Version Date: 2022 05 01
a. Interact or use our website, including downloading material or requesting a demonstration or quote;
b. Use any of our products, services or applications, including any trial (collectively, the “Services”); or
c. Attend any of our webinars or other events.
1. THE INFORMATION WE COLLECT
We gather various types of information, including information that identifies or may identify you as an individual (“Personal Information”).
1.1 INFORMATION YOU PROVIDE TO US THROUGH OUR WEBSITE: We may collect any Personal Information that you choose to send to us or provide to us, for example, on our “Get a Quote” (or similar) online form or if you register for a webinar. If you contact us through our Website, we will keep a record of our correspondence and your Personal Information.
1.2 INFORMATION YOU PROVIDE TO US THROUGH OUR SERVICES: We receive and store information you provide directly to us. For example, when setting up new users, we collect Personal Information, such as name and e-mail address, to provide users with the Services. The types of information we may collect directly from our customers and their end users include: names, usernames, email addresses, postal addresses, phone numbers, job titles, transactional information (including Services purchased), as well as any other contact or other information they choose to provide us or upload to our systems in connection with the Services.
2. HOW WE USE THIS INFORMATION
2.1 INFORMATION FROM OUR WEBSITE: We use the information we collect via our Website to administer our website and events, for internal operations (including troubleshooting, data analysis, testing, statistical and survey purposes), to improve our Website, for trend monitoring, marketing and advertising, to keep our Website secure, and to provide the service or respond to the request that you have submitted, ie. provide access to a whitepaper or schedule a demonstration. Our use of your Personal Information may be based on our legitimate interest to ensure network and information security, for our direct marketing purposes, or to provide services you have consented to (ie. a demonstration).
2.2 INFORMATION FROM OUR SERVICES: We may use the information we collect from our Customers and their end users in connection with the Services we provide for a range of reasons, including to: set up a user account, provide the Services, process and complete transactions, process payments for Services, provide support and respond to enquiries, send technical updates and notifications, investigate and prevent fraudulent activities , unauthorized access to the Services and other illegal activities and for any other purposes about which we notify our Customers and their end users. We use your Personal Information based on the contract that we have in place with you or your legitimate business interest for security purposes. For more information about how we use your Personal Information collected through our software products, see Schedule A.
3. HOW WE SHARE THIS INFORMATION
We share and disclose information (including Personal Information) about our customers in the following limited circumstances:
3.1 CONSULTANTS AND OTHER SERVICE PROVIDERS. We may share your information with third party vendors, consultants and other service providers who we employ to perform tasks on our behalf. These companies include (for example) our payment processing providers, website analytics companies (ie. Google Analytics), CRM providers (ie. Salesforce) and others. If BioConnect collects your Personal Information and subsequently transfers that information to a third party agent or service provider for processing, BioConnect remains responsible for ensuring that such third party agent or service provider processes your Personal Information to the standard required by the applicable privacy laws.
3.2 BUSINESS TRANSFERS: We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.
3.3 LEGAL COMPLIANCE: We reserve the right to access, read, preserve, and disclose any information as necessary to comply with laws or court orders; enforce or apply our agreements with you and other agreements; or protect the rights, property, or safety of BioConnect, our employees, our users, or others. Under certain circumstances, we may be required to disclose your Personal Information in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
4. SECURITY OF YOUR INFORMATION
4.1 OUR SECURITY MEASURES. We use appropriate technical, organizational and administrative security measures to protect any information we hold in our records from loss, misuse and unauthorized access, disclosure, alteration and destruction.
4.2 INFORMATION COLLECTED THROUGH OUR SOFTWARE PRODUCTS. For many of BioConnect’s software products, information about your end users is stored on your servers and subject to your data security, retention and other information security policies and procedures. See Schedule A for more details about end user information.
5. YOUR PRIVACY RIGHTS
You can always opt not to share information with us, but that may mean that we are not able to provide to you some of our Services.
5.1 E-MAIL COMMUNICATION. We prohibit the delivery of unsolicited commercial email in violation of applicable laws, and include an “opt-out” or unsubscribe mechanism in all our marketing messages. If you have subscribed to receive a company newsletter or any other type of communication from us and later change your mind, you may unsubscribe using the link at the bottom of promotional emails, or contact us to have your name removed from our distribution lists at firstname.lastname@example.org.
5.2 EXERCISING YOUR DATA RIGHTS. If you would like to access, review, update, rectify or delete any Personal Information we hold about you, or exercise any other data subject right available to you under the EU General Data Protection Regulation (GDPR) or other legislation, you can email email@example.com with details of your request. Our privacy team will examine your request and respond to you as quickly as possible, with a goal of responding within 5 business days. Please note that we may still use any aggregated and de-identified information that does not identify any individual, and may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
6. INTERNATIONAL DATA TRANSFERS
6.1 DATA IN CANADA & UNITED STATES. BioConnect uses Azure and AWS servers located in Canada and the United States to store its data. Personal Information you submit on our Websites or through our Services may be sent to Canada and the United States and processed by us there on our service providers’ cloud servers. We will always protect your information in accordance with this Privacy Notice wherever it is processed.
6.3 CALIFORNIA DATA. Under the California Consumer Privacy Act (‘CCPA’), California residents have certain rights regarding the personal information that businesses have about them. This includes the rights to request access to or deletion of your personal information, as well as the right to direct a business to stop selling your personal information. BioConnect collects identifiers (such as name, address, email, phone number, job title and transactional information), commercial information (such as records of services purchased or demos requested) and internet or other electronic network activity information (such as usage information, IP address, cookie information and customer feedback). The terms and conditions attached to our specific products may set out additional information that is collected. We collect information either directly from you or from your usage of our Website and Services. We use this information to provide the Services you request, for general website administration and for trend monitoring, marketing and advertising, as well as to ensure website and company security. BioConnect shares personal information as necessary for certain “business purposes,” as defined by the CCPA. This includes sharing information with providers of payment processing, customer relationship management, consulting, email services, product feedback and helpdesk services. While we do not sell personal information in exchange for any monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA. This includes sharing information with website analytics companies and event sponsors. You have a right to opt out of those sales by contacting firstname.lastname@example.org. Note that we may still use aggregated and de-identified information that does not identify you or any individuals and may retain information as needed in order to comply with legal obligations, enforce agreements and resolve disputes. You have the right to request disclosure of what personal information BioConnect has collected or disclosed about you and to delete such information. In accordance with the CCPA, BioConnect does not have to delete information that would create problems with the completion of a transaction or compliance with a legal obligation. BioConnect will not discriminate against you for exercising any of the rights afforded to you but deleting some information or opting out of the sale of some information may mean that certain aspects of our Website or our Services will not be available to you. If you would like to exercise any of your rights set out in this paragraph, or have a complaint or inquiry about your Personal Information, contact email@example.com and our privacy team will examine your request and respond to you as soon as possible, with a goal to respond within 5 business days.
7. GENERAL PROVISIONS
7.1 CHILDREN. BioConnect does not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provide Personal Information to us, please contact us at firstname.lastname@example.org.
7.4 CONTACT US. Please contact BioConnect’s privacy team at email@example.com if you have any questions, requests or concerns regarding your privacy and rights.
SCHEDULE A: Privacy Information Relating to BioConnect Software Products
BioConnect’s Authentication Platform includes multiple software solutions: BioConnect Enterprise for access to doors and other physical spaces that are tied to an existing access control system, BioConnect Link for access to small spaces, including cabinets, safes or other physical spaces that may not be tied to an access control system and BioConnect Mobile, an app for access using the end user’s mobile device. Our customers may subscribe to all or only some of the software solutions that are part of our BioConnect Authentication Platform. Accordingly, all of the information contained in this document may or may not be applicable to any one customer.
The privacy of our customers’ and end users’ information is important to us. This Schedule explains what information we collect, how we use that information, how we protect it as it relates to use of our software products, and our data retention policies. In this Schedule, we refer to the individual who uses our BioConnect software to gain access to a physical or digital space as the “end user”. In some laws, like the European Union’s General Data Protection Regulation (GDPR), this end user is referred to as the data subject. It is important to understand that the end user is not BioConnect’s customer. In this Schedule, we refer to the businesses who are our customers as “Customers”. Our Customers are organizations that purchase our software solution and choose to use it within their company — perhaps to provide their employees or customers with access to enter their office locations, cabinets or safes or to provide their customers with access to their digital application. BioConnect’s Customer is the business/organization. The end user is our Customer’s employees, customers or others who our Customer enrolls to use our software solutions.
Except for basic end user Personal Information for Customers using our BioConnect Link or our BioConnect Mobile solutions (described below), BioConnect does not store, own or have access to any data that identifies an end user, whether their name, address, IP address, biometric information or otherwise. All Personal Information about an end user is stored on our Customer’s servers, devices and environments. Accordingly, BioConnect’s Customers are responsible for storage, usage, protection and retention of their respective end users’ Personal Information. It’s important to recognize that BioConnect has no direct relationship with the end user whose data is collected through its BioConnect Enterprise solution, since this solution runs completely on our Customers’ servers. BioConnect’s Customers are responsible for the relationship with the end user and maintaining consent and compliance with laws relating to protection of Personal Information (including, among others, GDPR for the European Union, the Health Insurance Portability and Accountability Act (HIPAA), Illinois’ Biometric Information Privacy Act, California’s California Consumer Privacy Act and Canada’s Personal Information Protection and Electronic Documents Act, as applicable). This document does not constitute legal advice and BioConnect’s Customers must ensure they are aware of their legal obligations when using the BioConnect Authentication Platform. End users are encouraged to contact their applicable organization through whom they enrolled into the BioConnect solution if they have questions or concerns regarding their Personal Information.
When an end user uses our BioConnect Mobile application, we may receive information about the end user and their interactions with us from third parties, such as from our Customers who use the BioConnect Mobile application to grant or deny access to a space, which may be the end user’s employer, school, data center or other location where the BioConnect Mobile application is used.
BioConnect prides itself on maintaining a high level of security and privacy in both our products and operational processes. Our customer-facing staff, developers and those with access to our production systems have completed criminal background checks and BioConnect has implemented industry-standard access control provisions to control access to our networks, source code and production environments. When stored and in transit, all Personal Information is encrypted. In no event is any end user’s biometric template stored on BioConnect’s servers. For BioConnect Enterprise usage, the biometric template is stored on our Customers’ servers, tied in with their access controls system, and for BioConnect Link and BioConnect Mobile Customers, the biometric template is stored on the end users’ device.
Further, BioConnect has designed features into our software solutions to assist our Customers and support them in complying with their legal obligations under privacy legislation, including the following:
- In order to assist with our Customers’ obligations relating to an end user’s right to access or disclosure: Our Customers have the ability to extract end user information from our solutions in order to communicate to their end users whether the end user’s data has been captured, where it has been used (i.e., to access what space/application) and the access history for such end user.
- In order to assist with our Customers’ obligations relating to an end user’s right to be forgotten: End user biometric templates can be deleted by our Customer from the BioConnect software and databases. For BioConnect Enterprise, in order for end users to be entirely removed from the system, they must also be removed from the access control software with which BioConnect is syncing information. For BioConnect Mobile, the biometric templates are stored solely on the end user’s mobile device – and the end user themselves can delete their biometric and other Personal Information by removing the application from their mobile device.
- In order to assist with our Customers’ obligations relating to an end user’s right to data portability: Upon request, BioConnect’s Customers can extract any end user data from the BioConnect database and provide it to the end user as a CSV file. For BioConnect Enterprise, physical access records would be garnered from the access control software that manages the physical opening, locking and closing of access points. In certain circumstances, biometric templates may be exported from BioConnect Enterprise. For our BioConnect Mobile and BioConnect Link solutions, an end user’s biometric templates are stored on their own authorized mobile device.
- In order to assist with our Customers’ obligations relating to implementing measures for a privacy by design system: While BioConnect cannot be responsible for, and does not accept any responsibility for, the internal organizational processes of our Customer, BioConnect has implemented its own internal processes that ensure anything developed by BioConnect is held to high privacy and security standards.