At Invixium, we are committed to protecting our customers’ personal data. This document will help you understand how we collect, manage and use their and their users’ personal data as part of our provision of our products and services to you.
In this document, the expression “personal data” means any information relating to an identified or an identifiable natural person. Such information may include, for example, the person’s name, address, company, contact information (such as telephone numbers or email addresses), age, and gender. We further use the term “product” to refer to any product, service, solution or other offering made available by Invixium.
WE STRONGLY ENCOURAGE YOU TO CAREFULLY READ THIS DOCUMENT. YOUR (INCLUDING YOUR USERS’) USE OF OUR PRODUCTS WILL MEAN THAT YOU ARE AWARE OF THE COLLECTION, STORAGE, USE AND DISCLOSURE OF PERSONAL DATA IN THE MANNER DESCRIBED IN THIS DOCUMENT.
Why we need to collect personal data
What kind of personal data may be concerned
We make available a variety of products and services, any combination of which may be procured by Customer. Consequently, the scope and nature of information collected by us varies based on the products used by Customer. In any case, we access and collect personal data only to the extent necessary to ensure that Customer can access and use the products that it has procured. We may further collect information to identify and associate Customer with its Invixium account. This includes Customer’s name, contact information, including mailing address, email addresses of certain users entitled to access and use the products for or on behalf of Customer, as well as other unique identifiers attributed to Customer (including its users) by us or by other service provider, as the case may be.
Additionally, we may collect and store personal data that Customer (including its users) chooses to provide to us, at its sole discretion, without us requiring it to do so. This may occur, for example, where you disclose certain personal data to us when you contact us.
Personal data collected in relation to our products
Generally, our products may be grouped in two categories: on-premise software, and hardware products. Below, you will find an overview of the type of information that may be collected and processed by us in relation to your use of our products.
The first category combines our software products that are installed on infrastructure provided by or on behalf of Customer. In these cases, all personal data remains stored in the Customer’s systems, and will not be shared with Invixium unless the customer wishes to do so for technical support purposes. If the data is shared for technical support, Invixium will not use the data for any further action but might store it for future references in case the issue arises again. It is important to note that personal data does not include any biometric data.
The second category is our hardware products that are installed at the infrastructure by or on behalf of the customer for access control and or time tracking. This data stays on the product and Invixium has no access to this data by any means unless the customer decides to share it with us for troubleshooting or technical support purposes. If the data is shared for technical support, Invixium will not use the data for any further action and will delete it once the issue has been resolved.
Personal data collected in relation to Customer Portal accounts
When you create a customer portal account with us for using the various resources available to our customers through this portal, we will require you to submit to us certain personal data to identify you as the holder of such customer account, but also to protect information associated with your customer account from unauthorized disclosure. Such personal data may include, but is not limited to, Customer full name, user full name, company name, contact information, your Invixium Customer Portal account username and password. It is your responsibility to provide all necessary information and obtain all relevant approvals and consents from all your users in relation to their access and use of our products.
Personal data collected in relation to support services
When Customer contacts us, whether by phone, chat, email, through our websites or otherwise, we may keep a record of such communications to help solve issues that Customer might be dealing with, but also for training, quality assurance and statistical purposes, as well as to improve our products. Please note that we may aggregate personal data to generate various performance, analytical and statistical data, as well as to develop new products. When we do so, we ensure that such information becomes anonymized and may no longer be associated with an identifiable individual.
Personal data collected via our websites
When you visit our websites, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal data under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, preferences, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our website to our visitors.
Who may have access to personal data
At Invixium, we recognise and respect the importance of protecting our customer’s personal data. Keeping personal data in strict confidence is a core part of our commitment to service excellence. We do not sell or rent any personal data to any third party. However, in order to provide Customer with our products, we may share Customer’s personal data with our affiliated companies, parent entities and subsidiaries, for internal business purposes, as well as with our partners acting on our behalf in relation to the provision of such products.
These measures also include protecting personal data within our organisation. Such information may only be accessible by those employees, agents, representatives and contractors of Invixium who need to know such information as part of their duties. We further ensure that our employees, agents, representatives and contractors perform their duties in a way compatible with the terms and conditions described in this document.
We may be required to disclose information that we have on Customer and its users (including its and their personal data) to governing and law enforcement authorities, including where required by law, a court order, or by other legal obligations that we may have in any jurisdiction.
How we protect personal data
We work diligently to maintain administrative, technical and physical controls consistent with industry best practices to protect Customer’s personal data against unauthorized access or use. We leverage industry-leading technologies, including server authentication and data encryption, to protect personal data during transit over the internet and at rest.
Where personal data may be processed
While our global headquarters are based in Markham, Canada, Invixium, together with our partners and affiliated companies, operate in various locations worldwide. As a result, we may store or otherwise process personal data in many places around the world, including outside the state, province or country where Customer is located, in which case personal data may become subject to foreign laws, and, therefore, may be available to the governing authorities under local laws and regulations. We will use various legal and contractual means to ensure that data transfers are done in compliance with applicable laws and industry best practices.
Keeping personal data accurate and up-to-date
We rely considerably on your personal data to ensure that we provide Customer with the best possible experience. It is, therefore, important that your personal data available to us remains up to date. As such, if you notice that the information that we have on Customer in our files is no longer accurate or is incomplete, we strongly encourage you to contact us with the most current information. Not doing so may, in some cases, affect our capacity to deliver to our products.
Retention of personal data
Customer’s personal data will be stored in accordance with our retention policies and processes. We will keep Customer’s information only for as long as it is necessary for us to fulfill our obligations. Thereafter, we will put necessary efforts to permanently dispose of your personal data, unless we are required to keep it for legitimate business or legal purposes.
Legal basis for processing personal data
The legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you or to comply with applicable laws, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
If we ask you to provide personal data to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
In other situations, Customer (including its users) must always give us clear consent for the collection, use and processing of personal data in order for us to do so. This can be done in several ways, for example, by phone, chat, email, by click of a button, or other similar means.
The products that we provide are not intended for individuals below the age of 18. If you are under 18, please do not provide your personal information to us.
Openness and accountability
Your data protection rights
You have the right to request access to, and obtain a copy of, your personal data. You may also request that any personal data that is inaccurate or incomplete be rectified or completed. Note however that, in some cases, we may not be able to provide you access to your personal data. This may occur when providing such access would be likely to impact the privacy or the security of a third party, or for other valid reasons in accordance with applicable laws. In these events, we will advise you in writing of the grounds of our decision.
Under certain legal conditions (for example, where the personal data is no longer needed to achieve the purposes for which the information was initially collected) you may request that your personal data be erased. In addition, you may object to the processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data under certain legal conditions.
In situations, other than those outlined above in this section, where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note, however, that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on other lawful processing grounds (such in relation to your account or use of your products under a contract).
You also have the right to opt-out of electronic marketing communications that we may send you at any time and free of charge. You may exercise this right by clicking on the “unsubscribe”, “opt-out” or other similar links in the marketing e-mails that we may send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided under the “How to contact us” heading below. However, we may still contact you using your contact information for example to share important technical or functional information relating to your account or use of our products.
If we are unable to resolve an issue to your satisfaction, you may choose to request assistance from, or submit a complaint to, the privacy authorities, such as the Privacy Commissioner of Canada, who may be contacted at 1-800-282-1376, or by visiting www.priv.gc.ca.
You may exercise any of the rights described above at any time by contacting us as described under the “How to contact us” section below. We will respond to your request in accordance with applicable data protection laws.
How to contact us
or by postal mail at the following address: 50 Acadia Avenue., Suite 310, Markham, ON, L3R 0B3, Canada.
The revised version of this document terms will take effect as soon as it is made available on our website with regards to all new customers. If any revision to this policy outlines any material changes to the way that we use or otherwise process any personal data, we will provide a more prominent notice.
Where applicable, we will also provide Customer with instructions on how to opt in to or opt out from our new products, or communications. Note that some aspects of our products may not be available to Customer if Customer chooses to opt out from certain communications.