Business Sherpa Group Inc., and its affiliates or corporate partners, (“BSG” or “we“/”our”), collect, use, and disclose Personal Information in compliance Canadian and applicable laws when providing services to our users or individuals who reach out to us (together, “you” or “your”). Along with our Terms and Conditions, this Policy serves to let you know how we collect, use, and disclose your personal information when you visit, access, log-in to, or use our website and/or purchase a Subscription to the EmbaarqHR Platform “The Platforms”.
What is Personal Information
Within this policy, Personal Information is defined as any factual or subjective information, recorded or not, about an identifiable individual or which may allow an individual to be identified. For instance, personal information includes age, name, ID numbers, income, ethnic origin, blood type, opinions, evaluations, comments, social status, disciplinary actions, employee files, credit records, loan records, and medical records.
We are responsible for the personal information that we possess or control. We maintain internal practices to protect personal information and have appointed our COO as BSG’s Privacy Officer to oversee privacy matters.
Why we collect, use and disclose Personal Information
We collect, use, and disclose necessary personal information for the following purposes:
- to maintain our relationship with you, our suppliers and other third parties;
- to provide and enhance the Platforms;
- to provide you with suggestions based on your use of the Platforms;
- to understand our Customers’ and prospective customers’ needs, and to offer products and services to meet those needs;
- to conduct credit checks on Customers and prospective customers;
- to answer your inquiries or questions;
- to collect and process payments;
- to update you on changes to our practices and procedures;
- to send updates to our mailing list subscribers;
- to develop and manage our operations;
- to detect and protect against error, fraud, theft and other illegal activity;
- to authenticate you when you contact us;
- to fulfill our contractual obligations; and
- as permitted by, and to comply with, applicable laws.
If you have reached out to us for employment opportunities, we collect personal information including your name, address, telephone number, date of birth, social insurance number, banking information, benefit information, emergency contact information, resume, reference letters, and/or police record or RCMP record checks and the information required to facilitate those checks.
Unless required by law, we will not use personal information for a new purpose without the knowledge and consent of the individual to whom the information relates.
What personal information we collect
When you engage with the Platforms, the types of personal information we collect about you or have access to include:
- your name;
- your business name (if applicable):
- your phone number;
- your e-mail address;
- your IP Address;
- your Internet Service Provider (ISP) information;
- browser and referring website address;
- the approximate geolocation of your device;
- device identifiers (such as Cell-ID);
- mobile service provider;
We also collect information through email and our O365 platform. We collect this information to adjust our content, verify your credentials or authenticate you, and understand your preferences and online activities when interacting with the Platforms.
If we determine that you or another Customer has provided the above information to the website, we will take immediate steps to delete or otherwise destroy that information.
If you are using EmbaarqHR, such Personal Information may be collected to facilitate your employment relationship through EmbaarqHR.
How do we store and retain your Personal Information?
The Platforms are hosted by EasyDNS, and all information uploaded to the Platforms or sent to BSG in connection with the Services is held on EasyDNS’ servers located in the Province of Ontario. We do not generally keep any hard copies of personal information, and in the event that we have or have received hard copy documents containing personal information, we will destroy hard copies as soon as is feasible, subject to our legal obligations.
We retain personal information only for as long as we need to for the purposes outlined in this Policy, unless otherwise required by law or you request that we delete your personal information. For instance, under Canadian law, we must retain financial information for at least 6 years. Once we no longer need the information for the purpose for which it was collected, we securely dispose of or de-identify any Personal Information, subject to our legal requirements and any written requests from you.
Types of Data We Collect
The data we collect from you consists of:
- Text (i.e., your e-mail address, MS Word documents, PDF files, employment agreements, resumes, training certificates, etc.);
- Metadata (i.e., the date you visited the Platforms);
- Raw data (i.e., transaction data our bank to facilitate EFT payments); and
- Aggregate data (i.e., data related to the use of our website).
Location of your Personal Information
Personal Information collected from you will be transferred to, stored, and processed at the EasyDNS servers located in the Province of Ontario.
We collect personal information using cookies on the platforms. Cookies are small files placed on your devices to track how you use our website. This helps us improve your user experience and save your preferences. We use essential, functionality, analytics and performance cookies.
Essential Cookies. These Cookies are essential to provide you with services available through the Platforms and to enable you to use some of its features. For example, they allow you to log in to secure areas of the Platform and help the content of the pages you request load quickly. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services.
Functionality Cookies. These Cookies allow the Platform to remember choices you make when you use our Services, such as remembering your language preferences, remembering your login details and remembering the changes you make to other parts of Services which you can customize. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Services.
We use functional cookies that are required for you to use the Platforms including, but not limited to:
- third-party cookies to ensure safety and security;
- Google RECAPTCHA;
- PHP Session ID (“PHPSESSID”) to keep track of PHP sessions and maintain logged in users;
Analytics and Performance Cookies. These Cookies are used to collect information about traffic to Services and how users use our Services. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors to our Services, the websites that referred them to our Services, the pages they visited on our Services, what time of day they visited our Services, whether they have visited our Services before, and other similar information. We use this information to help operate our Services more efficiently, to gather broad demographic information and to monitor the level of activity on our Services.
We also use optional cookies activated upon consent (see our Third-Party Service Providers).
Some browsers can block cookies through your browser settings. Blocking cookies may affect the way our Websites and Platform works on your device. You can set up your browser to disable cookies at any time. For instructions on how to disable cookies, please visit the links below:
The Platforms allow you to submit information to us through a form. We use the personal information you provide only to address your question or inquiry.
We also send e-mails to the people in our contact database regarding updates to our services or practices. Our e-mails contain opt-out features and instructions on how to unsubscribe. You can also send us an email to email@example.com to be removed from our contact list. You acknowledge that in some cases, we will need to authenticate you before processing the request.
Electronic Marketing Communications
We may send you information about the Platforms or other services that we think might interest you. Unless we already have a business relationship with you, or you have offered your contact information to us (i.e. your business card), we will always obtain your consent to receive sales and marketing information before sending you any commercial electronic communications.
You have the ability to withdraw your consent and opt-out of our sales and marketing communications at any time. If you wish to do so, please contact our Privacy Officer at firstname.lastname@example.org or select the unsubscribe link in an e-mail that you receive. If you choose to unsubscribe and request that you be placed on a “do not contact” list, you acknowledge and agree that we will retain your information on our “do not contact” list, and we will retain your personal information to ensure that we do not send you unsolicited communications.
Third Party Links
Our Platforms contain links to other websites. Those other websites may also collect your personal information. We are not responsible for how those other websites collect, use or disclose your personal information. We strongly encourage you to review their privacy policies before providing them with your personal information.
Do Not Track Signals
As there is not yet a common understanding of how to interpret Do Not Track (“DNT”) signals, we do not currently respond to such browser DNT signals.
Our Third-Party Service Providers
To the extent we engage third-party service providers, we try to ensure that those providers maintain comparable privacy protections and practices if they process your personal information. Some of our third-party service providers include:
- EasyDNS (for website hosting services);
- Google Analytics (for analytical purposes); and
- Mailgun (for communicating with our customers)
We encourage you to read and review all of our third-party service providers’ privacy policies available through the links above. For more information on the service providers we engage, please contact our Privacy Officer at email@example.com
Automated Decision Making
We do not use systems that make autonomous decisions with your Personal Information.
We will obtain your express consent to collect, use and disclose your personal information wherever possible and where required by law. If you provide personal information directly to us, we assume you consented to the processing of your information for the reason you provided your information. This applies where you have signed up as a Customer, agreed to our Terms, purchased a Subscription and/or accessed the Platforms, or an authorized representative has done so on your behalf.
We do not collect, use or disclose personal information without consent unless authorized or required by law to do so, such as in the following circumstances:
- when the information is publicly available, such as in public directories, registries or published information;
- if we are required to disclose personal information to a lawful authority;
- in an emergency that threatens someone’s life, health or personal security;
- for security reasons; or
- as otherwise authorized by law.
We obtain electronic or oral consent from those who subscribe to our mailing list for updates related to the Platforms or who express an interest in receiving communications from us.
PROVIDING YOUR PERSONAL DATA TO OTHERS OR RECEIPT FROM OTHERS
From time to time we may need to provide your personal information to other parties (such as our third-party service providers or our affiliates) to provide the Platforms and process your transactions, or as required by applicable law. We provide only what is necessary to complete the service and/or fulfil our obligations. We may also receive information about you from another party. When we receive information from another we do so because it is for a legitimate business purpose, such as to contact potential customers who have expressed an interest in our Platform, or it is necessary to complete the service or would negatively impact you to be required to obtain the information from you first. For example, we may be required to provide or receive information to facilitate any payments.
YOUR RIGHTS TO THE PERSONAL INFORMATION WE POSSES ABOUT YOU
Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request BSG for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that BSG correct any information you believe is inaccurate. You also have the right to request BSG to complete information you believe is incomplete.
The right to erasure – You have the right to request that BSG erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that BSG restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to BSG’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that BSG transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at the address located below. You acknowledge and agree that by contacting BSG to exercise any of these rights, you consent to the collection by BSG of certain Personal Information for the purposes of verifying your identity.
Security and Accuracy
We have implemented the following security measures, including:
- Encryption of data both in transit and at rest;
- SSL encrypted secure communications using https;
- DDoS Protection;
- Website security monitoring;
- High complexity passwords and regular password changes;
- Server-side best practices for protecting against common hacks and attacks; and
- Server-side secured end points preventing unauthorized user access.
- Best practice coding methodologies are in practice as well as coding standards are met.
- Regular efforts are made to protect against SQL Injection attacks and test for security vulnerabilities.
- Access to all data and source code is controlled and secure.
- Daily backups are taken of all platform related data are performed in case of the requirement for disaster recovery.
Nevertheless, you acknowledge that no single security system is impenetrable. By sharing your personal information with us, your personal information may be at risk if someone breaches our systems or the systems of our third-party service providers. In such cases, we will notify you as soon as is feasible if it is reasonable to believe that the breach created a real risk of significant harm to you.
We try to ensure that personal information we have on file is accurate. We encourage you to contact us to update your personal information where you are aware our records are incorrect.
For more information on our security measures or records, please contact us at firstname.lastname@example.org.
If you would like to review or correct your personal information we have on file, or have any other concerns regarding your privacy rights, please send a written request to:
Business Sherpa Group Inc.
We will respond within 30 days. If more time is required, we will advise you, and provide the reasons.
You acknowledge that when you request to exercise your privacy rights, you are consenting to our collection of your basic contact information so that we can authenticate you and communicate with you regarding your request.
BSG will respond to questions we receive about this Policy and our legal compliance. We will investigate all challenges and attempt to resolve all complaints. If you feel we have not met our legal obligations under this Policy or applicable laws, please contact our Privacy Officer at email@example.com. Following our investigation, we will decide whether to update our policies and practices as necessary.
If you are unsatisfied with our responses, you may at any time consult the relevant government privacy office based in your province, state or country.
We review and revise this Policy regularly. We reserve the right to change our Policy at any time by posting a new Policy on our Websites.
This Policy was last updated May 2023.