At Indyme, we are committed to protecting our customers’ personal data. This document will help you understand how we collect, manage and use their and their users’ personal data as part of our provision of our products and services to you.
In this document, the expression “personal data” means any information relating to an identified or an identifiable natural person. Such information may include, for example, the person’s name, address, contact information (such as telephone numbers or email addresses), age, and gender. We further use the term “product” to refer to any product, service, solution or other offering made available by Indyme. .
WE STRONGLY ENCOURAGE YOU TO CAREFULLY READ THIS DOCUMENT. YOUR (INCLUDING YOUR USERS’) USE OF OUR PRODUCTS WILL MEAN THAT YOU ARE AWARE OF THE COLLECTION, STORAGE, USE AND DISCLOSURE OF PERSONAL DATA IN THE MANNER DESCRIBED IN THIS DOCUMENT.
We make available a variety of products, any combination of which may be procured by Customer. Consequently, the scope and nature of information collected by us varies based on the products used by Customer. In any case, we access and collect personal data only to the extent necessary to ensure that Customer can access and use the products that it has procured. We may further collect information to identify and associate Customer with its Indyme account. This includes Customer’s name, contact information, including mailing address, email addresses of certain users entitled to access and use the products for or on behalf of Customer, as well as other unique identifiers attributed to Customer (including its users) by us or by other service provider, as the case may be.
Additionally, we may collect and store personal data that Customer (including its users) chooses to provide to us, at its sole discretion, without us requiring it to do so. This may occur, for example, where you disclose certain personal data to us when you contact us, or when you choose to store certain personal data in our products as part of your use of such offerings.
Please refer to relevant product privacy sheets for more information on the personal data that is collected and processed by us in relation to such product.
Personal data collected in relation to our products
Generally, our products may be grouped in four categories: on-premise software, cloud services, hybrid products and mobile applications. Below, you will find an overview of the type of information that may be collected and processed by us in relation to your use of our products. However, we encourage you to refer to the relevant product privacy sheet to better understand what information may be collected and processed by us in relation to your use of such product.
The first category combines our software products that are installed on infrastructure provided by or on behalf of Customer. In these cases, all personal data remains stored in the Customer’s systems, and will not be shared with Indyme. Customer may, however, for its convenience, choose to enable the automated modules – known as the Indyme Update Service (GUS) and the System Availability Monitor (SAM) – which would respectively allow Customer, among other things, to receive automated software and firmware updates, security notifications, and other relevant nonmarketing content, and monitor the status of their physical security infrastructure. These modules, when enabled, will monitor and send to our systems information pertaining to the configuration, status and health of software and hardware associated with your installation of our on-premise products.
The second category groups cloud products that are hosted on systems made available by us. The extent of personal data that may be collected and processed by us as part of our cloud products will vary based on the type of cloud product being used.
Our hybrid products category represents products that are generally installed on infrastructure provided by or on behalf of Customer (with all of the personal data being hosted on-premise, as outlined above), but additionally require an internet connection to ensure that Customer holds a valid subscription to use such hybrid product.
We may also make available certain mobile applications to Customer in relation to its use of our products. Generally, our mobile applications are an extension of Customer’s other Indyme products. Our mobile applications only collect and send to our systems a limited set of information, which includes hardware and operating system information, web browser version, certain anonymous usage data, as well as the mobile device’s geographic location. All other information remains stored on the mobile device or in the relevant Indyme product.
Personal data collected in relation to Customer accounts
When you create a customer account with us in association with any Indyme product, we will require you to submit to us certain personal data to identify you (including your users) as the holder of such customer account, but also to protect information associated with your customer account from unauthorized disclosure. Such personal data may include, but is not limited to, Customer full name, user full name, address, contact information, you Indyme account username and password. It is your responsibility to provide all necessary information to, and obtain all relevant approvals and consents from all your users in relation to their access and use of our products.
Personal data collected in relation to support services
When Customer contacts us, whether by phone, chat, email, through our websites or otherwise, we may keep a record of such communications to help solve issues that Customer might be dealing with, but also for training, quality assurance and statistical purposes, as well as to improve our products. Please note that we may aggregate personal data to generate various performance, analytical and statistical data, as well as to develop new products. When we do so, we ensure that such information becomes anonymized and may no longer be associated with an identifiable individual.
Personal data collected via our websites
When you visit our websites, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal data under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, preferences, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our website to our visitors.
At Indyme, we recognize and respect the importance of protecting our customer’s personal data. Keeping personal data in strict confidence is a core part of our commitment to service excellence. We do not sell or rent any personal data to any third party. However, in order to provide Customer with our products, we may share Customer’s personal data with our affiliated companies, parent entities and subsidiaries, for internal business purposes, as well as with our partners acting on our behalf in relation to the provision of such products.
These measures also include protecting personal data within our organization. Such information may only be accessible by those employees, agents, representatives and contractors of Indyme who need to know such information as part of their duties. We further ensure that our employees, agents, representatives and contractors perform their duties in a way compatible with the terms and conditions described in this document.
We may be required to disclose information that we have on Customer and its users (including its and their personal data) to governing and law enforcement authorities, including where required by law, a court order, or by other legal obligations that we may have in any jurisdiction.
We work diligently to maintain administrative, technical and physical controls consistent with industry best practices to protect Customer’s personal data against unauthorized access or use. We leverage industry-leading technologies, including server authentication and data encryption, to protect personal data during transit over the internet and at rest.
While our global headquarters are based in Montreal, Canada, Indyme, together with our partners and affiliated companies, operate in various locations worldwide. As a result, we may store or otherwise process personal data in many places around the world, including outside the state, province or country where Customer is located, in which case personal data may become subject to foreign laws, and, therefore, may be available to the governing authorities under local laws and regulations. We will use various legal and contractual means to ensure that data transfers are done in compliance with applicable laws and industry best practices.
In certain cases, we may enable Customer to choose the location of data centers where we will store Customer’s personal data. Please note that the availability of choice of data center locations varies based on the product, as well as on Customer’s geographical location.
If Customer is a resident of the European Union (EU) or the European Economic Area (EEA), we make sure that his/her personal data is transferred to third countries outside the EU/EEA that are deemed “adequate” by the European Commission (a list of adequate countries is available here). Alternatively, where your personal data is not sent to a country that provides adequate protection, we will put in place appropriate safeguards to ensure that your personal data remains protected while it is being processed outside the EU/EEA in accordance with applicable privacy laws. These appropriate safeguards may include signing the European Commission’s Standard Contractual Clauses with the group entity, third party service provider or partner outside the EU/EEA with whom we share your personal data. For further information about transfers of personal data, please refer to the “How to contact us” section below.
We rely considerably on your personal data to ensure that we provide Customer with the best possible experience. It is, therefore, important that your personal data available to us remains up to date. As such, if you notice that the information that we have on Customer in our files is no longer accurate or is incomplete, we strongly encourage you to contact us with the most current information. Not doing so may, in some cases, affect our capacity to deliver to our products. Note that before updating Customer’s personal data, we may ask you to verify your identity before we can act on the request.
Customer’s personal data will be stored in accordance with our retention policies and processes. We will keep Customer’s information only for as long as it is necessary for us to fulfill our obligations. Thereafter, we will put necessary efforts to permanently dispose of your personal data, unless we are required to keep it for legitimate business or legal purposes.
The legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you or to comply with applicable laws, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
If we ask you to provide personal data to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
Similarly, if we collect and use your personal data in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
In other situations, Customer (including its users) must always give us clear consent for the collection, use and processing of personal data in order for us to do so. This can be done in several ways, for example, by phone, chat, email, by click of a button, or other similar means.
The products that we provide are not intended for individuals below the age of 18. If you are under 18, please do not provide your personal information to us.
You have the right to request access to, and obtain a copy of, your personal data. You may also request that any personal data that is inaccurate or incomplete be rectified or completed. Note however that, in some cases, we may not be able to provide you access to your personal data. This may occur when providing such access would be likely to impact the privacy or the security of a third party, or for other valid reasons in accordance with applicable laws. In these events, we will advise you in writing of the grounds of our decision.
Under certain legal conditions (for example, where the personal data is no longer needed to achieve the purposes for which the information was initially collected) you may request that your personal data be erased. In addition, you may object to the processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data under certain legal conditions.
In situations, other than those outlined above in this section, where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note, however, that withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on other lawful processing grounds (such in relation to your account or use of your products under a contract).
You also have the right to opt-out of electronic marketing communications that we may send you at any time and free of charge. You may exercise this right by clicking on the “unsubscribe”, “opt-out” or other similar links in the marketing e-mails that we may send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided under the “How to contact us” heading below. However, we may still contact you using your contact information for example to share important technical or functional information relating to your account or use of our products.
If we are unable to resolve an issue to your satisfaction, you may choose to request assistance from, or submit a complaint to, the privacy authorities, such as the Privacy Commissioner of Canada, who may be contacted at 1-800-282-1376, or by visiting www.priv.gc.ca.
You may exercise any of the rights described above at any time by contacting us as described under the “How to contact us” section below. We will respond to your request in accordance with applicable data protection laws.
The revised version of this document terms will take effect as soon as it is made available on our website with regards to all new customers. If any revision to this policy outlines any material changes to the way that we use or otherwise process any personal data, we will provide a more prominent notice.
Where applicable, we will also provide Customer with instructions on how to opt in to or opt out from our new products, or communications. Note that some aspects of our products may not be available to Customer if Customer chooses to opt out from certain communications.