ComplyWorks Privacy Policy

Last updated: November 2020

Introduction

This notice applies to our website www.complyworks.com (“Website”) and our marketing services, as related to personal information or personal data of an identified or identifiable individual from any Canadian or international jurisdiction, including EU jurisdictions.

Additional specific information is available below, for Canada and EU jurisdictions.

We may need to update this notice from time to time. Where a change is significant, we’ll make sure we let you know by sending you an email, if you are a registered user with us or by posting a visible notice on our Website.

Our Privacy Practices

Who we are

When we refer to ‘we’ (or ‘our’ or ‘us’), we mean ComplyWorks Ltd.

Our headquarters are in Calgary, Canada and we also have local offices in Toronto and internationally in Pretoria, South Africa (“Affiliates”). Our addresses are available on our Contact page.

During 2020, we were acquired by Veriforce LLC (“Affiliate”) https://veriforce.com/ which is a US based entity operating and offering similar services and products to ours.

References to our “Affiliate(s)” include companies that are under the same common ownership as ComplyWorks and the parent company of the group that owns us.

We provide an easy-to-use global online compliance platform for businesses of all sizes. If you want to find out more about what we do, see the What We Do page.

This Privacy Policy applies to personal information or personal data collected by us for our own purposes.

If you are a contractor asked to subscribe to our platform by an organization or an employee of an organization using our platform to manage their workforce compliance requirements, please contact the organization to learn more about their privacy practices. We process your personal data under their strict guidance and instructions.

What information we collect and how

We collect information by fair and lawful means and limit the collection to the personal information that is necessary for us to provide our services to you and our customers.

We collect information directly from you:

  • When you purchase one of our services, for example our training courses, we collect your name, contact details (phone, email address, physical address, company you work for or represent) and payment details. We do not store the payment details.
  • When you sign up to receive our news, updates and marketing communications, we collect your name and email address and company you work for or represent. You may unsubscribe at any time from these communications by clicking the “Unsubscribe” link in the email.
  • When you request a free demo of our platform, we collect your name, email address, company you work for, country you live in, phone number, job title and your status as a contractor, vendor or supplier.
  • When you submit a job application for one of our open positions to our dedicated email address, we will collect your name, contact details, work history, education, skills and other information you include in the body of the email and your resume.
  • When you contact us with questions and inquiries, we collect your name, contact details (phone, email address, company you work for or represent) and your user account details.
  • When you participate in any of our webinars, sales calls and other online events, we may record the call. We will announce this at the start of the call and provide a notification and link to our Privacy Policy in the meeting invite.
  • When you contact us directly by phone, we may record the call with you for training purposes.

We strive to obtain your consent when we collect your personal information unless the applicable privacy legislation allows collection without consent.

We collect Information automatically

We collect some information about you automatically when you visit our Website or use our online compliance platform, like your IP address, browser type, site clicks etc.

For some interactions with our Website, we may use the Google Anonymizer tool to hide your IP address. The tool collects information such as the country of registration of your device, time of visit, pages visited and time spent on each page of the webpages; referring site details (such as the URI a user came through to arrive at this site); type of web browser; type of operating system (OS); Flash version, JavaScript support, screen resolution and screen color processing ability.

This information helps us understand how you’re using our Website and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see).

Some of this information may also be collected using cookies and similar tracking technologies. We have added more information about the types of cookies we use, in the Cookies section at the bottom of this Privacy Policy.

We collect information from other parties

Limited personal information such as name, company you work for, contact details, job role, work email and telephone number may be collected from an organization that has contracted our services. The purpose of this information is to allow us to invite you to subscribe to our compliance platform on behalf of our customer organization.

We may also collect, use or purchase lists of contact details for marketing purposes from third parties. This information is generally information that you have posted on social media sites and other publicly available information. We will process this information as described in this Privacy Policy.

How we use your personal information

We use the personal information for the following reasons:

  • To provide to you the services you purchased from us, such as online training
  • To communicate with you, as needed, to ensure you receive the purchased services or to provide you with information you have requested from us
  • To communicate to you operational changes, security updates, user account maintenance and support information
  • To process the payment you made for the purchased services
  • To deliver marketing communications in accordance with your marketing preferences
  • To support you and provide assistance with the resolution of technical support issues or other issues relating to the Website or services, whether by email, by phone or otherwise
  • To enhance our Website and services and develop new ones. For example, by tracking and monitoring your use of Website and services so we can keep improving or by carrying out technical analysis of our Website and services so that we can optimise your user experience and provide you with more efficient tools
  • To protect ourselves and you through detection and prevention of any fraudulent or malicious activity and to make sure that everyone is using our Website and services fairly and in accordance with our terms and conditions available on our platform once you have logged in at https://new.complyworks.com/public/ComplyWorks_User_Agreement.pdf
  • To carry out various analysis and gather metrics related to our performance of our services and interactions with you in order to deliver enhanced services to you
  • To carry out market research about our products and services and to understand our customer base

How we share your information

We do not generally share your personal information but if we need to, we will only disclose your personal information to:

  • Our Affiliates. These are companies that are under the same common ownership as ComplyWorks and the parent company of the group that owns us.
  • Third party service providers and partners who assist and enable us to carry out our services, for example:
    • to support delivery of or provide functionality on the Website or services,
    • to provide IT managed services and server hosting services
    • to provide credit card payment services, or
    • to market or promote our goods and services to you
  • Regulators, law enforcement bodies, government agencies, courts or other third parties where it’s necessary to comply with applicable laws or regulations or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
  • An actual or potential buyer (and its agents and advisors) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
  • Other people and businesses where we have your consent, for example if you wish to display your business credentials to specific Employers in our database

How we store your personal information and how long for

Your personal information is stored on servers in Canada. Security of your personal information is a priority for us and have appropriate technical and organisational measures in place to make sure that your personal information is protected.

The length of time we keep your personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).

We’ll retain your personal information for as long as we have an ongoing relationship with you and for a period of time afterwards where we have an ongoing business need to retain it. Following that period, we’ll make sure it’s deleted or anonymized.

Your rights

It’s your personal information and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time by following the unsubscribe instructions contained in the marketing communications or make your request on the Contact page.

Based on the country you live in, you may also have the following rights:

Your right of access - You have the right to ask us for copies of your personal information.

Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing (for EU based individuals) - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing (for EU based individuals) - You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability (for EU based individuals) - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Your right to withdraw consent – You have the right to withdraw consent at any time, for our collection and use of any of your personal information that was collected based on your consent.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Security and confidentiality

ComplyWorks has implemented commercially reasonable and appropriate technical, physical, and organizational measures to protect employee and client data from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, acquisition, or access during the processing, which will meet the requirements of applicable legislation, or any stricter requirements, as applicable.

For individuals based in European Union, EEA, Switzerland and UK

For listing of what countries are in the EU or EEA see https://europa.eu/european-union/abouteu/countries_en#other-european-countries and https://ec.europa.eu/eurostat/statisticsexplained/index.php/Glossary:European_Economic_Area_(EEA).

The information below should be read in addition to the information in the section Our Privacy Practices.

ComplyWorks may act as controller or processor of your personal data.

We act as controller in the following situations:

  • when we collect your personal data through your direct interactions on our Website
  • when we collect your personal data automatically
  • when you interact with us directly at trade shows, events, through training and informational programs etc

We act as processor of your personal data every time we collect your personal data though our subscription based application website (https://new.complyworks.com), at the direction of one of our client employers or at your direction. We only process your personal data only as instructed or permitted by our client employer or you.

We have appointed a EU and UK representative, DataRep, which you may contact as follows:

  • sending an email to DataRep at datarequest@datarep.com quoting “ComplyWorks Ltd” in the subject line,
  • contacting us on our online webform at https://www.datarep.com/data-request, or
  • mailing your inquiry to DataRep at the most convenient addresses
    Country Address
    Austria DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria
    Belgium DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium
    Bulgaria DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria
    Croatia DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia
    Cyprus DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus
    Czech Republic DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic
    Denmark DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark
    Estonia DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia
    Finland DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland
    France DataRep, 72 rue de Lessard, Rouen, 76100, France
    Germany DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany
    Greece DataRep, 24 Lagoumitzi str, Athens, 17671, Greece
    Hungary DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary
    Ireland DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland
    Italy DataRep, BPM 335368, Via Roma 12, 10073 , Turin, Italy
    Latvia DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia
    Lithuania DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania
    Luxembourg DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg
    Malta DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta
    Netherlands DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands
    Poland DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland
    Portugal DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal
    Romania DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania
    Slovakia DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia
    Slovenia DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia
    Spain DataRep, BPM 335368, Avd. Castilla La Mancha Nº 70-1 (Nave A), 45270, Mocejon-Toledo, Spain
    Sweden DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden
    United Kingdom DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom

Legal basis for processing

We process your personal data using the following legal bases:

  • consent. We obtain and record your consent every time you submit your personal data to us (for example, to register for news and marketing updates)
  • contractual. We process your personal data in order to deliver any contracted services (for example, processing payment for a purchased training course)
  • legitimate interest. We process your personal data for our business interests such as improvement of our services and Website content. (for example, automatic collection of IP addresses when Google Anonymizer tool may not be used.

International Data Transfers

We collect and process your personal data in Canada which is a country benefitting from the adequacy status granted by the European Union. This means that the European Commission has decided that the legal framework in Canada provides ‘adequate’ protection for individuals’ rights and freedoms for their personal data.

We may also transfer the personal data to other countries or international organizations, such as our Affiliates and some service providers but we will only do so where we have approved transfer mechanisms in place to protect your personal data, such as European Commission’s Standard Contractual Clauses and Data Sharing agreements.

How to contact us

If you would like to get in touch with us with any privacy related questions/comments or if you would like to exercise your rights, please get in touch with us, Contact page or by writing to us at: ComplyWorks Privacy Officer Suite 200, 4838 Richard Road SW Calgary, Alberta Canada T3E6L1.

We will get back to you within regulatory or reasonable timelines.

If you are located in the EU, you also have a right to complain to your local data protection authority. Visit their websites to understand how to submit a complaint. Here is a list of EU data protection authorities and their addresses https://ec.europa.eu/info/law/law-topic/dataprotection/reform/what-are-data-protection-authorities-dpas_en.

Please note this is an external website over which we have no control; please check their Privacy Policy to understand what personal information they collect and how they use it.

For individuals based in Canada

The information below should be read in addition to the information in the section Our Privacy Practices.

We process your personal information as per requirements of provincial and federal Canadian privacy legislation.

Your rights to the personal information are:

Right to access

  • End users, ie users of our Platform, may see what personal information we have on them, by accessing the user account.
  • Other individuals may contact us using the contact details from Contact page to obtain more information about what personal information we have and also to obtain a copy of their personal information.

Right to be informed

  • We provide information on our privacy practices through this Privacy Policy and privacy notices displayed to you at point of collection.

Right to rectification

  • You may contact us to request correction of the personal information we have on you, if you believe it is inaccurate or incomplete.

Right to deletion

  • You may have the right to request deletion of your personal information. This right is subject to contractual obligations between us and you as well as to other legal requirements.

To exercise any of your rights, please contact us using the details from Contact page.

You also have the right to complain to the federal or provincial Privacy Commissioners or request any decision reviews.

Here are the details:

Privacy Commissioner of Canada, 112 Kent Street, Ottawa, Ontario, K1A 1H3 -or- to the Office of the Information

For contact information for all provincial privacy commissioners or ombudsman, see https://www.priv.gc.ca/en/about-the-opc/what-we-do/provincial-and-territorialcollaboration/provincial-and-territorial-privacy-laws-and-oversight/