Introduction
Covarity Inc. (“Company,” “Us,” “Our,” or “We”) respects Your privacy and is committed to protecting it through Our compliance with this Privacy Policy. Please read this Privacy Policy carefully to understand Our policies and practices regarding the Personal Information We collect from You, how We use it, how We share it, Your rights and choices, and how You can contact Us about Our privacy practices. To the extent that You are an End User or a Visitor, this Privacy Policy also outlines Your rights as a data subject, including the right to object to some uses of Your Personal Information by Us.
This Privacy Policy applies to Personal Information We collect about You from various sources, as further described in the “Personal Information We Collect and How We Collect It” section below.
Definitions
“B2B Party” means a customer, supplier, vendor, or business partner (any of which can be a sole proprietorship or a formal legal entity) with whom We have a business relationship and who directly or indirectly provides Us with B2B Representative and/or End User Personal Information in connection with those B2B Representatives’ or End Users’ use of Our Products or otherwise.
“B2B Representative” refers to individuals who work for or on behalf of a B2B Party, or in the event that the B2B Party is a sole proprietorship, the B2B Representative is the sole proprietor.
“End User” means individuals who do business with, or otherwise interact with, a B2B Party but who are not doing business with Us directly.
“Personal Information” means any information that identifies or relates to an individual or can be used in conjunction with other information to identify an individual, whether such information is explicitly regulated by applicable law or otherwise.
“Processing” means any operation or set of operations which is performed on Personal Information, encompassing the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or erasure of Personal Information. The terms “Process”, “Processes” and “Processed” will be construed accordingly.
“Product(s)” means the products and services that We offer, including, but not limited to, software, software-as-a-service, support/maintenance, professional services, and hosting services.
“Visitor” means (i) any individual that visits the Website, including a B2B Representative or End User, or (ii) anyone that otherwise communicates with the Company that is not a B2B Representative or End User. For the sake of clarity, a B2B Representative or End User that visits the Website shall only be deemed a Visitor with respect to their activities while visiting the Website.
“Website” means any publicly accessible website hosted by or on behalf of the Company which is not part of a Product.
“You” and “Your” mean B2B Party, B2B Representative, End User, or Visitor, depending on the context as further explained in this Privacy Policy, and if there is no context which specifically identifies any of the foregoing, then “You” or “Your” means all of the foregoing collectively.
Scope, Generally (Controller vs. Processor)
Our Role as a Processor
Generally speaking and without regard to any particular definition under applicable law, We are a data processor (“Processor”) when We do not determine the purpose and means of Processing the Personal Data of B2B Representatives and End Users, and We only Process that Personal Information in accordance with the specific instructions of a B2B Party, as is the case when We Process Personal Information only as necessary to provide Our Products to a B2B Party. We receive instructions from B2B Parties through agreements We have with those B2B Parties, including any ancillary data privacy agreements or addenda (collectively a “B2B Agreement”). This Privacy Policy does not apply when We Process Personal Information as a Processor.
When You are a B2B Party and We act as a Processor with respect to the Personal Information that We receive from You or on Your behalf, You alone are responsible for providing appropriate privacy notices and disclosures to Your B2B Representatives and End Users with respect to Your Processing of their Personal Information. You cannot rely on this Privacy Policy as a means for satisfying Your privacy notice and disclosure obligations.
When You are a B2B Representative or an End User and We act as a Processor with respect to Your Personal Information, the B2B Party with whom You have a relationship is responsible for providing appropriate notices and disclosures to You about how they Process Your Personal Information and You must refer to that B2B Party’s privacy policy or other notices for information regarding their privacy practices, Your rights, and how You exercise those rights.
Our Role as a Controller
Generally speaking and without regard to any particular definition under applicable law, We are a data controller (“Controller”) when We determine the purpose and means of Processing the Personal Information of B2B Representatives and End Users, as is the case when a B2B Party permits Us to Process that Personal Information in ways that relate to Our Products but are not strictly necessary in order to perform those Products. This Privacy Policy only applies when We Process Personal Information as a Controller.
When You are a B2B Party and We act as a Controller with respect to the Personal Information that We receive from You or on Your behalf pursuant to a B2B Agreement, We are responsible for providing appropriate privacy notices and disclosures to Your B2B Representatives and End Users with respect to Our Processing of their Personal Information as a Controller. However, pursuant to the B2B Agreement, You agree to comply with all applicable laws, including those which may require You to provide notice to or gain consent from Your B2B Representatives and End Users prior to giving Us permission to Process that Personal Information as a Controller. Specifically, You and Your legal advisors should consider whether You need to list Us in Your privacy policy and notify Your End Users of Our privacy practices by linking to this Privacy Policy.
When You are a B2B Representative or an End User and We act as a Controller with respect to Your Personal Information, this Privacy Policy describes Our privacy practices, including the Personal Information We collect from You, how We use it, how We share it, Your rights and choices, and how You can contact Us about Our privacy practices. However, as mentioned in the “Our Role as a Processor” section above, You must refer to the privacy notices and disclosures of the B2B Party with whom You have a relationship for more information regarding that B2B Party’s privacy practices, including any notices or disclosures with respect to that B2B Party’s transfer of Your Personal Data to Us for Our Processing as a Controller.
When You are a Visitor, We are a Controller with respect to Your Personal Information. We Process Your Personal Information in accordance with this Privacy Policy and any other agreement We may have directly with You. This Privacy Policy describes Our privacy practices, including the Personal Information We collect from You, how We use it, how We share it, Your rights and choices, and how You can contact Us about Our privacy practices.
Personal Information We Collect and How We Collect It
For B2B Representatives
When You are a B2B Representative, We collect the following Personal Information about You from the following sources:
Categories and Types of Personal Information We Collect | Sources From Which We Collect Your Personal Information |
Identifiers, including real name, phone number, Internet Protocol address, and email address | From a B2B Party with whom You are employed or otherwise do business.From You directly when You provide it to Us through communications or otherwise.From Your use of the Products |
Internet or other similar network activity, including information on Your interaction with the Product | |
Geolocation data, including imprecise physical location derived from IP address and/or wifi networks |
- For End Users
We are not a Controller with respect to any End User Personal Information.
- For Visitors
When You are a Visitor, We collect the following Personal Information about You from the following sources:
Categories and Types of Personal Information We Collect | Sources From Which We Collect Your Personal Information |
Identifiers, including real name, postal address, phone number, Internet Protocol address, and email address | From You directly when You provide it to Us through communications or otherwise.From Your use of Our Website, including collection via cookies and other automated data collection technologies. |
Financial Information, including information about Your financial institution | |
Internet or other similar network activity, including information on Your interaction with the Website | |
Geolocation data, including imprecise physical location derived from IP address and/or wifi networks |
How We Use and Disclose Your Personal Information
- For B2B Representatives
- When You are a B2B Representative, We Process Your Personal Information described below for the following purposes:
Categories and Types of Personal Information | Purpose for Processing |
Identifiers, including real name, phone number, Internet Protocol address, and email address | To answer Your questions, handle complaints, and otherwise communicate with YouTo provide the Products to YouTo send You marketing messages or promotional materials from UsTo improve or upgrade the Products To prevent fraud or misuse of the Products |
Internet or other similar network activity, including information on Your interaction with the Product | To improve or upgrade the Products To prevent fraud or misuse of the Products |
Geolocation data, including imprecise physical location derived from IP address and/or wifi networks | To prevent fraud or misuse of the Products |
- When You are a B2B Representative, We disclose Your Personal Information described below to the following categories of third-parties and for the following purposes:
Categories and Types of Personal Information | Categories of Parties to Whom We Disclose the Information | Purpose for Disclosing |
Identifiers, including real name, phone number, Internet Protocol address, and email address | Service providers/vendors | To answer Your questions, handle complaints, and otherwise communicate with YouTo provide the Products to YouTo send You marketing messages or promotional materials from UsTo improve or upgrade the ProductsTo prevent fraud or misuse of the Products |
Internet or other similar network activity, including information on Your interaction with the Product | Service providers/vendors | To improve or upgrade the Products To prevent fraud or misuse of the Products |
Geolocation data, including imprecise physical location derived from IP address and/or wifi networks | Service providers/vendors | To prevent fraud or misuse of the Products |
- For End Users
- We are not a Controller with respect to any End User Personal Information.
- For Visitors
- When You are a Visitor, We Process Your Personal Information described below for the following purposes:
Categories and Types of Personal Information | Purpose for Processing |
Identifiers, including real name, postal address, phone number, Internet Protocol address, and email address | To answer Your questions, handle complaints, and otherwise communicate with YouTo improve or upgrade the WebsiteTo prevent fraud or misuse of the WebsiteTo debug, troubleshoot, verify, or maintain the quality or safety of the WebsitePursuant to Your request, We may forward Your inquiries to the appropriate party. |
Financial Information, including information about Your financial institution | Pursuant to Your request, We may forward Your inquiries to the appropriate party. |
Internet or other similar network activity, including information on Your interaction with the Website | To improve or upgrade the WebsiteTo prevent fraud or misuse of the WebsiteTo debug, troubleshoot, verify, or maintain the quality or safety of the Website |
Geolocation data, including imprecise physical location derived from IP address and/or wifi networks | To improve or upgrade the WebsiteTo prevent fraud or misuse of the WebsiteTo debug, troubleshoot, verify, or maintain the quality or safety of the Website |
- When You are a Visitor, We disclose Your Personal Information described below to the following categories of third-parties and for the following purposes:
Categories and Types of Personal Information | Categories of Parties to Whom We Disclose the Information | Purpose for Disclosing |
Identifiers, including real name, postal address, phone number, Internet Protocol address, and email address | Service providers/vendors | To answer Your questions, handle complaints, and otherwise communicate with YouTo prevent fraud or harm to Us or others |
B2B PartiesThird-party financial institutions | Pursuant to Your request, We may forward Your inquiries to the appropriate party. | |
Internet or other similar network activity, including information on Your interaction with the Website | Service providers/vendors | To prevent fraud or harm to Us or othersTo debug, troubleshoot, verify, or maintain the quality or safety of the Website |
Financial Information, including information about Your financial institution | B2B PartiesThird-party financial institutions | Pursuant to Your request, We may forward Your inquiries to the appropriate party. |
Geolocation data, including imprecise physical location derived from IP address and/or wifi networks | Service providers/vendors | To prevent fraud or harm to Us or othersTo debug, troubleshoot, verify, or maintain the quality or safety of the Website |
Aggregated, Deidentified, and Anonymized Data
We create aggregated, deidentified, or anonymized data derived from Our use of Your Personal Information, and such data can be used by Us as permitted by applicable laws and regulations. We will not attempt to re-identify the data.
Other Purposes for Processing and Disclosing Your Personal Information
We may also Process and disclose Your Personal Information:
- To competent public authority, government, regulatory or fiscal agency where it is necessary to comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or exercise Our rights under any agreement which governs Your relationship with Us, including Our rights under any such agreements that may be exercised for billing and collection purposes.
- If We believe disclosure is necessary or appropriate to protect Our rights, property, or safety, Our customers, or others. This may include the exchange of information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
- Subject to some restrictions under applicable laws, We may transfer, whether for consideration or otherwise, Your Personal Information as an asset that is part of a bankruptcy, merger, or other similar transaction involving all or any portion of Our business. Any such transfer does not affect Your rights under any applicable laws.
- No telephone or SMS information will be shared with third parties or Affiliates for their own marketing/promotional purposes. All the above disclosures exclude text messaging originator opt-in data and consent, which will not be shared with any third parties. We will only send SMS/telephone communications when We have the appropriate consent to do so or as otherwise permitted by law.
Information We Collect Through Automatic Data Collection Technologies
As You navigate through and interact with Our Website, We may use automatic data collection technologies to collect certain information about Your equipment, browsing actions, and patterns, including:
- Information about your estimated location as may be determined from the IP Address;
- Information about the device you are using, such as:
- Internet Protocol (or IP) address or device ID/UDID, protocol and sequence information;
- Browser language and type; and
- Hardware model, operating system, application version number, device or browser data;
- Domain name system requests;
- Browsing history, time spent at a domain, time and date of your visit, number of clicks, or location data; and
- HTTP headers, application client and server banners.
The information We collect automatically does, in some cases, include Personal Information, or We may maintain it or associate it with Personal Information We collect in other ways or receive from third parties. These activities help Us improve Our Website and Products and deliver a better and more personalized experience, including by enabling Us to:
- Estimate Our audience size and usage patterns;
- Store information about Your preferences, allowing Us to customize Our Website according to Your individual interests;
- Speed up Your searches; and
- Recognize You when You return to Our Website.
The technologies We use for this automatic data collection may include:
- Cookieless Tracking Technology. When You visit Our Website, Our Website runs a script that stores information about how You interact with the Website. The script only runs while You are visiting the Website, and will not persist when You leave the Website.
- Cookies. When You visit Our Website, a “cookie” may be sent to Your computer. A cookie is a small piece of data that is sent to Your Internet browser from a web server and stored on your computer’s hard drive. When You visit the Website again, the cookie allows the Website to recognize Your computer. Cookies may store user preferences and other information to assist Your navigation between pages efficiently, remember preferences, and improve the user experience. You can choose whether to accept cookies by changing Your Internet browser settings, which may impair or limit some functionality of the Website.
- Cookies can be “persistent” or “session” cookies. Persistent cookies remain on Your personal computer or mobile device when You go offline, while session cookies are deleted as soon as You close Your web browser.
- We use first party cookies, which are cookies that We place on Your device ourselves, and third party cookies, which are cookies that We allow third parties to place on Your device.
In some cases, You may also block the use of non-essential cookies altogether using cookie management technology available to You when you visit the Website. You may also leverage any of the methods identified in the “Exercising Your Rights” section below in order to opt-out of certain cookies.
Third-Party Use of Cookies and Other Tracking Technologies
Our Website may contain content from and links to other sites that are operated by third parties that may use cookies. We do not control these third-party sites or cookies and this Privacy Policy does not apply to them. Please consult the terms and conditions and Privacy Policy of the relevant third-party site to find out how that site collects and uses Your information and to establish whether and for what purpose they use those cookies. If You are unclear who the responsible third party is, You can contact Us using any of the methods identified in the “Exercising Your Rights” section below.
- International Data Transfers
- In order to carry out the Processing activities described above, We may make use of subcontractors that act on Our behalf as Processors. These subcontractors will be contractually obligated by Us to Process Your Personal Information only in accordance with Our instructions, only for the purposes described above, and only for the period of time necessary to preform those purposes.
- In some cases, these subcontractors may be located outside of the data privacy jurisdiction in which You reside. In the event such international data transfers are necessary, We will take the necessary organizational, technical and contractual measures to ensure the protection of Your Personal Information. In certain situations, We may be required to disclose Personal Information in response to lawful requests from law enforcement and national security authorities of that jurisdiction.
- For questions or comments about our practices with respect to international data transfers, please refer to the “Contact Information” section at the end of this Privacy Policy.
Consequences of Not Providing Your Personal Information
- Provide the Products to You and fulfill Our contractual obligations with You;
- Fulfill legal requirements;
- Enter into a contract with related parties and continuing to contract with those related parties; or
- Maintain contact with You.
We have implemented technical, administrative, and physical security measures that are designed to protect Your Personal Information from unauthorized access, disclosure, use, and modification. Such measures include the encryption of sensitive information. We regularly review Our security procedures to consider appropriate new technology and methods. Even so, please be aware that no security measure is perfect. Thus, We cannot guarantee the security of Your Personal information at all times. You should always be vigilant when it comes to the protection of Your Personal Information.
Retention Period
Subject to any opt-out rights You may have and all applicable laws, We retain Your Personal Information for only as long as reasonably necessary to carry out the purposes for which We originally collected it, as set forth in this Privacy Policy. Notwithstanding the foregoing, we may continue to retain Your Personal Information to comply with our legal and regulatory obligations; to enable fraud monitoring, detection and loss prevention activities; to comply with our tax, accounting, and financial reporting obligations; and where required by our contractual commitments to third-parties. The retention period may also depend on the terms of any B2B Agreement we have with a B2B Party.
Additional Information on Our Policies, Standards, and Codes
For a copy of any brochures or other information that more thoroughly explain Our policies, standards, or codes with respect to Our Processing of Your Personal Information, including information about the roles and responsibilities of the members of Our personnel throughout the lifecycle of the Processing of Your Personal Information, please contact Us using the mechanisms provided for in the “Exercising Your Rights” section at the end of this Privacy Policy.
Your Privacy Rights
Depending on Your location and subject to applicable law and certain other limitations, You may have the rights set forth below with respect to Your Personal Information. To exercise any of the following rights, please refer to the “Exercising Your Rights” section at the end of this Privacy Policy.
Right of Access. You have the right to receive confirmation as to whether or not Your Personal Information is being Processed, and, where that is the case, access to and a copy of that Personal Information.
Right of Rectification. You have the right to request that We correct or update Your Personal Information that is inaccurate, incomplete or outdated.
Right to Erasure. You have the right to request the deletion of Your Personal Information in certain circumstances (but only where they are no longer required for a legitimate business purpose or required by law).
Right to Opt-Out of Direct Marketing and Targeted Advertising. To the extent that We Process Your Personal Information for the purposes of direct marketing or targeted advertising (as those terms are defined by the applicable laws of the jurisdiction in which you reside, but which generally means the display of an advertisement to You based on Personal Information about You obtained or inferred over time from Your activities across nonaffiliate websites, applications, or online applications), or to the extent that we provide Your Personal Information to others for those purposes, you have the right to opt-out of that activity.
Right to Opt-Out of the Sale of Personal Information. To the extent that We sell Your Personal Information (as that term is defined by the applicable laws of the jurisdiction in which you reside), You have the right to opt-out of that activity.
Right to Opt-Out of Automated Profiling. You have a right to opt out of any automated Processing of Your Personal Information, including for profiling purposes (as those terms are defined by the applicable laws of the jurisdiction in which You reside, and subject), but only to the extent that such Processing activities are used to make decisions which produce legal effects, or similarly significant effects, that affect You.
Right to Restrict Processing. You have the right to restrict the Processing of Your Personal Information in certain circumstances, such as when We consider another request that You have submitted.
Right to Object. In certain circumstances, You have the right to object to the Processing of Your Personal Information where the Processing is necessary for performance of a task carried out in the public interest, for Our legitimate interests, or for the legitimate interests of others. You also have the right to object where Personal Information is Processed for direct marketing purposes or for scientific or historical research purposes or statistical purposes.
Right to Data Portability. In certain circumstances, You have the right to receive Your Personal Information in a structured, commonly used, machine-readable and interoperable format and have the right to transmit that Personal Information to another organization.
Right to Withdraw Consent. In those cases where Processing is based on consent, and subject to applicable local law which provides otherwise, You have the right to withdraw Your consent at any time. This will not affect the validity of the Processing prior to the withdrawal of consent.
Right to Complain. If You believe We have not Processed Your Personal Information in accordance with applicable law, You may file a compliant with Us using the mechanisms provided for in the “Exercising Your Rights” section at the end of this Privacy Policy
Right to Correct. You have the right to request the correction of any inaccuracies in the Personal Information We hold about You, subject to certain limitations.
Promotional Offers from the Company. You have the right to opt-out of Our use of your contact information to promote Our own or third parties’ products or services. This opt out does not apply to information provided to Us as a result of a product purchase, warranty registration, product service experience or other transactions.
Changes to Our Privacy Policy
The following methods are available to send Us a request to exercise Your rights defined in this Privacy Policy or that You are otherwise entitled to under applicable law:
- Send an email with the subject line “Data Privacy Request” to: [email protected]
- Write Us at:
Covarity Inc.
Attn: Data Subject Access Request
8133 Warden Avenue, 7th Floor
Markham, Ontario L6G 1B3
Not all of Your rights can be exercised through each individual method. In some cases, you may need to utilize more than one method to exercise all of Your rights. If you have any doubt as to whether a particular method is effective with respect to a particular right, please contact Us using the email method specified above.
All requests must provide sufficient information for Us to be able to verify You are the person whose Personal Information We hold. Whenever possible, You must describe Your request in enough detail so that We can properly locate the Personal Information related to the request. We cannot respond Your request unless We can verify Your identity and locate Your Personal Information. You may designate, in writing or through a power of attorney, an authorized agent to make requests on Your behalf by contacting Us using the same methods. We may still require You to directly verify Your identity and confirm that You provided the authorized agent permission to submit the request.
Contact Information
To ask questions, or comment about this Privacy Policy and Our privacy practices, or for any other privacy-related inquiries, please:
Email Us at [email protected]
Write Us at the following postal address:
Covarity Inc.
Attn: Privacy Officer
8133 Warden Avenue, 7th Floor
Markham, Ontario L6G 1B3