Purposes for which we process Personal Data
We collect and process your Personal Data for the following purposes:
- To perform our contract with you for the use of our websites and services and to fulfill our obligations under applicable terms of use/service, including providing necessary functionality during your use of our websites and services;
- To promote the security of our websites and services by tracking use of our websites and services, creating aggregated, non-personal data, verifying accounts and activity, investigating suspicious activity and enforcing our terms and policies, to the extent this is necessary for our legitimate interest in promoting the safety and security of the services, systems and applications and in protecting our rights and the rights of others;
- To manage user registrations and user accounts to perform our contract with you according to applicable terms of service;
- To manage and fulfill contact and user support requests;
- To verify financial information if you have provided it, and to collect payments to complete necessary transactions and perform our contract with you;
- To analyze trends, track usage and interactions with our websites and services, in order to develop and improve the service offering and the user experience;
- To review compliance with the applicable usage terms in our customer’s contract to ensure adherence to the relevant terms;
- To assess the capacity requirements of our services to ensure that we are meeting the necessary capacity requirements of our service offering;
- To assess potential customer opportunities to facilitate meeting the demands of our customers and their users’ experiences;
- To comply with legal obligations by cooperating with public and government authorities, courts or regulators in accordance with our legal obligations under applicable laws to the extent this requires the processing or disclosure of Personal Data to protect our rights or is necessary for our legitimate interest in protecting against misuse or abuse of our websites, protecting personal property or safety, pursuing remedies available to us and limiting our damages, complying with judicial proceedings, court orders or legal processes or to respond to lawful requests.
-
Who we share Personal Data with
We may share your Personal Data as follows:
- With our contracted service providers, who provide services such as IT and system administration and hosting, and credit card processing;
- With the affiliated customer responsible for your access to the services, if you use our services as an authorized user, to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies;
- We may also share anonymous usage data with ADVISORCONX service providers for the purpose of helping ADVISORCONX in such analysis and improvements. Additionally, ADVISORCONX may share such anonymous usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services.
-
Retention of Personal Data
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see the "Purposes for which we process Personal Data and the legal bases on which we rely" section, above). We determine the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of your Personal Data processed, the potential risk of harm from unauthorized use or disclosure of your Personal Data and whether we can achieve the purposes of the processing through other means, as well as on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further use of such data.
For further information on applicable data retention periods, please contact us by using the information in the “Contacting us” section, below.
-
Your rights relating to your Personal Data
7.1. Your rights
You have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws and, these rights may include:
- To access your Personal Data held by us (right to access);
- To rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete (right to rectification);
- To erase/delete your Personal Data, to the extent permitted by applicable data protection laws (right to erasure; right to be forgotten);
- To restrict our processing of your Personal Data, to the extent permitted by law (right to restriction of processing);
- To transfer your Personal Data to another controller, to the extent possible (right to data portability);
- To object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
- Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"). Automated Decision-Making currently does not take place on our websites or in our services; and
- To the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
7.2. How to exercise your rights
To exercise your rights, please contact us by using the information in the “Contacting us” section, below. We try to respond to all legitimate requests within one month and will contact you if we need additional information from you in order to honor your request. If you are an employee of an ADVISORCONX customer, we recommend you contact your company’s system administrator for assistance in correcting or updating your information.
Some registered users may update their user settings, profiles, organization settings and event registrations by logging into their accounts and editing their settings or profiles.
To update your billing information, discontinue your account and/or request return or deletion of your Personal Data and other information associated with your account, please contact us by using the information in the “Contacting us” section, below.
7.3. Your rights relating to customer data
As described above, we may also process Personal Data submitted by or for a customer to our cloud products and services. To this end, if not stated otherwise in this Privacy Statement or in a separate disclosure, we process such Personal Data in the role of a mere processor on behalf of a customer (and/or its affiliates) who is the responsible controller of the Personal Data concerned (see the "Responsible ADVISORCONX entity" section above). We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those set forth in this Privacy Statement. If your data has been submitted to us by or on behalf an ADVISORCONX customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable customer directly. Because we may only access a customer’s data upon instruction from that customer, if you wish to make your request directly to us, please provide to us the name of the ADVISORCONX customer who submitted your data to us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
-
How we secure your Personal Data
We take precautions including organizational, technical and physical measures to help safeguard against the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of, or access to, the Personal Data we process or use.
While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us by using the information in the “Contacting us” section, below.
-
Contact Us
To exercise your rights regarding your Personal Data, or if you have questions regarding this Privacy Statement or our privacy practices please email us at: info@advisorconx.ca
Or mail to:
- BenefitSimple Ltd.
- AdvisorconX Privacy Team
- 7611-11 Pine Valley Drive
- Vaughan, ON L4L 0A2
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.