This privacy policy (“Policy”) is part of the Zafin privacy program. It describes how we collect, use, and disclose your personal information and how your personal information can be reviewed and corrected when necessary.

Zafin and its group of companies (“Zafin”, “we”, “us” or “our”) are committed to protecting the privacy and security of personal information. Zafin fulfils several roles as it collects, uses, discloses, retains, and disposes of personal information. Zafin’s primary business is to act as a service provider to other businesses. In this role, Zafin is responsible for processing information provided to it by its business customers. These customers are accountable to the individuals whose personal information they collect. In some cases, Zafin may be accountable to individuals for processing their information, such as those data that may be collected by this Website (e.g., resume submissions for employment).

Zafin has a privacy program that includes policies, processes, procedures, training, and controls to ensure that personal information from Zafin’s commercial customers, our Website visitors, employees, job applicants, or individuals with a business relationship with Zafin is processed in a privacy-protective manner. This Privacy Policy is part of that program.

When our customers provide us data for processing, we do so under the terms of our contract with that customer. Please see the “Use and Disclosure of Personal Information” section for more information. We may also process your personal information upon your consent, obtained either implicitly when you voluntarily provide information or when provided explicitly as appropriate, such as explicitly accepting cookies on our website. We only process personal information for purposes for which we have a legal basis for processing.

Collection of Personal Information

Zafin’s primary source of information for processing is de-identified personal information provided to us by our customers. They remove direct identifying attributes from data sets by excluding them or replacing them with random data ‘tokens’. Zafin delivers data analytics and related services on this de-identified data. Zafin does not attempt to re-identify individuals in these data sets.

Notwithstanding this, Zafin’s policy protects these data as personal information.

Personal Information means information about an identifiable individual. In other words, personal information is data about you that a person may use to identify you. We may collect your personal information in several ways, including when you fill out and submit a form on the website, contact us by telephone or by email, post on our social media accounts, or provide information to Zafin through third party integration such as our human resource service provider. The personal information that we may collect includes, but is not limited to:

* Name
* Mailing address
* Email address
* Telephone number
* Resumés
* Public social network profiles (such as LinkedIn), including company name and job title

If you choose to withhold any personal information requested by us for the purpose of providing a service, it may not be possible for you to gain access to certain parts of the Website or use the requested service.

We also collect data relating to your visit to our Website. This information does not reveal your identity and is not directly about you. This other information includes, but is not limited to:

* IP Address
* Browser and device information
* Browser History
* Usage data
* Information collected through cookies and similar technologies
* Aggregated information

Cookies

Our Website, like most other commercial websites, also use cookies and similar technologies. These are files installed on your computer hard drive or web browser to collect information such as your language of preference, browsing history and browser type and version for the primary purpose of optimizing your experience on our Website. We also use cookies to compile aggregate data about site traffic and site interactions to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf (See “Third Parties” below).  When you first visit our Website, and on subsequent visits, you may manage your cookie preferences and accept or reject our use of cookies, except for those cookies that are strictly necessary for the Website’s operation. You can choose to have your computer warn you each time a cookie is used, or you can choose to disable all cookies in your browser. Disabling cookies on your browser could adversely affect your browsing experience on our Website.

Use and Disclosure of Personal Information

We take steps designed to ensure that only those who need access to your personal information to fulfill their employment duties can access it. We use and disclose your personal information mainly:

  • To provide data analytic and related services to our clients;
  • To respond to and fulfil your requests;
  • To operate, maintain, enhance, and provide all features of our Website;
  • To respond to comments and questions;
  • To provide support to users of the Website;
  • To understand and analyze the usage trends and preferences of our users, to improve the Website, and to develop new products, services, features, and functionality;
  • To send you communications subject to applicable laws; or
  • For sale of business, legal and compliance (e.g. law enforcement) and any other authorized or required purposes by law.

In some cases, we may transfer personal information to service providers for processing. We remain accountable for that personal information’s privacy and security and use contractual or other means to ensure that service providers meet our privacy and security requirements.

We may finally make certain automatically-collected, aggregated, or otherwise non-personally identifiable information available to third parties for various purposes, including

  • For the provision of products and services
  • Compliance with employment, reporting, and other obligations
  • For business or marketing purposes; or
  • To assist such parties in understanding your interests, habits, and usage patterns for programs, content, services, and functionality available through the Website.

Security and Retention of Personal Information

Zafin has implemented various physical, administrative, and technical safeguards designed to protect personal information confidentiality and security under our control. These safeguards include security reviews and controls. However, no security measures are absolute or wholly guaranteed. You agree to be responsible for all activities conducted on the Website.
We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Policy and to comply with our legal and regulatory obligations.

Rights Regarding Personal Information

On written request and subject to proof of identity, you may

  • Access copies of the personal information we hold about you;
  • Request that any necessary corrections be made, where applicable, as authorized or required by law; and
  • Request deletion of your personal information, where applicable, as authorized or required by law.

To ensure that the personal information we maintain about you is accurate and up to date, please inform us immediately of any change to your personal information. Note that this applies if we have a direct relationship with you and you have supplied us with your information, such as in an application for employment. With respect to de-identified personal data that we process for our customers, we can not re-identify individuals and cannot prove the requestor’s identity.

Children’s Privacy

The Website is not directed to children under the age of 16, and we do not knowingly collect personal information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, please do not use or access the Website at any time or in any manner. If we learn that personal information has been collected via the Website from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided personal information, then you may alert us as set forth in the “Contact” section and request that we delete that child’s personal information from our systems.

Governing Law

This website and Zafin are based in Canada and are governed by the applicable privacy and data protection laws in Canada. Your personal information may be stored or processed in any country in which Zafin or its service providers have facilities, and by using this website or applicable Zafin services, you agree to the transfer of your information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of Canada, it is subject to the laws of the country in which it is held. It may be subject to disclosure to the governments, courts,  law enforcement, or regulatory agencies of such another country, pursuant to such a country’s laws.

If you are a resident in the European Union, see the Addendum. If you are a resident in California, see the California Consumer Privacy Act Notice.

Updates

We may change this Privacy Policy. Please note the “Last Updated” date at the top of this Policy. Updates to this Policy become effective when posted on our Website. Your continued use of the Website after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of the Policy.

Contact

If you have any questions or comments about this Policy or your personal information, to make an access or correction request, to exercise any applicable rights, to make a complaint, or to obtain information about our policies and practices, our Privacy Office can be reached using the following information:

Mail  401 W. Georgia St., Suite 1701

Vancouver, British Columbia 
V6B 5A1 
Attention: Privacy Office 

Email  privacy@zafin.comcreate new email 

 

 

Addendum for users in the European Union
Please note that the term personal information used in this Policy is equivalent to the term “personal data” under the GDPR and other applicable European data protection laws. Canada’s laws have been determined to be ‘adequate’ by the Commission of the European Union, which means that we are providing equivalent protection to you by complying with Canadian law. Notwithstanding that, under the GDPR, you may be entitled to make certain requests to us, including:

  • The right to withdraw consent to processing where consent is the basis of processing;
  • The right to access your personal information and certain other supplementary information, under certain conditions;
  • The right to object to unlawful data processing, under certain conditions;
  • The right to erasure of personal information about you, under certain conditions;
  • The right to demand that we restrict processing of your personal information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, the processing is no longer necessary, or believe your personal information is inaccurate;
  • The right to data portability of personal information that you provided us in a structured, commonly used, and machine-readable format, under certain conditions;
  • The right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions;
  • The right to lodge a complaint with data protection authorities.

You may contact us using the contact information above if you have any concerns or wish to make a request.

 

California Consumer Privacy Act Notice
This California Consumer Privacy Act Notice (“CCPA Notice”) is provided by us and provides specific notice in respect of specific provisions of the CCPA that are not already provided by this Policy or that need to be clarified in respect of the CCPA.

The Policy above explains how we collect, use, and disclose personal information, including the personal information of California residents. The rights for individuals to request information about what personal information about them has been collected, as well as the right to request the deletion of personal information about them are also set out above and include California residents.

The CCPA only applies to information about residents of California. If you are not a resident of California, you may submit a request and we will process it, as described above.

Under the CCPA, “personal information” is information that identifies, relates to, or could reasonably be linked with a particular California resident or household.

Categories of Personal Information that we may collect, use, or disclose.

The following table is categorized according to the classifications of the CCPA, and does not indicate a difference in the personal data identified in the Policy above:

Category

Description

Third Parties that may receive

Personal Identifiers

Personal unique identifiers, such as full name and federal or state issued identification numbers and Social Security Number

●     Organizations required for providing products and services

●     Government agencies

●     Organizations required for employment or HR services

●     Organizations required for external reporting

Personal Information

Personal information, including contact details such as telephone number and address, financial information such as account number and balance, as well as medical and health insurance information

●     Organizations required for providing products and services

●     Government agencies

●     Organizations required for employment or HR services

●     Organizations required for external reporting

Purchase Information

Purchase information, such as products and services obtained and transaction histories

●     Organizations required for providing products and services

●     Government agencies

●     Organizations required for employment or HR services

●     Organizations required for external reporting

Internet or Online Information

Internet or online information such as browsing history, and information regarding interaction with our websites, applications, or advertisements

●     Organizations required for providing products and services

●     Government agencies

●     Organizations required for employment or HR services

●     Organizations required for external reporting

Geolocation Data

Geolocation data, such as device location

●     Organizations required for providing products and services

●     Government agencies

●     Organizations required for employment or HR services

●     Organizations required for external reporting

Audio and Visual Information

Audio, electronic, visual, thermal, olfactory, or similar information, such as call and video recordings

●     Organizations required for providing products and services

●     Government agencies

●     Organizations required for employment or HR services

●     Organizations required for external reporting

Employment Information

Professional or employment-related information, such as work history and prior employer

●     Organizations required for providing products and services

●     Government agencies

●     Organizations required for employment or HR services

●     Organizations required for external reporting

Education Information

Education information, such as school and related information; and

●     Organizations required for providing products and services

●     Government agencies

●     Organizations required for employment or HR services

●     Organizations required for external reporting

Inferences

Inferences based on information about an individual to create a summary about, for example, an individual’s preferences and characteristics

●     Organizations required for providing products and services

●     Government agencies

●     Organizations required for employment or HR services

●     Organizations required for external reporting

Third Parties 

The following list sets out the categories of third parties that Zafin may share personal information with, either as a ‘transfer for processing’ where Zafin retains accountability for processing and holds the service provider responsible by contract or agreement, or as a ‘disclosure’ where the third party becomes accountable for the processing of the disclosed personal information. A detailed list of third parties may be provided upon request as required by law or regulation.

Category

Type of Information

Type of Sharing

Note

HR Provider

Employee Personal Data

Transfer for Processing

Zafin may use different providers in different regions.

Hosting Service Provider

All

Transfer for Processing

Cloud Service Provider on which Zafin provisions and operates its own systems

Sales and Marketing

Customer service and incident management

Transfer for Processing

Cloud service providers for sales and marketing support

Product Engineering and Design Tools

Software issue tracking

Transfer for Processing

Hosted by various servers in various regions

Identity Service

Identity federation for single sign on and authentication

Transfer for Processing

Does not collect login information to provide redirection and validation