Borealis Privacy Statement and Policy
Effective as of May 5, 2017
Boreal – Information Strategiques 2014 Inc. (“Borealis” or the “Company”) is committed to protecting the privacy of individuals who visit its Websites (“Visitors”) and persons who are users of the Borealis Online Service, as such expressions are defined below (“Customers”). This Privacy Statement and Policy (the “Policy”) describes Borealis’ privacy and personal information protection practices in relation to the use of the Company’s Websites by Visitors and Service by Customers.
Scope of this Policy
This Policy applies to the information that we obtain through your use of the Borealis Properties via a Device or when you otherwise interact and communicate with Borealis.
“Websites” include our web sites, such as www.boreal-is.com, including their related sub-domains and pages.
“Borealis Online Service” includes the managed and SaaS versions of the Borealis product, but does not include other Borealis products and services for which a separate privacy policy exists as well as Third Party Products.
The Borealis Websites and Borealis Online Service constitute what we refer to in this Policy as the “Borealis Properties”.
“Third Party Products” are websites, products and services made by third parties and that may be integrated within the Borealis Properties. You should always refer to the privacy policies about Third Party Products as they may have different terms than the present one.
A “Device” is any computer used to access the Borealis Properties, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.
Types of Information Collected
“User Information” is personal information that we may collect from your use of the Borealis Websites as well as your interactions with us offline. Personal information is information that identifies an individual or relates to an identifiable individual. Examples of User Information include information provided by a Visitor or Customer about her or himself, including her or his name, e-mail and physical address, telephone number, billing information, company affiliation and associated interests. Borealis may also collect other information about Visitors and Customer and some employees, for example through its Websites, as part of that interaction.
Borealis may also collect other information through your interaction with and use of the Websites as well as your interactions with us offline, which does not reveal your identity or directly relate to you. Such other information may include, but is not limited to, browser and Device information, data collected through automated electronic interactions, application usage data, demographic information, geographic or geo-location information, statistical, anonymized and aggregated information. Statistical, anonymized or aggregated information does not directly identify a specific person, but it may be derived from Personal Information. For example, we may aggregate Personal Information to calculate the percentage of users in a particular postal or zip code.
“Online Service Data” is data that is stored on Borealis’, Customers’ or third-parties’ systems to which Borealis is provided access to perform services or provide functionality. Such data may include personal information about the customer’s employees, customers, partners, suppliers or Stakeholders. Borealis treats Online Service Data according to the terms of this policy, and also treats it as Confidential Information in accordance with the terms of the agreement governing Customers’ access to and use of the Borealis Online Service.
How Borealis Collects User Information
Borealis and its third party service providers may collect both personal information and other information from a variety of sources that generally fall into three categories:
-
Direct Interactions:
From your use of and interaction with us through the Borealis Websites and other activities such as account creation, submission of registrations and forms, or sales inquiries and transactions. -
Publicly Available Data / Data from Third Parties:
Other data you may have made publicly available, such as social media posts, or data provided by third party sources, such as marketing opt-in lists, or data aggregators. -
Automated Interactions:
From the use of technologies such as electronic communication protocols, cookies, embedded URLs or pixels, or widgets, buttons and tools.
Although Borealis’ use of Automated Interactions may change over time as technology evolves, the following descriptions are designed to provide you with additional detail about Borealis’ current approach to information collected from Automated Interactions.
Electronic Communications Protocols:
As is the case when you visit most websites and apps, Borealis may automatically receive information from you as part of the communication connection itself, which often consists of network routing information (where you came from), equipment information (browser type), your IP address (which may identify your general geographic location or company), and date and time.
Borealis may also automatically receive and record information about your interaction with the Borealis Websites, such as clickstream information (when each Borealis webpage was visited and how much time was spent on the page), web analytics or general geo-location data.
Cookies:
Borealis’ server will query your browser to see if there are “cookies” previously set by the Borealis Websites. A cookie is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser. Cookies may collect information, including a unique identifier, user preferences, profile information, membership information, and general usage and volume statistical information. Cookies may also be used to collect individualized website usage data, provide electronic website experience personalization, or conduct and measure the effectiveness of advertising in accordance with this Policy. Some cookies may remain on users’ computers after they leave the Borealis Websites. While the majority are set to expire within 1-24 months of a user’s last visit to the website that set the cookie, others may not expire because of their nature, like cookies that remember opt-out preferences.
Your browser may provide you with information and control over cookies. You can set your browser to alert you when a cookie is being used, and accept or reject the cookie. You can also set your browser to refuse all cookies or accept only cookies returned to the originating servers. Users can generally disable the cookie feature on their browser without affecting their ability to use a site, except in some cases where cookies are used as an essential security feature necessary for transaction completion. Cookies, however, are important to the proper functioning of a site, and disabling them may degrade your experience and interfere with website features and customizations.
Embedded Pixels and Similar Technologies:
On the Borealis Websites, Borealis and its service providers may use embedded pixel technologies for the purposes of identifying unique user visits (as opposed to aggregate hits), and for advertising purposes. In addition, embedded pixels or other technologies may be used in e-mails and our online display advertising to provide information on when the e-mail or ad was opened to track marketing campaign responsiveness; information collected using these technologies may be associated with the recipient’s e-mail address.
Widgets, Buttons, and Tools:
The Borealis Websites may include widgets, which are interactive mini-programs that run on our site to provide specific services from another company (e.g., links to bookmarked sites), along with buttons or other tools that link to other companies’ services (e.g., a “Like” button or third party map). The widget, button or tool may collect and automatically send personal information, such as your e-mail address, or other information (such as your browser information, or IP address), to a third party. Cookies may also be set or used by the widgets, buttons or tools to enable them to function properly or for other purposes, which may include advertising. Information collected or used by a widget, button or tool, including cookie settings and preferences, is governed by the privacy policy of the company that created it.
Physical Location:
We may collect the physical location of your device and use it to provide you with personalized location-based services or content. In some instances, you may be permitted to allow or deny such use of your device’s location, but if you choose to deny such use, we may not be able to provide you with the applicable personalized services or content.
Analytics Information Derived from Website and Online Service Data:
Analytics information also consists of data we collect as a result of running queries against Online Service Data across our user base for the purposes of generating Usage Data. “Usage Data” is anonymized and aggregated data about a group or category of services, features or users that does not contain User Information or other personal information. For example, we may query Online Service Data to determine statistics on usability, or we may query Online Service Data to determine industry data trends in order to better understand the composition of our user base.
Though we may happen upon sensitive or User Information as we compile Usage Data from Online Service Data across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Online Service Data of any particular Customer.
How Borealis Uses User Information Collected
Borealis uses and shares the User Information it collects (unless directed otherwise by applicable law), to:
-
Engage in Transactions
Borealis may use User Information to engage in transactions with you. -
Process Transactions
Borealis may use User Information along with, financial, credit card, and payment information, to process your transactions. -
Provide Support or Other Services
Borealis may use your User Information to provide you support or other services you have ordered, as well as product updates, product patches and fixes and other similar operational communications. -
Tailor Marketing to Your Needs and Respond to Your Requests
Borealis may use your User Information to notify you about new product releases and service developments, and to advertise Borealis’ products and services in accordance with this Policy. Your Website visit, marketing experience, and communications may be tailored to your interests based on your User Information. Borealis may also use User Information in order to respond directly to your information requests (including newsletter registrations or other specific requests), or pass your contact information to the appropriate Borealis partner for further follow-up related to your interests. In addition, if you consent, Borealis may share your User Information with other selected partners that offer complementary products or services. Please review the specific partner’s privacy policy regarding any further interactions with them. -
Interact with You on Third Party Social Networks
Borealis may use your Personal Information to interact with you on third-party social networks. Borealis’ interactions with you on a third-party social network would be subject to that network’s privacy policies and terms of use. -
Administer Product Usage and Licensing Compliance
If you download or use products from the Borealis Websites, Borealis uses User Information to: confirm certain information about your order; discuss the ordered products or services; or provide marketing or sales information about related products and services. Borealis also may use User Information to contact you, confirm compliance with licensing and other terms of use, and may share it with your company. -
Select Content, Improve Quality and Facilitate Use of the Websites and Online Service
Borealis may use your Personal Information to help create and personalize content on the Borealis Websites and Online Service, facilitate your use of the Borealis Websites and Online Service (for example, to facilitate navigation and the login process, avoid duplicate data entry, enhance security, keep track of orders and preserve order information between sessions), improve quality, track marketing campaign responsiveness (including online advertising and e-mail marketing), and evaluate page response rates. -
Obtain Third Party Services
We may also share User Information with third parties who provide services to Borealis, such as credit card processing services, order fulfillment, analytics, event / campaign management, Website management, information technology and related infrastructure provision, customer service, e-mail delivery, auditing, and other similar services. When Borealis shares User Information with third party service providers, we require that they use your User Information only for the purpose of providing services to us and subject to terms consistent with this Policy. -
Improve Products, Services, and Experiences
Borealis may use your User Information to evaluate and improve our products, services, marketing, and customer relationships. -
Post Testimonials
We post testimonials on the Borealis Websites that may contain User Information. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. If you wish to update or delete your testimonial, please contact us at privacy@boreal-is.com, and be sure to include your name, testimonial location, and contact information. -
Power Joint Sales or Product Promotions
Borealis and its partners may engage in joint sales or product promotions. Such promotions will always reference the partners involved. Both Borealis and the partner(s) will have access to that information, and either Borealis or our partners may provide you the sales or product promotion information. Each party will be responsible for managing their own use of the User Information collected for the joint sale or product promotion. We recommend you review the privacy policies of these partners to address any questions you have regarding their handling of your information. -
Communicate with You about a Conference or Event
We or our partners may communicate with you about a conference or event hosted or co-sponsored by Borealis or one of our partners. This may include information about the event’s content, logistics, payment, updates, and any additional meetings, special demonstrations or other customer facilitation that we may provide related to your event registration. After the event, Borealis may contact you about the event and related products and services, and may share information about your attendance with your company. Where legally permitted, Borealis will also allow designated partners or conference sponsors to send you communications related to your event attendance. Please note that our partners or conference sponsors may directly request your personal information at their conference booths or presentations. You should review their privacy policies to learn how they use personal information. -
Comply with Legal Requirements and Corporate Transactions
Borealis may disclose your User Information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions and contracts with you; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain. Additionally, in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may transfer the User Information we have collected to the relevant third party.e
Some of the User Information uses specified above are not mandatory and may be controlled by you. Please refer to the “Registration, Preferences and Opt Out” section below for information on available use preferences or opt-out options, or view the summary of your privacy choices.
Registration, Preferences and, Opt-Out
A list of your current privacy choices is listed below:
Preferences and Opt-Out.
-
E-mail Marketing
Borealis enables you to opt out of marketing communications. You may opt out of e-mail marketing by modifying your online profile as described above or by using our general unsubscribe automated link that is included in Borealis marketing e-mails. If you have any problems using any of these opt-out mechanisms, please contact us.e
Some non-marketing communications are not subject to general opt-out, such as communications related to product access and use, sales transactions, software updates and other support related information, patches and fixes, conferences or events for which you have registered, disclosures to comply with legal requirements, and (where permitted by law) quality assurance surveys. Some additional communications with partners are also not subject to general-opt out, including product alerts, updates, contractual marketing and sales materials, and other notices related to partner status.
Access Request
You can always request access, inquire about or make corrections to your User Information in our possession, by writing to us at: privacy@boreal-is.com.
How Borealis Accesses, Collects and/or Uses Online Service Data
Below are the conditions under which Borealis may access, collect and/or use Online Service Data:
-
To Provide Services and to Fix Issues
Online Service Data may be accessed and used to perform services under an agreement order for support, consulting, application or other services and to confirm your compliance with the terms of your agreement with Borealis. This may include testing and applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; and resolving bugs and other issues you have reported to Borealis. Any copies of Online Service Data created for these purposes are only maintained for time periods relevant to those purposes. -
As a Result of Legal Requirements
Borealis may be required to retain or provide access to Online Service Data to comply with legally mandated reporting, disclosure or other legal process requirements.
Borealis may use Online Service Data as required for the purposes specified above. If Borealis hires subcontractors to assist in providing services, their access to Online Service Data will be consistent with the terms of your agreement for services and this Policy. Borealis is responsible for its subcontractors’ compliance with the terms of this Policy and your agreement.
Borealis does not use Online Service Data except as stated above or in your agreement. Borealis may process Online Service Data, but does not control your collection or use practices for Online Service Data. If you provide any Online Service Data to Borealis, you are responsible for providing any notices and/or obtaining any consents necessary for Borealis to access, use, retain and transfer Online Service Data as specified in this Policy and your agreement.
Access Controls
Borealis’ access to Online Service Data is based on job role/responsibility. Online Service Data residing in systems hosted by Borealis or on its behalf and is controlled via an access control list (ACL) mechanism, as well as the use of an account management framework. As a Customer, control access to Online Service Data by your end users; end users should direct any requests related to their personal information to you.
Security and Breach Notification
Borealis is committed to ensuring the security of User Information. We utilize robust precautions to protect the confidentiality and security of the personal information within the Borealis Properties, by employing technological, physical and administrative security safeguards, such as firewalls and carefully-developed security procedures.
Borealis security policies cover the management of security for both its internal operations as well as its applications. These policies, which are aligned with the standards established by the Cloud Security Alliance (CSA), govern all areas of security applicable to services and applications and apply to all Borealis employees.
Borealis is also committed to reducing risks of human error, theft, fraud, and misuse. Borealis’ efforts include making personnel aware of security policies and training employees to implement security policies. Borealis employees are required to maintain the confidentiality of Services Data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.
Borealis promptly evaluates and responds to incidents that create suspicions of unauthorized handling of Online Service Data. If Borealis determines that your Online Service Data has been misappropriated (including by a Borealis employee) or otherwise wrongly acquired by a third party, Borealis will promptly report such misappropriation or acquisition to you.
Customer Responsibility Toward Stakeholders Information
One of the key functionality of the Borealis Online Service is to facilitate the gathering, collection and processing of information, including personal information, of stakeholders involved in our customers’ projects (such individuals, whose personal information is collected, stored and processed by Customers using the Borealis Online Service being referred to herein as “Stakeholders”).
While Borealis commits to maintaining the Online Service Data (which includes certain personal information of Stakeholders) it holds on behalf of its Customers secure and confidential, the responsibility toward Stakeholders for the gathering, collection, maintenance, processing and proper destruction of their personal information always rests with our Customers.
Hosting and Data Transfer
We are based in Canada, but, unless we expressly agree otherwise (including through our Terms), we may host and process data, including personal information, in Canada and in other countries through the Borealis group and third parties that we use to operate and manage the Borealis Properties. When you access or use the Borealis Online Service, or otherwise provide information to us, you are consenting, on behalf of you and your authorized agents or end-users, (and representing that you have the authority to provide such consent) to the processing and transfer of information in and to Canada and other countries which may have different privacy laws from your or their country of residence.
Changes to the Privacy Policy
If we make any material changes to this Policy, we will notify you by email or by posting a prominent notice on the Borealis Websites prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of the Borealis Service constitutes your agreement to be bound by such changes to this Policy. Your only remedy, if you do not accept the terms of this Policy, is to discontinue use of the Borealis Properties.
Compliance
Borealis has appointed a Privacy Officer. If you believe your User Information or Services Data has been used in a way that is not consistent with this Policy, or if you have further questions related to this Policy, please contact the Privacy Officer. Written inquiries may be addressed to Privacy Officer, 175, rue Péladeau, Magog (Québec) J1X 5G9 Canada or by email, at privacy@boreal-is.com.