January 1, 2022
“Client Data” is defined as information relating to an identified or identifiable living individual that LOSANGE customers and their end-users input or upload into the software and other products, solutions or services offered by LOSANGE (collectively, “LOSANGE Products”) for processing. It does not include data LOSANGE collects from visitors to its websites, nor data LOSANGE collects about its customers or prospective customers, vendors, service providers, professional advisors, consultants, and other third parties otherwise in the course of doing business; for example, to manage LOSANGE customer accounts or to communicate with them or to engage LOSANGE vendors.
If you have any questions regarding this Policy, please email us at firstname.lastname@example.org or contact LOSANGE as described in the “How to Contact Us” section below.
SCOPE This Policy only applies to Client Data for which LOSANGE is a data processor.
COLLECTION PURPOSES, USE OF CLIENT DATA The Client Data transferred to LOSANGE for processing is determined, directed and controlled by customers, in their sole discretion. As such, LOSANGE has no control over the type, volume or sensitivity of Client Data processed through the LOSANGE Products as input by its customers or their end users. LOSANGE only processes Client Data on behalf of its customers and in accordance with their instructions provided in the applicable Customer Agreements with LOSANGE.
The Client Data processed may include the following categories of data for data subjects:
Identification information for customer’s employees, contractors, agents, end users or other third parties, including contact information (name, business entity, address, telephone number (fixed and mobile), e-mail address, fax number), employment information (job title, employer), username, geographic location, area of responsibility and IT information (IP addresses, usage data, cookies data, online navigation data, location data, browser data);
Identification information for anyone who uses the LOSANGE Products at the request of and in connection with the business of LOSANGE customers.
Any other Client Data that LOSANGE customers or their users choose to input into the LOSANGE Products or in the content of the communications that are sent to and received by LOSANGE.
LOSANGE acts as a data processor or sub-processor with respect to this Client Data. LOSANGE limits the interaction with Client Data to the following purposes:
To provide and deliver the contracted services;
To provide customer service or support;
To respond to customer’s requests
To address technical issues; and
To respond to lawful requests.
LOSANGE customers are responsible as data controllers for ensuring that (i) their end-users receive proper notice of the applicable customer’s privacy practices, (ii) Client Data is obtained in accordance with all applicable laws, and (iii) their end-users are given a choice regarding LOSANGE’s processing activities with respect to Client Data. If a customer’s end-user has any questions or concerns related to the handling of Client Data, the end-user may contact LOSANGE as described in the How to Contact Us section and LOSANGE will work with the customer to address the end-user concerns.
DATA TRANSFERS TO THIRD PARTIES LOSANGE does not sell or loan Client Data to any third parties; however, LOSANGE may share Client Data with third parties as follows:
Within LOSANGE consistent with this Policy; and
With subcontractors and other third parties under contract subject to appropriate confidentiality obligations in each case as necessary to perform business-related functions such as to help support and improve the LOSANGE Products on behalf of or at the direction of LOSANGE.
OTHER DISCLOSURES Under certain circumstances, LOSANGE may be required to disclose Client Data in response to valid requests by governmental authorities, including to meet national security or law enforcement requirements.
LOSANGE will attempt to refer any request for disclosure of Client Data by governmental authorities, including those received for national security or law enforcement reasons, to the customer. LOSANGE may, where legally obligated to do so, disclose Client Data to law enforcement or other government authorities, in which case LOSANGE will notify its customer of such a request (unless prohibited by law to do so) and will furnish only that portion of the Client Data that is legally required. LOSANGE is liable for appropriate onward transfers of Client Data to third parties.
SECURITY LOSANGE maintains, as part of its contracts with technology vendors, appropriate physical, technical, administrative, and organizational security measures to protect Client Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, including where appropriate:
the encryption of Client Data;
the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
the ability to restore the availability and access to Client Data in a timely manner in the event of a physical or technical incident; and
a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
While LOSANGE employs security measures to protect Client Data in the LOSANGE Products, LOSANGE customers, and their end-users, should only access the LOSANGE Products within a secure environment and take appropriate steps to always ensure that login credentials and passwords are always kept safe. Customers should notify LOSANGE as soon as possible if they become aware of any misuse of their user IDs, passwords, or accounts, and immediately change their passwords within the LOSANGE Products in accordance with the “How to Contact Us” section below.
RETENTION LOSANGE retains Client Data and any other data collected through the LOSANGE Products in accordance with the timeframes set out in the relevant Customer Agreements with its customers. LOSANGE’s retention periods may change:
If there is a legal obligation (or change to a legal obligation) applicable to LOSANGE (for example, certain laws require LOSANGE to keep records of transactions for a certain period before LOSANGE can delete them); and
If retention is advisable based on legal opinion (such as, for statutes of limitations, litigation or regulatory investigations).
CROSS BORDER TRANSFERS Client Data will not be transferred outside of the European Economic Area or Canada without additional contractual or extra contractual measures.
DATA ACCESS LOSANGE takes reasonable steps to determine who gains access to Client Data. LOSANGE’s User Access Management guidelines are based on the “Principle of Least Privilege,” and access to Client Data shall be limited by that principle, which requires that privileged access must be provisioned with the minimum level of access to non-public data which is required to satisfy a user’s job responsibilities.
LOSANGE’s customers who want to find out more about the data security settings on their account can refer to their agreement or other applicable Customer Agreements with LOSANGE or contact LOSANGE directly for further information.
DISPUTE RESOLUTION LOSANGE commits to resolve complaints regarding processing, use and disclosure of Client Data in accordance with this Policy. Individuals with inquiries or complaints regarding LOSANGE’s compliance with this Policy should first contact LOSANGE at: email@example.com. LOSANGE will investigate and attempt to resolve all complaints and disputes.
HOW TO CONTACT US If you have any questions regarding this Policy or if you need to request access to or update, change or remove personal information that LOSANGE processes on your behalf, you can do so by contacting:
LOSANGE FINANCE at: 4 Place Ville Marie, Montreal, QC H3B 2L4 Email: firstname.lastname@example.org
AMENDMENTS LOSANGE reserves the right to change, modify, add or remove portions of this Policy from time to time and in its sole discretion but will update the public that changes have been made by indicating on this Policy the date it was last updated.