Groupe GSOFT Inc. (“GSOFT”) offers tools and platforms commercialized as “Overcast” (“Overcast”) which gathers cost information about Customer’s Azure resources and issues recommendations to optimize management of resources, and allows Customer to act on those recommendations. GSOFT understands the importance of protecting personal information. For this reason, GSOFT strives to have business procedures and security safeguards in place to protect personal information under its control.
1. Application and Scope
2. International Compliance
GSOFT complies with: (i) data protection laws applicable to GSOFT ; and (ii) applicable industry standards concerning data protection, confidentiality or information security. GSOFT has global operations and therefore, in some cases, information managed by GSOFT may be transferred, processed and stored in other countries, although at all times, GSOFT will ensure that personal information is protected by confidentiality and security procedures and protections that are, at a minimum, equivalent to those employed by GSOFT itself.
GSOFT complies with this Policy as well as applicable Canadian private sector data protection laws such as the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and substantially similar provincial laws pertaining to the collection, use and disclosure of personal information. PIPEDA provides for an adequate protection of personal information according to the European Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and the Council.
GSOFT also complies with the General Data Protection Regulation (Regulation (EU) 2016/679). Where applicable, our commitment to such regulation may be found in our Data Processing Addendum.
3. Definition of Personal Information
Personal information is defined as “any information about an identifiable individual”. This may include, for example, email addresses and contact details and any similar information provided to GSOFT in the course of its business operations, or which GSOFT may receive from business inquiries. Personal information that is aggregated and cannot be associated with an identifiable individual is not considered to be personal information.
4. Collection and Use of Personal Information through Overcast
When providing Overcast, GSOFT only processes personal information in accordance with the General Terms, this Policy and applicable laws. GSOFT generally uses personal information from or about its Customers or which is received from Customers and belongs to their own customers or end users (hereinafter referred to as “Customer’s Personal Information”) for the following purposes:
- to create, establish and administer Customer’s subscription to Overcast, to respond to Customer inquiries related to its subscription and to contact Customer about GSOFT products or subscription-related matters;
- to provide products, including to provide Customer with Overcast and customer support related to Overcast;
- to measure and analyze user behavior in order to, among others, monitor, maintain and improve GSOFT products or features and to create new products, services or features;
- to meet legal and regulatory requirements and to allow GSOFT to meet contractual requirements relating to the products provided to Customer;
- to conduct surveys on the quality of Overcast or to collect feedbacks on the products and services; and
- to provide Customer with offers for additional products that GSOFT believes may be of interest to Customer.
Unless required or authorized by law, when providing products, GSOFT will not use personal information for any other or new purpose without obtaining its Customers’ consent.
5. Collection and Use of Personal Information through the Website
GSOFT generally collects and uses personal information from or about its website users as follows:
- 5.1 Information provided by users.In many cases, GSOFT collects personal information directly from users when they visit or use the website. For instance, GSOFT may collect the following types of information:
- Inquiries. GSOFT may collect users’ name, contact information, e-mail address and any information provided when users make an inquiry or contact GSOFT through the website, download documentation or gated content from the website, sign up for a webinar through the website and/or sign up to receive GSOFT’s newsletter. GSOFT will only use this information to process and answer users’ request or to manage GSOFT everyday business needs in connection with such request.
- Requests for Overcast and/or an Overcast trial. GSOFT may collect users’ name, contact information, e-mail address and any other information provided to GSOFT when users submit a request or an order for Overcast and/or an Overcast trial, to the extent such trial is available. GSOFT will only use this information to process and answer users’ request or to manage GSOFT everyday business needs in connection with such request.
- Personalization of Website. When users visit the website, they may, from time to time, be invited to provide information such as user’s title and company size to help GSOFT personalise or customise the users experience when using the website.
- 5.2 Technical information. When users visit the website, GSOFT may collect, using electronic means such as cookies, technical information. This information may include information about visits to the website, including IP address of the users’ computer and which browser was used to view the website, the users’ operating system, resolution of screen, location, language settings in browsers, the site the user came from, keywords searched (if arriving from a search engine), the number of page views, information entered, advertisements seen, etc. This data is used to measure and improve the effectiveness of the website or enhance the experience for users. While most of the time this information is depersonalized, if this information relates to an identifiable individual, GSOFT will treat this information as personal information. GSOFT may also, without limitations, collect and use the following type of information when users visit and/or interact with GSOFT on the website:
- Google Analytics: GSOFT uses Google Analytics which allows it to see information on user website activities including, but not limited to, page views, source and time spent on our website. This information is depersonalized and is displayed as numbers, meaning that it cannot be tracked back to individuals. Users may opt-out of GSOFT’s use of Google Analytics by visiting the Google Analytics opt-out page.
- Intercom: GSOFT uses Intercom which allows it to see information on user website activities including, but not limited to, page views, source and time spent on our website. However, this information is not depersonalized and users may not opt-out of GSOFT’s use of Intercom.
- Google AdWords: GSOFT uses Google AdWords Remarketing to advertise Overcast across the Internet and to advertise on third party websites (including Google) to previous visitors to the website. AdWords remarketing will display ads to users based on what parts of the GSOFT website they have viewed by placing a cookie on the users’ web browser. It could mean that GSOFT advertises to previous visitors who haven’t completed a task on the site or this could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. This cookie does not in any way identify the user or give access to the users’ computer or mobile device. The cookie is only used to indicate to other websites that the user has visited a particular page on the website, so that they may show the user ads relating to that page. If users do not wish to participate in Google AdWords Remarketing, they can opt out by visiting Google’s Ads Preferences Manager.
- 5.4 Privacy Policies of other Websites. This Policy only addresses the use and disclosure of information by GSOFT . Other websites that may be accessible through the website have their own privacy policies and data collection, use and disclosure practices.
- 5.5 Personal Information from other Sources. GSOFT may obtain from third parties additional personal information about a website user if such user gave permission to those third parties to share its information.
6. Sharing of Personal Information
GSOFT will not sell, rent or trade personal information to any third party. However, GSOFT may share personal information when authorized and/or required by law or as follows:
- 6.1 Service providers. GSOFT may grant access to personal information to third party services providers in connection with the performance or the improvement of its website and products. Before sharing any personal information with any of its third party service providers, GSOFT will ensure that the third party maintains reasonable data management practices for maintaining the confidentiality and security of personal information and preventing unauthorized access.
- 6.2 As permitted or required by law. GSOFT may disclose personal information as required by applicable law or by proper legal or governmental authority. GSOFT may also disclose information to its accountants, auditors, agents and lawyers in connection with the enforcement or protection of its legal rights. GSOFT may also release certain personal information when it has reasonable grounds to believe that such release is reasonably necessary to protect the rights, property and safety of others and itself, in accordance with or as authorized by law. In the event GSOFT receives a governmental or other regulatory request for any Customer’s Personal Information, it agrees to immediately notify Customer in order that Customer shall have the option to defend such action. GSOFT shall reasonably cooperate with Customer in such defense.
- 6.3 Business transaction. GSOFT may disclose personal information to a third party in connection with a sale or transfer of business or assets, an amalgamation, re-organization or financing of parts of our business. However, in the event the transaction is completed, personal information will remain protected by applicable data protection laws. In the event the transaction is not completed, GSOFT will require the other party not to use or disclose the personal information received in any manner whatsoever and to delete such information.
7. Security of Personal Information
GSOFT will store and process the personal information in a manner consistent with industry security standards. GSOFT has implemented technical, organizational and administrative systems, policies, and procedures to help ensure the security, integrity and confidentiality of personal information and to mitigate the risk of unauthorized access to or use of personal information, including (i) appropriate administrative, technical and physical safeguards and other security measures designed to ensure the security and confidentiality of the personal information it manages; (ii) a security design intended to prevent any compromise of its own information systems, computer networks or data files by unauthorized users, viruses or malicious computer programs; (iii) appropriate internal practices including, but not limited to, encryption of data in transit or at rest; using appropriate firewall and antivirus software; maintaining these countermeasures, operating systems and other applications with up-to-date virus definitions and security patches so as to avoid any adverse impact to the personal information that it manages; appropriate logging and alerts to monitor access controls and to assure data integrity and confidentiality; permitting only authorized users access to systems and applications; and (iv) all persons with authorized access to personal information must have a genuine business need-to-know prior to access (“Security Program”).
8. Training and Supervision
GSOFT maintains adequate training programs to ensure that its employees and any others acting on its behalf are aware of and adhere to its Security Program. GSOFT shall exercise necessary and appropriate supervision over its relevant employees to maintain appropriate confidentiality and security of the personal information it manages.
9. Data Incidents involving Customer’s Personal Information
GSOFT shall immediately notify Customer of any reasonably suspected or actual loss of data or breach or compromise of its Security Program which has or may result in the loss or unauthorized access, disclosure, use or acquisition of Customer’s Personal Information (including hard copy records) or otherwise presents a potential threat to such information (“Data Incident”). While the initial notice may be in summary form, a comprehensive written notice shall be given within 48 hours to Customer. The notice shall summarize in reasonable detail the nature and scope of the Data Incident (including each data element type) and the corrective action already taken or to be taken by GSOFT. GSOFT shall promptly take all necessary and advisable corrective actions, and shall cooperate fully with Customer in all reasonable efforts to mitigate the adverse effects of Data Incident and to prevent its recurrence.
10. How to Contact Us
Any questions or complaints regarding this Policy or GSOFT handling of personal information can be addressed by sending an email to: email@example.com.
GSOFT will review and update its policies and procedures as required to keep current with rules and regulations, new technologies, standards and customer concerns. This Policy may therefore change from time to time.
This Policy was last updated on June 13th, 2018.