Windward Core is now Fluent by Apryse. Click here to experience the new and improved platform!

Privacy Notice

Last Modified: February 8, 2023

Apryse is committed to protecting and respecting your privacy. A reference to "Apryse", "we", "us" or "our" is a reference to Apryse Software Inc. and its affiliates, and we are a 'controller' for the purposes of the data protection laws that apply to us. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.

This notice (together with any applicable terms of use) describes what personal data and other information we may collect, use, share and process from you in connection with your use of our products. References to our products in this notice include our websites, apps, software, and services. For greater certainty, we may collect and make use of your information (including personal data) in the context of:

This notice further describes how we may collect personal data, with whom we may share it, as well as the choices you have regarding our collection of information and our use and disclosure of that information to other parties.

Note for Xodo users: If you are using Xodo with Google Drive, please note that Xodo`s use and transfer to any other application of information received from Google`s APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements therein.

This notice is provided in a layered format for ease of access.  Click on the table of contents to jump to a specific section.

  1. OVERVIEW AND SCOPE
  2. INFORMATION WE COLLECT FROM YOU
  3. HOW IS YOUR PERSONAL DATA COLLECTED?
  4. HOW WE USE YOUR PERSONAL DATA
  5. HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?
  6. DISCLOSURE OF YOUR INFORMATION
  7. WHERE WE STORE YOUR PERSONAL DATA AND HOW DO WE KEEP IT SECURE?
  8. THIRD PARTY LINKS
  9. YOUR RIGHTS
  10. CHANGES TO OUR PRIVACY NOTICE
  11. CONTACT US
  12. ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS
  13. ACCESSIBILITY

1      OVERVIEW AND SCOPE

We believe that you should always know what data we collect from you, how we use it, and that you should have meaningful control over both.  This notice describes how we use personal data, with whom we share it, your rights and choices, and how you can contact us about our privacy practices.

2      INFORMATION WE COLLECT FROM YOU

We collect, use, store, transfer and process different types and categories of personal data about you as follows:

Identity Data includes first name, last name, company name, user pictures and profile pictures (if supplied), username or similar identifier, marital status, title, date of birth and gender.

Contact Data includes postal address, email address and telephone numbers.

Financial Data includes bank account details, credit card information, tax payer identification numbers and billing addresses.

Transaction Data includes details about payments to and from you and other details of any services you have purchased from us.

Technical Data includes internet protocol (IP) address, media access control (MAC) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Product Data includes your information and content you may submit in a PDF, details about any licenses you may have with us, preferences, feedback and survey responses.

Usage Data includes information about how you use our website and products.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not collect any special categories of personal data about you (such as health data, political opinion, religious beliefs etc.).  Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services).  In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3      HOW IS YOUR PERSONAL DATA COLLECTED?

3.1 PERSONAL DATA WE COLLECT DIRECTLY FROM YOU

We collect personal data directly from you in the following situations:

3.1.1 DIRECT INTERACTIONS

You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise.  This includes personal data you provide:

3.2 INFORMATION WE AUTOMATICALLY COLLECT

3.2.1 IP ADDRESSES AND CLICK-STREAM DATA

With regard to each of your visits to our websites or usage of our apps we may automatically collect the following information:

The websites may use Hotjar, a third party website analytics tool, in order to better understand our users’ needs and to optimize this service and experience.  Hotjar is a technology service that helps us better understand our users’ experience (e.g., how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback.  Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices.  This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website.  Hotjar stores this information on our behalf in a pseudonymized user profile.  Hotjar is contractually forbidden to sell any of the data collected on our behalf.  For further details, please see the ‘about Hotjar’ section of Hotjar's support site.

The information collected cannot typically be used to identify you personally.  However, if you have specifically informed us of your identity (for example by registering for something or providing us with your contact information), it may be possible for us to link certain information to information that identifies you personally.

3.2.2 DIGITAL MARKERS (INCLUDING COOKIES), ONLINE TRACKING TECHNOLOGIES, ONLINE INTEREST BASED ADVERTISING

A digital marker is created by a website visitor’s Internet browser to maintain certain pieces of information for the website to reference during the same or subsequent visits.  Examples of digital markers are cookies or HTML5 Web storage.  Among other things, digital markers can allow a website to recognize a previous visit each time the visitor accesses the website, and track what information is viewed on a website.

We use sessional and persistent digital markers on some portions of our websites.  Digital markers are created when you visit our websites.  Sessional markers exist while you remain on our websites, and persistent markers continue to exist after you have left our websites.

For information on the digital markers (including cookies) we use and the purposes for which we use them see the applicable Cookie Notice for the Apryse website(s) you may visit.

Similarly, we or our third-party service providers/advertisers may also use "web beacons", "pixel tags" or other tracking technologies, which are typically small pieces of code placed on a web page to monitor behaviour and collect certain data regarding the actions of our visitors online.

These digital markers and other technologies may be used to track across time, sites, and devices.  For example, these technologies can be used to analyze your online traffic patterns, to enhance your experience when using our products, to store information during your session, to personalize our websites for you based on your preferences and selections, to target advertising or content to you (as described further below), and to collect information about you and your usage of our websites or apps for other marketing and business purposes.  You may adjust your privacy preferences regarding the use of digital markers, including cookies, and similar technologies through your browser.  However, disabling cookies may impair your user experience and disable certain features of our websites.

Data about your activities online may be collected for use in providing advertising tailored to your individual interests, either by us, or third parties.  We may work with third parties such as network advertisers and ad exchanges to serve advertisements across the internet and may use third party analytics service providers to evaluate and provide us and/or third parties with information about the use of these ads on third party websites and viewing of ads and of our content.

We and these third-party vendors, including Google and LinkedIn, may use third-party technologies (such as the LinkedIn Insight Tag) together with our own first party technologies in order to analyze ad impressions, your use of ad services, and interactions with these ad impressions and ad services.  The information collected may also include information about your visits to our websites, include the pages you have viewed and what content you have seen.  These third-party tracking technologies may be set to, among other things: (a) help deliver advertisements to you that you might be interested in; (b) prevent you from seeing the same advertisements too many times; and (c) understand the effectiveness of the advertisements that have been delivered to you.

You can opt out of certain advertising by visiting the Network Advertising Initiative opt out page or permanently using the Google Analytics opt out browser add on.  If you wish to take steps to opt-out of tracking by certain online advertisers, you can visit the Digital Advertising Alliance’s opt-out page at https://www.aboutads.info/choices or the Network Advertising Initiative at www.networkadvertising. org/optout_nonppii.asp.  To learn more about how to opt out of Google’s use of cookies, visit Google’s Ads Settings, here.  To learn more about cookies and similar tracking technologies, and how they can affect your privacy, visit allaboutcookies.org.  To learn more about how Google uses cookies to process and collect data, or to opt-out of Google’s analytic and marketing services, visit the Google Privacy Notice.  LinkedIn members can control the use of their personal data for advertising purposes through their LinkedIn account settings.

3.3 INFORMATION WE RECEIVE FROM OTHER SOURCES

We may receive personal data about you if you use any of the other websites we operate or the other online projects or services we provide.  We are also working closely with third parties (including, for example, business partners, technical and delivery services, advertising networks, analytics providers, search information providers) and may receive personal data about you from them.  We may combine this personal data with personal data you give to us and personal data we collect about you to create combined personal data.

4      HOW WE USE YOUR PERSONAL DATA

We use your personal data to:

We may also use such information for other purposes related to our business or that of our related entities, as well as for any other purpose described in this notice or any other agreement you may enter with us or otherwise as we may disclose to you or to which you consent from time to time, or for other purposes as required or permitted by applicable law.

5      HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?

We are allowed to process your personal data based on the following legal bases:

6      DISCLOSURE OF YOUR INFORMATION

We may share your personal data with any member of our corporate group, which means our subsidiaries, our parent company and its subsidiaries.

We do not sell or rent personal data to marketers or unaffiliated third parties.  We may share your information with selected third parties including:

7      WHERE DO WE STORE YOUR PERSONAL DATA AND HOW DO WE KEEP IT SECURE?

7.1 WHERE DO WE STORE YOUR PERSONAL DATA?

Apryse is based in Canada, other group companies are based in other jurisdictions, including in the US, New Zealand, Europe and the UK. The information (including any personal data) we collect is transferred, maintained, stored, and processed in Canada, the US, Europe and the UK and other countries outside Canada where our or our service providers’ facilities may be located. Regardless of where you are located, we carry out these transfers in compliance with applicable laws.

If you are based in Canada, you understand and agree that we may store and process the information you provide to us in Canada and other countries.  The data protection and privacy laws in those countries may offer a lower level of protection than the data protection and privacy laws of your country.  Also, this information may be subject to access requests from governments, courts, or law enforcement in Canada and foreign countries according to their laws.

If you are located in the UK, European Economic Area or Switzerland, your personal data is transferred outside of the UK, European Economic Area or Switzerland in order for our service providers to provide their services to us. The data protection and privacy laws in those other countries may offer a lower level of protection than the UK and European data protection laws.  We ensure that we put mechanisms in place in order to transfer your personal data securely and in accordance with applicable data protection laws. If you want to know more about our international transfers, you can contact us.

7.2 IS MY PERSONAL DATA SECURE?

We implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing.  We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data.  Among the steps we take in order to protect your information are:

Unfortunately, no transmission of information via the internet or storage of information is completely secure.  Although we take commercially reasonable steps to protect your personal data, we cannot guarantee the security of your data transmitted to our websites or apps that we store.

7.3 RETENTION OF PERSONAL DATA

Personal data will be retained in accordance with this notice for as long as may be necessary or relevant for the purpose of collection, or as may be required or permitted by applicable law, after which time it may be made anonymous or destroyed unless you further consent to its continued retention.

7.4 INTEGRATED SERVICES

You may be given the option to access or register for our products through the use of your username and passwords for certain services provided by third parties (each, an "Integrated Service"), such as through the use of your Google account, or otherwise have the option to authorize an Integrated Service to provide personal data or other information to us.  By authorizing us to connect with an Integrated Service, you authorize us to access and store your name, email address(es), and basic profile information that the Integrated Service makes available to us, and to use and disclose it in accordance with this notice.  You should check your privacy settings on each Integrated Service to understand what information that Integrated Service makes available to us, and make any changes you deem appropriate before you submit any personal data to them.  Please review each Integrated Service's terms of use and privacy policies carefully before using their services and connecting to our apps.

9      YOUR RIGHTS

You may have the following legal rights under the applicable data protection laws in relation to your personal data.  You can exercise these rights free of charge, by contacting us (please see "Contact Us"). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).  This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.  We may also contact you to ask you for further information in relation to your request to speed up our response.

Please be aware that there are exceptions that apply to some of these rights, which we will apply in accordance with applicable data protection laws.

Your data protection rights

What does this mean?

Right to be informed

You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and what your rights are.  This is why we are providing you this privacy notice.

Right of access

You have the right to obtain access to your personal data we process and certain other information (similar to that provided in this privacy notice).You may ask for:

- A copy of your information,
- Details about why and how we process your personal data,
- Whether we carry out any automated decision-making or profiling, and where we do information about the logic involved and the outcome or consequences of that decision or profiling.

To help us find the information, please give us as much information as possible about the type of personal data you would like to see.

Right to rectification

You are entitled to have your information corrected if it is inaccurate or incomplete.  If you would like us to do this, please contact us.

Rights to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes.  If you would like to do so, please contact us.  Alternatively, you can also click the ‘unsubscribe’ button at the bottom of the applicable emails you receive.  It may take up to 7 days for this to take place.

Rights in relation to automated decision making

These rights are not applicable as we do not carry out any automated decision making.

Right to erasure

This is also known as the ‘right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where:

1. You do not believe that we need your data in order to process it for the purposes set out in this privacy notice;
2. If you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
3. You object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
4. Your data has been processed unlawfully or have not been erased when it should have been.

Right to restrict processing

You have rights to ‘block’ or suppress further use of your information.  When processing is restricted we can still store your information, but may not use it further.  You may request that we stop processing your personal data temporarily if:

1. You do not think your data is accurate.  We will start processing again once we have checked whether or not the data is accurate;
2. The processing is unlawful but you do not want to erase your data;
3. We no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
4. You have objected to the processing because you believe that your interests should override our legitimate interests.

Right to data portability

You have rights in certain circumstances to obtain and reuse your personal data for your own purposes across different services.

Right to object to processing

You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing.

Right to withdraw consent

If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, that does not mean anything we have done with your personal data with your consent up to that point is unlawful).

Please contact us if you wish to withdraw your consent to anything we do with your personal data.

In order to exercise these rights, you may contact us as described in the Contact Us section below.  We will comply with your request to the extent required by applicable law.  If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.  In the UK, you have a right to complain to the Information Commissioner's Office (ICO).  Information about how to do this is available on its website at www.ico.org.uk.

10      CHANGES TO OUR PRIVACY NOTICE

Any changes we may make to our notice in the future will be posted on this page.  The date this notice was last revised is identified on the top of this page.  Please check back frequently to see any updates or changes to our notice.

11      CONTACT US

If you have any questions, comments and requests regarding this notice, how we handle your personal data, or if you would like to exercise any of your rights, please email our Privacy team at Privacy@apryse.com or send a letter to: 500-838 West Hastings Street, Vancouver BC V6C 0A6 Canada. If you live in the UK or Europe you can contact our European representative by mail at Osano International Compliance Services Limited, ATTN: IKOL, 25/28 North Wall Quay, Dublin 1, D01 H104, Ireland.

12      ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS

California residents may have additional rights under the California Consumer Privacy Act (“CCPA”) with respect to certain personal data that is not covered under a federal law.  If you are a California resident, this section details your rights under the CCPA, how you may exercise those rights, and what we will do in response.

The CCPA requires us to disclose information regarding the categories of personal data we have collected about California consumers (as that term is defined in the CCPA) during the preceding twelve (12) months, the categories of sources from which the personal data was collected, the business or commercial purposes for collecting the personal data and the categories of personal data disclosed to third parties. The sources of identity, contact and financial data are from direct interactions with you, whereas the remainder of the data categories listed below are either automatically collected (including Hotjar) or come from digital markers and online tracking technologies. Please see section 2 and 3 above for further details.  In the preceding 12 months, we collected and disclosed the following personal data about California consumers:

Categories of personal data collected and disclosed to third parties

Examples of Uses/business purposes

Identity

Collected to provide you the information, products and services you request; respond to enquiries from you; schedule meetings with you; manage our relationship with you; carry out agreements entered into between you and us. Disclosed to our other group companies, business partners and suppliers when this is necessary to provide our services to our users or for the performance of any contract we enter into with you.

Contact data

Collected to provide you the information, products and services you request; respond to enquiries from you; schedule meetings with you; manage our relationship with you; carry out agreements entered into between you and us. Disclosed to our other group companies, business partners and suppliers when this is necessary to provide our services to our users or for the performance of any contract we enter into with you.

Financial data

Collected to carry out any agreements entered into between you and us. Disclosed to our service providers who provide certain services on our behalf such as data hosting or processing services.  We will use contractual arrangements to protect personal data disclosed to these service providers.

Transaction data

Collected to carry out any agreements entered into between you and us. Disclosed to service providers who provide certain services on our behalf such as data hosting or processing services.  We will use contractual arrangements to protect personal data disclosed to these service providers

Technical data

Analytics and search engine providers that assist us in the improvement and optimisation of our products; our service providers who provide certain services on our behalf such as data hosting or processing services.  We will use contractual arrangements to protect personal data disclosed to these service providers

Product data

Analytics and search engine providers that assist us in the improvement and optimisation of our products.

Usage data

Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others.  Such disclosures are typically aggregate information about our users and analyses of our server logs, traffic, or information relating to customer leads, including details regarding usage of our websites or apps and general information about our audience, and are not generally considered to be personal data; analytics and search engine providers that assist us in the improvement and optimisation of our products

Marketing & Communications data

Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others.  Such disclosures are typically aggregate information about our users and analyses of our server logs, traffic, or information relating to customer leads, including details regarding usage of our websites or apps and general information about our audience, and are not generally considered to be personal data; analytics and search engine providers that assist us in the improvement and optimisation of our products.

Apryse does not sell any personal data and does not have actual knowledge that it sells the personal data of users under 16 years of age.

In addition, we may share personal data of California consumers:

California residents have the right to access and request:

California residents have the right to request the deletion of their personal data. However, this right does not apply to personal data that we need in order to:

California residents have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights hereunder.

To exercise any of your rights as a consumer please submit a verifiable consumer request to us. You may submit a verifiable consumer request by emailing us at privacy@apryse.com or contact us via our website at https://www.apryse.com/form/contact-us/. A California consumer may only make a verifiable request to exercise their rights twice within a 12-month period. The verifiable request must: (1) provide sufficient information for us to verify your identity, and (2) be in sufficient detail that we can reasonably understand the request, evaluate it, and respond. You may have an authorized agent submit a request to know, or a request to delete so long as you provide the authorized agent with written permission to submit the relevant request and you verify your own identify directly with us.  Such restrictions do not apply where you provide your authorized agent with power of attorney pursuant to California Probate Code sections 4121 to 4130. If we are unable to verify your request then we will be unable to provide you with the information you seek or delete any personal data we retain.

13      ACCESSIBILITY

This Privacy Notice uses industry-standard technologies and was developed in connection with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1.  If you wish to print this privacy notice, please do so from your web browser or by saving the page as a PDF.

Apryse Software Corp. © 2024 All Rights Reserved.