nGUVU EU Privacy Notice

 

Welcome

Welcome to nGUVU. We hope you will enjoy and appreciate using our platform and services. We want you to know we take your privacy and protection of personal data very seriously. We are providing this privacy notice to tell you about who we are, what personal data we collect from you and about you, what we do with your personal data, your rights under the law, and how you can contact us and the necessary authorities to enforce those rights. Please read it carefully.

 

Some Terms

Before we get started, here are a few terms we think you should know as you read this notice.

GDPR” – this is the European data protection law that nGUVU is committed to upholding and complying with. It stands for “General Data Protection Regulation”, and its official name is Regulation (EU) 2016/679 of the European Parliament and of the Council. You can read the whole thing here, but we’ll tell you the important things in this notice. For instance, under the GDPR you are called a “data subject”.

Personal data” – this is information we collect from you or about you and is defined in the GDPR as “any information relating to an identified or identifiable natural person.” It can be as simple as your name or your email, or something more complicated like an online identifier (usually a string of letters and / or numbers) that gets attached to you. For more details about what is personal data, you can read article 4(1) of the GDPR.

 

About Us and Contacting Us

Officially, nGUVU is nGUVU Technologies Inc., a duly-incorporated company in Montreal, Canada. Under the GDPR, nGUVU can be either a “Data Controller” and “Data Processor”. As a Data Controller, we collect personal data directly from you and determine the purpose and means of processing that data. As a Data Processor, another party, usually your employer who has contracted with us to provide our platform and services, collects your personal data, determines the purpose and means of processing that data, and instructs us on how to process your personal data on their behalf.

If you want to ask us anything about what’s in this privacy notice (or anything else privacy- or data- related), you can email privacy@nguvu.com

 

 

Here is our mailing address as well:

1400 rue Metcalfe, Suite 300

Montreal, Québec

Canada

H3A 1X2

 

Data Protection Officer

In addition to the contact information above nGUVU has designated a Data Protection Officer (DPO) who is responsible for all personal data matters at nGUVU. If you have a specific complaint or wish to invoke your legal rights under the GDPR, please contact our DPO directly:

 

Jacou Sarrazin

DPO@nguvu.com

or at the mailing address above.

 

Supervisory Authorities and Complaints

Under the GDPR you have the right to make a complaint to the appropriate supervisory authority. If you are not satisfied with the response received or the actions taken by our DPO, or if you would like to make a complaint directly about nGUVU’s data practises, we invite you to contact the supervisory authority in your country. For example, if you are in the U.K., you should contact the Information Commissioner’s Office who is the supervisory authority. You can reach them in a variety of ways, including by phone (0303 123 1113 in the UK) and mail (Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF).

 

Your Rights Under the GDPR

You have the following rights regarding your personal data held by nGUVU, and other rights:

  • The right to withdraw at any time your consent for nGUVU to process your personal data;
  • The right to have your personal data erased from nGUVU’s records;
  • The right to have a copy of your personal data given to you in an easy to read format so that you can transfer it to another data processor;
  • The right to have your personal data corrected if you believe it is inaccurate;
  • The right to restrict the processing of your personal data if it is inaccurate or if our processing of it is against the law;
  • The right to access your personal data and any relevant information around its processing; and
  • The right to refuse any marketing targeted at you by nGUVU.

If you wish to exercise any of these rights, please contact our DPO at the contact information above.

 

Personal Data Collected from You and What We Use It For

In the table below, please find all the personal data we may collect from you directly, what we use it for, and the legal basis for us having and processing this personal data.

Personal Data Category Personal Data Processed What We Use It For (The "purpose" of processing) Legal Basis For Processing
Contact Information submitted through our website or via other means   Your email
  address   
To communicate with you Your consent in giving us this information

 

Personal Data Collected About You from Third Parties and What We Use It For

Sometimes we get personal data about you from third parties. This table explains the details about this personal data – what it is, where it came from, what we do with it, and the legal basis for us having and processing this personal data. None of this data comes from publicly-available sources.

 

Personal Data Category Personal Data Processed Who We Get The Data From
What We Use It For (The "purpose" of processing) Legal Basis For Processing
User Identification Information First name, last name, a unique ID, and e-mail address Your employer To provide our services, specifically to display in the nGAGEMENT platform Consent given to your employer for us to process the personal data

 

Who We Transfer Your Personal Data To

We routinely share some of your personal data with certain types third parties who are identified in the table below along with what they do with it. Some of those third-party recipients may be based outside the European Economic Area — please see the “Transfer of Your Personal Data Outside of the European Economic Area” further down in this notice for more information including on how we safeguard your personal data when this occurs.

We will share personal data with law enforcement or other authorities if required by applicable law.  We will never share your personal data with other third parties except under these circumstances.

Personal Data Category Who We Transfer It To What They Do With It
Contact Information
Companies that provide email and / or CRM services, such as HubSpot Send you emails and store the information to provide us with CRM services
User Identification Information Companies providing technical infrastructure, such as Amazon AWS Assist in its display within the platform
Advertising Identifiers Companies that provide ad networks, such as Google and Facebook Show you ads for nGUVU when you are on the internet
Analytics Identifiers Companies that provide data analytics such as Google Provide us with analytics as to how the platform and services are used, and to trace fraudulent activities

 

How We Protect Your Personal Data

 

We have implemented very strict technical and organisational procedures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed by us. These procedures prevent your personal data from being lost; or used or accessed in any unauthorised way.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory authority of a suspected data security breach where the GDPR requires us to do so, and within any time frame required by the GDPR.

All personal data is transferred using end-to-end encryption. Data at rest is encrypted using Advanced Encryption Standard (-256), and SSL (Secure Sockets Layer) is used for all communications through your internet browser.

 

Transfer of Your Personal Data Outside of the European Economic Area (EEA)

We endeavour to keep your personal data inside the EEA. However, certain of our data processors or sub-processors (and nGUVU) are in other countries where your personal data may be transferred. However, these countries are limited to countries with particular circumstances that protect your data, specifically:

 

  • Canada. Canada has been determined to have an “adequate level of protection” for your personal data under European data protection law.
  • The United States. Your personal data is only transferred to companies in the United States that: (1) participate in the Privacy Shield; and / or (2) have signed agreements with us or have informed us that they are GDPR-compliant.

 

That’s it. You have the right, however, to refuse to have your data transferred outside the EEA. Please contact our DPO to make that request.

 

Data Retention

Your personal data will only be kept for as long as it is necessary for the purpose needed for that processing. For example, we will retain your User Identification Information for as long as we continue to supply the platform and services to your employer.

 

Changes to This Privacy Notice

This notice was published on June 29, 2018. Every now and then, we will have to update this notice. You can always find the most updated version at this URL, and we will always post a notice on our website or in the platform if we make big changes.