- Taplytics’ management and protection of personal data,
- Collected from its employees for workforce management purposes
- Collected from users of its services
- Collected in the course of recruitment
- Collected from website visits for the purposes of operating and improving the website
- The process to exercise your individual privacy rights regarding any personal data held by Taplytics in relation to:
- Individual access,
- Rectification of your data, as appropriate, and
- Challenging compliance
- Taplytics does not collect special categories of data, such as racial or ethnic origin or health data.
- Taplytics does not perform any data profiling.
TAPLYTICS PROTECTION AND MANAGEMENT OF PERSONAL DATA
Taplytics collects personal data, meaning information about an identified or identifiable individual, directly from individuals, from its employees, users of its services and from its website visitors.
Taplytics collects personal data from:
- Candidates for positions at Taplytics; with proper notification and implicit consent, Taplytics may use internet searches to perform due diligence on candidates strictly in relation to data relating to recruitment purposes.
- Individuals contacting us through the website, with express consent. Information provided, such as name, credit card number, telephone number or email address, is used for the purposes of fulfilling the service requested, such as contacting you about products and services or responding to an inquiry, fulfilling an order placed on the website or delivering the Taplytics services. Taplytics uses stripe.com as its third party service provider and they will collect all personal billing data related to payments and remit payment to Taplytics.
- Customers, with express consent, for the purpose of delivering Taplytics services. Taplytics collects information, such as your IP address, device identification usage information through cookies placed on your web browser with the software development kit (SDK) used. Personal data is also collected through the mobile SDK and network calls made to our APIs. This information is used to provide our services to you and to update and improve these services.
- Clients, with express or implied consent secured by the client. Taplytics’ agreements with its clients contain data protection clauses to ensure that consent was properly obtained prior to the client sharing your personal data.
- Its employees, with implicit consent for the purposes of human resource management including hiring, deployment, compensation, benefits, leave management, performance management, discipline and termination, as well as emergency contact.
Taplytics does not sell or otherwise disclose to third parties any data it holds save in the following exceptional cases:
- upon a request from law enforcement authorities to provide personal data in its custody, and only upon demonstration of lawful authority. If the data requested is held on behalf of a business customer, Taplytics will consult the customer unless it is prohibited to do so by law.
- strictly as allowed by law, Taplytics may disclose data to another organization where it is:
- to enforce applicable terms of service, including investigation of potential violations;
- to detect, prevent, or otherwise address fraud, security or technical issues;
- to protect the rights, property or safety of users and the public.
- With respect to employee data, Taplytics may disclose personal data if it is necessary:
- to establish, manage or terminate an employment relationship, as allowed by law.
- in a prospective business transaction where Taplytics has entered into an agreement that:
- restricts the use and disclosure of that data solely for purposes related to the transaction
- protects the data by security safeguards appropriate to the sensitivity of the information, and
- If the transaction does not proceed, the data is returned to Taplytics or destroyed it within a reasonable time.
Taplytics may transfer personal data to suppliers it employs to assist with the delivery, maintenance and development of Taplytics services. The transfer may occur across national borders. In all cases, it is subject to the following conditions:
- The transfer is solely for the purpose of assisting Taplytics in its service delivery and under its instructions.
- It comes under contractual clauses that ensure compliance with data protection legislation at a compatible level of protection
- When Taplytics processes personal data,
- Exercises due diligence in the choice of processors to whom to transfer the data;
- Ensures compliance with data protection with contractual clauses and monitors compliance through means including inspections, audits and immediate breach reports.
4. Location of personal data
Taplytics stores personal data on servers located in Canada and in the United States, with Amazon AWS and Google Cloud. Amazon AWS, Google Cloud and Taplytics are all EU-US Privacy Shield certified.
Taplytics is committed to data security and protects personal data through integrated physical, organizational, technological and administrative safeguards. In particular,
- All data is protected by security safeguards appropriate to the level of sensitivity of the data through (i) physical measures, such as secure areas; (ii) technical measures, such as encryption and secure servers; and (iii) organizational and administrative measures such as access policies based on the need-to-know and employee security through vetting and supervision.
- All data is retained only for as long as it is necessary for the purposes for which it was collected or transferred.
- Should Taplytics suffer a breach, it would implement its Incident and Breach Response Plan, including sending notifications to individuals and/or the data collector, as soon as feasible.
PROCESSES TO EXERCISE PRIVACY RIGHTS
1. Individual access
Through the Data Protection Officer, at email@example.com, Taplytics responds to individual requests for access to one’s personal data, and for rectification as necessary.
- Within one month, free of charge, unless the volume or the complexity of the request require a longer process, where Taplytics will inform the requester, within one month, of the reasons for an extension and may charge a reasonable fee to cover administrative costs; or if the request is unfounded or excessive and Taplytics may refuse the request with justification.
- Providing the following information:
- the purposes of the processing;
- the categories of personal data processed;
- the third parties to whom the personal data have been or will be transferred to under contractual agreement with Taplytics and their location;
- the criteria to determine the period for which the personal data will be stored;
- the existence of the right to request rectification or erasure of personal data and the process for it;
- the right to object to processing, as applicable;
- the right to lodge a complaint with a supervisory authority.
Rectification requests follow the same process as access requests, described above. Taplytics provides rectification as soon as possible within one month. Should Taplytics refuse the request, it will provide justification.
3. Challenging compliance
An individual about whom Taplytics holds data may challenge compliance with data protection rights by filing a complaint in accordance with the process instituted for access requests and rectification requests, described above.
Taplytics will investigate the complaint in consultation with the office responsible for the use of the data and under the guidance of Data Protection Officer. Should the complaint be well-founded, Taplytics will take all appropriate measures to resolve the complaint and, if necessary, amend its practices as needed.
The Data Protection Officer may be reached at firstname.lastname@example.org.