Privacy Policy

Introduction

Automatic Collection

When you access or use our Services, we automatically collect certain information about your device and your interaction with our Services. This section describes the types of information we collect automatically.

Device and Usage Information

We collect information about how you access our Services, including:

• Device type, such as desktop, mobile, or tablet
• Operating system and version
• Browser type and version
• IP address
• Device identifiers (such as advertising IDs)
• Regional and language settings
• Network information
• Internet service provider

Browsing Information

As you navigate through our Services, we collect information about your browsing actions, including:

• Pages or screens you view
• Links you click
• Date and time of your visits
• Duration of time spent on pages
• Referring website, search terms, or links that directed you to our Services
• Features used and content viewed
• User preferences and settings

Tracking Technologies

We use various tracking technologies to collect information automatically, including:

• Cookies: Small data files stored on your device that help us improve our Services and your experience, see patterns in how users interact with our Services, and recognize returning users
• Pixels and Beacons: Electronic images that help us deliver cookies, count visits, understand usage, and determine the effectiveness of communications
• Local Storage: Features that allow websites to store data locally on your device, enabling features like automatic sign-in and site preferences
• Analytics Tools: Third-party services that help us understand how users interact with our Services

For more information about how we use cookies and your choices regarding cookies, please see the “Cookies” section of this Privacy Policy.

Personal Information

In addition to the information we collect automatically, we also collect various types of personal information directly from you or from third parties. This section describes the categories of personal information we collect and the sources of this information.

Information You Provide to Us

We collect personal information you provide directly to us, including:

• Account Information: When you create an account, we collect your name, email address, password, company name, job title, and other profile information
• Contact Information: Your name, email address, postal address, phone number, and other contact details
• Payment Information: Your credit card details, billing address, and other payment information (though we do not store full credit card numbers or CVV codes)
• Service Usage Information: Information about the services you are interested in or have purchased
• Communications: Information you provide in communications with us, including customer support requests, feedback, and survey responses
• User Content: Information you provide when you participate in forums, discussions, or other interactive features of our Services

Business Client Information

As a B2B service provider, we collect and process information about our business clients, including:

• Business contact information of representatives and employees
• Business and financial information necessary for contracting
• Account credentials for authorized users
• IT infrastructure details necessary for service delivery
• Service usage data, including logs, configurations, and performance metrics
• Contract and billing information

Information From Third Parties

We may collect personal information from third parties, including:

• Business Partners: Information shared by our business partners, resellers, or distributors when you purchase our services through them
• Service Providers: Information from service providers that help us operate, improve, and market our Services
• Identity Verification Services: Information to verify your identity when required for security purposes
• Public Sources: Publicly available information such as business contact information, professional profiles, or information shared on public social media platforms

Information We Derive

We may derive information about you based on the information we collect. For example, we may derive:

• Your general geographic location based on your IP address
• Your preferences based on your usage of our Services
• Industry insights based on aggregated client data
• Security risk profiles based on login patterns and device information

Use and Processing

We use the information we collect for various purposes described in this section. How we use your information depends on your relationship with us, the services you use, and the choices you make.

How We Use Your Information

We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We use the information that you provide for the following:

• To identify who you are.
• To provide you with the products and services you've requested.
• To administer your account. Including processing your payments and fulfilling your orders.
• To contact you about your account and provide customer service support, including responding to your comments and questions.
• To share information about your account or activity with you.
• To ask you for feedback about our products and services.
• To engage in marketing activities, such as sending you targeted ads.
• To deliver content, products, and services that may be of interest to you.
• To process your entries into sweepstakes, contests, or giveaways.
• To improve our products and services and develop new ones.
• To comply with the law.
• To detect, investigate, and prevent fraudulent transactions and other illegal activities and protect our rights and property as well as our users and merchants.

Legitimate Business Purposes

We may use your personal information for our legitimate business purposes, including:

• Service Delivery: Providing, maintaining, and improving our Services
• Security: Protecting against security breaches, unauthorized transactions, theft, fraud, and other harmful activity
• Communications: Sending service announcements, updates, security alerts, and support messages
• Analytics: Understanding how our Services are used and improving our offerings
• Research and Development: Developing new products, services, and features
• Marketing: Marketing our Services and providing personalized content and recommendations

Automated Decision Making

In some cases, we may use automated processing of your information to make decisions or take actions that may affect your access to our Services or how you experience them. For example:

• Fraud detection and prevention systems that may block transactions or activities
• Security systems that may restrict access based on login patterns or device information
• Content recommendation systems that personalize your experience

You have the right to object to automated decision-making in certain circumstances. Please see the “User Rights” section for more information on how to exercise this right.

Legal Bases for Processing (GDPR and Similar Regulations)

For individuals in regions where laws like the GDPR apply, we process personal information on the following legal bases:

• Consent: When you have given your consent to the processing
• Contractual Necessity: When processing is necessary to perform a contract with you
• Legal Obligation: When we need to comply with a legal obligation
• Legitimate Interests: When processing is in our legitimate interests and not overridden by your rights
• Vital Interests: When processing is necessary to protect someone's life
• Public Interest: When processing is necessary for a task carried out in the public interest

Billing and Payments

This section describes how we handle billing information and process payments when you purchase our products and services.

Payment Processing

When you make a purchase from us, we collect payment information, which may include:

• Credit or debit card information
• Bank account information for electronic funds transfers
• Billing address
• Payment history
• Other payment information necessary to process your transaction

Our third-party payment processor stores your credit card data. This information is encrypted and stored with “reasonable security measures.” For more information on how payments are handled, or to understand the data security and privacy afforded such information, please refer to our third-party payment processor's terms of use and privacy policy.

Billing Records

We maintain records of your billing and payment information for:

• Processing payments for products and services
• Facilitating automatic renewals if you have opted in to such services
• Providing receipts and invoices
• Responding to disputes or inquiries about charges
• Complying with tax and accounting obligations

Retention of Billing Information

We retain billing and payment information as necessary to:

• Process recurring payments if you have an ongoing subscription
• Comply with financial regulations and tax requirements
• Prevent fraud and unauthorized transactions
• Address disputes or refund requests

We retain billing records for the period required by applicable financial and tax regulations, typically 7 years.

Your Choices

You have certain choices regarding your billing and payment information:

• Update or correct your billing information in your account settings
• Delete saved payment methods (except as needed for active subscriptions or as required by law)
• Opt out of automatic renewals where available
• Request a copy of your billing records as part of your general data access rights

Managing Information

We provide various ways for you to access, update, delete, and manage your personal information. This section explains how you can manage the information we hold about you.

Your Account

If you have an account with us, you can access and update certain information through your account settings. You can:

• Update your profile information, such as your name, email address, and password
• Update your communication preferences
• View your order history and subscription information
• Manage your saved payment methods
• Update your marketing preferences

Communication Preferences

You can manage your communication preferences in the following ways:

• Email Preferences: You can update your email preferences or unsubscribe from marketing emails by clicking the unsubscribe link in any marketing email we send or by updating your preferences in your account settings
• Service Communications: You may not opt out of service-related communications (such as account verification, purchase confirmations, technical notices, and security alerts), as these are necessary for the operation of our Services
• Push Notifications: If you have installed our mobile app, you can manage push notification preferences through your device settings

Cookies and Tracking Technologies

You have several options for managing cookies and other tracking technologies:

• Cookie Preferences: You can manage your cookie preferences through our cookie banner or preference centre
• Browser Settings: Most web browsers allow you to control cookies through browser settings, including rejecting cookies or clearing stored cookies
• Do Not Track: You can enable Do Not Track (DNT) in your browser, though our response to DNT signals may vary
• Ad Choices: You can opt out of interest-based advertising through industry tools like the Digital Advertising Alliance or Network Advertising Initiative

Deleting Your Information

You can request deletion of your personal information in the following ways:

• Account Deletion: You can request to delete your account through your account settings or by contacting us
• Specific Information: You can request deletion of specific information by contacting our support team
• Retention Limitations: Some information may be retained for legitimate business or legal purposes, even after you request deletion

Please note that deleting your information or account may impact your ability to use our Services. For more information on your rights related to your personal information, please see the “User Rights” section of this Privacy Policy.

Disclosure

We may share your personal information with third parties in certain circumstances. This section describes when and why we may disclose your information to others.

Service Providers

We share personal information with service providers who help us operate, improve, and secure our Services. These service providers include:

• Hosting and infrastructure providers
• Payment processors
• Customer support services
• Analytics providers
• Email and communication service providers
• Security and fraud prevention services
• Marketing and advertising partners

We require all service providers to respect the security and confidentiality of your information and to use it only for the specified purposes for which it was shared.

Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you of any change in applicable policies.

With Your Consent

We may share your personal information with third parties when you have given us your consent to do so. For example, we may ask for your consent to:

• Feature your testimonial or feedback on our website
• Share your information with specific business partners
• Integrate with third-party services you use
• Participate in case studies or research

Aggregated and De-identified Information

We may share aggregated or de-identified information that cannot reasonably be used to identify you. For example, we may share:

• Aggregated statistics about service usage
• De-identified data for research and analysis
• Industry trend information
• Performance benchmarks

Third-Party Disclosure Limitations

We implement various safeguards to limit third-party disclosure risks:

• Data Processing Agreements: We enter into contracts with service providers that restrict how they can use your information
• Security Assessments: We evaluate the security and privacy practices of our service providers
• Minimization: We share only the information necessary for the specific purpose
• Access Controls: We implement technical restrictions on access to shared information

Retention

This section explains how long we keep your personal information and what factors we consider when determining retention periods.

General Retention Principles

We retain your personal information for as long as necessary to:

• Provide our Services to you
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements
• Protect our legitimate business interests

When determining appropriate retention periods, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information, and applicable legal requirements.

Specific Retention Periods

While retention periods vary based on the type of information and purpose of processing, here are general guidelines for specific categories:

• Account Information: Retained for the duration of your account plus a reasonable period after account closure (typically 1-2 years)
• Transaction Records: Retained for 7 years to comply with tax and financial regulations
• Customer Service Communications: Retained for 2-3 years after resolution
• Marketing Preferences: Retained until you opt out or withdraw consent
• Usage Data: Retained in identifiable form for 1-2 years, then aggregated or anonymized
• Cookies and Tracking Data: Varies by cookie type (see our Cookie Policy), typically between one session and 2 years

Exceptions to Retention Periods

In some cases, we may retain your information for longer periods, such as:

• When required by law, regulation, or legal process
• For ongoing legal claims or disputes
• To prevent fraud or abuse
• To protect legitimate business interests
• When you request that we keep your information

Deletion and Anonymization

When the retention period expires, we will either delete, anonymize, or aggregate your personal information so that it can no longer be associated with you. The choice between deletion and anonymization depends on:

• Technical feasibility of secure deletion
• Business need for historical analytics
• Legal requirements for information handling
• Risk assessment of potential re-identification

Transfer of Information

Tridacom IT Solutions is based in Canada, and we process and store information on servers located in Canada and potentially other countries. This section explains how we handle cross-border transfers of your personal information.

Global Operations

As a global service provider, we may transfer your personal information to, and process it in, countries other than the one in which you reside. These countries may have data protection laws that are different from those in your country of residence.

When we transfer your information across borders, we take appropriate measures to ensure that your personal information receives an adequate level of protection in the countries where we process it.

Transfer Mechanisms

We use various legal mechanisms to ensure adequate protection for cross-border transfers of personal information, including:

• Adequacy Decisions: Transferring data to countries that the relevant authorities have determined provide adequate protection
• Standard Contractual Clauses: Implementing contracts approved by regulatory authorities that ensure appropriate data protection
• Binding Corporate Rules: Where applicable, applying approved internal rules for transfers within our corporate group
• Consent: Obtaining your explicit consent for certain transfers, after informing you of the potential risks
• Necessary Transfers: When the transfer is necessary for the performance of a contract or for important public interest reasons

Regional Considerations

We comply with specific regional requirements for cross-border transfers, including:

• European Economic Area (EEA): For transfers from the EEA to countries without an adequacy decision, we implement appropriate safeguards as required by GDPR
• Canada: We comply with requirements under PIPEDA (and CPPA when enacted) for transfers of personal information outside Canada
• California: We adhere to CCPA/CPRA requirements regarding disclosure of cross-border transfers
• Other Regions: We monitor and comply with evolving requirements in other jurisdictions where our customers are located

Your Rights Regarding Transfers

Depending on your location, you may have specific rights related to cross-border transfers of your personal information. These may include:

• The right to be informed about transfers to other countries
• The right to obtain a copy of the safeguards we use for transfers
• The right to object to certain transfers
• The right to withdraw consent to transfers based on consent

To exercise these rights or for more information about our transfer mechanisms, please contact us using the information provided in the “Contacting Us” section.

User Rights

How to Exercise Your Rights

You can exercise your privacy rights through multiple convenient channels:

Limitations and Exceptions

While we strive to honor all legitimate privacy rights requests, there may be situations where we cannot fully fulfill your request or may need to limit its scope:

If we cannot fully comply with your request, we will explain why and inform you about your right to file a complaint with the Office of the Privacy Commissioner of Canada or other relevant supervisory authorities.

International Users

Our services are primarily designed for users in Canada and the United States, but we welcome users from around the world. This section provides additional information for international users.

Regional Privacy Rights

Depending on your location, you may be entitled to specific privacy rights under local laws. We have summarized key regional provisions below.

Language and Accessibility

This Privacy Policy is available in English. In certain regions, we may provide translations as required by local law. In case of any discrepancy between the English version and any translation, the English version will prevail.

We are committed to making our Privacy Policy accessible to all users, including those with disabilities. If you need this Privacy Policy in an alternative format, please contact us at privacy@tridacom.com.

Security

We take the security of your personal information seriously and employ a variety of measures to protect it from unauthorized access, alteration, disclosure, or destruction.

Technical Safeguards

We implement technical measures to protect your personal information, including:

• Encryption: We use industry-standard encryption to protect data in transit and at rest, including TLS/SSL for data transmission and AES-256 for stored data
• Access Controls: We implement multi-factor authentication, role-based access controls, and least privilege principles
• Network Security: We employ firewalls, intrusion detection systems, and other network security measures
• Vulnerability Management: We conduct regular security assessments, penetration tests, and vulnerability scans
• Monitoring: We maintain logging systems to detect and respond to unusual activities

Organizational Measures

Our security program includes organizational measures such as:

• Security Policies: We maintain comprehensive security policies and procedures
• Employee Training: We provide regular security awareness training to all employees
• Third-Party Assessments: We conduct security assessments of our service providers
• Incident Response: We maintain incident response plans to address security incidents promptly
• Business Continuity: We implement business continuity and disaster recovery plans

Security Certifications and Frameworks

We align our security practices with recognized security frameworks and standards, including:

• ISO 27001 (Information Security Management)
• NIST Cybersecurity Framework
• CIS Controls
• SOC 2 compliance principles

Your Role in Security

While we implement robust security measures, the security of your account also depends on your actions. We recommend that you:

• Use strong, unique passwords for your account
• Enable multi-factor authentication when available
• Keep your login credentials confidential
• Be alert to phishing attempts and suspicious activities
• Keep your devices and software updated
• Review your account activity regularly and report any suspicious activity

Note: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Data Breach

Despite our best efforts to protect your information, security incidents may occur. This section explains how we handle data breaches and our notification procedures.

What Is a Data Breach?

A data breach is a security incident in which sensitive, protected, or confidential information is accessed, disclosed, altered, or destroyed without authorization. Data breaches may involve:

• Unauthorized access to our systems or databases
• Theft or loss of devices containing personal information
• Accidental disclosure of personal information
• Malicious attacks such as hacking, malware, or phishing
• Employee misconduct or negligence

Our Response to Data Breaches

In the event of a data breach, we will take the following steps:

1. Containment and Assessment: We will act promptly to contain the breach and assess its scope and severity
2. Investigation: We will conduct a thorough investigation to determine the cause and extent of the breach
3. Remediation: We will take steps to address the cause of the breach and prevent similar incidents in the future
4. Notification: We will notify affected individuals, regulatory authorities, and other relevant parties as required by law
5. Review: We will review and update our security practices as necessary

Notification Process

Our data breach notification process follows these principles:

• Timeliness: We will notify affected individuals without undue delay, typically within 72 hours of discovering a breach, where feasible
• Clarity: Notifications will be clear, concise, and in plain language
• Relevance: We will provide information relevant to the specific breach, including the nature of the breach, types of data affected, and potential consequences
• Actionable: We will include guidance on steps individuals can take to protect themselves
• Accessible: Notifications will be delivered through appropriate channels to reach affected individuals

Risk Assessment

When assessing the risk posed by a data breach, we consider factors such as:

• The nature, sensitivity, and volume of the affected personal information
• The ease of identification of individuals from the affected information
• The severity of consequences for affected individuals
• The likelihood of the information being misused
• Special characteristics of affected individuals (e.g., children or vulnerable adults)

If You Receive a Breach Notification

If you receive a notification from us about a data breach, we recommend you:

• Read the notification carefully and follow any specific instructions provided
• Change your password and update security questions for affected accounts
• Monitor your accounts for suspicious activity
• Be vigilant against phishing attempts that may try to exploit the situation
• Consider placing a fraud alert or credit freeze with credit reporting agencies if appropriate
• Contact us if you have questions or concerns about the breach

Changes and Amendments

This Privacy Policy may be updated from time to time to reflect changes to our practices, technologies, legal requirements, and other factors. This section explains how we handle changes to this Privacy Policy.

Policy Updates

We reserve the right to modify this Privacy Policy at any time. When we make changes to this Privacy Policy, we will:

• Post the updated Privacy Policy on our Website
• Update the “Last Updated” date at the top of this Privacy Policy
• Notify you of material changes through appropriate channels, which may include email notifications, prominent notices on our Website, or other means

Your Continued Use

Your continued use of our Website and services after the effective date of any changes to this Privacy Policy constitutes your acceptance of those changes. If you do not agree to the revised Privacy Policy, you should discontinue your use of our Website and services.

Policy Review

We encourage you to review this Privacy Policy periodically to stay informed about our information practices and your privacy rights and choices. This Privacy Policy is accessible from the footer of our Website or through the “Privacy Policy” link in your account settings.

Acceptance of This Policy

By accessing, using, or continuing to use our Website and services, you confirm that you have read, understood, and agreed to this Privacy Policy. This section explains the implications of your acceptance.

Your Acknowledgment

By using our Website and services, you acknowledge that:

• You have read this Privacy Policy in its entirety
• You understand how we collect, use, disclose, and protect your information
• You consent to our processing of your personal information as described in this Privacy Policy
• You are aware of your privacy rights and how to exercise them

Legal Basis for Processing

Your acceptance of this Privacy Policy provides us with one of several legal bases for processing your personal information, as required by applicable privacy laws. Depending on the circumstance, we may also process your information based on:

• The performance of a contract with you
• Compliance with a legal obligation
• Protection of your vital interests or those of another person
• Our legitimate interests, which are not overridden by your rights
• Other legal bases as provided by applicable law

Age Restrictions

Our Website and services are not intended for use by individuals under the age of 16. By using our Website and services, you confirm that you are at least 16 years old or that you are using our Website and services with the consent and supervision of a parent or guardian.

Contacting Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us. We are committed to addressing your privacy concerns promptly and thoroughly.

Contact Information

You can contact us using the following information:

• Data Protection Officer: privacy@tridacom.com
• Phone: +1 (450) 471-3445
• Mail: Tridacom IT Solutions, 50 Queen St N, Kitchener, ON N2H 6P4, Canada
• Online Form: Contact Form

Complaints

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with:

• The Office of the Privacy Commissioner of Canada (OPC): www.priv.gc.ca
• Your local data protection authority if you are located outside of Canada

Privacy Policy Accessibility

This Privacy Policy is available in alternative formats upon request. If you require this Privacy Policy in a different format due to accessibility needs, please contact us using the information provided above.