Paper Interactive, Inc., dba Athennian, and its subsidiaries and affiliates (“Athennian”, “we”, “our” or “us”) are committed to protecting your privacy and safeguarding your personal Information.
• Interact with or use our Websites, including (without limitation) downloading materials from our resources page or requesting a demo,
• Register for and/or attend any of our events, webinars, or the conferences we attend (collectively “Events”), or
• If you use any of our products, services, or applications (including any trial versions of same) (collectively the “Services”) in any manner.
1. Meaning of personal information
"Personal information" means information about an identifiable individual. This information may include (without limitation) your name, mailing address, e-mail address, telephone number, passport number and birth date.
Personal information does not include any business contact information that is solely used to communicate with you in relation to your employment, business, or profession, such as your name, position or title, work address, work telephone number, work fax number or work email address.
Personal information also does not include information that has been anonymized or aggregated in such a way that there is no serious possibility it can be used to identify an individual, whether on its own or in combination with other information.
2. Your consent to collection, use and disclosure
We collect, use, and disclose your personal information with your consent or as permitted or required by applicable law. How we obtain your consent (i.e., the form we use) will depend on the circumstances, as well as the sensitivity of the information collected. Subject to applicable laws, your consent may be express or implied depending on the circumstances and the sensitivity of the personal information in question.
If we want to use your personal information for a purpose not previously identified to you at the time of collection, we will seek your consent prior to our use of such information for this new purpose.
You may withdraw your consent to our collection, use or disclosure of your personal information at any time by contacting us using the contact information in the “Contact information” section below. However, before we implement the withdrawal of consent, we may require proof of your identity. In some cases, withdrawal of your consent may mean that we will no longer be able to provide you with access to our Websites, Events, or the Services.
3. What personal information do we collect?
Personal information collected
We collect personal information necessary to provide you with access to the Websites, Events, and the Services. In order to do so, Athennian must collect information to identify users, and to allow our users to identify each other.
Personal information you provide
From Websites or Events: We may collect any personal information that you choose to submit, send, or otherwise provide to us, for example, on our “Request a Demo” (or similar) online form or if you register for an Athennian webinar. If you contact us through the Websites, we will keep a record of our correspondence.
From the Services: We receive and store information that you submit, send, or provide directly to us. For example, when setting up new users, we collect certain personal information to provide the Services.
Information automatically collected
When you use the Websites: When you visit the Websites, we collect certain information related to your device, such as (without limitation) your device’s Internet Protocol (“IP”) address, referring website, what pages your device visited, and the time that your device visited our Website.
When you use the Services:
• Customer data - If you use the Services, you will provide data to us about the legal entities you manage (“Customer Data”). The Customer Data may include some personal information about shareholders, partners, limited partners, directors, officers, employees, and other individuals connected with the legal entities. We collect, use, and disclose that personal information only as a data processor for our customer, and we make no use or disclosure of that personal information other than to provide the Services to our customer or as otherwise expressly permitted in our contract with our customer.
• Usage information - We keep track of user activity in relation to the types of Services that our customers’ and their users’ use, the configuration of their computers, and performance metrics related to their use of the Services.
• Log information - We log information about our customers and their users using one of the Services, including (without limitation) their IP addresses.
• Information collected by cookies and other similar technologies - We use various technologies to collect information which may include saving cookies to users’ computers. For additional information, please read the section below titled “Cookies and other Tracking Technologies”.
• Customer feedback - While using the Services, you may be asked to provide feedback (e.g., in the software directly, after receiving help from our support team, or in surveys). Providing this feedback is entirely optional.
4. How do we use your personal information?
Websites or Events
We will use the information collected via our Websites:
• To administer our Websites, our events and for internal operations, including (without limitation) troubleshooting, data analysis, testing, statistical and survey purposes;
• To improve our Websites to ensure that content is presented in the most effective manner for you and for your device;
• For trend monitoring, marketing, and advertising;
• For purposes made clear to you at the time that you submit your information - for example, to fulfill your request for a demo, to provide you with access to one of our webinars or white papers, or to provide you with information that you have requested about our Services; and
• As part of our efforts to keep our Websites secure.
Our use of your personal information may be based on our legitimate interest to ensure network and information security, and for our direct marketing purposes, or you consenting to it (e.g., when you request a demo).
We use personal information in Customer Data only as a data processor for our customers, and we make no use of that personal information other than to provide the Services to our customers or as otherwise expressly permitted in our contracts with our customers.
We may use the other information we collect from our customers and their users in connection with the Services we provide for a range of reasons, including (without limitation) to:
• Set up a user account;
• Provide, operate and maintain the Services;
• Process and complete transactions, and send related information, including (without limitation) transaction confirmations and invoices;
• Manage our customers‘ use of the Services, respond to enquiries and comments and provide customer service and support;
• Send our customers and users technical alerts, updates, security notifications, and administrative communications;
• Investigate and prevent fraudulent activities, unauthorized access to the Services, and other illegal activities; and
• For any other purposes about which we notify customers and users.
We use your personal information in this context based on the agreement that we have in place with you, for such other purposes as permitted or required by applicable law, or our legitimate interest for security purposes (e.g., the prevention and investigation of fraudulent activities). Where applicable, personal information will be deleted based on the terms of the agreement.
5. How do we share your personal information?
We disclose personal information in Customer Data only as a data processor for our customer, and we make no disclosure of that personal information other than to provide the Services to our customer or as otherwise expressly permitted in our contract with our customer.
We may use, share, and disclose other information (including personal information) about you in the following limited circumstances:
Third party vendors, consultants, and other service providers: We may share your information with third party vendors, consultants, and other service providers who we employ to perform a variety of services on our behalf. These third parties include (for example) our payment processing providers, hosting, data storage and processing service providers, website analytics companies, product feedback or helpdesk software providers, CRM service providers, email service providers, and others.
If we provide your information to third party vendors, consultants, and other service providers, then we require that these third parties maintain the confidentiality of your personal information and keep your personal information secure. We also require that they only use your personal information for the limited purposes for which it is provided. When such third parties no longer need your personal information for those limited purposes, we require that they dispose of the personal information. In some circumstances, we may permit these third parties to retain aggregated, anonymized, or statistical information that does not identify you. We do not authorize these third parties to disclose your personal information to unauthorized parties or to use your personal information for their direct marketing purposes. If you would like more information about our third-party vendors, consultants, and other service providers, please contact us using the contact information in the “Contact information” section below.
Business Transfers: We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party.
Protection of Athennian and Others: We reserve the right to access, read, preserve, use, and disclose any information as necessary or appropriate to (a) comply with applicable law (including laws outside of your country of residence) or legal process; (b) enforce the terms of our agreements for our products and services; (c) protect our operations or those of any of our affiliates or subsidiaries or service providers; (d) protect the rights, privacy, property, or safety of Athennian, our employees, our users, or others; or (e) allow us to pursue available remedies or limit the damages that we may sustain.
Disclosures for National Security or Law Enforcement: Under certain circumstances, we may be required, or find it necessary or appropriate, to use and disclose your personal information in response to requests from public and government authorities, including public and government authorities outside your country of residence.
Security: We use appropriate technical, organizational, and administrative security measures to protect information that we hold in our records from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. We have implemented physical, organizational, contractual, and technological security measures with a view to protecting your personal information and other information from loss or theft, unauthorized access, disclosure, copying, use or modification. We have taken steps to ensure that the only personnel who are granted access to your personal information are those with a business ‘need-to-know’ or whose duties reasonably require such information. Despite the measures outlined above, no method of information transmission or information storage is 100% secure or error-free, so we unfortunately cannot guarantee absolute security. If you have reason to believe that your interactions with us or through the Website or Services are no longer secure (for example, if you feel that the security of any information that you provided to us, the Website or the Services has been compromised), please contact us immediately using the contact information in the “Contact information” section below.
6. Retention of personal information
We retain personal information in Customer Data only as a data processor for our customers, and as expressly permitted in our contracts with our customers.
We will use, disclose, or retain other personal information only for as long as necessary to fulfill the purposes for which that personal information was collected and as permitted or required by applicable law.
7. Cookies and other tracking technologies
8. Your privacy rights
Accessing and updating your personal information
You can update your personal information by mailing or emailing our privacy officer via the contact information below. We will not update your personal information, unless you advise us that an update is necessary. We will take steps to ensure that your personal information is kept as accurate and complete as possible.
You may make a written request to review any personal information about you that we have collected, used, stored, or disclosed by mailing or emailing our privacy officer via the contact information below. We will provide you with any such personal information to the extent possible or required by applicable law. You may also challenge the accuracy or completeness of your personal information in our records. If you successfully demonstrate that your personal information in our records is inaccurate or incomplete, we will amend the personal information as required.
We may require that you provide sufficient identification to fulfill your request to access or correct your personal information. Any such identifying information will be used only for this purpose.
9. Marketing Communications
You can opt-out of receiving certain promotional or marketing communications from us at any time by clicking “unsubscribe” in an email you receive from us or by mailing or emailing our privacy officer via the contact information below. If you have an account for our Services, we will still send you non-promotional and non-marketing communications, such as service-related emails.
10. Additional information for individuals subject to the GDPR
Under the GDPR, personal data is defined as:
“any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
Data Controller and Data Processor
Under the GDPR, a ‘data controller’ is a person which, alone or jointly with others, determines the purposes and means of the processing of personal data, and a ‘data processor’ is a person who processes personal data on behalf of a data controller.
For the personal data in Customer Data, we are a data processor processing that personal data on behalf of our customer, which is the data controller of that personal data.
We are the data controller for other personal data we collect, including personal data collected by us in relation to our Websites and Events, and personal data collected from users of the Services.
Processing the personal data in Customer Data, and processing some personal data obtained from users of the Services, is necessary for us to comply with our legal obligation to provide the Services to our customers. We may also process this personal data obtained for the purpose of incidental legitimate interests we have, such as preventing fraud, ensuring network and information security, and to establish, exercise or defend our legal claims and rights.
We may use other personal information for marketing and promotional purposes, such as to send you news and newsletters, or to otherwise contact you about products or information we think may interest you. We may also use it to improve our Services, to develop new Services, and to determine how to market our Services. It is in our legitimate interest to use your personal data for these purposes, to develop and grow our business and expand our Services, and to promote the reputation of our organization. We will, where required by law, obtain your consent to send such communications.
We use personal information to better understand how you and others use our Services, so that we can improve our Websites and Services, develop new features, tools, offerings, services, and the like, and for other research and analytical purposes. We also use the information we collect to measure the effectiveness of our online content and how visitors use our Websites and our Services. This allows us to learn what pages of our Websites are most attractive to our visitors, which parts of our Websites are the most interesting, and what kind of offers our Website visitors like to see. We may use this information and the insights we have derived for marketing purposes (see above), or to make decisions about events, news and information that may be of interest to customers, prospective customers, Website users and others. It is in our legitimate interest to use your personal data in such a way to ensure that we provide the very best Services to our customers and others to grow our business and Services and promote the reputation of our organization.
Your Rights as a Data Subject
Under the GDPR, you may be entitled to additional rights, including: (a) the right to withdraw consent to processing at any time, where consent is the basis of processing; (b) the right to request from the data controller access to and rectification or erasure of personal data, under certain conditions; (c) the right to request from the data controller restriction of the processing of personal data or to object to data processing, under certain conditions; (d) the right to request from the data controller, data portability concerning personal data that you provided to the data controller, under certain conditions; and (e) the right to lodge a complaint with data protection authorities.
How Can I Exercise My Rights as a Data Subject?
If you would like to access, review, update, rectify, or delete any personal data we hold about you, or exercise any other data subject right available to you under the GDPR, you may do so by contacting us using the contact information in the “Contact information” section below. Our privacy team will examine your request and respond to you as quickly as possible.
International Transfers of Personal Data
Athennian is headquartered in Canada and operates primarily from Canada and the United States. When you submit personal data to us, we will receive it and process it in Canada or in the United States. To provide the Services, we may also need to transfer your personal information to locations in other jurisdictions.
If you reside in a jurisdiction governed by the GDPR, we will not transfer your personal data to another jurisdiction unless permitted to do so under the GDPR. Your personal data may be transferred to our service providers located in Canada or the United States. We only use Canadian or US service providers who have entered into standard contractual clauses with us, or who otherwise qualify under the GDPR to receive transfers of personal data. If you would like more information about our service providers, please contact us using the contact information in the “Contact information” section below.
11. Additional information for individual resident in California
The CCPA provides you with certain rights:
• You have the right to request that we disclose to you (1) the categories of personal information we have collected about you, (2) the categories of sources from which the personal information is collected, (3) the business or commercial purpose for collecting or selling personal information, (4) the categories of third parties with whom we share personal information, and (5) the specific pieces of personal information we have collected about you.
• You have the right to request that we delete any personal information about you that we have collected (subject to certain exceptions specified in the CCPA).
• You have the right to request that we disclose to you (1) the categories of personal information that we sold about you and the categories of third parties to whom the personal information was sold, and (2) the categories of personal information that we disclosed about you for a business purpose.
• We are prohibited from discriminating against you because you have exercised any of your rights under the CCPA, including by (1) denying goods or services to you, (2) charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties, (3) providing a different level or quality of goods or services to you, or (4) suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services (subject to certain exceptions specified in the CCPA).
We do not “sell” personal information to third parties, as defined in the CCPA.
12. Third Party Privacy Policies
13. Children’s Information
Our Website, Events and the Services are not intended for children under the age of 16, and we do not knowingly collect personal information from children under the age of 16. Children under the age of 16 should not use our Website or the Services, or register for or attend our Events, and should not otherwise provide us with their personal information.
15. Contact information
For all comments, questions, concerns, or complaints regarding your personal information, and for more information on our privacy practices, please contact the below:
Mailing address: Paper Interactive, Inc., dba Athennian
Attention: Privacy Officer
340 12 Avenue SW, Suite 500
Calgary, AB T2R 1L5
By e-mail: firstname.lastname@example.org