Effective date: April 17, 2023
This HYAS Infosec Inc. Privacy Statement describes how we handle information we collect, including information that personally identifies you or could reasonably be used to identify you(“personal information”) and what privacy rights you may have in relation to your personal information.
Carefully read this Privacy Statement to familiarize yourself with our privacy practices. It applies to our Website (www.hyas.com), when we provide you our products and services, when you attend our events or webinars, or when you otherwise interact with us. When you use our Website or interact with us you consent to the collection and handling of your information as described below. If you do not agree with the practices described in this Privacy Statement, do not use our Website or interact with us.
Types of information we collect
We may collect the following categories of information:
• identifiers (e.g., name, account information, online and government issued identifiers)
• contact information (e.g., telephone number, email address, physical address) • payment information
• characteristics of protected classifications
• commercial information (e.g., products or services purchased or considered)
• internet, network, device, and other technical information (e.g., IP address, device and browser type, operating system, log data, passive DNS data, network traffic, malware data)
• geolocation data
• audio, electronic, visual, or similar information
• professional, employment, or education related information
• inferences drawn from categories of information identified here
• sensitive personal information
The classification of this information as personal information under applicable law depends on various factors, including the type of information and any other information that is linked or linkable to it, the jurisdiction in which the information is collected, and the purpose for which it is collected. For example, we may combine your personal information with technical information that alone does not identify you. If we do so, we will treat the combined information as personal information under this Privacy Statement.
Personal information does not include deidentified or anonymous information. We may use such information without limitation.
We obtain the above categories of information from the following sources:
• from you when you directly provide it to us or our service providers
• from your use of our Website, products, or services
• from cookies and other automatic means and tracking technologies
• from publicly available sources
• from third parties including reputable providers of licensed information
• from business partners
As mentioned above, we may obtain information related to you from third parties that obtained your prior consent to share such information with us through their privacy statement, a contract, or other mechanism allowed by applicable privacy regulations. We restructure information as we receive it and combine it with other information we collect, forming a separate and discrete data set, which is a part of our products or services. Our products and services may be offered on a paid, unpaid, or trial basis, but in all such instances must be used for the purpose of preventing, detecting, or investigating malicious, deceptive, or fraudulent cyber threats, activities, or incidents.
We use third-party analytics and service providers such as Google Analytics and HubSpot to track Website visitors to assist us for the above-mentioned purposes. If you do not want information via cookies or similar technologies to be collected and used by us or our service providers for marketing or advertising purposes, you can modify your cookie preferences at any time through our Cookie Settings link and submitting an opt-out by submitting your request via the Do Not Sell My Personal Information link at the base of our Website. You may also prevent Google Analytics processing here. In addition, you can opt out of internet-based advertising served by companies that participate in the Digital Advertising Alliance Consumer Choice tool >here, and the Network Advertising Initiative here. To learn how to limit ad tracking on your iOS device visit here, and for an Android device visit here.
Children’s personal information
Our Website and products and services are not intended for use by children under 16. If you have reason to believe that a child has provided information to us, please contact us at email@example.com. We will use commercially reasonable efforts to delete such information.
How we use collected information
We may use the information we collect for the following purposes:
• administering day-to-day business operations
• creating, verifying, and managing user accounts and features
• communicating with you and fulfilling your requests
• providing, maintaining, and improving our products and services
• testing, researching, and developing new products and services
• personalizing, advertising, and marketing our products and services
• researching, detecting, investigating, preventing, and responding to security threats
• responding and supporting law enforcement investigations
• complying with applicable laws or responding to lawful requests and processes, complying with or enforcing agreements, protecting our rights and property, and protecting the personal safety of ourselves, our clients, or third parties
• in connection with a business or financial transaction, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, securities offering, or sale of all or a portion of our assets
• as described to you at the point of data collection or handling or as otherwise permitted by law
The legal bases we rely on to process your personal information depends on our interactions with you, but they consist of (i) contractual necessity, (ii) legitimate interests, (iii) legal obligations, and (iv) consent.
Why we disclose information
We may disclose all the categories of information listed above when:
• you consent to the disclosure
• the disclosure is related to a business purpose
• the disclosure is in connection with a business or financial transaction
• the disclosure is required by law
• the disclosure is not inconsistent with this Privacy Statement or our description at the point of collection or handling
We may disclose information to the following categories of third parties:
• internally and with our affiliates, subsidiaries, and business partners
• our service providers working on our behalf
• our clients
• to an entity related to a business or financial transaction
• anyone to whom you authorize us to disclose your information
• when we believe we must to comply with the law or to protect you, or others (e.g., as part of an investigation of fraud or other malicious activity)
When we disclose personal information for a business purpose, we enter into a contract with the recipient that describes the business purpose for handling the information and requires the recipient to keep the information secure and confidential, to not use it for any purpose except performing the contract, and to comply with all applicable laws.
We are a Canadian company, and we provide products and services around the world. We may transfer your personal information outside of your country or region as necessary to fulfill the purposes described in this Privacy Statement. These areas may not be subject to laws that provide the same level of protection for personal information as the country that you are in. Therefore, to ensure the lawful transfer and adequate protection of personal information across jurisdictions, we execute a data processing agreement as required by applicable laws.
Information security and storage
We have implemented policies and procedures that include reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, and disclosure. Unfortunately, no website, server, or database is completely secure. We therefore cannot guarantee that your information will not be disclosed, misused, or lost by unauthorized acts of others. If you have reason to believe that your account has been compromised, or if you suspect someone else is using your account, please let us know immediately.
We may retain your personal information for as long as required to fulfill the original purpose for which it was collected and to comply with our legal obligations.
Your browser may allow you to set a Do Not Track signal indicating that you do not wish your online activity to be tracked. We do not respond to such signals and cannot act on them.
This section describes privacy rights you may have. The specific rights available to you often vary depending on the exact nature of our relationship with you. Examples include:
• right to request information about our collection and use of your personal information
• right to request that we delete your personal information
• right to rectify the personal information we have if it is inaccurate or incomplete
• right to restrict our processing of your personal information
• right to data portability
• right to not be subjected to automated individual decision-making
To exercise your privacy rights, send us your request using the Contact section below. The request must (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information, and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. You may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization. We may request that your authorized agent have written permission from you to make requests on your behalf and may need to verify your authorized agent’s identity. We will only use the personal information provided to verify the requestor’s identity or authority to make the request. Depending on the jurisdiction you are in, if you are unsatisfied with our response to your request, you may also have the right to submit a complaint against us to your local supervisory for data protection. We would appreciate the chance to address your concerns before you contact a supervisory authority, however, and ask that you first direct your complaint to us.
To stop receiving marketing messages from us, you can use the instructions provided at the bottom of our emails or reach out to us using the details found in the Contact section below. However, even after unsubscribing, you will still receive non-marketing communications related to your use of our products and services until you stop using them.
Our Website may include links to third-party websites, products, or services. Your access to and use of these third-party websites, products or services may result in the collection of or sharing of your personal information. These third parties have separate and independent privacy statements and we are not responsible for your interactions with such third parties.
Changes to this Privacy Statement
We may amend this Privacy Statement at our discretion and at any time, with or without notice to you. Any changes will be posted on this Website page with an updated effective date. By using the Website or interacting with us you agree to be bound by the Privacy Statement posted on our Website.
If you have any questions, comments, or requests, please contact us by email at firstname.lastname@example.org or via postal mail (marked “Attn: Legal Department”) to HYAS Infosec Inc., located at 408 – 55 Water Street, Office 8536, Vancouver, BC V6B 1A1, Canada.