Last updated: May 23, 2018
- Personal Information Protection Act (PIPA - BC),
- Personal Information Protection & Electronic Document Act (PIPEDA - ON),
- General Data Protection Regulation, (GDPR - EU)
- Data Protection Act (DPA -UK)
- Australia’s Privacy Principles (APP - AU)
- Brazilian Internet Act (BR)*
- Information Technology Act (IN),
- California Online Privacy Protection Act (CalOPPA - US), and
- any other relative legislation related to the collection, storage, destruction, use and distribution of personal data which apply to Transoft and its operations.
Transoft’s objective is to implement and maintain appropriate technical, security and organizational measures to protect personal data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.
In particular, to achieve this goal Transoft aims to ensure that personal data is:
- processed lawfully, fairly and in a transparent manner in relation to the individual (data subject) ('lawfulness, fairness and transparency');
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; However, further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes may not be considered to be incompatible with the initial purposes ('purpose limitation');
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimization');
- accurate and, where necessary, kept up to date; in this regard we will take reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy');
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by applicable laws and regulations in order to safeguard the rights and freedoms of the individual (data subject) ('storage limitation'); and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures ('integrity and confidentiality').
For the purposes of this policy, certain words and phrases used have meanings given to them as follows:
- 'personal data' means any information relating to an identified or identifiable natural person ('data subject'). In this regard, an identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This information can include an individual’s identification card, passwords, medical information, family history, opinions or beliefs, as well as facts about or related to the individual.
- 'biometric data' means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data (e.g. fingerprints);
- 'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- 'data concerning health' means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
- 'data subject' means an identified or identifiable natural person.
- 'genetic data' means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;
- 'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
- 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- 'recipient' means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
- 'restriction of processing' means the marking of stored personal data with the aim of limiting their processing in the future.
Transoft’s policy is to obtain prior consent from the data subject to the collection, use, processing or disclosure of personal data, except where otherwise required or permitted by law. Our goal is to request consent in an intelligible and easily accessible form, using clear and plain language in an intelligible and easily accessible form, using clear and plain language.
Consent may be express or implied, depending on the circumstances. When appropriate, the written consent of the individual (data subject) will be requested (i.e. by mail, email or fax or other electronic means). If the consent is given in the context of a written declaration or form which also concerns other matters, the request for consent will be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. Sometimes, an individual's consent may be obtained verbally or implied through his or her conduct or dealings with Transoft.
Transoft generally does not require an individual to consent to collection, use, processing or disclosure of personal data as a condition of the provision of a product or service, beyond that which is necessary to provide the product or service or processing is necessary for the performance of a contract to which the individual (data subject) is party or in order to take steps at the request of the individual (data subject) prior to entering into a contract. However, some personal data may be requested that is optional for an individual to provide in order to improve the user experience or to help Transoft improve the products or services it offers and provides.
Transoft may collect, use or disclose personal data without notice or consent only where permitted or required by law.
Consent may be varied or withdrawn at any time subject to legal limitations and reasonable notice if required by law (without affecting the lawfulness of processing based on consent before its withdrawal). Transoft will advise the individual of any consequences of a variation or withdrawal.
Collection and use
In order to provide services or information to its customers, prospective customers, website visitors and others, Transoft collects certain types of data from them. This section describes how data is collected and used by Transoft.
The Personal Data We Collect:
Transoft collects and retains only the personal data that is required to meet the purposes identified by Transoft. Transoft is committed to collecting personal data in a fair, open and lawful manner. For this reason, Transoft does not indiscriminately collect personal data.
The type of personal data we may collect includes contact information (such as name, postal address, email address, telephone or fax numbers, etc.) but we may from time to time request a data subject to optionally provide demographic information or product or service preferences or usage patterns.
When a data subject inquires about products or services or orders products or services, or engages in activities such as downloading demos or subscribing to online software services or software as a service, the data subject may provide information such as name, company name, job title and department, email, address, telephone and facsimile numbers, credit-card number and other relevant data.
Our website also provides for an easy way to contact us either by direct communication with us or by electronic mail (e-mail address). If a data subject contacts us by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. This personal data transmitted on a voluntary basis by a data subject to us are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
Transoft also gathers data about visits to the website, including numbers of visitors and visits, Geo-location data, length of time spent on the site, pages clicked on or where visitors have come.
This information is used by Transoft to identify its customers, prospective customers, website visitors and others and provide or offer them with products, support, services, mailings, conduct sales and marketing actions, billing and to meet contractual obligations. It is completely optional for customers, prospective customers, website visitors and others to engage in activities or obtain services offered or provided by Transoft. Depending upon the activity or service, some of the information that we ask a data subject to provide is identified as mandatory and some as voluntary or optional. If the data subject does not provide the mandatory data with respect to a particular activity, the data subject may not be able to engage in that activity or receive the applicable product or service or may not be able to fully benefit from the product or service offered.
Transoft’s policy is not to conduct processing of (a) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, or (b) genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
General Data and Information
Transoft’s website collects a series of general data and information when a data subject accesses the website. This general data and information are stored in the server log files. Collected general data may include (a) the browser types and versions used, (b) the operating system used by the accessing system, (c) the website from which an accessing system reaches our website (so-called referrers), (d) the sub-websites, (e) the date and time of access to the Internet site, (f) an Internet protocol address (IP address), (g) the internet service provider (ISP) of the accessing system, and (h) other similar data and information that may be used in the event of attacks on Transoft’s website or other information technology systems.
When using these general data and information, Transoft does not draw any conclusions about the data subject. On the contrary, this information is used to (1) help deliver the content of Transoft’s website in the intended manner, (2) improve the content of Transoft’s website as well as its advertisement and promotion, (3) improve the performance of Transoft’s website or other information technology systems, and (4) provide applicable law enforcement authorities with information necessary for criminal prosecution in case of hacking or cyber-attack on Transoft’s website or other information technology systems. Accordingly, Transoft uses anonymously collected data and information for statistical analysis with the aim of improving and protecting data security and our operations and service offerings, and to improve protection for the personal data we collect and process.
Any individual (data subject) may, at any time, prevent the setting of cookies through Transoft’s website by means of adjusting the setting of the Internet browser used. As well, cookies that have already been established may be deleted at any time through virtually all widely used Internet browsers. However, If an individual (data subject) deactivates the setting of cookies in the Internet browser used, the functions of Transoft’s website may not be fully usable by or available to that individual.
The primary purposes that Transoft collects and uses personal data is to record and support products, services and participation in the activities you select, to keep you informed about product upgrades, special offers, announcements, learning opportunities and other products and services of Transoft and to improve its website by analyzing how visitors navigate its website.
Our aim is only to conduct processing of personal data in compliance at all times with applicable legal requirements and if and to the extent at least one of the following applies:
- the individual (data subject) has given consent to Transoft’s the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract (such as an end user license agreement, on-line subscription or maintenance assurance program agreement) to which the individual (data subject) is party or in order to take steps at the request of the individual (data subject) prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which Transoft as the controller is subject;
Or in rare cases:
- processing is necessary in order to protect the vital interests of the individual (data subject) or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Transoft as the controller;
- processing is necessary for the purposes of the legitimate interests pursued by Transoft as the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual (data subject) which require protection of personal data,
If personal data is to be used or disclosed for a purpose not identified at the time of collection, individual consent will be obtained, where required by applicable law.
Sharing personal data
Transoft may also share such information with service vendors or contractors in order to provide a requested service or transaction or in order to analyze the visitor behavior on its website.
Limiting Use, Disclosure and Retention
Transoft limits its use or disclosure of personal data to the purposes for which it was originally collected, unless it has first obtained the consent of the person from whom such information was received, or as otherwise permitted or required by law. Transoft retains personal information only for as long as it is needed for the purposes for which it was collected or used, or as otherwise required by law. The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
From time to time Transoft may use a third party or a related entity to store or manage personal data on our behalf. In such circumstances, Transoft requires such service providers and related entities to protect, by contract or other means, the personal data transferred to them by Transoft. For Canada, such service providers or related entities may from time to time process or store personal data in countries other than Canada. In this event, such personal data would be subject to the laws of such countries, including those authorizing or requiring disclosure of information to government authorities.
Personal data is maintained in as accurate, complete and up-to-date form as necessary for the purpose for which it is collected, or where it is likely to be used to make a decision about an individual or is likely to be disclosed to another organization. Transoft does not routinely update personal data and relies on the individual to advise it when his or her personal data changes.
From time to time, in its sole discretion, and for a reasonable and legitimate purpose, Transoft may request written confirmation from an individual that the information collected and held by Transoft is up to date and accurate.
Personal data is protected, by appropriate technical and organizational measures including security safeguards appropriate to its sensitivity and level of risk, from unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks. Transoft’s security safeguards include:
- premises security;
- locked file cabinets and secure faxes and photocopiers;
- restricted access to personal information;
- technological safeguards such as security software and authentication methods;
- secure destruction methods including cross-cut shredding and the use of attestations of destruction;
- organizational security measures
If Transoft uses the services of any third parties to process personal data, Transoft will enter into legal agreements that require the third party to protect the personal data in a manner acceptable to Transoft and consistent with the protection provided by Transoft.
Transoft also ensures that any of its Employees who deal with personal data are properly trained and are aware of the necessary and appropriate measures required to protect personal data.
Individuals (data subjects) have specific rights to object to Transoft’s processing of their personal data if Transoft:
- processes the personal data based on an exercise of official authority (including profiling);
- uses the personal data for direct marketing (including profiling); or
- processes the personal data for purposes of scientific/historical research and statistics.
Right to Restriction of Processing
Individuals (data subjects) have the right to obtain from Transoft restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the individual for a period enabling Transoft to verify the accuracy of the personal data;
- the processing is unlawful and the individual opposes the erasure of the personal data and requests the restriction of their use instead;
- Transoft no longer needs the personal data for the purposes of the processing, but they are required by the individual for the establishment, exercise or defence of legal claims;
- the individual has objected to processing by means of automated decision-making pending the verification whether the legitimate grounds of Transoft override those of the individual.
Where processing has been restricted in this regard such personal data shall, with the exception of storage, only be processed with the individual’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of an applicable governmental authority.
Right to Erasure
Individuals (data subjects) have the right to obtain from Transoft the erasure of personal data concerning him or her without undue delay and Transoft will erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the individual (data subject) has withdrawn his or her consent on which the processing is based and where there is no other legal ground for the processing;
- the individual (data subject) objects and has a legal basis for such objection and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed; or
- the personal data have to be erased for compliance with a legal obligation to which Transoft is subject.
Notification regarding rectification or erasure of personal data or restriction of processing
Right to Object and Automated Individual Decision-Making
Individuals (data subjects) have the right to refuse to be subjected to automated decision making, including profiling and may insist on human intervention if the decision is:
- Based on automated processing; and
- Produces a legal effect or a similarly significant effect on the individual.
Right to data portability
Individuals (data subjects) have the right to receive the personal data concerning him or her, which he or she has provided to Transoft, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Transoft, where:
- the processing is based on consent or on a contract with Transoft; and
- the processing is carried out by automated means.
The exercise of the right referred to in this section shall be without prejudice to the rights of the individual for erasure. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Transoft.
Our Legal Obligation to Disclose Personal Information
We are permitted to disclose personal information when we are legally required to do so or have good reason to believe that this is legally required.
Exceptions Arising Under Law
- national security;
- public security;
- the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
- other important objectives of general public interest of governmental authority having jurisdiction over Transoft in particular an important economic or financial interest of the governmental authority, including monetary, budgetary and taxation a matters, public health and social security;
- the protection of judicial independence and judicial proceedings;
- the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
- a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a), (b), (c), (d), (e) and (g);
- the protection of the individual (data subject) or the rights and freedoms of others;
- the enforcement of civil law claims.
We may also reveal a user’s personal information without his/her prior permission only when we have good reason to believe that the disclosure of this information is required to establish the identity of, to contact or to initiate legal proceedings against a person or persons who is/are suspected of infringing rights or property belonging to Transoft or to others who could be harmed by the user’s activities or of persons who could (deliberately or otherwise) transgress upon these rights and property.
Openness and Communications
In the case of a personal data breach that is likely to result in a high risk to the rights and freedoms of natural persons, in addition to any reporting obligations to statutory authorities, Transoft will communicate the personal data breach to the affected individual (data subject) without undue delay and otherwise as required by applicable law. Such communication, if applicable, will include at least the following,
- communicate the name and contact details of the Chief Privacy Officer or other contact point where more information can be obtained;
- describe the likely consequences of the personal data breach;
- describe the measures taken or proposed to be taken by Transoft to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
However, Transoft may not be required to communicate to individuals in the event of a personal data breach if any of the following conditions are met:
- Transoft has implemented appropriate technical and organizational protection measures, and that those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption;
- Transoft has taken subsequent measures which ensure that the high risk to the rights and freedoms of individual (data subject) is no longer likely to materialize;
- it would involve disproportionate effort. In such a case, Transoft may instead issue a public communication or similar measure whereby the individuals (data subjects) are informed in an equally effective manner.
Upon written request, Transoft will inform an individual about how his or her personal data in Transoft’s custody or control has been and is being used and disclosed, including the names of individuals and organizations to whom the information has been disclosed, and will give the individual access to the personal data, subject to any limitations as permitted or required by law. Transoft authenticates the identity of the person seeking access to personal data before providing access. In responding to an access request, Transoft may charge a reasonable fee but no fee shall be charged for access to Employee personal data.
Transoft will take appropriate measures to provide any personal data relating to processing to the individual (data subject) in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The information will be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the individual (data subject), the information may be provided orally, provided that the identity of the individual (data subject) is proven by other means.
Transoft will facilitate the exercise of an individual’s rights legal rights to access personal data collected and processed by Transoft.
Transoft may deny access to personal data when required or authorized by law. Possible reasons for denying access to personal data include, but are not limited to:
- where the disclosure may reasonably be expected to threaten an individual’s safety or physical or mental health;
- where the information would reveal third party personal information;
- where the information is protected by solicitor-client privilege;
- where the information would reveal confidential commercial information; or
- Transoft demonstrates that it is not in a position or is no longer in a position to identify the individual (data subject); and
- other reasons as permitted or required by law.
Where the information can be severed and the remaining personal data can be provided, Transoft will do so. If Transoft is unable to provide access to all of the personal data it holds about an individual, then the reasons for the denial of access will be provided to the individual.
Requests for access to, or information about, personal data must be made in writing, either to the Chief Privacy Officer or Privacy Officer via email to firstname.lastname@example.org
or by postal mail at the address below. Where the requester makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the requester. Upon receipt of a request, Transoft will without undue delay advise the requester as to the steps required to carry out the access request, including the method of authenticating the individual’s identity and of any steps necessary to identify the records or information sought. The time to respond to a complete request is generally thirty (30) days, but may be extended in limited circumstances as permitted or required by law. If Transoft extends the time for response we will tell the requester the reason, the time when we expect to respond and his or her rights under the associated law(s).
If Transoft does not take action on the request, Transoft will inform the individual (data subject) without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with an applicable supervisory authority and seeking a judicial remedy.
Where Transoft has reasonable doubts concerning the identity of the requester, Transoft may request the provision of additional information necessary to confirm the identity of the requester.
Where requests are manifestly unfounded or excessive, in particular because of their repetitive character, Transoft may either:
- charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
- refuse to act on the request.
Transoft will bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
Transoft’s Data Protection Officer
The detailed contact information for Transoft’s Chief Privacy Officer and data protection officer is as follows:
Chief Privacy Officer
250-13575 Commercial Parkway
Richmond, British Columbia, Canada
Privacy Officer (Data Protection)
Transoft Solutions (Europe) BV
3011 WS Rotterdam
Requesting a Correction
Individuals have certain legal rights to obtain from Transoft without undue delay the rectification of inaccurate personal data concerning him or her. In this regard, an individual may challenge the accuracy of the personal data under Transoft’s custody or control. Where an individual successfully demonstrates that an error in the accuracy or completeness of their personal data exists, Transoft will make any necessary amendments and if appropriate, advise any third parties to whom the information was disclosed in the year prior to the date the correction was made. Taking into account the purposes of the processing, an individual will also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If the correction is not made, Transoft will annotate the information to show the challenge. Transoft will correct personal data when advised to do so by an organization that disclosed the information to Transoft.
Links to other sites
For Further Information
If you have any further questions regarding the data Transoft collects, or how we use it, then please feel free to contact us by email at: email@example.com
, or in writing at:
Transoft Solutions Inc.
Attention: Chief Privacy officer
Suite 250 – 13575 Commerce Parkway
Richmond, B.C. V6V 2L1