1. PRIVACY COMMITMENT
IGM Technology Corp. (“we”, “us”, “our”, “IGM”) is committed to protecting the privacy of our clients, users of our products and services, and visitors to our websites. We have prepared this Privacy Notice to help you understand how we collect, use, and disclose your personal Information when you visit our websites or offices, communicate with us, and register for, or use, the Gravity™ suite of products and services (collectively known as “Gravity”).
This Privacy Notice does not apply to data submitted or uploaded to Gravity by our clients (“Client Data”). Our processing of Client Data, including collection, use, and disclosure, is governed by our agreements with our clients.
Residents of the EU and some US states have specific rights regarding handling of their personal information. For information about these rights, please refer to the region-specific sections of this Privacy Notice.
Please note that since our services or the regulatory environment may change at any time, so might this Privacy Notice.
1.1 Key Definitions
1.1.1 Data Controller
A Data Controller is a person or organization that chooses if, when, and how data (including Personal Information) is handled, including collection, processing, storage/retention, and disposition.
1.1.2 Data Processor
A Data Processor is a person or organization that processes information (data) on behalf of a Data Processor.
1.1.3 End User
The Client Information hosted within Gravity is accessible only to registered Gravity users, a group that consists of client stakeholders, subject matter experts, and IT professionals (collectively, "End Users”).
1.1.4 Personal Information
Personal Information is factual or subjective information (for example, an opinion) that relates to a person and may enable direct or indirect identification of that person. Personal Information may from time-to-time be included within Client Data.
Note: Information that you provide to us voluntarily when in contact with us, and/or information we automatically collect when you visit our website is generally Business Contact Information or anonymous browser telemetry, which is not deemed to be Personal Information under most privacy regulations.
1.1.5 Business Contact Information
Under most privacy regulations, Business Contact Information (for example, your name, business title/role, and company e-mail address, if this information is provided while doing business) is excluded from the definition of Personal Information.
1.1.6 Other Excluded Information
Under most privacy regulations, information that has been aggregated, made anonymous, or permanently de-identified (i.e., such that the information cannot be used to identify any specific person, either directly or indirectly) is excluded from the definition of Personal Information.
2. WHO WE ARE & WHAT WE DO
IGM Technology creates, develops, hosts, and maintains industry-leading solutions for automating budgeting, financial reporting, ESG reporting, and other functions that are not typically addressed by enterprise resource planning systems.
2.1 Our Responsibilities as a Data Processor
Our clients control the Client Data (including any Personal Information) that is processed by Gravity solutions. We develop, host, and maintain Gravity solutions.
We also collect Client Data in support of client financial and ESG reporting, and budgeting processes, and may subject it to extraction, transformation, and loading (ETL) as per client instructions. This data, which is typically aggregated for reporting purposes, may include some information that identifies individuals (i.e., Personal Information). Our clients control this data, which we bulk process on their behalf and in accordance with their instructions.
The information hosted within Gravity is accessible only to registered Gravity users ("End Users”). We maintain this information in accordance with stringent client security and privacy requirements based on robust and widely used security and privacy frameworks as well as industry best practices.
Note: Since IGM does not own or control, or even access, the Client Data hosted in Gravity, we cannot action requests pertaining to it unless specifically instructed to do so by the client that is storing the data. If you have such a request, please be advised that you will need to contact the organization which is using Gravity to have it addressed.
2.2 Our Responsibilities as a Data Controller
We control the data that CLS or website visitors provide to us directly and that we capture automatically during website visits.
This data generally consists of Business Contact Information, which is excluded from the definition of Personal Information under most privacy frameworks, and/or browser telemetry that is not personally identifying (e.g., IP address, anonymized site performance data).
We collect Business Contact Information from our clients to support IGM sales and services, marketing, and employee relations.
We collect browser telemetry from users of our websites to support visitor security and privacy and improve website performance.
2.3 Our Responsibilities for Third-Party Links
Our website may contain links to other third-party sites. When you click one of these links, you are visiting a website operated by someone other than us, and the operator of that website may have different privacy policies to ours. We are not responsible for the privacy practices of third-party website operators.
3. WHAT INFORMATION WE COLLECT
Information that we collect may include:
a) Business Contact Information: We may collect your name, business e-mail address, global region, telephone number, and billing/shipping address when you engage us as a service provider or prospective service provider. For example, we collect this information when you request information, purchase products and services, or create an account in Gravity. We may also collect information about your company or organization and your role within your company so that we can communicate with you.
b) Telemetry and Website Performance: Using cookies, we also collect de-identified information and aggregated usage data, how many individuals visited our website, peak hours of visits, and which page(s) were viewed. In some cases, we may also collect your Internet Protocol (“IP”) address, browser type, and device ID.
c) Internal Websites: We maintain certain internal websites accessible only to registered Gravity users. Some of these sites may use cookies that personally identify the persons seeking access, but only in the context of Business Contact Information that they or their employer has provided. This is to ensure that only registered users gain access, and then only to their own organization’s data.
d) Employee Information: If you apply for a job with IGM, we will collect information you provide to us facilitate your job application and any employment related activities.
e) Client Employees and Contacts: As an employee of our client or as a stakeholder in one of their reports, your Business Contact Information and other information relating to you may be stored and processed on the Gravity platform.
4. HOW WE COLLECT YOUR INFORMATION
a) Information You Provide to Us: You may voluntarily provide us with Business Contact Information, such as your name, e-mail address, telephone number, billing/shipping address, and company name when you create an account, make purchases, or interact with our “Request a Demo” service on our website.
b) Information We Automatically Collect: Like most websites, we receive information about your visit, usage, or interactions. We collect this information through “cookies” and similar technologies, and use it to ensure basic access and security, and improve website performance.
c) Information Provided by Our Clients: Clients use our platform to store and process information. Information stored and processed by clients is governed by their own privacy practices and policies. You are encouraged to familiarize yourself with their published privacy practices and any policies or notices to understand what information they provide to us, and your rights. We do not access this information unless requested to so by the client.
4.1 Cookies and Use of Cookie Data
A "cookie" is a data element that a website can send to your browser, which may then be stored on your system. Our websites use different kinds of cookies and/or use services that use “cookies”. The cookies used by our website do not capture any Personal Information, but they may identify your specific computer or mobile device. We use the information gathered by these cookies for various purposes, including evaluating website usage, improving our products and services, and compiling reports on user site activity.
We may also use cookies to track activity and click-through behaviour to understand your preferences and browsing habits better and provide a more personalized experience while you visit our website. Most browsers can be configured not to accept cookies or to notify you when a cookie is being sent to your browser.
4.1.1 Types of Cookies We May Use
We may use the following types of cookies on our website:
a) Strictly Necessary Cookies: These essential cookies are necessary to provide you with our services and grant you access to our website. These cookies cannot be disabled.
b) Functional Cookies: These cookies allow us to remember your choices on our website and provide you with enhanced features and personalized content. For example, these cookies can be used to remember your preferences on our website. While functional cookies can be disabled, this may result in a less satisfactory experience while using our website.
c) Performance or Analytics Cookies: These cookies collect anonymous information about how you use our website, including web pages you visit and links you click. We use the information collected by such cookies to improve and optimize our website.
d) Targeting Cookies: These cookies may be set through our site by our advertising partners or other content such as embedded videos. They may be used by those companies to build a profile of your interests and show you relevant adverts and content on other sites. They do not store Personal Information but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
4.1.2 How to Control Cookie Settings
Most browsers can be configured not to accept cookies. You may refuse the use of cookies by selecting the appropriate settings on your browser and/or choose to opt-in/out using the Website Cookie Banner. However, please note that if you do this, you might not be able to use the full functionality of our website. You can modify these settings at any time.
5. HOW WE USE YOUR PERSONAL INFORMATION
a) To Provide You with Our Services: We may use your business contact information for legitimate business purposes, including providing our services, and processing payments. We may also require this type of information to manage your account and provide customer support and quality assurance.
b) To Contact You: We require your business contact information for transactional communication, including updating you on your product order, responding to your requests and inquiries or communicating with you about standard business administration, such as the status of your purchase(s), billing, or services.
c) To Build a Relationship with You: We may communicate with you for marketing purposes with your consent, to recommend IGM products, or to provide you with content we think would be relevant to you, including promotions on products. We may also use your Personal Information to manage our relationship, communicate with you, and ask for your feedback on our services.
d) To Secure Our Environment: We may use your Personal Information to protect our company, customers, and services. We may also use the information to prevent fraud or conduct audits.
e) To Improve Our Services: We may collect usage information about how visitors enter and navigate our services or remember visitor preferences. We collect this information through cookies, analytics, and other similar technologies that provide us with de-identified and aggregated views into our services.
f) To Comply with Legal Requirements: We might be required to collect Personal Information to comply with legal obligations.
g) Other: We may use Personal Information for other purposes based on your explicit consent or as required by law.
6. WHEN MIGHT WE SHARE YOUR PERSONAL INFORMATION
There are certain circumstances in which we may disclose, transfer, or share your Business Contact Information with certain third parties. We limit who we share your Personal Information with and how much information we share. We may share your Personal Information for the following purposes:
- Where a service provider provides functions on our behalf;
- To assist in developing our services;
- To compile historical purchase information, analytics, and insights;
- To process your payments and fulfil purchases;
- To assist with marketing services;
- With subsidiaries or affiliated companies, or in the event of a merger or acquisition, or a due diligence process as part of a transaction;
- Detect, prevent, or otherwise address fraud, security, or technical issues; and/or
- If required to comply with relevant laws or respond to subpoenas or warrants served on us or protect/defend the rights of our company, customers, or users of services.
7. HOW DO WE PROTECT YOUR PERSONAL INFORMATION
We maintain physical, technical, and organizational safeguards to protect your Personal Information from misuse, unauthorized access, disclosure, and loss. We restrict access to Personal Information to those staff members and third parties who need to know the information to provide the services necessary for us to fulfill our obligation.
Despite our efforts, we cannot guarantee that information transmitted over the internet will always remain secure, which is why we encourage you to take appropriate steps to protect your information, such as creating strong passwords and not sharing your passwords with anyone.
8. HOW LONG DO WE RETAIN YOUR PERSONAL INFORMATION
Your Personal Information will be retained for at least as long as necessary to carry out the purposes set out in this Privacy Notice and subject to applicable laws. Where your information is provided to us by our client, retention periods would be defined by the client. We encourage you to reach out to the client directly to determine their retention periods.
We may de-identify and/or aggregate your Personal Information in such a way that it cannot be used alone or in combination with other information to identify you. We use this information for statistical purposes and to learn about how we can improve the quality of our services. We may retain this information without time limits to the extent that we have a legitimate and lawful interest in doing so.
Once a client terminates their account with IGM, we will retain data for a maximum of 30 days after expiry of the subscription (unless otherwise specified in an agreement), after which it will be purged from our servers.
9. WHAT ARE YOUR RIGHTS
You may have certain rights with respect to the processing of your Personal Information. This section of the Policy describes those rights and how you may exercise them should you choose to do so.
- Right to be Informed: You have the right to know how your Personal Information is being collected, used, and shared.
- Right to Access or Correction: You have the right to access and/or correct your Personal Information. We will consider and respond to requests per applicable laws.
When we receive a written request from you to access or correct your Personal Information, we will verify your identity by matching the identifying information you provide to us to the Personal Information we have about you. There may be exceptions to your right to access or correct your Personal Information prescribed by law. We will respond to your request for access or correction within a reasonable timeline, in accordance with applicable laws.
- Right to Withdraw Consent: You may opt-out of marketing communication from us either by clicking on the "Unsubscribe" link on marketing or promotional emails or by contacting us using the information in this Privacy Notice.
Withdrawing your consent will not affect the lawfulness of any processing we conducted before your withdrawal of consent or the processing of your Personal Information for any other lawful grounds other than consent.
- Right to Deletion: You have the right to ask us to delete your Personal Information in certain circumstances. In some instances, such as legal reasons, we will not be able to fulfill your deletion request. If we cannot fulfill your request, we will notify you of the reason
- Right to Restrict or Object Data Processing: You have the right to ask us to restrict the processing of your Personal Information in certain circumstances, such as if the processing of your Personal Information is unlawful, if you contest its accuracy, or if we no longer need your Personal Information for processing however it has been retained as permitted by law.
- Right to Not be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
- Right to Data Portability: You have the right to ask us to transfer your Personal Information to another organization in a structured, commonly used, and machine-readable format.
- Right to Lodge a Complaint: You have the right to complain about our processing with a supervisory authority or regulator in the jurisdiction where you believe your rights have been violated. If you are concerned about our Personal Information practices, we would appreciate hearing about it first to try to resolve your concerns. You can contact us through the methods listed under Section 14.
Verification Process and Required Information: To fulfill your request, we may need to request additional information from you to verify your identity or understand the scope of your request. We will require you to verify the Personal Information we already have about you.
If you are a resident of the EU or California, please see the Appendix for additional rights you may have in accordance with applicable laws.
10. MINORS’ PERSONAL INFORMATION
We do not knowingly collect Personal Information from minors. If you believe we have collected information about a minor without parental or legal guardian consent, please contact us at privacy@igm.technology and we will delete the information.
11. WHERE DO WE STORE PERSONAL INFORMATION
We may store and process your Personal Information in any country where we or our authorized third parties operate. These countries may not necessarily have data protection laws as comprehensive or protective as those in your country or province of residence; however, when we transfer your Personal Information in this manner across country or provincial borders, we implement adequate measures for its protection and compliance with applicable laws.
We use the adequacy determinations made by the European Commission to transfer Personal Information to countries with data protection that is adequate to the EU (e.g., Canada). We also utilize Standard Contractual Clauses and other methods as required by law to share Personal Information from the EU to other countries, where needed.
Our primary hosting location is in the United States.
12. CHANGES TO THIS PRIVACY POLICY
We may from time to time make changes to this Privacy Notice based on changes to our business or the regulatory environment.
13. HOW TO LODGE A PRIVACY COMPLAINT
If you have a complaint about how we handle your Personal Information, we would like to know so we can address your concern. You also have the right to complain to your data protection supervisory authority or privacy commissioner, as the case may be.
14. HOW TO CONTACT US
If you have any questions regarding this Privacy Policy, please contact us by email at privacy@igm.technology or by postal mail at:
IGM Technology Corp.
Attention: Privacy Officer
318-77 McMurrich St
Toronto ON M5R 3V3