Privacy Policy - Datamole

Introduction

datamole ("we," "us," or "our") is committed to protecting the privacy and security of personal information. This Privacy Statement explains how we collect, use, and protect information when you use applications and services we provide on behalf of your organization.

Information We Collect

When you access our applications, we collect the minimum information necessary to provide our services:

Authentication Information

User ID and username
Email address
Display name
Profile information shared by your organization

Access and Usage Information

Sign-in logs and authentication events
Application access patterns
Device information (type, operating system)
IP addresses and location data (for security purposes)

Security Monitoring Data

Failed login attempts
Suspicious activity indicators
Security event logs

How We Use Your Information

We use the collected information solely for the following purposes:

Authentication and Access Management: To verify your identity and grant appropriate access to applications and services
Service Delivery: To provide and maintain the applications and services requested by your organization
Security and Fraud Prevention: To detect, prevent, and respond to security incidents, fraud, and other harmful activities
Compliance: To meet legal obligations and enforce our terms of service

Legal Basis for Processing

We process your personal information in accordance with Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and British Columbia's Personal Information Protection Act (PIPA). We process your information based on:

Consent: Your organization, as the data controller, has obtained appropriate consent for us to process your information on their behalf
Contractual Necessity: Processing is necessary to perform services for your organization
Legal Obligations: We process data to comply with applicable laws and regulations
Legitimate Purposes: We process data for reasonable purposes such as security monitoring and fraud prevention, as permitted under Canadian privacy law

You may withdraw consent at any time by contacting your organization's administrator, subject to legal and contractual restrictions.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

With Your Organization: We share data with the organization that provides you access to our services
With Service Providers: We may use trusted third-party service providers who assist in delivering our services, subject to strict confidentiality obligations
For Legal Reasons: We may disclose information when required by law, court order, or government request
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Statement or as required by law. When your organization terminates its relationship with us, we will delete or anonymize your personal information in accordance with our data retention policies and applicable legal requirements.

Your Rights

Under PIPEDA and BC PIPA, you have the following rights regarding your personal information:

Right of Access: You have the right to request access to your personal information that we hold, subject to limited exceptions
Right to Correction: You can request correction of inaccurate or incomplete personal information
Right to Withdraw Consent: You can withdraw your consent for processing activities at any time, subject to legal and contractual restrictions
Right to Challenge Compliance: You can challenge our compliance with privacy laws
Right to File a Complaint: You can file a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia

How to Exercise Your Rights:

To exercise these rights, please contact your organization's administrator first, as they control your access to our services. If you have concerns about how we process your information, you may contact our Privacy Officer at privacy@datamole.ca.

We will respond to access requests within 30 days as required by Canadian privacy law. In some cases, we may extend this period by an additional 30 days if the request is complex, and we will notify you of any extension.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Regular security assessments and audits
Access controls and authentication mechanisms
Employee training on data protection and security
Incident response procedures

International Data Transfers

Your information may be transferred to and processed in countries other than Canada, including storage on Microsoft's cloud infrastructure. When we transfer personal information outside of Canada, we ensure compliance with PIPEDA and BC PIPA by:

Ensuring that data transferred to the United States or other jurisdictions receives a comparable level of protection
Using contractual safeguards such as Standard Contractual Clauses
Implementing appropriate technical and organizational security measures
Ensuring third-party service providers comply with privacy protection requirements

You have the right to know about and consent to transfers of your personal information to foreign jurisdictions where it may be accessed by law enforcement or government authorities under that jurisdiction's laws.

Children's Privacy

Our services are not directed to individuals under the age of 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children without appropriate consent from parents or guardians.

Changes to This Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our practices, services, or legal requirements. We will notify your organization of material changes and update the "Last Updated" date at the top of this statement.

Contact Us

If you have questions or concerns about this Privacy Statement or our privacy practices, please contact our Privacy Officer:

datamole
Privacy Officer: John Molendyk
Email: privacy@datamole.ca

Privacy Regulator Contact Information:

If you believe we have not addressed your privacy concerns adequately, you may contact:

Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca

Office of the Information and Privacy Commissioner for British Columbia
PO Box 9038, Stn. Prov. Govt., Victoria, BC V8W 9A4
Toll-free (BC only): 1-800-663-7867
Website: www.oipc.bc.ca

Additional Information for Organizations

If you are an organization using our services, you remain the data controller for your users' personal information. We act as a data processor (service provider) on your behalf under PIPEDA and BC PIPA.

Your Responsibilities as Data Controller:

Obtaining appropriate consent from users for the collection, use, and disclosure of their personal information
Ensuring users are aware of your privacy policies
Maintaining accountability for personal information under your control, even when processed by us
Ensuring compliance with PIPEDA, BC PIPA, and any other applicable privacy laws

Our Accountability:

We maintain accountability for personal information in our custody or control, including information transferred to third-party service providers. We have designated a Privacy Officer responsible for our compliance with privacy laws and this Privacy Statement.