Privacy Policy
Privacy Policy (North America)
Effective Date: January 1, 2018
Last Updated: August 9, 2023
Introduction
This Privacy Statement applies to our end-to-end financial audit software-as-a-service (SaaS); - Auvenir Basic and Pro, including all related softwares, mobile applications, documentation, currently offered only in Canada and the United States (“Auvenir Platform”) together with all other software, products, third party SaaS platform content, and all websites including but not limited to the Auvenir.com website (each, a “Website”) products, and third party SaaS platform content (collectively, and together with the Auvenir Site, “Services”).
When used in this Privacy Statement, “Auvenir, “we,” “us,” and “our” refers to Auvenir Technologies ULC, a British Columbia corporation with its corporate head office at 225 Richmond St W #402, Toronto, Ontario, Canada, M5V 1W2 and “you” or “your” refers to you the individual, your organization, any authorized user of the Auvenir Platform (a customer or client of a customer), any user of our other Services or just a curious surfer of the Auvenir Site.
This Privacy Statement explains how we protect visitors’ but primarily customer’s and their clients’ information gathered and processed via the Auvenir Platform.
Our data processing practices may vary among the jurisdictions in which we operate in order to comply with applicable legal requirements. Please note that certain rights, requirements, and disclosures in this Privacy Policy may be subject to exemption or otherwise may not apply to you based, for example, on applicable law or regulations. If you reside in a relevant geographic location, please see the regional specific Disclosures section at the end of this Policy for more information.
If you are a California consumer, you may have additional rights under the California Consumer Protection Act (“CCPA”), as detailed in the California Consumers section. If you are a Nevada consumer, you may have additional rights, as detailed in the Nevada Consumers section.
Consent: When you access or interact with the Services, you consent to the collection, use, disclosure and retention of information, including personal information, as described in this Privacy Policy, the Service Terms (incorporated herein by reference) and all additional terms and conditions governing your use of the Services. You are also responsible for ensuring that the entity or people on behalf of which you are acting (such as your employer) are aware of the content of this Privacy Policy and that you have confirmed that they agree to the terms of this Privacy Policy. If you are submitting the personal information of a third party (e.g. your customer’s or your client’s personal information) through the Services, you are responsible for obtaining their consent or providing them with applicable notice to process such personal information through the Services.
If you do not consent to the terms of this Privacy Policy, the Service Terms and all additional terms and conditions, please refrain from using Auvenir.
Auvenir may contain links to third party websites which are not be governed by this privacy statement. We encourage users to review each website’s privacy statement before disclosing any personal information.
If you have any questions regarding this Privacy Statement, please contact privacy@auvenir.com.
Personal Information
In this Privacy Policy, “personal information” means any information about an identifiable individual as defined in applicable Privacy Legislation and includes information such as full name, address, postal code, email address, and geographic location. It may also include information on how you use the Services. It does not include business contact information.
Information Collection - Registration (standard contract business data and payment processing data)
To use the Auvenir Platform as a regular customer, you must first complete a registration form, receive a Service Order and enter into a SaaS Agreement with Auvenir, or alternately signup online and click through the Service Terms, and you will provide primarily business contact information as well as basic payment information (via credit card data) to sign up for an Auvenir account which may include some personal information. To use Auvenir as an invited client of a professional customer, you will be asked to agree to basic terms and conditions and provide some basic business contact information in order to sign up for a limited purpose user account. We only collect personal information that is specifically and voluntarily provided by you or that you have authorized your professional or a third party to obtain on your behalf and provide to us or that we obtain as a result of any of our own due diligence. Such information may consist of, but is not limited to, your name, email, phone number, position, name and address of organization, your professional licensing requirements and status and a profile photo.
We do not knowingly or intentionally collect any personal information regarding health and financial data, ethnic and racial origins, political opinions, genetic and biometric data, an individual’s sex life or sexual orientation, and religious/philosophical beliefs (‘sensitive personal information’) through the Services. You must not submit to us sensitive personal information of any kind through the Services.” We will, if applicable, obtain your explicit consent to collect and use such information in accordance with applicable laws. We do not retain any payment processing credit card information and all such payments and processing are through our third-party ecommerce providers Fusebill Inc. cob as Stax Bill and Stripe, Inc. accessible through the billing portal.
Information Collection – Customer Data and Customer Client Data
By using the Auvenir Platform, you and your clients and all authorized users will be able to upload and process customer and customer client-oriented data which we consider and will treat as confidential. You are responsible for collecting all consents, or providing applicable notice, in regards to any personal information including in such customer and customer client-oriented data , and otherwise complying with applicable law in regards to such information.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website, the Auvenir Platform and our other Services, we may use automatic data collection technologies to collect certain standard internet log information about your computer equipment, browsing actions, and patterns, including:
- Details of your visits to our Website and Auvenir Platform, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website and to access our Auvenir Platform.
- Information about your computer and internet connection and device type, mobile network including your IP address, operating system, and browser type.
We also may use these technologies to collect information about your Service use activities over time.
The information we collect automatically is usually only statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways from you or receive from third parties. It helps us to improve our Services and to deliver a better and more personalized service.
The technologies we use for this automatic data collection may include:
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website(s).
- Flash Cookies. Certain features of our Website(s) may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
- Web Beacons. Pages of our the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Additional information on how we use cookies and other tracking technologies and how you can control these can be found in our Cookie notice. By using this Website or our Services, you agree that we can place cookies on your computer or other device. Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Although you are not required to accept cookies, if you block or reject them, you may not have access to all of the features available through the Services.
Children
Access to the Services is reserved for adults only, i.e. individuals who are at the age of majority in the jurisdiction from which the Services are accessed. No portion of the Services, including any Website, is directed at children nor are they encouraged to access or use the Services. Please note that we do not knowingly solicit information from children and we do not knowingly market our products and services to children.
Information Use
We collect, use and discloses information (which may include personal information) for the following purposes:
- To verify your identity.
- To provide, maintain and improve the Services. For example, we may use this information to verify your eligibility to use the Auvenir Platform, to assist with onboarding and our due diligence around customers and their clients, to manage your Auvenir Platform account or that of your organization including invoicing, billing and the payment of fees, online through our third party ecommerce providers Stax Bill and Stripe, to confirm your identity each time you log into the Auvenir Platform, to provide customer support to you and to notify you of new releases and upcoming changes or downtime, and to otherwise improve your user experience.
- Notifications and Communications. We use basic business contact information to send information about our Services and to generally communicate with you.
- To monitor and/or improve system usage, server and software performance. We may use personal information such as login information, and IP addresses of computers which access our Auvenir Platform to help diagnose any problems with our infrastructure, to assess capacity requirements, and to administer the Website, to help identify you and to gather broad demographic information. We use cookies or tracking technologies to monitor access to our Auvenir Platform and to improve user experiences.
- Sales and Marketing. In addition, to the extent permitted by local jurisdiction applicable laws and regulations on data privacy protection and data security, and subject to strict application of this Privacy Statement and with your consent where required by law, we may also use your personal information for marketing purposes or to send you promotional materials or communications regarding services including surveys that we feel may be of interest to you. We may also contact you to seek feedback on services provided or for market or other research purposes.
- To assist you with technical support issues.
- To Continually Improve Our Services. We use personal information provided by all of our users in an anonymous, and/or aggregated fashion to help us provide and improve our Services generally, to monitor, verify and ensure security and performance and functionality, and to provide for satisfactory customer user experience and identify trends, future projects and improvements to our services.
- To comply with legal process and any laws, regulations, court orders, subpoenas or other legal process or investigations and to protect the rights and properties of Auvenir and its affiliates and all other individuals using our Services from potential harm. You may at any time request that we discontinue sending you marketing or promotional emails. However, you may continue to receive system-generated emails, or messages generated or other commercial messages generated in response to your registration for, and use of Auvenir, all as permitted by law.
Your use of the Services may be subject to review, monitoring and recording at any time to help us ensure compliance with any SaaS Subscription Agreement or service terms and to ensure that only authorized parties are accessing Auvenir using your account.
Disclosure of Information to Third Parties
Personal information may be disclosed to other third parties in order to confirm facts about you (our due diligence), to confirm your organization has in fact obtained any third party licenses required for use of content of Auvenir, to respond to your requests or inquiries, as part of a corporate transaction (such as a sale, divestiture, reorganization, merger or acquisition), or where those parties handle information on our behalf as third party technology service providers. All of these disclosures may involve the transfer of personal information to countries, regions, or areas where other third parties or our service providers are located, and this information is subject to both the laws of Canada and the laws of the third party's jurisdiction, including laws with respect to disclosure of such information, and may be accessible by regulatory authorities in other jurisdictions.
Personal information may also be disclosed to law enforcement, regulatory, or other government agencies, or to other third parties, in each case to comply with legal or regulatory obligations or requests or to protect Auvenir and its affiliates and subsidiaries and other customers and customer clients from harm.
We may also be required by law to disclose your personal information without your consent (i) pursuant to judicial orders, subpoenas, decrees, or warrants, (ii) in order to investigate, prevent, or take action regarding suspected illegal activities, fraud, or violations of the Service Terms, (iii) protect the safety or the security of persons or property, or (iv) as otherwise authorized or required by law.
By using or providing information through Auvenir, you are consenting to the disclosures described above.
Blogs, Forums, Wikis and Other Social Media
Auvenir may host or provide access to various blogs, forums, wikis, and other social media applications or services that allow you to share content with other users (collectively, “Social Media Applications”). Any personal information or other information that you contribute to any Social Media Application can be read, collected, and used by other users of that Social Media Application over whom we have little or no control, and may result in unsolicited messages by other people over which we have no control. You should therefore exercise caution when deciding to submit information through Social Media Applications. We are not responsible for any other user’s use, misuse, or misappropriation of any personal information or other information that you contribute to any Social Media Application.
How We Obtain Your Consent To The Collection, Use And Disclosure Of Your Personal Information
By visiting our Websites or voluntarily providing personal information while using our Services, setting up your account, continuing to do business with us, or accessing the Services, you are consenting to the collection, use and disclosure of your personal information for the purposes identified in this Privacy Policy.
We will not, as a condition to the supply of Services, require you to consent to the collection, use or disclosure of your personal information beyond that required to fulfill those purposes.
Withdrawing Your Consent
You may withdraw all or part of your consent for us to collect, use or disclose your personal information in accordance with this Privacy Policy at any time upon reasonable notice to us in writing, subject to legal or contractual restrictions. The withdrawal of your consent may affect our ability to continue to provide you with the Services that you have or would like to receive.
You may also opt out of receiving promotional emails from us by following the instructions in those emails. If you opt out, we may still send you non-promotional communications, such as messages about your account or our ongoing business relations.
Aggregated and Anonymized Personal Information
To the extent permitted by applicable law, we may use, process, transfer, and store data about individuals and customers or partners in an anonymous (or pseudonymous) manner. We may also aggregate statistics that we gather about our customers, sales, traffic patterns, and products and services. We may combine such aggregated personal information with other information, collected online and offline, including information from third party sources. We may also aggregate statistics that we gather about our customers, sales, traffic patterns, and products and services. We may also use information in other ways with consent or as permitted by applicable law for benchmarking, analytics, metrics, research, reporting, machine learning and other business purposes.
Third Party Sites
Our Services may provide links to other websites, mobile applications, resources , or Internet locations over which we do not have control (“External Web Sites”). Such links do not constitute an endorsement by us of those External Web Sites. We are providing these links to you only as a convenience. We have no control over and are not responsible for External Web Sites, their content, or any goods or services available through the External Web Sites. Our Privacy Policy does not apply to External Web Sites. Your use of External Web Sites is subject to the terms of use and privacy policies located on the External Web Sites, and we encourage you to read the privacy policies of any External Web Sites with which you choose to interact.
Access to Information – Changes and Corrections
We will do its best to ensure that your personal information is correct and kept current. Users are requested to notify us as soon as possible of any changes, deletions or corrections to their personal information so that we may keep such information up-to-date.
With certain limited exceptions as provided in applicable privacy legislation, you have the right to access your personal information held by us and to request that the information be corrected if it is inaccurate, incomplete or collected in violation of law. You may update or correct information about yourself by writing to our Chief Privacy Officer, as further described below. Please note that we may be unable to provide you with full access to your personal information if we are prohibited by law or regulatory reasons to do so, or if the information has been securely destroyed in accordance with our practices. Subject to legal or contractual restrictions, we will provide you with an explanation if we are unable to fulfill your access request.
In accordance with applicable law, we must take steps to verify your identity before fulfilling any of the above requests. If you maintain an account with us, we may verify your identity through existing authentication practices for the account, such as your username and password. We may also verify your identity by matching two or three data points of identifying information you provide to data points we already maintain about you and have determined to be reliable for the purposes of verification, depending on the nature of your request.
Information Security and Safeguards
We have in place reasonable commercial standards of technology and operational security to protect all information provided by customers, authorized users (customer clients) and visitors via Auvenir from unauthorized access, disclosure, alteration, or destruction including:
- Education and training to relevant staff so they are aware of our privacy obligations when handling customer data;
- Administrative and technical controls to restrict access to your data on a ‘need to know’ basis;
- Technological security measures, including IPS/IDS, Dos/DDoS prevention, encryption and anti-virus file scans; and security monitoring and alerting;
- Application security with SSDLC, secure coding, vulnerability scanning and penetration testing
- Backups and disaster recovery practices; and
- Any payment transactions will be encrypted using SSL technology
For more information on how Auvenir manages security, refer to the website or connect with support for queries on SOC2 audit reports, security certifications, and other questions pertaining to security and controls.
The safety and security of your information, personal and customer data also depends on you and how you use the Services. Where we have given you (or where you have chosen) a password for access to certain parts of our Website and Auvenir Platform, you are responsible for keeping this password confidential. You are also responsible for the actions of all the clients you invite to the Auvenir Platform via the collaboration client portal. We ask you not to share your password with anyone and the same goes for your invited clients. You are to immediately notify of us of any compromised password or security on your side or with respect to any of your clients.
We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.
Unfortunately, the transmission of information via the internet (including email communications with us) is not completely secure. Although We do our best to protect your personal and customer data as described above, We cannot guarantee the security of information transmitted to and from our Website and Auvenir Platform. Any transmission of personal or customer information is at your own risk.
Any data breaches involving any or your personal information or customer data generally, including timey notification to you the customer will be handled in accordance with relevant privacy and data breach legislation.
Data Residency – Notice to Professional Customers and Clients of Customers re: Customer Data
If you are a professional customer, unless expressly noted otherwise, your data (including your clients’ data) will be stored and processed only in the jurisdiction in which you reside and carry on business – currently either Canada or the United States of America. Specifically, if you are our customer and are doing business in and from Canada, your data and that of your clients will be stored in Canada. If you are our customer and are doing business in and from United States, your data and that of your clients will be stored in the United States. Please note that, as our customer, you take responsibility for any and all responsibility for compliance with applicable data residency laws both as it relates to you and the parties you deal with, including but not limited to your customers, clients, suppliers, contractors, government agencies, etc. It is your responsibility to ensure that your use of the Auvenir Platform and those of your clients is in conformity with your local privacy and data protection legislation.
Basic business contact data, however (that may include your personal information) and resulting data (data about how you and other authorized users use our Services and how you go there, and anonymous statistical information about the Services that assists us in providing the Auvenir Platform) may be stored in any jurisdiction in which we carry on business with the current default to Canada.
Retaining And Disposing Of Information
Your personal information is maintained on our networks or on the networks of our service providers. We retain personal information only as long as it is needed to fulfill the identified purposes or as may be required to comply with applicable laws. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. To satisfy regulatory requirements, certain personal information may be retained for up to seven years (unless there are legal requirements that require its further retention) after which all documentation will be destroyed in a manner commensurate with its sensitivity.
Right To File A Complaint
If you believe the privacy laws relating to the protection of your personal information or our Privacy Policy have not been respected, you may file a complaint with our Privacy Officer at the address listed below. We will investigate all complaints. If, after an investigation, your complaint is deemed justified, we will take appropriate steps to correct the situation, including, if necessary, amending our policies and practices. If you are not satisfied with the results of the investigation or the corrective measures taken by us, you may exercise the remedies available under law by contacting the Office of the Privacy Commissioner of Canada at the address below:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, QC K1A 1H3
Changes to Our Privacy Statement
We may modify or amend this Privacy Statement from time to time at our discretion. When we make changes to this Privacy Statement, we will amend the revision date at the top of this page, and such modified or amended Privacy Statement shall be effective as to you and your information as of that revision date. We encourage you to periodically review this Privacy Statement to be informed about how we are managing and protecting your information.
Contact Information
To ask questions or comment about this privacy policy and our privacy practices, contact us at:
Privacy@auvenir.com or toll free 1-855-528-8364 and ask for the Chief Privacy Officer.
Your California and Nevada Privacy Rights
CALIFORNIA RESIDENTS
If you are a California resident, the California Civil Code Section 1798.83 – also known as California’s “Shine the Light” may provide you with additional rights regarding our use of your personal information and permits you to request information regarding the disclosure of personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. Note we do not sell or license any Customer Data to third parties for secondary marketing purposes. To learn more about your California privacy rights or make a request to us, please contact privacy@auvenir.com, visit here.
NEVADA RESIDENTS
If you are a Nevada resident, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Note we do not sell your personal information within the meaning of Chapter 603A. However, if you would still like to submit such a request, please contact us at privacy@auvenir.com.