Last Updated: 2023-06-02
This privacy notice (“Notice”) is part of the Zafin privacy program. It describes how we collect, use, and disclose your personal information and how your personal information can be reviewed and corrected when necessary.
Zafin and its group of companies (“Zafin”, “we”, “us” or “our”) are committed to protecting the privacy and security of personal information. Zafin fulfils several roles as it collects, uses, discloses, retains, and disposes of personal information. Zafin’s primary business is to act as a service provider to other businesses. In this role, Zafin is responsible for processing information provided to it by its business customers. These customers are accountable to the individuals whose personal information they collect. In some cases, Zafin may be accountable to individuals for processing their information, such as those data that may be collected by this website (e.g., resume submissions for employment).
Zafin has a privacy program that includes policies, processes, procedures, training, and controls to ensure that personal information from Zafin’s commercial customers, our website visitors, employees, job applicants, or individuals with a business relationship with Zafin is processed in a privacy-protective manner. This Privacy Notice is part of that program.
When our customers provide us data for processing, we do so under the terms of our contract with that customer. Please see the “Use and Disclosure of Personal Information” section for more information. We may also process your personal information upon your consent, obtained either implicitly when you voluntarily provide information or when provided explicitly as appropriate, such as explicitly accepting cookies on our website. We only process personal information for purposes for which we have a legal basis for processing.
Collection of Personal Information
Zafin’s primary source of information for processing is de-identified personal information provided to us by our customers. They remove direct identifying attributes from data sets by excluding them or replacing them with random data ‘tokens’. Zafin delivers data analytics and related services on this de-identified data. Zafin does not attempt to re-identify individuals in these data sets. Notwithstanding this, Zafin’s notice protects these data as personal information.
Personal Information means information about an identifiable individual. In other words, personal information is data about you that a person may use to identify you. We may collect your personal information in several ways, including when you fill out and submit a form on the website, contact us by telephone or by email, post on our social media accounts, or provide information to Zafin through third party integration such as our human resource service provider. The personal information that we may collect includes, but is not limited to:
- Mailing address
- Email address
- Telephone number
- Public social network profiles (such as LinkedIn), including company name and job title
If you choose to withhold any personal information requested by us for the purpose of providing a service, it may not be possible for you to gain access to certain parts of the website or use the requested service.
We also collect data relating to your visit to our website. This information does not reveal your identity and is not directly about you. This other information includes, but is not limited to:
- IP Address
- Browser and device information
- Browser History
- Usage data
- Information collected through cookies and similar technologies
- Aggregated information
Use and Disclosure of Personal Information
We take steps designed to ensure that only those who need access to your personal information to fulfill their employment duties can access it. We use and disclose your personal information mainly:
- To provide data analytic and related services to our clients;
- To respond to and fulfil your requests;
- To operate, maintain, enhance, and provide all features of our website;
- To respond to comments and questions;
- To provide support to users of the website;
- To understand and analyze the usage trends and preferences of our users, to improve the website, and to develop new products, services, features, and functionality;
- To send you communications subject to applicable laws; or
- For sale of business, legal and compliance (e.g. law enforcement) and any other authorized or required purposes by law.
In some cases, we may transfer personal information to service providers for processing. We remain accountable for that personal information’s privacy and security and use contractual or other means to ensure that service providers meet our privacy and security requirements.
We may finally make certain automatically-collected, aggregated, or otherwise non-personally identifiable information available to third parties for various purposes, including
- For the provision of products and services
- Compliance with employment, reporting, and other obligations
- For business or marketing purposes; or
- To assist such parties in understanding your interests, habits, and usage patterns for programs, content, services, and functionality available through the website.
Security and Retention of Personal Information
Zafin has implemented various physical, administrative, and technical safeguards designed to protect personal information confidentiality and security under our control. These safeguards include security reviews and controls. However, no security measures are absolute or wholly guaranteed. You agree to be responsible for all activities conducted on the website.
We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Notice and to comply with our legal and regulatory obligations.
The website is not directed to children under the age of 16, and we do not knowingly collect personal information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, please do not use or access the website at any time or in any manner. If we learn that personal information has been collected via the website from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided personal information, then you may alert us as set forth in the “Contact” section and request that we delete that child’s personal information from our systems.
Rights Regarding Personal Information
On written request and subject to proof of identity, you may
- Access copies of the personal information we hold about you;
- Request that any necessary corrections be made, where applicable, as authorized or required by law; and
- Request deletion of your personal information, where applicable, as authorized or required by law.
To ensure that the personal information we maintain about you is accurate and up to date, please inform us immediately of any change to your personal information. Note that this applies if we have a direct relationship with you and you have supplied us with your information, such as in an application for employment. With respect to de-identified personal data that we process for our customers, we cannot re-identify individuals and cannot prove the requestor’s identity.
This website and Zafin are based in Canada and are governed by the applicable privacy and data protection laws in Canada. Your personal information may be stored or processed in any country in which Zafin or its service providers have facilities, and by using this website or applicable Zafin services, you agree to the transfer of your information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of Canada, it is subject to the laws of the country in which it is held. It may be subject to disclosure to the governments, courts, law enforcement, or regulatory agencies of such another country, pursuant to such a country’s laws.
If you are a resident in the European Union, see the Addendum for users in the European Union. If you are a resident in California, see the California Consumer Privacy Act Notice.
We may change this Privacy Notice. Please note the “Last Updated” date at the top of this Notice. Updates to this Notice become effective when posted on our website. Your continued use of the website after the revised Notice has become effective indicates that you have read, understood, and agreed to the current version of the Notice.
If you have any questions or comments about this Policy or your personal information, to make an access or correction request, to exercise any applicable rights, to make a complaint, or to obtain information about our policies and practices, our Privacy Office can be reached using the following information:
401 W. Georgia St., Suite 1701
Vancouver, British Columbia
The following list sets out the categories of third parties that Zafin may share personal information with, either as a ‘transfer for processing’ where Zafin retains accountability for processing and holds the service provider responsible by contract or agreement, or as a ‘disclosure’ where the third party becomes accountable for the processing of the disclosed personal information. A detailed list of third parties may be provided upon request as required by law or regulation.
|Category||Type of Information||Type of Sharing||Note|
|HR Provider||Employee Personal Data||Transfer for Processing||Zafin may use different providers in different regions.|
|Hosting Service Provider||All||Transfer for Processing||Cloud Service Provider on which Zafin provisions and operates its own systems|
|Sales and Marketing||Customer service and incident management||Transfer for Processing||Cloud service providers for sales and marketing support|
|Product Engineering and Design Tools||Software issue tracking||Transfer for Processing||Hosted by various servers in various regions|
|Identity Service||Identity federation for single sign on and authentication||Transfer for Processing||Does not collect login information to provide redirection and validation|
Additional Information for users subject to the GDPR
Please note that the term personal information used in this Notice is equivalent to the term “personal data” under the GDPR and other applicable European data protection laws. Canada’s laws have been determined to be ‘adequate’ by the Commission of the European Union, which means that we are providing equivalent protection to you by complying with Canadian law. Notwithstanding that, under the GDPR, you may be entitled to make certain requests to us, including:
- The right to withdraw consent to processing where consent is the basis of processing;
- The right to access your personal information and certain other supplementary information, under certain conditions;
- The right to object to unlawful data processing, under certain conditions;
- The right to erasure of personal information about you, under certain conditions;
- The right to demand that we restrict processing of your personal information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, the processing is no longer necessary, or believe your personal information is inaccurate;
- The right to data portability of personal information that you provided us in a structured, commonly used, and machine-readable format, under certain conditions;
- The right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions;
- The right to lodge a complaint with data protection authorities.
You may contact us using the contact information above if you have any concerns or wish to make a request.
Additional Information for Users subject to the California Consumer Privacy Act
This California Consumer Privacy Act Notice (“CCPA Notice”) is provided by us and provides specific notice in respect of specific provisions of the CCPA that are not already provided by this Notice or that need to be clarified in respect of the CCPA.
The Notice above explains how we collect, use, and disclose personal information, including the personal information of California residents. The rights for individuals to request information about what personal information about them has been collected, as well as the right to request the deletion of personal information about them are also set out above and include California residents.
The CCPA only applies to information about residents of California. If you are not a resident of California, you may submit a request and we will process it, as described above.
Under the CCPA, “personal information” is information that identifies, relates to, or could reasonably be linked with a particular California resident or household.
Categories of Personal Information that we may collect, use, or disclose.
The following table is categorized according to the classifications of the CCPA, and does not indicate a difference in the personal data identified in the Notice above:
|Category||Description||Third Party that may recieve|
|Personal Identifiers||Personal unique identifiers, such as full name and federal or state issued identification numbers and Social Security Number|
|Personal Information||Personal information, including contact details such as telephone number and address, financial information such as account number and balance, as well as medical and health insurance information|
|Purchase Information||Purchase information, such as products and services obtained and transaction histories|
|Internet or Online Information||Internet or online information such as browsing history, and information regarding interaction with our websites, applications, or advertisements|
|Geolocation Data||Geolocation data, such as device location|
|Audio and Visual Information||Audio, electronic, visual, thermal, olfactory, or similar information, such as call and video recordings|
|Employment Information||Professional or employment-related information, such as work history and prior employer|
|Education Information||Education information, such as school and related information; and|
|Inferences||Inferences based on information about an individual to create a summary about, for example, an individual’s preferences and characteristics|