Privacy Policy
This Privacy Policy describes the Vendor's policies and procedures on the collection, use, and disclosure of information when the Client uses the Services. It explains the Client's privacy rights and how applicable law protects Personal Data.
Related: Platform Terms , Service Level Agreement
1. INTERPRETATION AND DEFINITIONS
1.1 Interpretation
Words with an initial capital letter have the meanings defined below. These definitions apply whether the terms appear in singular or plural.
1.2 Definitions
For the purposes of this Privacy Policy:
“Account” means a unique account created for the Client or an Authorized User to access the Services or parts of the Services.
“Authorized User” means an individual employed by, consulting with, contracting with, or acting as an agent for the Client who is granted permission by the Client to access and use the Services.
“Client” means the individual or organization accessing or using the Services, including through an Account. Where the Client accepts this Privacy Policy on behalf of a company or other legal entity, “Client” means that entity.
“Cookies” are small files placed on the Client's Device by a website, containing details of browsing history on that website among other uses.
“Country” refers to Quebec, Canada.
“Device” means any device that can access the Services, such as a computer, cellphone, or digital tablet.
“Personal Data” means any information that relates to an identified or identifiable individual, including information defined as “personal data,” “personal information,” or similar terms under applicable privacy or data protection laws.
“Services” means the CartoVista platform, website, and related services accessible at https://cartovista.com/.
“Sub-processor” means any natural or legal person who processes Personal Data on behalf of the Vendor, including third-party companies or individuals engaged by the Vendor to facilitate the Services, provide the Services on the Vendor's behalf, perform services related to the Services, or assist the Vendor in analyzing how the Services are used.
“Usage Data” means data collected automatically, either generated by use of the Services or from the Services infrastructure itself (for example, the duration of a page visit).
“Vendor” means CartoVista Inc., 35 Allée de Hambourg, Suite 212-D, Gatineau, QC, Canada J9J 0G5.
2. COLLECTING AND USING PERSONAL DATA
2.1 Types of Data Collected
Personal Data
While using the Services, the Vendor may ask the Client to provide certain personally identifiable information that can be used to contact or identify the Client or an Authorized User. Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Usage Data
Usage Data
Usage Data is collected automatically when using the Services.
Usage Data may include information such as the Device's Internet Protocol address (IP address), browser type, browser version, the pages of the Services that the Client visits, the time and date of the visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
When the Client accesses the Services through a mobile device, the Vendor may collect certain information automatically, including, but not limited to, the type of mobile device used, the mobile device unique ID, the IP address of the mobile device, the mobile operating system, the type of mobile Internet browser used, unique device identifiers, and other diagnostic data.
The Vendor may also collect information that the Client's browser sends whenever the Client visits the Services or when the Client accesses the Services through a mobile device.
Tracking Technologies and Cookies
The Vendor uses Cookies and similar tracking technologies to track activity on the Services and store certain information. Tracking technologies used include beacons, tags, and scripts to collect and track information and to improve and analyze the Services. The technologies the Vendor uses may include:
- Cookies or Browser Cookies. A cookie is a small file placed on the Client's Device. The Client may instruct the browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if the Client does not accept Cookies, some parts of the Services may not function properly. Unless the browser is configured to refuse Cookies, the Services may use Cookies.
- Web Beacons. Certain sections of the Services and the Vendor's emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Vendor, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on the Client's personal computer or mobile device when the Client goes offline, while Session Cookies are deleted as soon as the web browser is closed.
The Vendor uses both Session and Persistent Cookies for the purposes set out below:
- Necessary / Essential Cookies — Type: Session Cookies. Administered by: the Vendor. Purpose: These Cookies are essential to provide the Client with services available through the Services and to enable use of certain features. They help authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services requested cannot be provided, and the Vendor uses these Cookies solely to provide those services.
- Cookies Policy / Notice Acceptance Cookies — Type: Persistent Cookies. Administered by: the Vendor. Purpose: These Cookies identify if users have accepted the use of cookies on the Services.
- Functionality Cookies — Type: Persistent Cookies. Administered by: the Vendor. Purpose: These Cookies allow the Vendor to remember choices the Client makes when using the Services, such as login details or language preference, to provide a more personal experience and avoid re-entering preferences on each visit.
For more information about the cookies the Vendor uses and choices regarding cookies, please refer to the Cookies section of this Privacy Policy.
2.2 Use of Personal Data
The Vendor may use Personal Data for the following purposes:
- To provide and maintain the Services, including to monitor the usage of the Services.
- To manage the Client's Account: to manage the Client's registration as a user of the Services. The Personal Data provided can give access to different functionalities of the Services available to registered users.
- For the performance of a contract: the development, compliance, and undertaking of the purchase contract for products, items, or services the Client has purchased or of any other contract with the Vendor through the Services.
- To contact the Client: by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including security updates, when necessary or reasonable for their implementation.
- To provide the Client with news, special offers, and general information about other goods, services, and events offered by the Vendor that are similar to those the Client has already purchased or enquired about, unless the Client has opted not to receive such information.
- To manage the Client's requests: to attend and manage requests submitted to the Vendor.
- For business transfers: the Vendor may use information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Vendor's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by the Vendor about Service users is among the assets transferred.
- For other purposes: the Vendor may use information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of promotional campaigns, and evaluating and improving the Services, products, services, marketing, and the Client's experience.
The Vendor may share Personal Data in the following situations:
- With Sub-processors: the Vendor may share Personal Data with Sub-processors to monitor and analyze use of the Services and to contact the Client.
- For business transfers: the Vendor may share or transfer Personal Data in connection with, or during negotiations of, any merger, sale of Vendor assets, financing, or acquisition of all or a portion of the Vendor's business to another company.
- With Affiliates: the Vendor may share information with its affiliates, in which case the Vendor will require those affiliates to honor this Privacy Policy. Affiliates include the Vendor's parent company and any subsidiaries, joint venture partners, or other companies under common control with the Vendor.
- With business partners: the Vendor may share information with business partners to offer the Client certain products, services, or promotions.
- With other users: when the Client shares personal information or otherwise interacts in public areas with other users, such information may be viewed by all users and may be publicly distributed outside the Services.
- With the Client's consent: the Vendor may disclose Personal Data for any other purpose with the Client's consent.
2.3 Retention of Personal Data
The Vendor will retain Personal Data only for as long as necessary for the purposes set out in this Privacy Policy. The Vendor will retain and use Personal Data to the extent necessary to comply with legal obligations (for example, if the Vendor is required to retain data to comply with applicable laws), resolve disputes, and enforce legal agreements and policies.
The Vendor will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when used to strengthen security or improve the functionality of the Services, or when the Vendor is legally obligated to retain such data for longer periods.
2.4 Transfer of Personal Data
Information, including Personal Data, is processed at the Vendor's operating offices and in any other places where the parties involved in processing are located. This means information may be transferred to — and maintained on — computers located outside the Client's state, province, country, or other governmental jurisdiction where data protection laws may differ from those of the Client's jurisdiction.
The Client's consent to this Privacy Policy followed by submission of such information represents agreement to that transfer.
The Vendor will take all steps reasonably necessary to ensure that data is treated securely and in accordance with this Privacy Policy. No transfer of Personal Data will take place to an organization or country unless adequate controls are in place, including the security of data and other personal information.
2.5 Deletion of Personal Data
The Client has the right to delete or request that the Vendor assist in deleting Personal Data collected about the Client.
The Services may give the Client the ability to delete certain information from within the Services.
The Client may update, amend, or delete information at any time by signing in to the Client's Account, if applicable, and visiting the account settings section that allows management of personal information. The Client may also contact the Vendor to request access to, correction of, or deletion of any personal information provided.
The Vendor may need to retain certain information when there is a legal obligation or lawful basis to do so.
2.6 Disclosure of Personal Data
Business Transactions
If the Vendor is involved in a merger, acquisition, or asset sale, Personal Data may be transferred. The Vendor will provide notice before Personal Data is transferred and becomes subject to a different privacy policy.
Law Enforcement
Under certain circumstances, the Vendor may be required to disclose Personal Data if required to do so by law or in response to valid requests by public authorities (for example, a court or a government agency).
Other Legal Requirements
The Vendor may disclose Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Vendor
- Prevent or investigate possible wrongdoing in connection with the Services
- Protect the personal safety of users of the Services or the public
- Protect against legal liability
2.7 Security of Personal Data
The security of Personal Data is important to the Vendor, but no method of transmission over the Internet or method of electronic storage is 100% secure. While the Vendor strives to use commercially acceptable means to protect Personal Data, absolute security cannot be guaranteed.
3. CHILDREN'S PRIVACY
The Services do not address anyone under the age of 13. The Vendor does not knowingly collect personally identifiable information from anyone under the age of 13. If the Client is a parent or guardian and is aware that a child has provided Personal Data, please contact the Vendor. If the Vendor becomes aware that Personal Data has been collected from anyone under the age of 13 without verification of parental consent, steps will be taken to remove that information from the Vendor's systems.
If the Vendor must rely on consent as a legal basis for processing information and the Client's country requires consent from a parent, the Vendor may require parental consent before collecting and using that information.
4. LINKS TO OTHER WEBSITES
The Services may contain links to other websites that are not operated by the Vendor. If the Client clicks on a third-party link, the Client will be directed to that third party's site. The Vendor strongly advises the Client to review the Privacy Policy of every site visited.
The Vendor has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party sites or services.
5. CHANGES TO THIS PRIVACY POLICY
The Vendor may update this Privacy Policy from time to time. The Vendor will notify the Client of any changes by posting the new Privacy Policy on this page.
The Vendor will let the Client know via email and/or a prominent notice on the Services, prior to the change becoming effective, and will update the “Last updated” date at the top of this Privacy Policy.
The Client is advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
6. CONTACT US
If the Client has any questions about this Privacy Policy, contact the Vendor:
- By email: dbouchard@cartovista.com
- By visiting our contact page.