Last Updated: February 9, 2022
Canonic Security is a business applications security platform that helps organizations control third-party apps and integrations connected to their IT managed services (the “Services”).
Table of contents:
1. What information we collect, why we collect it, and how it is used
2. How we protect and retain your Personal Information
3. How we share your Personal Information
4. Your privacy rights. How to delete your account
5. Use by children
6. Interaction with third-party products
7. Analytic tools
8. California Privacy Rights
9. Contact us
1. WHAT INFORMATION WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED
PERSONAL INFORMATION WE COLLECT. For the purpose of providing you with our Services, we may collect the following Personal Information about you:
a) Information You Provide Directly to Us Via the Website. Personal Data provided by you when you: (a) browse and make use of our Website https://canonic.security/ (“Website”), (b)sign-up for our Closed Beta program; and/or (c) to subscribe to receive materials via our blog (blog.canonic.security) (the "Blog"). We collect and process the following Personal Data: full name, business name, email address and, any other information that you decide to provide/supply us with. When you communicate with Canonic Security (via email, Website, or telephone), we collect the contents of those communications.
b) Automatic Data Collection. We automatically collect certain information through your use of the Canonic Security platform andWebsite, such as your IP address, cookie identifiers and, other device identifiers that are automatically assigned to your device, browser type and language, geolocation information, hardware type, operating system, internet service provider and other information about actions taken on our Website and platform.
c) Information You Provide Directly to Us Via the platform. When you sign-up for our closed-beta program and make use of our Services by connecting your business applications to our platform, we collect and process the following PersonalData: user name, employee data (name, email, organizational role, system role),list of third-party applications and integrations, log data such as activities performed by those integrations or employee user accounts.
WHY ISTHE PERSONAL INFORMATION COLLECTED, AND FOR WHAT PURPOSES?
a) To provide you with the Services and allow you to subscribe to our Blog updates. Canonic Security will use your Personal Data to provide the Services, including: (i) to allow you to sign-up and access the platform;(ii) to assess the security protections of your business applications and related third-party integrations; (iii) to communicate with you about the Services, including, the link to the beta platform; (iv) to send information about our products, services and offerings; (v) to personalize your product experience and (iv) to notify you about new Blog publications via email.
b) For Administrative Purposes. Canonic Security may use yourPersonal Data (i) to respond to your questions, comments, and other requests for customer support or information, including information about potential or future services; (ii) for internal quality control purposes; (iii) to establish a business relationship; and (iv) to generally administer the Services.
c) To Market the Services. Canonic Security may use PersonalData to market the Services. Such use includes (i) notifying you about offer sand services that may be of interest to you; (ii) tailoring content, advertisements, and offers for you, including targeting and re-targeting practices; (iii) conducting market research; (iv) developing and marketing new products and services, and to measure interest in our Services; (v) other purposes disclosed at the time you provide Personal Data; and (vi) as you otherwise consent.
d) Security purposes. Some of the above mentioned Personal Data will be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims.
e) De-identified and Aggregated Information Use. In certain cases, we may or will anonymize or de-identify your Personal Data and further use it for internal and external purposes, including, without limitation, to improve the services and for research purposes. “Anonymous Information” means information that does not enable identification of an individual user, such as aggregated information about the use of our Services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our Services and enhance your experience with them).
2. HOW WE PROTECT AND RETAIN YOUR PERSONAL INFORMATION
2.1. Security. We have implemented appropriate technical and procedural security measures designed to protect your Personal Information. As the security of information depends in part on the security of the computer, device, or network you use to communicate with us and the security you use to protect your user credentials, we encourage you to take appropriate measures and access our Services in a secure manner. For the avoidance of doubt, you use the services at your own risk: No technology or internet communication is ever fully security or error free.
2.2. Retention of your PersonalInformation. Your Personal Data will be stored until we proactively delete it, or you send a valid deletion request. Please note that in some circumstances, we may store your Personal Data for longer periods of time, for example, (i)where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if wer easonably believe there is a prospect of litigation relating to your PersonalInformation or dealings.
3. HOW WE SHARE YOUR PERSONAL INFORMATION
In addition to the recipients described above, we may share your personal data as follows:
3.1. We use third-party service providers to process your Personal Data for the purposes outlined above, including, without limitation:
3.1.1.With cloud providers for hosting purposes;
3.1.2.With email providers, marketing & sales CRMs we use;
3.1.3.With analytic tools we use helping us analyze data we collect(which may include Personal Data) in accordance with this policy;
3.2. We may also share Personal Data with our affiliated companies about you. To the extent necessary, with regulators, courts, banks or competent authorities, to comply with applicable laws, regulations and rules(including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required todo so by court order, as well as for internal compliance procedures;
3.3. In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your personal data in connection with the foregoing events; and/or
3.4. Where you have provided your consent to us sharing or transferring our Personal Data.
4. YOUR PRIVACY RIGHTS. HOW TO DELETE YOUR ACCOUNT
4.1. Rights: You can exercise your rights by contacting us at firstname.lastname@example.org. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly and in accordance with applicable law or inform you if we require further information to fulfill your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance, if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, it would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initially requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
4.2. Deleting your account: Should you ever decide to delete your account, you may do so by emailing email@example.com. If you terminate your account, any association between your account and PersonalInformation we store will no longer be accessible through your account.
5. USE BY CHILDREN. We do not offer our products or services for use by children and, therefore, we do not knowingly collectPersonal Information from and/or about children under the age of 18. If you are under the age of 18, do not provide any Personal Information to us without the involvement of a parent or a guardian. In the event that we become aware that you provide Personal Information in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at firstname.lastname@example.org.
6. INTERACTION WITH THIRD-PARTY PRODUCTS. We enable you to interact with third-party websites, mobile software applications, and products or services that are not owned or controlled by us (each, a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third PartyServices. Please be aware that Third Party Services can collect Personal information from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third-Party Service.
o Heap -- https://heap.io
o Fullstory -- https://Fullstory.com
o Google Analytics -- https://analytics.google.com/
We reserve the right to remove or add newanalytic tools
7. SPECIFIC PROVISIONS APPLICABLE UNDER CALIFORNIA PRIVACY LAW
7.1. California Privacy Rights: California CivilCode Section 1798.83 permits our customers or potential customers who areCalifornia residents to request certain information regarding our disclosure ofPersonal Information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com. Please note that we are only required to respond to one request per customer each year.
7.2. Our California Do Not Track Notice (Shine the Light): Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers, but we may allow third parties, such as companies that provide us with analytics tools, to collect personally identifiable information about an individual activities over time and across different websites and/or our Services.
8. CONTACT US. If you have any questions, concerns, or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at firstname.lastname@example.org.