Privacy Policy

Version Date: 2022 05 01 

BioConnect Inc. (“BioConnect”, “we” or “us”) knows that you care about how your personal information is used and shared, and we take your privacy seriously. BioConnect offers identity authentication software, hardware and related services. We also own and operate several websites including www.bioconnect.com (each, a “Website”). This privacy policy aims to inform you about how we collect, use, disclose and store information about you when you: 

a. Interact or use our website, including downloading material or requesting a demonstration or quote; 

b. Use any of our products, services or applications, including any trial (collectively, the “Services”); or 

c. Attend any of our webinars or other events. 

 

 1. THE INFORMATION WE COLLECT 

We gather various types of information, including information that identifies or may identify you as an individual (“Personal Information”). 

 

1.1 INFORMATION YOU PROVIDE TO US THROUGH OUR WEBSITE: We may collect any Personal Information that you choose to send to us or provide to us, for example, on our “Get a Quote” (or similar) online form or if you register for a webinar. If you contact us through our Website, we will keep a record of our correspondence and your Personal Information. 

1.2 INFORMATION YOU PROVIDE TO US THROUGH OUR SERVICES: We receive and store information you provide directly to us. For example, when setting up new users, we collect Personal Information, such as name and e-mail address, to provide users with the Services. The types of information we may collect directly from our customers and their end users include: names, usernames, email addresses, postal addresses, phone numbers, job titles, transactional information (including Services purchased), as well as any other contact or other information they choose to provide us or upload to our systems in connection with the Services. 

1.3 INFORMATION COLLECTED THROUGH OUR SOFTWARE PRODUCTS. See Schedule A for a summary of the information we collect through our software products, including BioConnect Trust Platform, BioConnect Enterprise and our BioConnect Mobile application. To the extent that the terms and conditions of any software product purchased from BioConnect differ from this Privacy Policy, the product terms and conditions shall govern. 

1.4 INFORMATION WE AUTOMATICALLY COLLECT: When you visit our Website, we collect certain information related to your device. We use Google Analytics on our Website to track our visitors. Google Analytics captures data about our visitors including the source of the traffic, the duration of the visit, the type and location of the device being used to view the website, and how the visitor interacts with the website. Google Analytics uses cookies to obtain this data. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. By continuing to use our Website, your consent to place these cookies will be assumed and cookies will be placed. The tracking information allows us to better understand our visitors and their engagement level with our content. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. We will not collect nor report on any personally identifying data from our visitors. We have also enabled Google Analytics Demographics and Interest Reporting. For more information on this feature, please visit the following link: https://goo.gl/35Mk84. Demographics and interests data provides information about the age and gender of our visitors, along with the interests they express through their online and purchasing activities. This data is collected through a third-party DoubleClick cookie. Analytics then collects any demographic and interests information available in the cookie. By using this feature we gain insight into the behaviour information relating to visitor age, gender and interests on an anonymous and aggregate level. This will help us understand browsing behaviour so that we can provide users with a better experience while visiting our sites. We do not use these features to serve ads to our visitors. You can opt out of Google Analytics without affecting how you visit our site. Website users who don’t want their data collected with Google Analytics can install the Google Analytics opt-out browser add-on. To opt out of Analytics for the web, please visit Google Analytics’ opt out page (https://tools.google.com/dlpage/gaoptout) and install the add-on for your browser. This add-on does not prevent data from being sent to the website itself or in other ways to web analytic services. 

2. HOW WE USE THIS INFORMATION 

 

2.1 INFORMATION FROM OUR WEBSITE: We use the information we collect via our Website to administer our website and events, for internal operations (including troubleshooting, data analysis, testing, statistical and survey purposes), to improve our Website, for trend monitoring, marketing and advertising, to keep our Website secure, and to provide the service or respond to the request that you have submitted, ie. provide access to a whitepaper or schedule a demonstration. Our use of your Personal Information may be based on our legitimate interest to ensure network and information security, for our direct marketing purposes, or to provide services you have consented to (ie. a demonstration). 

2.2 INFORMATION FROM OUR SERVICES: We may use the information we collect from our Customers and their end users in connection with the Services we provide for a range of reasons, including to: set up a user account, provide the Services, process and complete transactions, process payments for Services, provide support and respond to enquiries, send technical updates and notifications, investigate and prevent fraudulent activities , unauthorized access to the Services and other illegal activities and for any other purposes about which we notify our Customers and their end users. We use your Personal Information based on the contract that we have in place with you or your legitimate business interest for security purposes. For more information about how we use your Personal Information collected through our software products, see Schedule A. 

3.  HOW WE SHARE THIS INFORMATION 

We share and disclose information (including Personal Information) about our customers in the following limited circumstances:

3.1 CONSULTANTS AND OTHER SERVICE PROVIDERS. We may share your information with third party vendors, consultants and other service providers who we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (ie. Google Analytics), CRM providers (ie. Salesforce) and others. If BioConnect collects your Personal Information and subsequently transfers that information to a third party agent or service provider for processing, BioConnect remains responsible for ensuring that such third party agent or service provider processes your Personal Information to the standard required by the applicable privacy laws. 

3.2 BUSINESS TRANSFERS: We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party. 

3.3 LEGAL COMPLIANCE: We reserve the right to access, read, preserve, and disclose any information as necessary to comply with laws or court orders; enforce or apply our agreements with you and other agreements; or protect the rights, property, or safety of BioConnect, our employees, our users, or others. Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements. 

4.  SECURITY OF YOUR INFORMATION

4.1 OUR SECURITY MEASURES. We use appropriate technical, organizational and administrative security measures to protect any information we hold in our records from loss, misuse and unauthorized access, disclosure, alteration and destruction. 

4.2 INFORMATION COLLECTED THROUGH OUR SOFTWARE PRODUCTS. For many of BioConnect’s software products, information about your end users is stored on your servers and subject to your data security, retention and other information security policies and procedures. See Schedule A for more details about end user information. 

5.  YOUR PRIVACY RIGHTS

You can always opt not to share information with us, but that may mean that we are not able to provide to you some of our Services.

5.1 E-MAIL COMMUNICATION. We prohibit the delivery of unsolicited commercial email in violation of applicable laws, and include an “opt-out” or unsubscribe mechanism in all our marketing messages. If you have subscribed to receive a company newsletter or any other type of communication from us and later change your mind, you may unsubscribe using the link at the bottom of promotional emails, or contact us to have your name removed from our distribution lists at privacy@bioconnect.com. 

5.2 EXERCISING YOUR DATA RIGHTS. If you would like to access, review, update, rectify or delete any Personal Information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR) or other legislation, you can email privacy@bioconnect.com with details of your request. Our privacy team will examine your request and respond to you as quickly as possible, with a goal of responding within 5 business days. Please note that we may still use any aggregated and de-identified information that does not identify any individual, and may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. 

6.  INTERNATIONAL DATA TRANSFERS

6.1 DATA IN CANADA & UNITED STATES. BioConnect uses Azure and AWS servers located in Canada and the United States to store its data. Personal Information you submit on our Websites or through our Services may be sent to Canada and the United States and processed by us there on our service providers’ cloud servers. We will always protect your information in accordance with this Privacy Notice wherever it is processed. 

6.2 EU DATA. BioConnect may transfer Personal Information from the European Union (“EU”) to Canada and the United States, including Personal Information we receive from individuals residing in the EU who visit our Website and/or who may use our Services or otherwise interact with us. Please note that for individuals located in the EU, the term Personal Information used in this Policy is equivalent to the term “personal data” under applicable European data protection laws. Individuals located within the EU with inquiries or complaints regarding this Privacy Policy should contact BioConnect at privacy@bioconnect.com. We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of personal data within 45 days of receiving your complaint. 

6.3 CALIFORNIA DATA. Under the California Consumer Privacy Act (‘CCPA’), California residents have certain rights regarding the personal information that businesses have about them. This includes the rights to request access to or deletion of your personal information, as well as the right to direct a business to stop selling your personal information. BioConnect collects identifiers (such as name, address, email, phone number, job title and transactional information), commercial information (such as records of services purchased or demos requested) and internet or other electronic network activity information (such as usage information, IP address, cookie information and customer feedback). The terms and conditions attached to our specific products may set out additional information that is collected. We collect information either directly from you or from your usage of our Website and Services. We use this information to provide the Services you request, for general website administration and for trend monitoring, marketing and advertising, as well as to ensure website and company security. BioConnect shares personal information as necessary for certain “business purposes,” as defined by the CCPA. This includes sharing information with providers of payment processing, customer relationship management, consulting, email services, product feedback and helpdesk services. While we do not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA. This includes sharing information with website analytics companies and event sponsors. You have a right to opt out of those sales by contacting privacy@bioconnect.com. Note that we may still use aggregated and de-identified information that does not identify you or any individuals and may retain information as needed in order to comply with legal obligations, enforce agreements and resolve disputes. You have the right to request disclosure of what personal information BioConnect has collected or disclosed about you and to delete such information. In accordance with the CCPA, BioConnect does not have to delete information that would create problems with the completion of a transaction or compliance with a legal obligation. BioConnect will not discriminate against you for exercising any of the rights afforded to you but deleting some information or opting out of the sale of some information may mean that certain aspects of our Website or our Services will not be available to you. If you would like to exercise any of your rights set out in this paragraph, or have a complaint or inquiry about your Personal Information, contact privacy@bioconnect.com and our privacy team will examine your request and respond to you as soon as possible, with a goal to respond within 5 business days. 

7.  GENERAL PROVISIONS

7.1 CHILDREN. BioConnect does not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provide Personal Information to us, please contact us at privacy@bioconnect.com. 

7.2 LINKED WEBSITES. Hyperlinks may be posted on our Website which link to other websites. We are not responsible for, and this Privacy Policy does not apply to, the privacy practices or other practices of any linked site or of any company we do not own or control. We do not endorse the linked sites and encourage you to familiarize yourself with their privacy practices. 

7.3 CHANGES TO THIS PRIVACY POLICY. We are constantly trying to improve our Website and Services, which means we may need to change this Privacy Policy from time to time. We will alert you to material changes by, for example, placing a notice on our Website or sending you an email (if you have registered your email details with us for this purpose) when we are required to do so by applicable law. You can see when this Privacy Policy was last updated by checking the version date at the top. You are responsible for periodically reviewing this Privacy Policy. 

7.4 CONTACT US. Please contact BioConnect’s privacy team at privacy@bioconnect.com if you have any questions, requests or concerns regarding your privacy and rights. 

 

SCHEDULE A:   Privacy Information Relating to BioConnect Software Products 

BioConnect’s Authentication Platform includes multiple software solutions: BioConnect Enterprise for access to doors and other physical spaces that are tied to an existing access control system, BioConnect Link for access to small spaces, including cabinets, safes or other physical spaces that may not be tied to an access control system and BioConnect Mobile, an app for access using the end user’s mobile device. Our customers may subscribe to all or only some of the software solutions that are part of our BioConnect Authentication Platform. Accordingly, all of the information contained in this document may or may not be applicable to any one customer. 

The privacy of our customers’ and end users’ information is important to us. This Schedule explains what information we collect, how we use that information, how we protect it as it relates to use of our software products, and our data retention policies. In this Schedule, we refer to the individual who uses our BioConnect software to gain access to a physical or digital space as the “end user”. In some laws, like the European Union’s General Data Protection Regulation (GDPR), this end user is referred to as the data subject. It is important to understand that the end user is not BioConnect’s customer. In this Schedule, we refer to the businesses who are our customers as “Customers”. Our Customers are organizations that purchase our software solution and choose to use it within their company — perhaps to provide their employees or customers with access to enter their office locations, cabinets or safes or to provide their customers with access to their digital application. BioConnect’s Customer is the business/organization. The end user is our Customer’s employees, customers or others who our Customer enrolls to use our software solutions. 

Except for basic end user Personal Information for Customers using our BioConnect Link or our BioConnect Mobile solutions (described below), BioConnect does not store, own or have access to any data that identifies an end user, whether their name, address, IP address, biometric information or otherwise. All Personal Information about an end user is stored on our Customer’s servers, devices and environments. Accordingly, BioConnect’s Customers are responsible for storage, usage, protection and retention of their respective end users’ Personal Information. It’s important to recognize that BioConnect has no direct relationship with the end user whose data is collected through its BioConnect Enterprise solution, since this solution runs completely on our Customers’ servers. BioConnect’s Customers are responsible for the relationship with the end user and maintaining consent and compliance with laws relating to protection of Personal Information (including, among others, GDPR for the European Union, the Health Insurance Portability and Accountability Act (HIPAA), Illinois’ Biometric Information Privacy Act, California’s California Consumer Privacy Act and Canada’s Personal Information Protection and Electronic Documents Act, as applicable). This document does not constitute legal advice and BioConnect’s Customers must ensure they are aware of their legal obligations when using the BioConnect Authentication Platform. End users are encouraged to contact their applicable organization through whom they enrolled into the BioConnect solution if they have questions or concerns regarding their Personal Information. 

The exception to BioConnect’s lack of access to end user Personal Information is regarding BioConnect Customers using BioConnect Link or BioConnect Mobile. These solutions may not connect to our Customer’s existing access control solution and therefore operate as cloud-connected solutions. For Customers using our BioConnect Link or BioConnect Mobile solutions, BioConnect will store, manage and have access to their end users’ names and email addresses in order to link the end users to our Customer’s database of enrolled users. If our Customers enable the TrustAI feature of BioConnect Mobile, and if their end users consent, then geolocation data may also be directly captured in order to facilitate anti-fraud features, along with other anonymized device and usage data which does not identify an individual. BioConnect uses Azure and AWS servers located in Canada and the United States to store its data. Personal Information you submit through our cloud solutions may be sent to Canada and the United States and processed by us there on our service providers’ cloud servers. We will always protect your information in accordance with this Privacy Notice wherever it is processed. BioConnect uses this Personal Information to facilitate access control and identity assurance, to provide the services to which our Customer has subscribed and the end user has enrolled, to provide support to our Customer and their end users and to improve our Services. Personal Information will only be shared with BioConnect’s employees, agents or contractors with a need to know such information in order to undertake those activities. It will be protected using a commercially reasonable degree of care to prevent unauthorized use or disclosure, and will be removed when our Customer removes an end user from the BioConnect solution. More details about BioConnect’s privacy procedures are contained in BioConnect’s Privacy Policy to which this is attached. 

When an end user uses our BioConnect Mobile application, we may receive information about the end user and their interactions with us from third parties, such as from our Customers who use the BioConnect Mobile application to grant or deny access to a space, which may be the end user’s employer, school, data center or other location where the BioConnect Mobile application is used. 

BioConnect prides itself on maintaining a high level of security and privacy in both our products and operational processes. Our customer-facing staff, developers and those with access to our production systems have completed criminal background checks and BioConnect has implemented industry-standard access control provisions to control access to our networks, source code and production environments. When stored and in transit, all Personal Information is encrypted. In no event is any end user’s biometric template stored on BioConnect’s servers. For BioConnect Enterprise usage, the biometric template is stored on our Customers’ servers, tied in with their access controls system, and for BioConnect Link and BioConnect Mobile Customers, the biometric template is stored on the end users’ device. 

Further, BioConnect has designed features into our software solutions to assist our Customers and support them in complying with their legal obligations under privacy legislation, including the following: 

  • In order to assist with our Customers’ obligations relating to an end user’s right to access or disclosure: Our Customers have the ability to extract end user information from our solutions in order to communicate to their end users whether the end user’s data has been captured, where it has been used (i.e., to access what space/application) and the access history for such end user. 
  • In order to assist with our Customers’ obligations relating to an end user’s right to be forgotten: End user biometric templates can be deleted by our Customer from the BioConnect software and databases. For BioConnect Enterprise, in order for end users to be entirely removed from the system, they must also be removed from the access control software with which BioConnect is syncing information. For BioConnect Mobile, the biometric templates are stored solely on the end user’s mobile device – and the end user themselves can delete their biometric and other Personal Information by removing the application from their mobile device. 
  • In order to assist with our Customers’ obligations relating to an end user’s right to data portability: Upon request, BioConnect’s Customers can extract any end user data from the BioConnect database and provide it to the end user as a CSV file. For BioConnect Enterprise, physical access records would be garnered from the access control software that manages the physical opening, locking and closing of access points. In certain circumstances, biometric templates may be exported from BioConnect Enterprise. For our BioConnect Mobile and BioConnect Link solutions, an end user’s biometric templates are stored on their own authorized mobile device. 
  • In order to assist with our Customers’ obligations relating to implementing measures for a privacy by design system: While BioConnect cannot be responsible for, and does not accept any responsibility for, the internal organizational processes of our Customer, BioConnect has implemented its own internal processes that ensure anything developed by BioConnect is held to high privacy and security standards.