January 14th, 2024
This Data Privacy Policy ("DPP") forms part of the Terms and Conditions (“Terms”) entered into between 9492-4248 Québec inc. ("Binder") and the Customer, as defined in the Terms. Customer may also be referred to in this DPP as You or Your.
In the course of providing the Services under the Terms, Binder may Process Personal Data on Your behalf and the parties hereto agree to comply with the terms and conditions in this DPP in connection with such Personal Data. This DPP shall not replace any comparable or additional rights contained in the Terms or any other terms between the parties relating to Processing data other than Personal Data.
“Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“Data Protection Laws” means all data protection laws applicable to the Processing of Personal Data under this DPP, including any local, state, national and/or foreign laws and regulations.
“Data Subject” means an individual to whom Personal Data relates.
“De-identified Data” means data that cannot reasonably be linked to an identified or identifiable natural person.
“Personal Data” means any information describing or relating to (i) an identified or identifiable natural person or household; and (ii) an identified or identifiable legal entity (where such information is protected similarly as personal data or personally identifiable information under applicable Data Protection Laws), where for each (i) or (ii), such data is Your Data. Personal Data does not include De-Identified Data.
“Personal Data Breach” means any unauthorized access, acquisition or use of Personal Data that requires Data Subject notification pursuant to any Data Protection Laws.
“Process” or “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means the Party which Processes Personal Data on behalf of the Controller.
“Sub-processor” means any Processor engaged by Binder or an Binder affiliate to assist in fulfilling Binder’s obligations with respect to the provision of the Services. Sub-Processors may include third parties or Binder affiliates but will exclude any Binder employee or consultant.
“Your Data” means the Personal Data that (i) You provide to Binder and (ii) Binder collects from You through Your use of the Services.
2.1 Roles of the Parties. The parties acknowledge and agree that, with regard to the Processing of Personal Data, Customer is the Controller, Binder is the Processor, and that Binder may engage Sub-processors, pursuant to the requirements set forth in Section 5.
2.2 Your Processing of Personal Data. You shall, in Your use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws, including any applicable requirement to provide notice to Data Subjects of the use of Binder as Processor. For the avoidance of doubt, Your instructions for the Processing of Personal Data shall comply with applicable Data Protection Laws. You shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which You acquired Personal Data. You specifically acknowledge that Your use of the Services will not violate the rights of any Data Subject that has opted-out from sales or other disclosures of Personal Data to the extent applicable under Data Protection Laws.
2.3 Binder Processing of Personal Data. Unless otherwise required or authorized by law and subject to any applicable exceptions, limitations, exemptions, and/or exclusions set forth in the Data Protection Laws, Binder shall not Process Personal Data except as necessary for the purpose of performing the Services as set forth in the Terms. The parties acknowledge and agree that Binder is permitted, for the period in which Binder is providing Services to You and any additional period required or permitted by law, to Process Your Data for the following limited purposes: (i) to provide, improve, repair, service, and develop Binder’s products and services, and to perform other internal operations, including data analytics and metrics, that are reasonably consistent with expectations around providing support for Binder’s products and services; (ii) to prevent harm to You, Binder, and to third parties; (iii) to prevent, detect, protect against, investigate, or respond to security incidents, identify theft, fraud, harassment, or malicious, deceptive, or illegal activity; (iv) to preserve the integrity or security of Binder’s products, services and internal systems; (v) to comply with any federal, state, or local laws, rules, or regulations to which Binder is subject; (vi) to cooperate with law enforcement agencies concerning conduct or activity that Binder or You, reasonably and in good faith, believe may violate federal, state, or local law; (vii) to comply with any civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, local, or other governmental authorities; (viii) to investigate, exercise, prepare for, or defend actual or anticipated legal claims; and (ix) any other purpose that Binder notifies You of and in accordance with Data Protection Laws.
2.4 Details of the Processing. The subject-matter of Processing of Personal Data by Binder is the provision of the Services that involve the Processing of Personal Data. You acknowledge and agree that, in each and every instance where You provide, submit, or transfer any of Your Data to Binder for Processing, such provision, submission or transfer does not constitute a "sale" as such term is defined under applicable Data Protection Laws.
2.5 Data Minimization. You agree to provide to Binder only the Personal Data that is necessary for Binder to provide the Services.
Binder shall, to the extent legally permitted, notify You if Binder receives a request from a Data Subject to exercise the Data Subject's right to delete, correct, or access data, or concerning any other rights under applicable Data Protection Laws, each such request being a “Data Subject Request.” Taking into account the nature of the Processing, Binder shall provide reasonable assistance to You for the fulfillment of Your obligation to respond to a Data Subject Request under Data Protection Laws. In addition, to the extent You, in Your use of the Services, do not have the ability to address a Data Subject Request, Binder shall upon Your reasonable request, provide commercially reasonable efforts to assist You in responding to such Data Subject Request, to the extent Binder is legally permitted to do so and the response to such Data Subject Request is required under Data Protection Laws. To the extent legally permitted, You shall be responsible for any costs arising from Binder’s provision of such assistance.
Binder shall ensure that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, have received reasonable training on their responsibilities and have executed written confidentiality terms. Binder shall ensure that such confidentiality obligations survive the termination of the personnel engagement. Binder shall take commercially reasonable steps to ensure the reliability of any Binder personnel engaged in the processing of Personal Data. Binder shall ensure that Binder's access to Personal Data is limited to those personnel who are necessary to provide the Services.
You acknowledge and agree that Binder may engage affiliate and third-party Sub-processors to assist with or conduct the Processing of Your Data for the purpose of performing the Services, provided that Binder: (i) exercises appropriate due diligence in selecting the Sub-processor; (ii) requires the Sub-processor to enter into a written contract that requires the Sub-processor to comply, in substance, with the confidentiality and security requirements under this DPP; and (iii) monitors the subcontractor to confirm that it complies in substance with the confidentiality and security requirements under this DPP.
Binder shall implement and maintain reasonable administrative, technical and physical safeguards appropriate to the complexity, nature and scope of its activities aimed at protecting Your Data against accidental or unlawful destruction, loss, or unauthorized access or disclosure.
Binder shall notify You without undue delay after becoming aware of a Personal Data Breach. Binder shall make reasonable efforts to identify the cause of such Personal Data Breach and take such steps as Binder deems necessary and reasonable to remediate the cause of such a Personal Data Breach to the extent the remediation is within Binder’s reasonable control. The obligations herein shall not apply to incidents that are caused by You. You are solely responsible for maintaining current and accurate contact information with Binder, including for Your administrators. At Your request, Binder will provide reasonable assistance and co-operation to assist You in fulfilling any applicable notification obligations under Data Protection Laws with respect to a Data Incident. Binder’s notification of, or response to, a Personal Data Breach shall not be construed as an acknowledgment by Binder of any fault or liability with respect to its performance under the Terms or this DPP.
Upon termination of the Services for which Binder is Processing Personal Data, Binder shall, upon Your request, and subject to the limitations described in the Terms, return all of Your Data in Binder’s possession to You or securely destroy Your Data, and demonstrate to Your satisfaction that it has taken such measures, unless applicable law prevents it from returning or destroying all or part of Your Data.
Binder shall, on written request, make available to You information that is reasonably necessary to demonstrate compliance with Binder’s obligations under this DPP and permit and contribute to reasonable audits conducted by You or an auditor retained by You. Upon Your request, Binder shall provide You with reasonable cooperation and assistance needed to fulfill Your obligations under Data Protection Laws to carry out a data protection impact assessment related to Your use of the Services, to the extent You do not otherwise have access to the relevant information, and to the extent such information is available to Binder.