Klick Inc. Privacy Notice
Last Updated: Jan 25, 2023
Introduction
We at Klick Inc. (“Klick”, “us”, “our”, or “we”) are strongly committed to transparency, and we want you (“you” or “your”) to understand how we collect, use, share and protect your personal information, as well as how you can manage the personal information we collect. This Privacy Notice applies to your interactions with us or your use of our websites (www.klick.com; www.senseilabs.com), products, services, or features, either online or offline (collectively, our “Services”). This Privacy Notice supplements any other privacy policies provided or communicated to you and also applies to individuals who apply for a position with us.
Please see the Contact Us section below to contact a representative of Klick regarding this Privacy Notice.
Information we collect
Klick collects data from you through our interactions with you and through our products and services. You provide some of this data directly, and we get some of it by collecting data about your interactions, use, and experiences with our products. The data we collect depends on the context of your interactions with us and the choices you make, including the products, services, and features you use. We also obtain data about you from third parties.
Learn more
Using information
Klick uses data we collect to develop, launch, and support life sciences brands. In particular we use data to:
- Provide our Services, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data with specific service providers when it is required to provide the service or carry out the transactions you request.
- Maintain, improve, and develop our Services.
- Personalize our Services and make recommendations.
- Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers (we will collect consent from you when required by applicable law).
We also use the data to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research. In carrying out these purposes, we combine data we collect from different contexts or obtain from third parties to give you a more seamless experience, to make informed business decisions, and for other legitimate purposes.
Learn more
Sharing information
We share data with your consent or to complete any transaction or provide any product or service you have requested or authorized when necessary for the fulfillment of your request. We also share data with Klick-controlled affiliates and subsidiaries, with service providers working on our behalf, when required by law or to respond to legal process, to protect our customers, to maintain the security of our products and services, and to protect the rights and property of Klick and its customers.
Learn more
How to access and control your data
You can also make choices about the collection and use of your data by Klick. You can control the data that we have obtained and exercise your data privacy rights by contacting Klick or using various tools we provide. In some cases, your ability to access or control your data will be limited, as required or permitted by applicable law. How you can access or control your data will also depend on which products or services you use.
Learn more
Other important privacy information
Klick may collect, use, and share data about you in our role as a data processor or service provider to advertisers and/or our clients. In such cases, the terms of the agreement with the advertisers and our clients and their privacy policies, not this Privacy Notice, will apply to that collection, use, or sharing of personal information.
This website is hosted and operated from Canada and therefore subject to The Personal Information Protection and Electronic Documents Act (PIPEDA) and any applicable provincial privacy and data protection laws.
If you are a resident of the European Union (EU), the United Kingdom (UK), or Uruguay, please see Appendix 3: Europe/United Kingdom/Uruguay for the contact details of our data protection officer for the purposes of EU and UK data protection laws.
If your personal information is collected, used, disclosed, or processed by us in Singapore, or is otherwise regulated under the Singapore Personal Data Protection Act 2012, please see Appendix 6: Singapore for the contact details of our data protection officer for the purposes of Singapore data protection laws.
IF YOU DO NOT UNDERSTAND OR YOU ARE NOT CONTENT WITH THIS PRIVACY NOTICE, PLEASE CONTACT US BEFORE USING OR CONTINUING TO USE OUR SERVICES.
THE TYPES OF INFORMATION WE COLLECT
We collect two basic types of information from you when you provide it to us or when you use or interact with our Services: personal information and non-personal information.
Personal information includes all information that relates to you or are opinions about you personally and either identifies or may be used to identify you personally (collectively, “personal information”). We may only collect the following limited types of personal information from you depending upon the device you are using and how you interact with us or use or interact with our Services, such as your:
- Contact Information. Name, mailing address, email address, phone number, and other contact information.
- Demographic Information. Age and gender.
- Device Information. IP address, browser type and version, browser plug-in types and versions, operating system and platform, device type, device identifiers, and information about how you use our Services.
- Payment Information. Credit and debit card, bank account, and other financial information necessary to send and receive payments.
- Employment Information. If you apply for a job with us, we will collect information about your employment status and history, education history, Social Security number or tax ID number, and other employment-related information.
- Account Information. If you create an account, we may store and use your name, email address, zip or postal code and other personal information you may provide with your account. You can modify some of the personal information associated with your account. If you believe that someone has created an unauthorized account, you can request its removal.
We strive to uphold data minimization principles and only seek to collect personal information from you for the purposes described in this Privacy Notice. We are required to disclose the categories of personal information we collect under California law. To see the categories, click here.
Non-personal information includes information that does not personally identify you or information that has been anonymized (collectively, “non-personal information”). When we combine non-personal information with personal information, we treat the combined information as personal information.
You can always refuse to provide your personal information, but please note that collecting and using personal information is necessary to provide our Services.
HOW WE COLLECT PERSONAL INFORMATION
We need to collect personal information from you in order to provide you with our Services, as well as to improve your experience. You may provide us with personal information in several ways, including, for example, when you:
- Visit our website or use our Services;
- Register for or create an account;
- Correspond or communicate with us in any way, including when requesting customer service, support, or responding to a questionnaire or survey;
- Sign up to receive our newsletter or promotional information;
- Connect to us through a social media platform, such as Facebook, LinkedIn, or Twitter; or
- Interact with us in any other way, online or offline, including through our Services.
Cookies
Like many websites and apps, we use “cookies”, which are small text files that a web server transfers to an individual’s computer for recordkeeping purposes. We and other parties collect information about your use of our Services so that interest-based advertising can be provided using information gathered about you over time and across multiple websites or other platforms. To set your preferences related to the collection and use of this type of information, click on the Cookie Settings link in the footer of each Klick website you visit. You can also visit www.aboutads.info/choices and optout.privacyrights.info to opt out of certain uses of cookies for advertising purposes.
If you do not want information collected through the use of certain cookies, there are procedures in most browsers that allow you to delete existing cookies, to automatically decline cookies, or to be given the choice of declining or accepting the transfer of particular cookies to your computer. You should note, however, that declining cookies may make it difficult for you to use portions of our Services.
Pixel Tags
Some of our Services use “pixel tags”, “web beacons”, “clear GIFs” or similar tracking technologies (collectively, “pixel tags”) to collect information and compile aggregate statistics about our emails or website usage and response rates. Pixel tags allow us to count users who have visited certain areas of our Services, to deliver targeted advertisements, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, pixel tags can tell the sender whether and when the email has been opened.
Google Analytics
We use Google Analytics, a web analysis service provided by Google, to better understand how individuals use our website. Google Analytics uses cookies or other tracking technology to help us analyze how users interact with and use the website, compile reports on the related activities, and provide other services related to website and app activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website or app. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to the Google Analytics Terms of Service and the Google Privacy Policy. To opt out of analytics tracking by Google, click here.
Offline Interactions and Other Sources
We also may collect personal information from other sources, such as our partners or third party service providers, or from our offline interactions with you for the purposes listed in the How We Use Personal Information section below, including to enable us to verify or update information contained in our records and to better customize the Services for you.
HOW WE USE PERSONAL INFORMATION
We primarily use personal information to provide, maintain, and improve our Services, but we also use personal information to do any or all of the following:
- facilitate your interactions and transactions with us, such as requests for support or additional Services;
- respond to your requests, communications, suggestions, comments, inquiries, and requests (including your feedback about our Services);
- administer our relationship with you, including creating and managing your account;
- develop new products, features, and services;
- better understand the preferences of our customers;
- provide personalized Services, including content and ads;
- provide you with, and improve, relevant marketing offers or information from us or relevant third parties (we will collect consent from you when required by applicable law);
- facilitate your participation in our surveys and promotions;
- ensure our systems and premises are secure;
- develop and manage relationships with our business partners;
- engage in public or peer-reviewed scientific, historical, or statistical research (we will collect consent where required by applicable law);
- respond to legally binding requests from law enforcement, regulatory authorities, or other third parties;
- defend, protect or enforce our rights or applicable terms of service or to fulfill our legal or contractual obligations;
- manage any dispute and accidents and take legal or other professional advice;
- to prevent fraud or the recurrence of fraud;
- assist in the event of an emergency;
- comply with applicable law; or
- any other purpose with your consent.
We may also combine your personal information collected through various sources, including information collected through our Services, and develop a customer profile that will be used for the purposes above.
If you are a job applicant, we will use your personal information as necessary to determine your fitness for the position applied for, to make any relevant adjustments during the recruitment process, and for equal opportunities monitoring. You can also register on our website to receive additional information about jobs at Klick. Information you submit on our website will not be used for employment purposes unless you fill out the relevant registration form. The information that you provide will be used to send you the information that you have requested to receive, or to evaluate and communicate with you regarding your application for employment, as applicable.
We can use personal information to create non-personal information. We use non-personal information for any legitimate business purpose.
WHY WE USE PERSONAL INFORMATION
We use personal information as described above in the How We Use Personal Information section for a number of reasons:
- to fulfill our contractual obligations to you, including to provide our Services to you;
- the individual has given consent for a particular purpose (for example, where an individual has given us consent to send them electronic marketing);
- when using the information is necessary for our legitimate interests or those of a third party, provided we have balanced these against the individual’s rights and interests
- (in the context of employment related purposes) where necessary for hiring decisions or, after hiring, for carrying out or terminating the employment contract; and
- in order to comply with a legal obligation (for example, responding to government or law enforcement information requests).
Our legitimate interests for using personal information as described above in the How We Use Personal Information section are:
- to effectively administer and manage our business;
- to ensure effective administration and management of the individual’s relationship with us, including providing our Services;
- to understand how our members use our Services and to manage our Services;
- to carry out research and analysis on what Services or products our members want or how they would like us to improve our Services and products;
- to understand how our members use our Services and identify any issues in how the Services are used and how we can improve the member’s experience;
- to tell our customers about the various products and Services we can offer;
- to understand and respond to inquiries and feedback;
- to better tailor and personalize the promotions and benefits that we can offer to our members;
- to ensure our systems and premises are secure;
- to develop relationships with business partners;
- to ensure debts are paid;
- to operate suppressors to exclude you from direct marketing if you unsubscribe;
- to share data in connection with acquisitions and transfers of our business;
- to manage our relationships with business partners;
- to prevent, detect, or investigate unauthorized use of our Services and ensure we comply with the law and our policies; and
- to manage any dispute and accidents and take legal or other professional advice.
HOW LONG WE RETAIN PERSONAL INFORMATION
Except as otherwise permitted or required by applicable law, records containing personal information will only be retained as long as necessary to accomplish the purposes listed above, including to meet statutory, contractual, administrative, and operational requirements. Once we no longer need such records and there is no longer any legitimate need to use your personal information, we will delete, destroy, aggregate, or otherwise anonymize your personal information, subject to any retention period provided by applicable law.
For more information on the retention and destruction of your personal information, please refer to Appendix 1b: Record Retention and Destruction Policy.
HOW WE PROTECT PERSONAL INFORMATION
To prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or loss of your information or other similar risks, and to maintain the accuracy and confidentiality of such information, we have put in place appropriate physical, organizational, technological, and managerial procedures to safeguard and secure the information we collect from you. With respect to personal information that we collect from you online, please note that the Internet is not 100% secure and we cannot guarantee that your use of our Services will be completely safe, or that communications will not be intercepted. We encourage you to use caution when using the Internet or email. If you believe that your personal information held by us has been compromised, we urge you to notify us promptly.
Access to personal information is restricted to personnel who require access in order to perform their duties and job responsibilities, and access is limited to only that information that is strictly necessary for the performance of those duties and responsibilities. For more information about the roles and responsibilities of our staff members, please see Appendix 1a: Roles and Responsibilities of Klick Inc.’s Personnel Throughout the Life Cycle of Personal Information.
OUR COMMITMENT TO CHILDREN’S PRIVACY
Our Services are not for, or directed at, children or those under the age of 18. We do not knowingly collect personal information from children or other persons under 18 years of age. Individuals who are children or under the age of 18 should not attempt to provide us with any personal information. If you believe we have received personal information from children or those under the age of 18, we urge you to notify us promptly to have it deleted.
YOUR PRIVACY RIGHTS AND CHOICES
The following rights and choices are available to you, but some exceptions may apply based on our reason for processing your personal information and the local privacy laws in your jurisdiction. We will respond and address privacy rights requests within the relevant timeline requirements as stipulated by the privacy laws in your jurisdiction.
Access to your personal information
You have the right to request access to the personal information that we collect, use, and disclose about you. You also have the right to not receive discriminatory treatment for exercising your access right. To submit a request or designate an authorized agent to make a request, please click here or contact us using the information below.
Deleting your personal information
You have the right to request that we delete your personal information, subject to some exceptions under applicable law. Once we have received and confirmed your request, we will delete (and direct our partners and service providers to delete) your personal information, unless an exception under applicable law applies. You have the right to not receive discriminatory treatment for exercising your deletion right. To submit a request or designate an authorized agent to make a request, please click here or contact us using the information below.
Correcting your personal information
The accuracy of the personal information we have about you is very important. You have the right to correct and update your personal information by directly accessing your account and profile information. You may also request that we correct your information by contacting us. You have the right to not receive discriminatory treatment for exercising your correction right. To submit a request or designate an authorized agent to make a request, please click here or contact us using the information below.
Opting out of the sale of your personal information
You have the right to opt out of the sale* of your personal information. You also have the right to not receive discriminatory treatment for exercising this right. You can exercise your right to opt out by clicking the “Do Not Sell or Share My Personal Information” link on our website. You can also submit a request or designate an authorized agent to make a request by clicking here or contacting us using the information below.
*“sale” is used here as defined by California and Nevada law. While we do not sell your personal information to third parties for money, we may share certain categories of personal information to others in order to receive certain benefits or services. Such sharing may be considered a “sale” under California and Nevada law.
Opting out of the sharing of your personal information
You have the right to opt out of the sharing of your personal information for cross-context behavioral advertising purposes. You also have the right to not receive discriminatory treatment for exercising this right. You can exercise your right to opt out by clicking on the Cookie Settings link in the footer of each Klick website you visit. You can also click the “Do Not Sell or Share My Personal Information” link on our website. You can also submit a request or designate an authorized agent to make a request by contacting us using the information below.
Email Communications / Direct Marketing
You may have the opportunity to receive certain communications from us related to our Services and, when necessary, we will obtain consent from you for these communications. If you provide us with your email address in order to receive communications, you can opt-out of marketing emails at any time by following the instructions at the bottom of our emails or by contacting us using the information below. Please note that certain emails may be necessary for the operation of our Services. You will continue to receive these necessary emails, if lawful and appropriate, even if you unsubscribe from our optional marketing communications.
Cookies / Beacons
If you wish to minimize information collected by cookies or beacons, you can adjust the settings using the Cookie Settings link in the footer of each Klick website you visit. You can also adjust the settings of your device or browser. You can also set your device or browser to automatically reject any cookies. You may also be able to install plug-ins and add-ins that serve similar functions. However, please be aware that some Services may not work properly if you reject cookies. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests. For more information about how our Services use cookies, please see How We Collect Personal Information.
Network Advertising Initiative
Certain websites you visit may provide options regarding advertisements you receive. If you wish to minimize the amount of targeted advertising you receive, you can opt out of certain network advertising programs through the Network Advertising Initiative (NAI) Opt-Out Page or through the Digital Advertising Alliance Opt-Out Tool. Please note that even if you choose to remove your personal information (opt out) you will still see advertisements while you’re browsing online. However, the advertisements you see may be less relevant to you. For more information or to opt out of certain online behavioral advertising, please visit https://www.aboutads.info.
Additionally, many advertising network programs allow you to view and manage the interest categories that they have compiled from your online browsing activities. These interest categories help determine the types of targeted advertisements you may receive. The NAI Opt-Out Page provides a tool that identifies its member companies that have cookies on your browser and provides links to those companies.
Do Not Track
Some devices and browsers support a “Do Not Track” (or DNT) feature, a privacy preference that you can set in certain browsers which is intended to be a signal to websites and services that you do not wish to be tracked across different websites or online services you visit.
Please note that we cannot control how third party websites or online services you visit through our website respond to Do Not Track signals. Check the privacy policies of those third parties for information on their privacy practices. Our Services do not currently change the way they operate upon detection of a Do Not Track or similar signal.
In accordance with California law, you have the right to request, once per calendar year, information regarding the disclosure of personal information by us to third parties for the third parties’ direct marketing purposes. Please also note that California residents under 18 years old, in certain circumstances, may request and obtain removal of personal information or content that you have posted on our Services. Please be mindful that this would not ensure complete removal of the content posted by you on our Services. If you are a California resident and would like to make a request pursuant to California privacy law, please submit your request using the contact information provided below.
DATA TRANSFERS
We are a global business. As such, information we collect may be transferred to, stored, and processed in any country or territory where one or more of our business partners or service providers are based or have facilities which may be different to your home country. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect personal information that we transfer in line with this Privacy Notice requiring that our business partners or service providers adhere to this Privacy Notice and the applicable privacy laws and regulations in your home country.
THIRD PARTY WEBSITES AND APPS
Our website and Services may contain links to other websites or apps operated by third parties. Please be advised that the practices described in this Privacy Notice do not apply to information gathered through these third party websites and apps. We have no control over, and are not responsible for, the actions and privacy policies of third parties and other websites and apps.
CONTACT US
We welcome requests, questions, comments, and feedback on this Privacy Notice and our management of personal information. If you have requests, questions, concerns, or feedback, you can always contact us using the method provided below. If you are submitting a privacy right request, the request must provide sufficient information that allows us to verify that you are the person you are claiming to be or that you are the authorized representative of such person. You must also include sufficient details to allow us to properly understand the request and respond to it. We cannot respond to certain requests or provide you with personal information unless we first verify your identity or authority to make such a request and confirm that the personal information relates to you. If you are submitting a request using an authorized agent, please ensure the appropriate individual is identified as the authorized agent.
For your protection, we will need to verify your identity before assisting with your request, such as verifying that the information used to contact us matches the information that we have on file.
Email – privacy@klick.comPhone – 1-877-885-9957
Mail – Attn: Privacy Policy Klick Inc. / Steve Willer
175 Bloor Street East North Tower, 3rd Floor
Toronto, Ontario M4W 3R8
You may also submit a request using this contact form.
CHANGES TO THIS POLICY
We reserve the right to change this Privacy Notice from time to time by posting the changes here. If we choose to amend this Privacy Notice, we will revise the Last Updated date at the top of this Privacy Notice when we post the updated version. We may also provide you with notice by prominently posting on our website, via email or both if we make any significant changes to this Privacy Notice. We may also highlight those changes at the top of this Privacy Notice and provide a prominent link to it for a reasonable length of time following the change. To the extent that our Privacy Notice changes in a material way, the notice that was in place at the time that you submitted, or we collected your personal information will generally continue to govern that information unless we receive your consent to the new Privacy Notice, where required. If your consent is not necessary, the new version of the notice will apply from the date stated. We encourage you to bookmark this page and to periodically review it to ensure familiarity with the most current version of our Privacy Notice.
COMPLAINTS
You may contact us using the information above to make a complaint regarding this Privacy Notice, our privacy practices, and/or our handling of your personal information. For more information on how we will handle and process your complaint, please refer to Appendix 1c: Process for Handling Inquiries and Complaints.
ACCOUNTABILITY
Along with our Privacy Officer, there is a Privacy Team at Klick that is accountable for all personal information we collect and use.
Should you have any questions or concerns about this Privacy Notice or our collection of your personal information, please contact the Privacy Team:
Email – privacy@klick.comMail – Attn: Privacy Officer
Klick Inc.
175 Bloor Street East North Tower, 3rd Floor
Toronto, Ontario M4W 3R8
Without limiting the above, individuals in Alberta may contact our Privacy Officer if they have questions about the collection, use, disclosure or storage of personal information by our service providers or affiliates outside Canada, or to obtain access to written information about our policies and practices with respect to such service providers and affiliates outside Canada.
Appendix 1a: Roles and Responsibilities of Klick Inc.’s Personnel Throughout the Life Cycle of Personal Information
Klick Inc. (“Klick”) personnel will have the following roles and responsibilities with respect to handling personal information throughout its lifecycle within our organization:
Roles and Responsibilities:
Klick Privacy Officer is: Steve Willer.
The Privacy Officer is responsible for:
- Ensuring that Klick complies with relevant privacy and data protection legislation, including the Personal Information Protection and Electronic Documents Act and any other applicable federal, provincial or state privacy and data protection laws, including (without limitation), where applicable, the Act respecting the protection of personal information in the private sector (Quebec), the Consumer Privacy Act of 2018 (CCPA), and HIPAA (The Health Insurance Portability and Accountability Act);
- Promoting privacy and data protection within Klick;
- Drafting and enforcing the Klick Privacy Policy and Privacy Notice;
- Developing policies, practices, standards, and procedures to appropriately manage and safeguard personal information in accordance with applicable laws, the Klick Privacy Policy, Privacy Notice, and contractual requirements;
- Ensuring that Klick’s Privacy Policy, Privacy Notice and standard operating procedures are in accordance with applicable laws and regulations as well as its contractual obligations, including procedures applicable to the collection, use, sharing, disclosure, retention and destruction of personal information;
- Developing appropriate consent processes for collection, use and disclosure of personal information;
- Confirming that appropriate security controls are developed, implemented and maintained to protect personal information in a manner that is consistent with the sensitivity of the information;
- Establishing procedures for receiving and responding to requests to access and/or rectify personal information and responding to such requests;
- Establishing procedures for receiving and responding to privacy and data protection inquiries and complaints, including complaints regarding the protection of personal information, as well as investigating and responding to such inquiries and complaints;
- Evaluating new contracts to ensure that Klick and Klick’s customers, suppliers, partners, and other parties conduct business in a legal and ethical manner when it comes to issues of privacy;
- Assessing privacy-related factors for any new Klick project dealing with access to, or use or disclosure of, personal information before its implementation by Klick and ensuring the project’s compliance with applicable privacy laws;
- Monitoring employee email and computer use for policy violations and other improper conduct;
- Developing an incident/breach response plan as well as an appropriate breach recording system and managing breach records;
- Receiving reports of privacy and data breaches, leading breach response and containment process, and directing investigations into such breaches;
- Directing and managing compliance with court orders and other legal processes requiring disclosure of personal information;
- Developing an appropriate data retention schedule and document disposal procedures; and
- Communicating with privacy regulators, including in the event of an audit, complaint or investigation.
Klick Security Officer is responsible for:
- Defining, implementing, maintaining and enforcing policies, procedures and safeguards related to information technology and systems of record;
- Designing, implementing and maintaining computing hardware, software, processes and controls, as needed to support the effective, compliant management of records containing personal information throughout their lifecycle;
- Developing data back-up policies and procedures and regularly testing back-ups;
- Conducting vulnerability assessments, as well as security threat and risk assessments, and developing and managing risk mitigation plans;
- Assisting with development and delivery of information security training to personnel;
- Monitoring use of Klick email and systems for security risks; and
- Notifying the Privacy Officer of any data breach, technology failure, or other incident that results in (or may result in) loss of or unauthorized access to or disclosure of personal information (or other confidentiality incident). Participating and fully cooperating in any investigation into such incidents (including cooperating with outside investigators, where applicable).
- Klick Technical Staff are responsible for:
- Maintaining a consent log (as required by applicable laws), an up-to-date master unsubscribe list for each marketing program, as well as a global unsubscribe list;
- Ensuring that marketing and commercial communications are not sent to any person on the program or global list;
- Restricting access to unsubscribe lists to only the Privacy Officer and those Technical Staff on a need-to-know basis; and
- Granting access to personal information on a “need to know” basis, and ensuring access is revoked for departing employees and employees transferring into positions where they no longer need access to certain information.
Klick Compliance Staff are responsible for:
- Assisting the Privacy and Security Officers in understanding all applicable regulatory requirements and helping teams convert requirements into technical, physical and administrative/organizational controls as appropriate;
- Assisting in the development, implementation and maintenance of any policies, procedures or training required by those regulations or by contract, including the tracking and reporting of privacy and data protection training;
- Hosting and/or responding to external audit requests relative to these areas as well as periodically conducting internal audits to help ensure compliance with appropriate policies; and
- Managing vendors that process personal information on behalf of Klick, including the vendor selection process, negotiating appropriate privacy and data protection terms in contracts, and auditing/monitoring vendor compliance with privacy and data protection obligations.
Klick Management Employees are responsible for:
- Making reasonable efforts to ensure that personal information maintained by Klick is accurate, timely, relevant, and complete;
- Making reasonable efforts to ensure that all personal information is used only as intended, and that precautions preventing unauthorized access and misuse are both effective and appropriate;
- Establishing appropriate controls to ensure that personal information is disclosed to and accessed only by persons who have a legitimate business need, and only retained as long as needed to accomplish the purposes for which it was collected or for compliance with relevant legal and contractual obligations except as otherwise permitted or required by applicable law; and
- Notifying Klick Technical Staff of personnel changes requiring modifications to access privileges.
All Klick employees are responsible for:
- Reading, understanding and complying with Klick’s Privacy Policy and related policies, notices, standards and procedures;
- Acting within applicable laws and regulations;
- Notifying individuals of the purposes for which their personal information will be collected, used and disclosed, and obtaining consents in accordance with Klick policies and procedures when collecting personal information;
- Limiting collection of personal information to what is needed to accomplish the purposes identified to individuals in accordance with Klick policies, standards, and procedures;
- Refraining from accessing, using, or disclosing personal information unless required for performance of their job duties and permitted by applicable policies, standards, and procedures;
- Taking reasonable steps to confirm that information is accurate and up to date before using personal information, where appropriate;
- Protecting the security and confidentiality of any personal or other confidential information they have access to in connection with their employment;
- Regularly identifying and disposing of transitory information, which is no longer needed to support business activities, in a secure manner and in accordance with Klick’s retention and destruction policies and procedures;
- Forwarding any unsubscribe requests received to a member of the Technical Staff for implementation;
- Forwarding any requests received with respect to access and rectification of personal information to the Privacy Officer;
- Asking the Privacy Officer for clarification on any privacy-related questions that may arise and seeking guidance from the Privacy Officer if they are unsure of their obligations under Klick’s policies, standards and procedures or applicable law; and
- Reporting any privacy related complaints to Klick’s Privacy Officer and Security Officer.
Klick will take steps to communicate to personnel their roles and responsibilities in connection with processing personal information as described above.
Appendix 1b: Record Retention and Destruction Policy
Klick Inc. (“Klick”) has developed a records retention and destruction policy that aligns with the guidelines provided by the Office of the Privacy Commissioner in Canada and the Commission d’Accès à l’Information (Québec).
I. Retention of Records
Except as otherwise permitted or required by applicable law, Klick will retain records containing personal information (“Records”) only as long as necessary to accomplish the purposes for which such information was collected and to meet statutory, fiscal, contractual, administrative, and operational requirements.
Klick undertakes to ensure that Records are accurate, complete, and are retained for the periods of time required pursuant to applicable laws and regulations.
The Records will be handled in accordance with a Document Management Procedure that includes the following components:
- identification of the types of Records containing personal information (e.g., human resources files, customer files, etc.);
- defining the levels of confidentiality of Records (e.g., protected, confidential and secret) according to factors such as sensitivity, purpose, quantity, distribution and medium;
- distinguishing the types of media to associate an appropriate method of retention and destruction for different types of Records (e.g., paper, computerized or electronic media);
- determining and implementing a retention schedule for different types of Records that meets legal requirements, including maximum and minimum retention periods that take into account legislative requirements and restrictions and appeal mechanisms (where applicable);
- destroying personal information that does not fulfill a specific purpose or is no longer required to fulfill an identified purpose. If information is to be retained solely for statistical purposes, effective de-identification techniques will be used;
- ensuring that all personal information is completely deleted before recycling or disposing of electronic devices (e.g., computers, photocopiers, cell phones);
- using effective processes to destroy, erase or de-identify personal information;
- developing guidelines and implementing procedures for secure retention of personal information; and
- conducting periodic reviews to assess the need to retain personal information.
II. Destruction of Records
1. Types of Records
Klick will determine the appropriate destruction methods for the Record, depending on whether it is a Paper Record or an Electronic Record, as defined below:
Paper Records include physical representations of data, such as paper printouts, notes, memos, messages, correspondence, transaction records and reports in hard copy.
Electronic Records include information stored on electronic devices, such as computer hard drives, copier and printer hard drives, removable solid drives including memory, disks and USB flash drives, mobile phones and magnetic tapes. Electronic Records include emails, draft versions of documents saved on a server or document management system, scanned/imaged documents, faxes (where there is no paper copy), voicemails, metadata and any other information or data saved to or stored in electronic form.
2. Destruction Techniques That May Be Used
Klick will use the following destruction techniques recommended by the Office of the Privacy Commissioner in Canada, so that the personal information contained in such Records cannot be recovered:
- Completely destroying the media, whether hard or electronic copy, so that the information stored on it can never be recovered. This can be accomplished using a variety of methods including disintegration, incineration, pulverizing, shredding and melting.
- Deleting information using methods that resist simple recovery methods, such as data recovery utilities and keystroke recovery attempts. One method for clearing media is overwriting, which can be done using software and hardware products that overwrite the media with non-sensitive data.
- Degaussing, in which magnetic media are exposed to a strong magnetic field to make data unrecoverable. This can be used to protect against more robust data recovery attempts, such as a laboratory attack using specialized tools (for example, signal processing equipment). Degaussing cannot be used to purge nonmagnetic media, such as CDs or DVDs.
Without limiting the above, Paper Records (i) may not be deposited in open office recycling bins, but rather, must be placed in special shredding bins with high security locks accessible only by authorized persons, and (ii) must be shred using a cross-cut shredder with one cut shredded to a width of 1 cm or less, and the other cut at 15 mm or less, to ensure that the information in such Record is obliterated. The use of home or standard office shredders is not permitted and the resulting material must be recycled or pulped.
Onsite destruction of Records must occur in an area that is accessible only by Klick’s authorized personnel.
3. Destruction by a Third Party Service Provider
Klick may engage the services of a third party service provider to destroy Records, including where it does not possess the equipment necessary to allow for secure and definitive destruction.
When Klick uses the services of a third party service provider, Klick will ensure that the contract for the provision of Record destruction services specifies:
- the process used for the destruction;
- an acknowledgement by the service provider that the information being processed is confidential;
- that the service provider will inform Klick if it uses a subcontractor for the destruction of Records;
- that a confidentiality agreement will be signed by the service provider’s employees who have access to the Records;
- that secure storage of the Records is required prior to destruction (e.g., stored in secure premises with limited access);
- that Klick has the right to access the service provider’s premises during the term of the contract to confirm compliance with the contract;
- that the service provider is required to report regularly to Klick on the destruction of the Records.
In the event that the third party service provider fails to comply with its obligations, Klick will take appropriate measures, including to obtain the return of the Records and terminate the contract.
Appendix 1c: Process for Handling Inquiries and Complaints
Individuals have the right to make inquiries or complaints about the collection, use, disclosure or other processing of their personal information by Klick Inc., or otherwise regarding Klick Inc.’s compliance with applicable privacy and data protection laws.
Klick Inc.’s employees who receive or are made aware of an inquiry or complaint must:
- Record the date on which the inquiry or complaint is received, together with its nature; and
- Immediately refer or forward the inquiry or complaint to Klick Inc.’s Privacy Officer Steve Willer at privacy@klick.com.
Klick’s Privacy Officer shall be responsible for undertaking a reasonable investigation into and responding, in writing, to all such inquiries and complaints. In particular, the Privacy Officer shall:
- Acknowledge receipt of the inquiry or complaint promptly;
- Validate/confirm the identity of the individual/claimant;
- Seek clarification regarding the inquiry or complaint, as needed;
- Fairly and impartially evaluate the validity of a complaint, having regard to all relevant factors;
- Notify the individual of the response to their inquiry or outcome of their complaint clearly and promptly, together with any steps taken as a result of the inquiry or complaint, within the time period required by applicable law;
- If a complaint is found to be justified, take appropriate measures to address and rectify the substance of the complaint and to ensure compliance with the applicable laws, including, if necessary, correcting any inaccurate Personal Information and/or amending Klick Inc.’s policies and procedures concerning the processing of personal information; and
- Ensure that relevant Klick Inc. employees are aware of any changes to Klick Inc.’s policies and procedures as a result of an inquiry or complaint, including arranging for necessary training to implement and give effect to such changes.
Records of decisions made with respect to an inquiry or complaint, and any personal information that is the subject of an access request or a request for rectification, will be maintained for as long as necessary to allow the relevant individual(s) to exhaust any recourse they may have under applicable laws. The Privacy Officer will approve an override of Klick Inc.’s regular retention and deletion schedule/practices where necessary to permit such retention.
Appendix 2: California
In accordance with California law, please see the information below to learn more about the categories of personal information we collect, how we collect it, why it is collected, with whom we share the information, and how long we retain it.
The categories of personal information we have collected about consumers in the preceding 12 months are:
- Identifiers such as a real name, postal address, online identifier, internet protocol address, email address, or other similar identifiers.
- Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
- (If you apply for a job with us) Professional or employment related information, such as work history, professional experience, and other information from resumes.
- (If you apply for a job with us) Non-public education information, such as educational history and academic records.
- Geolocation data (collected via IP address).
- Inferences drawn from any of the information identified in this section to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
- (If you apply for a job with us) Sensitive personal information, such as racial or ethnic origin, Social Security number, driver’s license number, or other government-issued identification information.
The sources from which we collect the categories of personal information described above are:
- Consumers when you submit information directly through our Services.
- Website visitors and their devices from which we passively collect information, such as device information.
- Service providers that we engage to provide services on our behalf, including vendors that host or maintain our Services, employment vendors that assist with hiring, and advertising and technology vendors.
- Others we interact with, such as job networks or social networks, if you choose to import your information from those platforms when applying for a job with us.
- We also develop inferences or combine the personal information with information we already have.
The business or commercial purposes for collecting and using the personal information described above are:
- Providing, maintaining, and improving our Services, including developing new products and services.
- Sending marketing communications and engaging in promotional activities.
- Conducting and developing our business with our customers.
- Supporting or responding to your requests or questions.
- Complying with our legal and contractual obligations.
- Processing for security, safety, or due diligence purposes.
- Recruiting and hiring.
- Other purposes as disclosed to you at the time we collect your information.
We may share the categories of personal information described above with our affiliates, partners, suppliers, vendors, and service providers for the purposes described in the How We Share Personal Information section above.
We retain the categories of personal information described above for as long as necessary for the purpose for which it was initially collected, including the purposes listed in the How We Use Personal Information section above.
As the terms are defined by California law, we “sold” and/or “shared” the following categories of personal information in the last 12 months: identifiers (internet or other electronic network activity information), geolocation data, and inferences drawn from the above. We “sold” each category to business partners, marketing companies, advertising networks, and data analytics providers.
The business or commercial purposes of “selling” personal information is for third-party companies to perform services on our behalf, such as marketing, advertising, and audience measurement.
We do not “sell” personal information of known minors under 16 years of age.
If you are a California resident and would like to exercise your privacy rights, including the right to opt out of sales/sharing, please click here.
Appendix 3: Europe / United Kingdom / Uruguay
The following only applies if you are a resident of a member state of the European Union (EU), the United Kingdom, Uruguay, or the European Economic Area (EEA).
If you have questions or concerns regarding the use of your personal information, please contact us using the information below.
International Transfers
The personal information we collect from you is transferred to and stored by our group companies or IT vendors and other service providers (as specified in How We Share Personal Information above) who operate on our behalf. We also transfer information to a number of providers of business applications—such as CRM and marketing applications—as well marketing service providers. These providers are primarily located in the United States, but are also located in other jurisdictions.
In certain cases, there may not be an adequacy decision by the European Commission and/or United Kingdom/Uruguay authorities in respect of those countries. Adequacy of data protection is instead ensured by Standard Contractual Clauses approved by the European Commission in accordance with Article 46(2)(c) of the General Data Protection Regulation, or any equivalent clauses approved by the authorities in the United Kingdom including any additional safeguards as required by EU/UK data protection laws that we have in place with that third party. A copy may be requested by contacting our Data Protection Officer.
Data Retention
We retain your personal information for as long as necessary for the purpose(s) for which it was initially collected. The criteria we use to determine the retention period is as follows:
- whether there are contractual or legal obligations that exist which require us to retain the information for a period of time;
- whether there is an ongoing legal claim that relates to any business (or otherwise) relationship you have with us, or that is otherwise related to your relationship with us; and
- whether any applicable law, statute, or regulation allows for a specific retention period.
Your Privacy Rights
You have—in accordance with applicable data protection laws—the following rights when it comes to our handling of your personal information. Please note that many of these rights are not absolute, and we have grounds for refusing to comply with your request to exercise them (for example, where we are (a) required or permitted by law to process your personal data in a way that is incompatible with your request, or (b) able to rely on exemptions under data protection law which entitle us to process your personal data in a way that is incompatible with your request). Where such circumstances apply, we will inform you of this at the time you make a request to exercise your rights.
- Right of access – you have the right to request a copy of the personal information we have about you and to request supporting information explaining how the personal information is used;
- Right of rectification – you have the right to request that we rectify inaccurate personal information about you;
- Right of erasure – you have the right to request that we erase personal information about you;
- Right to restrict processing – in certain situations, you have the right to request that we do not use the personal information you have provided (for example, if you believe it to be inaccurate);
- Right to data portability – you have the right to receive your personal information in a structured, commonly used and machine-readable format and to transmit such information to another controller;
- Right to withdraw consent – where we process your personal information based on consent (including direct marketing consents), you have the right to withdraw consent at any time. However, this will not affect the lawfulness of the processing based on consent before its withdrawal. Furthermore, even in case of a withdrawal we continue to use your personal information as permitted or required by law; and
- Right to object – where we are processing your personal information based on a legitimate interest (or those of a third party) you can challenge this. However, we are entitled to continue processing your personal information where we can demonstrate that we have compelling legitimate grounds to process your information (which override your rights and freedoms), or where continuing to process your personal information is relevant to the establishment, exercise or defence of legal claims. You also have the right to object where we are processing your personal information for direct marketing purposes.
If you would like to exercise any of these rights or in case you should have any concerns about how we process your personal information, please contact us using the information below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We typically need to request specific information from you to help us confirm your identity and ensure your right to access your personal information, or access someone else’s personal information on their behalf (or to exercise any of the other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated. Should we be unable to comply with your request, we will provide an explanation.
Data Protection Officer Contact Information
You can always contact our Data Protection Officer with any issues or questions you have regarding our processing of personal information.
Email – privacy@klick.comMail – Attn: Privacy Officer
Klick Inc.
175 Bloor Street East North Tower, 3rd Floor
Toronto, Ontario M4W 3R8
You have the right to make a complaint at any time to the supervisory authority in the UK, Uruguay, or the Member State of the EU or EEA in which you are resident. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
Appendix 4: Japan
The following only applies if you are a resident of Japan.
If you have questions or concerns regarding the use of your personal information, please contact us using the information in the Contact Us section.
Security management measures
To prevent unauthorized access, loss, or unauthorized use of your information, and to maintain the accuracy and confidentiality of such information, we have put in place the security management measures listed below.
- Formulation of basic policies. In order to ensure the proper processing of personal information, we formulate basic policies on “compliance with relevant laws, guidelines, etc.”, “contact point for questions and complaints”, etc.
- Establishment of rules for handling personal information. We establish rules on the processing of personal information for each stage of acquisition, use, storage, provision, deletion and disposal of personal information, including processing methods, responsible persons and persons in charge, and their duties.
- Organizational security management measures. In addition to appointing a person responsible for the processing of personal information, we clarify the employees who process personal information and the scope of personal information processed by such employees and establish a system for reporting to the person responsible in the event that we become aware of facts or signs of non-compliance with the law or rules for handling personal information. In addition, we regularly conduct self-inspections and audits by other departments and external parties on the status of the handling of personal information.
- Personnel security management measures. Regular training is provided for employees on matters to be considered in the handling of personal information and matters relating to the confidentiality of personal information are included in the employment regulations.
- Physical security management measures. In areas where personal information is processed, we control employees’ access to rooms, restrict the equipment they bring in, and implement measures to prevent unauthorized persons from accessing personal information. We take measures to prevent the theft or loss of equipment, electronic media and documents that process personal information and implement measures to ensure that personal information is not easily revealed when such equipment, electronic media, etc. are carried, including when moving within the business premises.
- Technical security management measures. We implement access controls to limit the scope of persons in charge and the databases of personal information to be processed. In addition, we have put in place measures to protect the information systems that process personal information from unauthorized external access or unauthorized software.
- Understanding of the external environment. We store personal information in the U.S. and Canada, and take necessary and appropriate measures based on the nature of the personal information.
Joint Use
We jointly use personal information from you as follows.
- The categories of personal information. The categories are described in “The Types of Information We Collect” section above.
- The scope of the joint users. [Klick Inc., Klick USA Inc., Klick Health UK Private Limited, Klick Health, Klick Health Germany GmbH, Klick Health EU GmbH, Klick Health Asia-Pacific Pte. Lte.]
- The utilization purpose. The purposes are described in the “How We Use Personal Information” section above.
- The name, address, and the name of its representative of a business operator responsible for the management of the personal information.
Name – Klick Inc
Address – 175 Bloor Street East North Tower, 3rd Floor
Toronto, Ontario M4W 3R8
Name of its representative – Steve Willer
Data Transfers
We may provide personal information to third parties outside Japan who are establishing a system conforming to standards prescribed by rules of the Personal Information Protection Commission as necessary for continuously taking action equivalent to that which a personal information handling business operator takes concerning the handling of personal data pursuant to the provisions of Chapter IV, Section 2 of the Act on the Protection of Personal Information (the “equivalent action”). In such case, we will take necessary action to ensure continuous implementation of the equivalent action by the third party and, in response to your request, provide information on the necessary action.
Rights of Data Subjects
You have—in accordance with the Act on Protection of Personal Information (the “APPI”)—the rights listed below when it comes to our handling of your personal information. Please note that many of these rights are not absolute, and we have grounds for refusing to comply with your request to exercise them (e.g., (a) cases in which disclosure is likely to seriously impede the proper execution of the business of the business operator handling personal information, or (b) cases in which special procedures are prescribed by any other laws and regulations for correction, addition or deletion). Where such circumstances apply, we will inform you of this at the time you make a request to exercise your rights.
- Notice of purpose of use of retained personal data
- Disclosure of retained personal data
- Disclosure of records when personal data is provided or received by a third party
- Correction, addition or deletion of retained personal data
- Cessation or suspension of the use of retained personal data or discontinuation of provision to a third party if the customer satisfies the requirements under the APPI
If you would like to exercise any of these rights or in case you should have any concerns about how we process your personal information, please contact us using the information in the Contact Us section.
We may charge a reasonable fee when you request the notice of purpose of use of retained personal data or disclosure of retained personal data or records when personal data is provided or received by a third party.
We typically need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated. Should we be unable to comply with your request, we will provide an explanation.
Appendix 5: Argentina
The following only applies if you are a resident of Argentina.
If you have questions or concerns regarding the use of your personal information, please contact us using the information provided in the Contact Us section.
Changes to the Privacy Notice
In the case of relevant changes that require your consent, we will present the new Privacy Notice to obtain your consent in relation to the new Privacy Notice.
International Transfer
You consent that your personal data may be processed and stored on a server located outside of the country where you live.
Sensitive Data Consent
You consent that we may collect Sensitive Data (as defined by Argentinian law), if required by applicable law, and we take steps to protect and limit any use of it to the purposes for which it is provided.
Processing Purposes
Notwithstanding the foregoing principal processing purposes, you consent that your personal data may be processed for purposes described in the Why We Use Personal Information section above, and the following secondary purposes:
- Sending of presentations, courses, calls and communications
- Sending relevant information about Klick
- Publishing information about employees on the website and social networks of Klick
Transfer of Data to Third Parties
You consent that your personal data may be processed and stored by third parties.
Governmental Authority
For the purposes of this Privacy Notice, “Government Authority” means any of the executive, legislative or judicial powers of Argentina or any country related to the entity and the data subjects of the personal data, regardless of the way they act, whether they are federal, state or municipal, as well as any government agency, secretary, decentralized or deconcentrated body or equivalent entity, or any state, municipality, department or other political subdivision thereof, or any government body, authority (including any central bank or tax authority) or any entity (including any court) that exercises government, executive, legislative or judicial functions in Argentina or in any country applicable to the entity and the data subjects.
Your Rights
The Argentinean Data Protection Law No. 25,326 and its regulations give data subjects the rights to access, rectify, cancel and/or oppose the processing of their personal data. You can request the exercise of your privacy rights by contacting us using the information provided in the Contact Us section. Data subjects have at all times the right to revoke their consent to the processing of their information. Please refer to the contact information provided for these purposes.
Klick observes the principles established by the Argentinean Data Protection Law and its regulations. Therefore, Klick will comply with these regulations as well as all notice and consent requirements depending on the category of data being collected, processed and/or transferred.
You can limit the use and disclosure of your personal data by registering in our exclusion list, so that your personal data is not processed for marketing, advertising or commercial prospecting purposes. To be included on the exclusion list, please contact us using the information provided in the Contact Us section.
AAIP
If you consider that your right to the protection of personal data has been harmed by any conduct or omission on the part of Klick or presumes any violation of the provisions provided in the Law, its Regulations and other applicable regulations, you may file your disagreement or complaint before the Agency of Access to Public Information (AAIP). For more information, we suggest you visit the official website: https://www.argentina.gob.ar/aaip. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.
Appendix 6: Singapore
The following only applies if your personal data is collected, used, disclosed, or processed by us in Singapore, or is otherwise regulated under the Singapore Personal Data Protection Act 2012 (“PDPA”).
Legitimate Interests
For the avoidance of doubt, and without prejudice to your consent to any other purposes as set out in the Privacy Notice, you fully understand and unambiguously consent to our collection, use, disclosure and processing of your personal data for the specified purposes associated with legitimate interests, as listed in the section “Why We Use Personal Information” above.
International Transfers
You fully understand and unambiguously consent that we may transfer your personal data to any country (including to third parties where necessary) for the purposes set out in this Privacy Notice or as notified to you. When we transfer your personal data outside of Singapore, we will require foreign recipients of the personal data to protect your personal data in accordance with this Privacy Notice and to a standard of protection comparable to that under the PDPA.
Marketing Communications
We will not contact you for marketing purposes unless you have provided us with your express consent, or unless we are otherwise exempted from having to obtain your consent. If you do not wish to receive any such marketing communications or information from us, or wish to restrict the manner by which we may contact or send you such information, please contact us using the contact information below.
Your Rights
The following rights are available to you pursuant to the PDPA:
- Right of access – you may request that we provide you with access to your personal data and information about the ways in which such personal data may have been used or disclosed by us.
- Right of correction – you may request that any incomplete or inaccurate personal data we hold about you is corrected.
- Right of withdrawal of consent – you may withdraw your consent for our collection, use or disclosure of your personal data.
- Right of data portability – you may request the transfer of certain of your personal data to another party under certain conditions.
We may require that you submit certain forms or provide certain information to process your request. We may also charge a reasonable fee to process your request. Under certain circumstances, we may refuse to comply with your request as may be permitted under the PDPA. If you have any questions about your rights or if you would like to exercise any of your rights, please contact us using the contact information below.
Data Protection Officer Contact Information
You can always contact our Data Protection Officer with any issues or questions you have regarding our processing of personal data in Singapore.
Email – privacy@klick.comMail – Attn: Privacy Officer
Klick Inc.
175 Bloor Street East North Tower, 3rd Floor
Toronto, Ontario M4W 3R8