Boréalis Privacy Statement and Policy
Effective as of May 5, 2017
Scope of this Policy
This Policy applies to the information that we obtain through your use of the Boréalis Properties via a Device or when you otherwise interact and communicate with Boréalis.
“Websites” include our web sites, such as boreal-is.com, including their related sub-domains and pages.
The Boréalis Websites and Boréalis Online Service constitute what we refer to in this Policy as the “Boréalis Properties”.
“Third Party Products” are websites, products and services made by third parties and that may be integrated within the Boréalis Properties. You should always refer to the privacy policies about Third Party Products as they may have different terms than the present one.
A “Device” is any computer used to access the Boréalis Properties, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device.
Types of Information Collected
“User Information” is personal information that we may collect from your use of the Boréalis Websites as well as your interactions with us offline. Personal information is information that identifies an individual or relates to an identifiable individual. Examples of User Information include information provided by a Visitor or Customer about her or himself, including her or his name, e-mail and physical address, telephone number, billing information, company affiliation and associated interests. Boréalis may also collect other information about Visitors and Customer and some employees, for example through its Websites, as part of that interaction.
Boréalis may also collect other information through your interaction with and use of the Websites as well as your interactions with us offline, which does not reveal your identity or directly relate to you. Such other information may include, but is not limited to, browser and Device information, data collected through automated electronic interactions, application usage data, demographic information, geographic or geo-location information, statistical, anonymized and aggregated information. Statistical, anonymized or aggregated information does not directly identify a specific person, but it may be derived from Personal Information. For example, we may aggregate Personal Information to calculate the percentage of users in a particular postal or zip code.
“Online Service Data” is data that is stored on Boréalis’, Customers’ or third-parties’ systems to which Boréalis is provided access to perform services or provide functionality. Such data may include personal information about the customer’s employees, customers, partners, suppliers or Stakeholders. Boréalis treats Online Service Data according to the terms of this policy, and also treats it as Confidential Information in accordance with the terms of the agreement governing Customers’ access to and use of the Boréalis Online Service.
How Boréalis Collects User Information
Boréalis and its third party service providers may collect both personal information and other information from a variety of sources that generally fall into three categories:
Although Boréalis’ use of Automated Interactions may change over time as technology evolves, the following descriptions are designed to provide you with additional detail about Boréalis’ current approach to information collected from Automated Interactions.
Electronic Communications Protocols: As is the case when you visit most websites and apps, Boréalis may automatically receive information from you as part of the communication connection itself, which often consists of network routing information (where you came from), equipment information (browser type), your IP address (which may identify your general geographic location or company), and date and time.
Boréalis may also automatically receive and record information about your interaction with the Boréalis Websites, such as clickstream information (when each Boréalis webpage was visited and how much time was spent on the page), web analytics or general geo-location data.
Cookies: Boréalis’ server will query your browser to see if there are “cookies” previously set by the Boréalis Websites. A cookie is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser. Cookies may collect information, including a unique identifier, user preferences, profile information, membership information, and general usage and volume statistical information. Cookies may also be used to collect individualized website usage data, provide electronic website experience personalization, or conduct and measure the effectiveness of advertising in accordance with this Policy. Some cookies may remain on users’ computers after they leave the Boréalis Websites. While the majority are set to expire within 1-24 months of a user’s last visit to the website that set the cookie, others may not expire because of their nature, like cookies that remember opt-out preferences.
Your browser may provide you with information and control over cookies. You can set your browser to alert you when a cookie is being used, and accept or reject the cookie. You can also set your browser to refuse all cookies or accept only cookies returned to the originating servers. Users can generally disable the cookie feature on their browser without affecting their ability to use a site, except in some cases where cookies are used as an essential security feature necessary for transaction completion. Cookies, however, are important to the proper functioning of a site, and disabling them may degrade your experience and interfere with website features and customizations.
Embedded Pixels and Similar Technologies: On the Boréalis Websites, Boréalis and its service providers may use embedded pixel technologies for the purposes of identifying unique user visits (as opposed to aggregate hits), and for advertising purposes. In addition, embedded pixels or other technologies may be used in e-mails and our online display advertising to provide information on when the e-mail or ad was opened to track marketing campaign responsiveness; information collected using these technologies may be associated with the recipient’s e-mail address.
Physical Location: We may collect the physical location of your device and use it to provide you with personalized location-based services or content. In some instances, you may be permitted to allow or deny such use of your device’s location, but if you choose to deny such use, we may not be able to provide you with the applicable personalized services or content.
Analytics Information Derived from Website and Online Service Data: Analytics information also consists of data we collect as a result of running queries against Online Service Data across our user base for the purposes of generating Usage Data. “Usage Data” is anonymized and aggregated data about a group or category of services, features or users that does not contain User Information or other personal information. For example, we may query Online Service Data to determine statistics on usability, or we may query Online Service Data to determine industry data trends in order to better understand the composition of our user base.
Though we may happen upon sensitive or User Information as we compile Usage Data from Online Service Data across user instances, this is a byproduct of our efforts to understand broader patterns and trends. It is not a concerted effort by us to examine the Online Service Data of any particular Customer.
How Boréalis Uses User Information Collected
Boréalis uses and shares the User Information it collects (unless directed otherwise by applicable law), to:
Some of the User Information uses specified above are not mandatory and may be controlled by you. Please refer to the “Registration, Preferences and Opt Out” section below for information on available use preferences or opt-out options, or view the summary of your privacy choices.
Registration, Preferences and, Opt-Out
A list of your current privacy choices is listed below:
Preferences and Opt-Out.
Some non-marketing communications are not subject to general opt-out, such as communications related to product access and use, sales transactions, software updates and other support related information, patches and fixes, conferences or events for which you have registered, disclosures to comply with legal requirements, and (where permitted by law) quality assurance surveys. Some additional communications with partners are also not subject to general-opt out, including product alerts, updates, contractual marketing and sales materials, and other notices related to partner status.
How Boréalis Accesses, Collects and/or Uses Online Service Data
Below are the conditions under which Boréalis may access, collect and/or use Online Service Data:
Boréalis may use Online Service Data as required for the purposes specified above. If Boréalis hires subcontractors to assist in providing services, their access to Online Service Data will be consistent with the terms of your agreement for services and this Policy. Boréalis is responsible for its subcontractors’ compliance with the terms of this Policy and your agreement.
Boréalis does not use Online Service Data except as stated above or in your agreement. Boréalis may process Online Service Data, but does not control your collection or use practices for Online Service Data. If you provide any Online Service Data to Boréalis, you are responsible for providing any notices and/or obtaining any consents necessary for Boréalis to access, use, retain and transfer Online Service Data as specified in this Policy and your agreement.
Boréalis’ access to Online Service Data is based on job role/responsibility. Online Service Data residing in systems hosted by Boréalis or on its behalf and is controlled via an access control list (ACL) mechanism, as well as the use of an account management framework. As a Customer, control access to Online Service Data by your end users; end users should direct any requests related to their personal information to you.
Security and Breach Notification
Boréalis is committed to ensuring the security of User Information. We utilize robust precautions to protect the confidentiality and security of the personal information within the Boréalis Properties, by employing technological, physical and administrative security safeguards, such as firewalls and carefully-developed security procedures.
Boréalis security policies cover the management of security for both its internal operations as well as its applications. These policies, which are aligned with the standards established by the Cloud Security Alliance (CSA), govern all areas of security applicable to services and applications and apply to all Boréalis employees.
Boréalis is also committed to reducing risks of human error, theft, fraud, and misuse. Boréalis’ efforts include making personnel aware of security policies and training employees to implement security policies. Boréalis employees are required to maintain the confidentiality of Services Data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.
Boréalis promptly evaluates and responds to incidents that create suspicions of unauthorized handling of Online Service Data. If Boréalis determines that your Online Service Data has been misappropriated (including by a Boréalis employee) or otherwise wrongly acquired by a third party, Boréalis will promptly report such misappropriation or acquisition to you.
Customer Responsibility Toward Stakeholders Information
One of the key functionality of the Boréalis Online Service is to facilitate the gathering, collection and processing of information, including personal information, of stakeholders involved in our customers’ projects (such individuals, whose personal information is collected, stored and processed by Customers using the Boréalis Online Service being referred to herein as “Stakeholders”).
While Boréalis commits to maintaining the Online Service Data (which includes certain personal information of Stakeholders) it holds on behalf of its Customers secure and confidential, the responsibility toward Stakeholders for the gathering, collection, maintenance, processing and proper destruction of their personal information always rests with our Customers.
Hosting and Data Transfer
We are based in Canada, but, unless we expressly agree otherwise (including through our Terms), we may host and process data, including personal information, in Canada and in other countries through the Boréalis group and third parties that we use to operate and manage the Boréalis Properties. When you access or use the Boréalis Online Service, or otherwise provide information to us, you are consenting, on behalf of you and your authorized agents or end-users, (and representing that you have the authority to provide such consent) to the processing and transfer of information in and to Canada and other countries which may have different privacy laws from your or their country of residence.
If we make any material changes to this Policy, we will notify you by email or by posting a prominent notice on the Boréalis Websites prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. Your continued use of the Boréalis Service constitutes your agreement to be bound by such changes to this Policy. Your only remedy, if you do not accept the terms of this Policy, is to discontinue use of the Boréalis Properties.