Privacy Policy

Last Modified: February 8, 2023

Apryse is committed to protecting and respecting your privacy. A reference to "Apryse", "we", "us" or "our" is a reference to Apryse Systems Inc. and its affiliates, and we are a 'controller' for the purposes of the data protection laws that apply to us. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.

This notice (together with any applicable terms of use) describes what personal data and other information we may collect, use, share and process from you in connection with your use of our products. References to our products in this notice include our websites, apps, software, and services. For greater certainty, we may collect and make use of your information (including personal data) in the context of:

• our websites, including, but not limited to, web-based services such as Xodo ("websites");
• our desktop applications and mobile applications (both referred to as "apps"); and
• our sales, marketing, and advertising practices.

This notice further describes how we may collect personal data, with whom we may share it, as well as the choices you have regarding our collection of information and our use and disclosure of that information to other parties.

Note for Xodo users: If you are using Xodo with Google Drive, please note that Xodo`s use and transfer to any other application of information received from Google's APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements therein.

This notice is provided in a layered format for ease of access. Click on the table of contents to jump to a specific section.

1. OVERVIEW AND SCOPE

We believe that you should always know what data we collect from you, how we use it, and that you should have meaningful control over both. This notice describes how we use personal data, with whom we share it, your rights and choices, and how you can contact us about our privacy practices.

2. INFORMATION WE COLLECT FROM YOU

We collect, use, store, transfer and process different types and categories of personal data about you as follows:

Identity Data includes first name, last name, company name, user pictures and profile pictures (if supplied), username or similar identifier, marital status, title, date of birth and gender.

Contact Data includes postal address, email address and telephone numbers.

Financial Data includes bank account details, credit card information, tax payer identification numbers and billing addresses.

Transaction Data includes details about payments to and from you and other details of any services you have purchased from us.

Technical Data includes internet protocol (IP) address, media access control (MAC) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Product Data includes your information and content you may submit in a PDF, details about any licences you may have with us, preferences, feedback and survey responses.

Usage Data includes information about how you use our website and products.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We do not collect any special categories of personal data about you (such as health data, political opinion, religious beliefs etc). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

3.1. PERSONAL DATA WE COLLECT DIRECTLY FROM YOU

We collect personal data directly from you in the following situations:

3.1.1. DIRECT INTERACTIONS

You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide:

• by registering to use our websites or apps or using our services, products and tools we make available for use;
• by registering for webinars, contacting sales or signing up for our newsletter;
• by using our support chat function on our websites to correspond with us in connection with your use of our products;
• by participating in blogs, discussion boards or other social media functions;
• by entering a competition, promotion or survey;
• when you report a problem; and / or
• if you upload a file to our services, products, demos or tools.

3.2. INFORMATION WE AUTOMATICALLY COLLECT

3.2.1. IP ADDRESSES AND CLICK-STREAM DATA

With regard to each of your visits to our websites or usage of our apps we may automatically collect the following information:

• technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
• information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number;
• information about how you interact with our apps and websites, through the use of third-party analytics tools which track data regarding crashes, errors, general user interactions with the user interface (UI) and software development kit APIs, and the type of functionality you may be using.

The websites may use Hotjar, a third party website analytics tool, in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g., how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar's support site.

The information collected cannot typically be used to identify you personally. However, if you have specifically informed us of your identity (for example by registering for something or providing us with your contact information), it may be possible for us to link certain information to information that identifies you personally.

3.2.2. Digital Markers (including Cookies), Online Tracking Technologies, Online Interest Based Advertising

A digital marker is created by a website visitor’s Internet browser to maintain certain pieces of information for the website to reference during the same or subsequent visits. Examples of digital markers are cookies or HTML5 Web storage. Among other things, digital markers can allow a website to recognize a previous visit each time the visitor accesses the website, and track what information is viewed on a website.

We use sessional and persistent digital markers on some portions of our websites. Digital markers are created when you visit our websites. Sessional markers exist while you remain on our websites, and persistent markers continue to exist after you have left our websites.

For information on the digital markers (including cookies) we use and the purposes for which we use them see the applicable Cookie Notice for the Apryse website(s) you may visit.

Similarly, we or our third-party service providers/advertisers may also use "web beacons", "pixel tags" or other tracking technologies, which are typically small pieces of code placed on a web page to monitor behaviour and collect certain data regarding the actions of our visitors online.

These digital markers and other technologies may be used to track across time, sites, and devices. For example, these technologies can be used to analyze your online traffic patterns, to enhance your experience when using our products, to store information during your session, to personalize our websites for you based on your preferences and selections, to target advertising or content to you (as described further below), and to collect information about you and your usage of our websites or apps for other marketing and business purposes. You may adjust your privacy preferences regarding the use of digital markers, including cookies, and similar technologies through your browser. However, disabling cookies may impair your user experience and disable certain features of our websites.

Data about your activities online may be collected for use in providing advertising tailored to your individual interests, either by us, or third parties. We may work with third parties such as network advertisers and ad exchanges to serve advertisements across the internet and may use third party analytics service providers to evaluate and provide us and/or third parties with information about the use of these ads on third party websites and viewing of ads and of our content.

We and these third-party vendors, including Google and LinkedIn, may use third-party technologies (such as the LinkedIn Insight Tag) together with our own first party technologies in order to analyze ad impressions, your use of ad services, and interactions with these ad impressions and ad services. The information collected may also include information about your visits to our websites, include the pages you have viewed and what content you have seen. These third-party tracking technologies may be set to, among other things: (a) help deliver advertisements to you that you might be interested in; (b) prevent you from seeing the same advertisements too many times; and (c) understand the effectiveness of the advertisements that have been delivered to you.

You can opt out of certain advertising by visiting the Network Advertising Initiative opt out page or permanently using the Google Analytics opt out browser add on. If you wish to take steps to opt-out of tracking by certain online advertisers, you can visit the Digital Advertising Alliance’s opt-out page at https://www.aboutads.info/choices or the Network Advertising Initiative at https://optout.networkadvertising.org/?c=1. To learn more about how to opt out of Google’s use of cookies, visit Google’s Ads Settings, here. To learn more about cookies and similar tracking technologies, and how they can affect your privacy, visit allaboutcookies.org. To learn more about how Google uses cookies to process and collect data, or to opt-out of Google’s analytic and marketing services, visit the Google Privacy Notice. LinkedIn members can control the use of their personal data for advertising purposes through their LinkedIn account settings.

3.3. Information we receive from other sources

We may receive personal data about you if you use any of the other websites we operate or the other online projects or services we provide. We are also working closely with third parties (including, for example, business partners, technical and delivery services, advertising networks, analytics providers, search information providers) and may receive personal data about you from them. We may combine this personal data with personal data you give to us and personal data we collect about you to create combined personal data.

4. HOW WE USE YOUR PERSONAL DATA

We use your personal data to:

• provide you with the information, products and services that you request from us;
• carry out any agreements entered into between you and us including invoicing and processing your billing information when you purchase our products;
• respond to enquiries or service requests and monitor such responses;
• schedule meetings with you that you request;
• manage our relationship with you;
• subject to applicable laws, provide information about and market our products or services or products or services of third parties, and inform you of offers or new features that we believe may be of interest to you. If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our services and we nonetheless reserve the right to contact you (including by e-mail or text) where we are legally required or permitted to do so;
• send you important administrative messages that are required to provide you with our services;
• give you access to free trials and to issue trial evaluations;
• notify you about changes to our products;
• resolve problems and fix bugs in our products and/or websites;
• enable certain aspects of our products to function;
• convert PDF images into translatable text;
• manage our accounting process and to process monthly and/or annual payments from you for our products;
• manage our websites and apps and assess usage including distributing a licence for you to use our products;
• enhance or personalize your experience using our products (personal data you provide us through our websites may be linked to analytics data in order to better serve you and improve your in-product experience).
• inform you of offers or new features that we believe may be of interest to you;
• process or maintain your subscription to a newsletter or mailing list;
• facilitate various programs, promotions or contests in which you participate;
• target advertising or content, or for other advertising, promotional or marketing purposes;
• study the use and popularity of various areas of our websites and apps and to improve our products;
• analyze general locations where our content is viewed (by reviewing IP addresses);
• administer our websites and apps and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• screen for potential risk and fraud when accessing our websites and/or purchasing our products;
• improve our products and services and to ensure that content is presented in the most effective manner for you and for your computer or device;
• allow you to participate in interactive features of our websites and apps, when you choose to do so;
• supplement our efforts to keep our websites and apps safe and secure.

We may also use such information for other purposes related to our business or that of our related entities, as well as for any other purpose described in this notice or any other agreement you may enter with us or otherwise as we may disclose to you or to which you consent from time to time, or for other purposes as required or permitted by applicable law.

5. HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?

We are allowed to process your personal data based on the following legal bases:

• Legitimate Interests – We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests as set out in the section above. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.
  
  You can object to processing that we carry out on the grounds of legitimate interests. See the section headed "Your Rights" to find out how.
• Contract – It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
• Legal obligation – We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory rules and to make mandatory disclosures to government bodies and law enforcement agencies.
• Consent:
  • If you use our websites and products with our UK and European companies: sometimes we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device or when you subscribe to our newsletter. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.
  • If you use our websites and products with our Canadian companies: by using our products and providing personal data to us, you voluntarily consent to the collection, use, and disclosure of personal data as specified in this notice. Without limiting the foregoing, we may on occasion ask you to consent when we collect, use, or disclose your personal data in specific circumstances, in which case we may ask for your consent in writing (including by electronic means) although in some circumstances we may accept your oral consent. Sometimes your consent will be implied through your conduct with us if the purpose of the collection, use or disclosure is obvious and you voluntarily provide the information.
  • For any other jurisdictions where consent may be required, we will obtain your permission in accordance with applicable laws.

6. DISCLOSURE OF YOUR INFORMATION

We may share your personal data with any member of our corporate group, which means our subsidiaries, our parent company and its subsidiaries.

We do not sell or rent personal data to marketers or unaffiliated third parties. We may share your information with selected third parties including:

• Our other group companies, business partners and suppliers when this is necessary to provide our services to our users or for the performance of any contract we enter into with you;
• advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. Such disclosures are typically aggregate information about our users and analyses of our server logs, traffic, or information relating to customer leads, including details regarding usage of our websites or apps and general information about our audience, and are not generally considered to be personal data;
• analytics and search engine providers that assist us in the improvement and optimisation of our products;
• our service providers who provide certain services on our behalf such as data hosting or processing services. We will use contractual arrangements to protect personal data disclosed to these service providers;
• in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets or (subject to confidentiality restrictions) during the due diligence process, in accordance with applicable law;
• if Apryse or substantially all of its assets (or any group company or its assets) are acquired by a third party, in which case personal data held by it about its customers and users of its products will be one of the transferred assets, in accordance with applicable law;
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or as we believe in good faith may be reasonably necessary to comply with any law, regulation, rule, court order, or other lawful requests from governmental, regulatory or administrative agencies or law enforcement authorities (including in response to law enforcement or national security requirements), or in order to enforce or apply any terms of use applicable to a specific product, and other agreements; or to protect the rights, property, or safety of Apryse, our customers, or others;
• as otherwise may be required or permitted by applicable law.

7. WHERE DO WE STORE YOUR PERSONAL DATA AND HOW DO WE KEEP IT SECURE?

7.1 WHERE DO WE STORE YOUR PERSONAL DATA?

Apryse is based in Canada, other group companies are based in other jurisdictions, including in the US, New Zealand, Europe and the UK. The information (including any personal data) we collect is transferred, maintained, stored, and processed in Canada, the US, Europe and the UK and other countries outside Canada where our or our service providers’ facilities may be located. Regardless of where you are located, we carry out these transfers in compliance with applicable laws.

If you are based in Canada, you understand and agree that we may store and process the information you provide to us in Canada and other countries. The data protection and privacy laws in those countries may offer a lower level of protection than the data protection and privacy laws of your country. Also, this information may be subject to access requests from governments, courts, or law enforcement in Canada and foreign countries according to their laws.

If you are located in the UK, European Economic Area or Switzerland, your personal data is transferred outside of the UK, European Economic Area or Switzerland in order for our service providers to provide their services to us. The data protection and privacy laws in those other countries may offer a lower level of protection than the UK and European data protection laws. We ensure that we put mechanisms in place in order to transfer your personal data securely and in accordance with applicable data protection laws. If you want to know more about our international transfers, you can contact us.

7.2 IS MY PERSONAL DATA SECURE?

We implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. Among the steps we take in order to protect your information are:

• premises security;
• restricted file access to personal data;
• deploying technological safeguards like security software and firewalls to prevent hacking or unauthorized computer access; and
• internal password and security policies;

Unfortunately, no transmission of information via the internet or storage of information is completely secure. Although we take commercially reasonable steps to protect your personal data, we cannot guarantee the security of your data transmitted to our websites or apps that we store.

7.3 RETENTION OF PERSONAL DATA

Personal data will be retained in accordance with this notice for as long as may be necessary or relevant for the purpose of collection, or as may be required or permitted by applicable law, after which time it may be made anonymous or destroyed unless you further consent to its continued retention.

7.4 INTEGRATED SERVICES

You may be given the option to access or register for our products through the use of your username and passwords for certain services provided by third parties (each, an "Integrated Service"), such as through the use of your Google account, or otherwise have the option to authorize an Integrated Service to provide personal data or other information to us. By authorizing us to connect with an Integrated Service, you authorize us to access and store your name, email address(es), and basic profile information that the Integrated Service makes available to us, and to use and disclose it in accordance with this notice. You should check your privacy settings on each Integrated Service to understand what information that Integrated Service makes available to us, and make any changes you deem appropriate before you submit any personal data to them. Please review each Integrated Service's terms of use and privacy policies carefully before using their services and connecting to our apps.

8. THIRD PARTY LINKS

Our websites and apps may, from time to time, contain links to and from third party websites including those of our partner networks and advertisers. If you follow a link to any of those websites, please note that they have their own privacy notices and that we do not accept any responsibility or liability for those notices. Please check these notices before you submit any personal data to those websites.

9. YOUR RIGHTS

You may have the following legal rights under the applicable data protection laws in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see "Contact Us"). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Please be aware that there are exceptions that apply to some of these rights, which we will apply in accordance with applicable data protection laws.

In order to exercise these rights, you may contact us as described in the Contact Us section below. We will comply with your request to the extent required by applicable law. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country. In the UK, you have a right to complain to the Information Commissioner's Office (ICO). Information about how to do this is available on its website at www.ico.org.uk.

10. CHANGES TO OUR PRIVACY NOTICE

Any changes we may make to our notice in the future will be posted on this page. The date this notice was last revised is identified on the top of this page. Please check back frequently to see any updates or changes to our notice.

11. CONTACT US

If you have any questions, comments and requests regarding this notice, how we handle your personal data, or if you would like to exercise any of your rights, please email our Privacy team at privacy@apryse.com or send a letter to: 500-838 West Hastings Street, Vancouver BC V6C 0A6 Canada. If you live in the UK or Europe you can contact our European representative by mail at Osano International Compliance Services Limited, ATTN: IKOL, 25/28 North Wall Quay, Dublin 1, D01 H104, Ireland.

12. ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS

California residents may have additional rights under the California Consumer Privacy Act (“CCPA”) with respect to certain personal data that is not covered under a federal law. If you are a California resident, this section details your rights under the CCPA, how you may exercise those rights, and what we will do in response.

The CCPA requires us to disclose information regarding the categories of personal data we have collected about California consumers (as that term is defined in the CCPA) during the preceding twelve (12) months, the categories of sources from which the personal data was collected, the business or commercial purposes for collecting the personal data and the categories of personal data disclosed to third parties. The sources of identity, contact and financial data are from direct interactions with you, whereas the remainder of the data categories listed below are either automatically collected (including Hotjar) or come from digital markers and online tracking technologies. Please see section 2 and 3 above for further details. In the preceding 12 months, we collected and disclosed the following personal data about California consumers:

Apryse does not sell any personal data and does not have actual knowledge that it sells the personal data of users under 16 years of age.

In addition, we may share personal data of California consumers:

• in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets or (subject to confidentiality restrictions) during the due diligence process, in accordance with applicable law;
• if Apryse or substantially all of its assets (or any group company or its assets) are acquired by a third party, in which case personal data held by it about its customers and users of its products will be one of the transferred assets, in accordance with applicable law;
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or as we believe in good faith may be reasonably necessary to comply with any law, regulation, rule, court order, or other lawful requests from governmental, regulatory or administrative agencies or law enforcement authorities (including in response to law enforcement or national security requirements), or in order to enforce or apply any terms of use applicable to a specific product, and other agreements; or to protect the rights, property, or safety of Apryse, our customers, or others;
• as otherwise may be required or permitted by applicable law.

California residents have the right to access and request:

• The categories of personal data that we collect.
• The categories of personal data we collected or sold in the previous 12 months.
• The categories of data disclosed for a business purpose in the previous twelve months.
• The specific pieces of personal data we collected about you.

California residents have the right to request the deletion of their personal data. However, this right does not apply to personal data that we need in order to:

• Complete the transaction for which the personal data was collected
• Detect or resolve security issues, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for the activity;
• Address any functionality-related issues
• Comply with any applicable federal or state law
• Conduct research in the public interest
• Ensure the right to free speech
• Carry out actions for internal purposes.

California residents have the right to not be discriminated against (as provided for in applicable law) for exercising certain of your rights hereunder.

To exercise any of your rights as a consumer please submit a verifiable consumer request to us. You may submit a verifiable consumer request by emailing us at privacy@apryse.com or contact us via our website at https://www.apryse.com/form/contact-us/. A California consumer may only make a verifiable request to exercise their rights twice within a 12-month period. The verifiable request must: (1) provide sufficient information for us to verify your identity, and (2) be in sufficient detail that we can reasonably understand the request, evaluate it, and respond. You may have an authorized agent submit a request to know, or a request to delete so long as you provide the authorized agent with written permission to submit the relevant request and you verify your own identify directly with us. Such restrictions do not apply where you provide your authorized agent with power of attorney pursuant to California Probate Code sections 4121 to 4130. If we are unable to verify your request then we will be unable to provide you with the information you seek or delete any personal data we retain.