mobile-menu.jpg

PRIVACY POLICY May 1, 2020

This Privacy Policy (“Policy”) describes the personal information that Audette Analytics Inc.  (“Audette”, “we”, “our” or “us”) collects from or about you when you communicate with us or use our website (the “Site”), web-based services and products (“Services”), how we use that information, and to whom we disclose it. This Policy is part of and should be read in conjunction with our Terms of Service located at (https://audette.io/terms).

This Policy was last updated on April 23, 2019. We may amend this Policy from time to time and, as such, you should review its terms each time that you visit our Site. Any changes to this Policy will be communicated through the Site and/or by email, but will not go into effect until at least five (5) days after they are posted. By continuing to use the Site and/or Services after any such changes are posted, you agree to such changes.

Please read this Policy carefully and contact us if you have any questions. If you do not agree with this Policy, as revised from time to time, you should not access or use the Site or our Services.

Meaning of “Personal Information”

Personal information” as used in this Policy means information about an identified or identifiable individual.

Accountability and Openness / Privacy Officer

BC’s Personal Information Protection Act sets out rules for how organizations collect, use and disclose personal information. Audette is responsible for personal information under our control, and we are accountable to you for its collection, use and disclosure. We have established policies and procedures to safeguard any confidential personal information that we have on file or which we collect, and to deal with complaints and inquiries. We will only collect personally identifiable data as described in this Policy, and are committed to maintaining the accuracy, confidentiality and security of your personal information.

In this Policy, we have attempted to provide you with manageable, comprehensive and easily understandable information regarding the policies and procedures that we use to manage your personal information. Should you require further information, we invite you to  contact us directly as set out below.

Audette has designated a privacy officer (“Privacy Officer”) who is accountable for the protection of data containing personal information and for our compliance with this Policy generally, as well as for ensuring that information about our practices relating to the management of personal information is easily accessible and understood by all individuals from whom we seek consent.

All questions or concerns regarding this Policy, our compliance with it, as well as any of our  processes and procedures relating to the collection, use and disclosure of your personal information, should be directed to the Privacy Officer in writing, and sent by email to  christopher@audette.io or by post to:

Christopher Naismith

Chief Privacy Officer, Audette Analytics Inc.

1400-128 West Pender Street, Vancouver, British Columbia, V6B 1R8 Purposes - Why We Collect, Use and Disclose Information

Unless the purposes for collecting personal information are obvious and you voluntarily provide your information for those purposes, we will identify the purposes for which we collect personal information before or when we request the information so as to enable you to provide consent to its collection and use.

Furthermore, unless we receive additional consent, or the collection, use and/or disclosure  of personal information without consent is authorized by applicable law, we will only collect,  use and/or disclose personal information which is necessary for business purposes, which  include without limitation:

• to operate and maintain the Site and our web-based services, and to respond to  your requests, questions and concerns;

• to enable you to use our products and services, and to enable us to deliver those  products and services to you;

• to provide high quality customer service;

• to support our marketing activities, which may include the use of anonymized data to  demonstrate our products and services to potential customers;

• to verify that any information submitted by you is accurate and complete; • to communicate with you for other reasons related to our business, and to create a  record of your involvement with us;

• for legal purposes, which may include the handling and resolution of claims and  legal disputes, or for regulatory investigations and compliance;

• to detect and prevent error, fraud, theft and other illegal or unwanted activities; • internal business purposes, including research and data analysis, to administer or  improve our products and services, to enhance the user experience, and to improve  the functionality and quality of our products and services;

• to comply with any legal, accounting and regulatory requirements, including  reporting requirements;

• any other reasonable purpose for which you provide consent, or for which consent may be implied in accordance with this Policy and applicable law.

Where personal information that has been collected is to be used for a purpose not previously identified, and for which consent cannot be reasonably implied, the new purpose will be identified and consent obtained prior to the use of that information for the new purpose unless otherwise permitted by law.

We comply with Canadian “anti-spam” legislation, and will only send you electronic communications as permitted by law. Note that you may always unsubscribe from our electronic communications by following the “unsubscribe” link clearly included in each communication, or by notifying the Privacy Officer at the address set out above (see:  Accountability and Openness / Privacy Officer).

Collection of Information

We collect personal information only to the extent that it is necessary for the purposes set out above (see: Purpose - Why We Collect, Use and Disclose Information). In most cases, we will collect personal information directly from you when you interact with us or use our products and services.

Direct Collection

Examples of personal information that we may collect, use and disclose include your name and email address, telephone number; employer/organization name and address(es);  location; Internet Protocol (IP) address; utility portal log-in information; network access information; in-app history; associated account information and any other information that you may provide to us in conjunction with your use of our products and services.

If you provide comments or other feedback to us, you agree that such comments or other feedback become the property of Audette, and we may use and disclose them for any purpose provided that we do not associate them with your personally identifiable information without your express consent.

Information Collected Through Automated Means

Like many organizations’ websites, our web server automatically logs certain information related to a user’s visit to the Site, including the IP address of the user’s computer, the user’s Internet service provider (ISP), the type and version of the browser that the user is using, the date and time the user accessed the Site, the Internet address of the website from which the user linked directly to the Site, the operating system that the user is using,  and the pages of the Site that the user has visited. We will not attempt to link this information with the identity of individuals visiting our Site unless we have permission to do  so. We may, however, review server logs and anonymous traffic for system administration  and security purposes, for example to detect intrusions into our network, for planning and  improving web applications, and to monitor and compile statistics about website usage. The  possibility therefore exists that server log data, which contains users’ IP addresses, could in  instances of criminal malfeasance be used to trace and identify individuals. In such  instances, we may share raw data logs with the appropriate authorities for the purpose of  investigating security breaches.

We also use cookies in order to improve our service, your user experience, and to analyze  how the Site and our web-based applications are used in order to assist with our business  and marketing.

Cookies: “Cookies” are small text files that are placed on your computer by websites that  you visit. They are used to identify you to the web server, and will tell the server who you  are when you return to a page on the same website. Your browser will only send a cookie  back to the domain that originally sent it to you. A cookie cannot run any programs, deliver  any viruses, or send back information about your system. There are different types of  cookies: Session cookies expire when you close your browser. Persistent cookies remain  on your device until they are deleted or expire.

We use cookies:

● to optimize your user experience and to facilitate browsing;

● to determine, facilitate and authenticate your access privileges on the Site; ● to complete and support a current activity, to track website usage;

● to implement security features;

● to remember your preferences;

● to allow you to access your personal pages more efficiently, by storing log-in details  and other information that you have previously provided;

● for advertising purposes, to offer you relevant targeted offers and other content that  may be of interest to you; and

● to generally improve your experience.

When you visit our Site for the first time a banner informs you of the use of cookies, seeks  your express consent to their use, and provides a direct link to this information page. Most  web browsers automatically accept cookies, but if you do not wish to have cookies on your

system, you should adjust your browser settings to decline them or to alert you when  cookies are being sent. The management of cookies varies for each browner, and you  should consult the “Help” menu of your browser.

If you decline cookies, you will still be able to use the Site and our web-based applications  but your ability to access certain pages, features and functions may be affected. To find out  more about cookies, including how to see what cookies have been set and how to manage  and remove them, please visit AboutCookies.org or All_About_Cookies.org.

Consent

Except as expressly set out in this Policy or as otherwise permitted by law, consent is  required for the collection of personal information and the subsequent use or disclosure of  that information. Audette will not collect, use or disclose personal information without the  consent of the individual(s) concerned unless we are permitted or required to do so by  applicable law. Consent may be express or implied. Express consent occurs when an  individual knows what personal information is being collected and for what purposes, and  such individual willingly agrees (e.g., orally, in writing, electronically) to his or her personal  information being collected, used and disclosed as notified. Consent may be implied when:  (a) the individual does not expressly give consent, but rather volunteers information for  obvious purposes that a reasonable person would consider appropriate in the  circumstances; or (b) the individual is given notice and a reasonable opportunity to opt-out  of his or her personal information being collected, used and/or disclosed for specified  purposes, and the individual does not opt-out.

By submitting your personal information or using our products and services, you signify  your agreement to the terms and conditions of this Policy and to our use of your personal  information in accordance with this Policy and as permitted or required by law. You may  always choose not to disclose personal information. You may make inquiries, or change or  withdraw your consent to the collection, use and/or disclosure of your personal information  at any time by contacting the Privacy Officer in writing using one of the addresses listed  above (See: Accountability and Openness / Privacy Officer). In some circumstances,  particularly where our use of your information is integral to the provision or use of a product or service, your refusal to provide consent, or a change or withdrawal of consent, may  affect your transactions and/or our ability to provide you with products or services.

Disclosure to Third Parties

Except as specifically provided in this Policy, or as required or permitted by law, your  personally identifiable information will not be shared with third parties. We may, however,  disclose anonymized information for the purposes of research, academic pursuit, and  marketing and other business reasons, at our discretion.

You acknowledge that, in the course of our supply of products and services to you, we may  delegate our authority to collect, access, use, and disseminate your information to third  party subcontractors. If you do not agree to our disclosure of your information to these third  parties, we may not be able to provide you with the products, or services or programs that  we engage them to provide, and this may impact your ability to access or use our services  generally.

Third party subcontractors to which we disclose your personal information may include  payment processors, web hosts, parties that we engage with to service or install hardware,  and parties that we engage to send out marketing materials. If we transfer any personal  information to a third party subcontractor, we will provide the subcontractors only with the  information needed to perform the subcontracted service, and will use appropriate  contractual means to provide a comparable level of protection while the information is being  used by them. Without limitation, we will ensure that our third party subcontractors are  bound to adhere to our instructions, this Policy, and applicable laws; have in place  appropriate confidentiality provisions with persons processing the information; do not  engage sub-processors without our prior consent and without requiring such sub processors to be bound by written agreements; and that they return or delete all personal  information in their possession when the subcontract ends. Details regarding the personal  information that we make available to our third party contractors, and how it is used, is  available by contacting the Privacy Officer at the address set out above (see:  Accountability and Openness / Privacy Officer). Any request made by you to correct,  change or erase your personal information will be promptly communicated to any third party  subcontractors in possession of that information (see: Accuracy / Individual Access).

We may collect, use or disclose your personal information without your knowledge or  consent where we are permitted or required to do so by applicable law, government  request, request of a law enforcement agency, search warrant, subpoena or court order, or  based upon our good faith belief that it is necessary to do so in order to comply with such  law, request, warrant, subpoena or court order, or enforce our rights or to protect our  assets, the users of our website, products or services, or the public.

Retention of Personal Information

Subject to any legal or accounting requirements, we will retain personal information only as  long as necessary to fulfill the purposes for which it was collected. Personal information  that is no longer required will be destroyed, erased or made anonymous. We may retain  anonymized information indefinitely. You may request the erasure of your personal  information at any time, which we will endeavor to do without undue delay as required by applicable law. Written requests should be sent to the Privacy Officer at the address set out  above (see: Accountability and Openness / Privacy Officer). Any third party  subcontractors to which we disclose your personal information (see: Disclosure to Third  Parties) must return or destroy the information when it is no longer required for the purpose  of the subcontracted services.

Safeguards – How Information is Protected

We have implemented reasonable physical, organizational, contractual and technological  security measures to protect personal information in our possession or under our control  from loss or theft, and from unauthorized access, disclosure, copying, use or modification,  regardless of the format in which the information is held. The safeguards applied will  depend on the sensitivity of the personal information, with the highest level of protection  given to the most sensitive information. Staff permission to access personal information is  role-based, and is determined in accordance with the purpose for which the information has  been disclosed (see: Purpose - Why We Collect, Use and Disclose Information), and  the staff member’s role in fulfilling that purpose. We store data on remote servers hosted by  reputable companies. Staff and contractors who have access to personal information are  bound by confidentiality obligations in order to ensure that information is handled and  stored in a confidential and secure manner. Any credit card information that you submit will  not be stored on our servers, but rather will be sent to a PCI Level 1-compliant payment  processor for storage. When destroying personal information, we delete electronically  stored personal information and shred any tangible materials containing personal  information. While we will endeavour to destroy all copies of personal information, you  acknowledge that deleted information may continue to exist on back-up media but will not  be used unless permitted by law.

We will continually review and update our security policies and controls as technology  evolves. However, no security technology can be guaranteed to be failsafe. Using the  Internet or other public means of communication to collect and process personal data may  involve the transmission of data on an international basis and across networks not owned  and/or operated by us. Therefore, by downloading and using our information and services,  and/or communicating electronically with us, you acknowledge and agree to our processing  of personal information in this way and agree that we are not responsible for any personal  information which is lost, or which is altered, intercepted or stored by a third party without  authorization.

Accuracy / Individual Access

Audette has a responsibility to make reasonable efforts to ensure that all personal  information contained in our records or which is disclosed to third parties for the purposes  described above is accurate, complete and up-to-date. You may make a request in writing  for access to your personal information at any time by contacting the Privacy Officer at the  address set out above (see: Accountability and Openness / Privacy Officer). Including  “Request personal information” in the subject line of your email or letter will facilitate  compliance with your request. We may require you to prove your identity before we grant  you access to your personal information. Within thirty (30) business days of your written  request, we will inform you of your personal information held by us, and provide an account of the use that has been made of the information, as well as identify any third parties to  whom the information has been disclosed. In certain circumstances, Audette may not be  able to provide you with access to all or some of your personal information, in which case  you will be advised in writing of the reasons for our inability to provide you with the  information.

If you demonstrate the inaccuracy or incompleteness of your personal information, unless  unnecessary or impractical to do so, the information will be amended as appropriate. If we  are not satisfied that the request for correction is reasonable, we will annotate the  applicable personal information under our control with the correction that was requested but  not made. You should advise us immediately if you discover inaccuracies in our data or if  your personal information changes. Except as provided by applicable law, you have the  right to request that we erase any of your personal information without undue delay,  particularly in cases where the information is no longer required by us, you no longer  consent to our use of your personal information, or if our use was in violation of this Policy  or applicable law. All notices and requests regarding inaccuracies, changes or erasure  should be in writing and sent to the Privacy Officer at the address set out above (see:  Accountability and Openness / Privacy Officer).

International Transfer and Storage of Information

You acknowledge and agree that your personal information may be transmitted,  transferred, processed, backed-up and/or stored outside of Canada, including in the United  States. In particular, certain of our third party subcontractors to which we disclose your  personal information (see: Disclosure to Third Parties), may use and store that  information at their facilities outside of Canada. We will use reasonable means to ensure  that your information is protected, including written agreements with our third party  subcontractors, but cannot guarantee that the laws of any foreign jurisdiction will accord the  same degree of protection as the laws of Canada. By submitting your personal information  to us, you consent to the transmission, transfer, processing and/or storage of your personal  information outside of Canada.

Compliance

Inquiries, requests and complaints regarding our compliance with this Policy should be  directed to the Privacy Officer (see: Accountability and Openness / Privacy Officer).

Every complaint or challenge regarding our compliance with this Policy will be investigated,  and where a deficiency is found to exist, we will take appropriate measures to address it.  This may include amending our policies and procedures as necessary. We will also  cooperate with regulatory authorities to resolve any complaints that cannot be resolved  between us and an individual user.

In the event of a security breach concerning personal information, we will endeavour to  notify affected individuals without undue delay.