PRIVACY NOTICE

Dye & Durham Corporation is a leading provider of cloud-based software and technology solutions designed to improve efficiency and increase productivity for legal and business professionals. As such, we only process personal information in the context of providing our services, operating our website, or assessing job applications.

For the purposes of this Privacy Notice, any reference to Dye & Durham includes any of the present and future subsidiaries and affiliates of Dye & Durham Corporation. As such, when we mention “Dye & Durham”, “we”, “us” or “our” in this document, we are referring to the relevant company within the affiliated group responsible for processing personal information.

We are committed to providing you with exceptional service while protecting privacy and safeguarding personal information. This Privacy Notice tells you how.

If you have questions about this Privacy Notice, you may contact our Privacy Officer by mail or email to:

Dye & Durham Corporation
25 York Street, Suite 1100
Toronto, ON, Canada
M5J 2V5
Email: [email protected]

 

What personal information do we process?

Personal information means information or an opinion that relates to an identifiable individual whether the information is true or not. We process personal information through our website, through the provision of our services, and through job applications assessment.

From our website

Like most websites, this website and our third-party providers set and use cookies to manage user preferences, enable content, gather analytic and usage data, and improve the user experience. Our Cookie Policy sets out the types of cookies we use, how we use them, and how you can control and manage these cookies.

Through the provision of our services

We require some personal information to provide our services, meaning, when you order products or services from us. We also process your personal information when you have signed up to receive our newsletter or to communicate with you as part of our business relationship. In that context, we only process personal information you provide.

This is the personal information we process through our website and in providing our services:

Type of information What it includes Who it’s from
Account Data Name, email, telephone, business address, username for the online platform Client and Supplier or other persons granted view-only access to the online platform which could include a Prospect
Billing Data Billing address Client
Financial Data Bank account and payment card details Client
Customer Data Including name, maiden name, address, purchase address, date of birth, gender, previous addresses, passport or driving licence details, national insurance number Customers and Prospective Customers. Where you enter this information through an Integration, the third-party Supplier’s privacy notice will apply.
Transaction Data Details about payments to and from you and other details of products and services you have purchased from us or we have purchased from you Customer and Supplier
Technical Data Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites Customer, Supplier or Prospect using our websites
Profile Data Username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses Customer or Prospect
Usage Data Information about how you use our websites, and the products and services you order Customer
Marketing and Communications Data Includes any preferences in receiving marketing from us and our External Third Parties, and your communication preferences Customer, Prospect or Supplier

Through job applications

When you contact us to inquire about a job or to apply for a position with us, we will need some information to assess your application and to meet certain legal obligations. Our Privacy Notice – Job Applicants tells you what to expect us to do with your personal information when you apply to work for us.

If you are hired, your application information will become part of your personnel file and processed in accordance with our internal privacy policies and practices.

 

Why do we process personal information?

We will only process personal information to operate our website, provide our services, or assess job applications.

These are the specific purposes for which we process personal information:

Purpose Types of Personal Information Our Lawful Basis for Processing
To register you as a Client including user of an online platform or Integration Account, Billing, Financial Implied Consent (unless another legal basis is permitted or the collection, use or disclosure is required by applicable law)*
Performance of a contract with you
To process and deliver your order including:
Manage payments, fees and charges
Collect and recover money owed to us
Financial, Transaction, Marketing and Communications Implied Consent (unless another legal basis is permitted or the collection, use or disclosure is required by applicable law)*
Performance of a contract with you
Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:
Notifying you about changes to our terms or privacy notices
Letting you know about any website service issues
Communicating with you to deliver services or report back on provision of those services
Asking you to leave a review or take a survey
Account, Marketing and Communications Implied Consent (unless another legal basis is permitted or the collection, use or disclosure is required by applicable law)*
Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and our websites and ordering platforms (including troubleshooting, data analysis, testing, system maintenance, support, reporting, Integrations and hosting of data) Account, Technical Implied Consent (unless another legal basis is permitted or the collection, use or disclosure is required by applicable law)*
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
Necessary to comply with a legal obligation.
To use data analytics to improve our websites, ordering platforms, products/services, marketing, customer relationships and experiences Account, Technical, Usage Implied Consent (unless another legal basis is permitted or the collection, use or disclosure is required by applicable law)*
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you Account, Technical, Usage, Profile, Marketing and Communications Implied Consent (unless another legal basis is permitted or the collection, use or disclosure is required by applicable law)*
Necessary for our legitimate interests (to develop our products/services and grow our business)

*Note that certain personal information may be necessary for us to provide our services to you (for example, your name and email address to set up your account, and financial details are necessary to process your payment for the services).

 

Who do we share personal information with?

We may share personal information with our service providers to support us in providing our services. Our service providers are subject to contractual clauses where they provide sufficient guarantees to implement appropriate technical and organisational measures to meet our own privacy law requirements and we reserve the right to verify their compliance. These service providers may include providers of marketing tools, insurance policies, and professional advisers such as lawyers and accountants.

Personal information may also be transferred to an organization to whom we may choose to sell or merge parts of our business. In those cases, we ensure that the personal information remains protected at the same level prior to the merger or acquisition.

In exceptional cases, we may have to disclose personal information as required by law, but only with demonstration of lawful authority to access it.

Where do we store personal information?

We generally store personal information in the country where it is processed. In limited circumstances, personal information may be transferred to a foreign jurisdiction for processing. If we need to transfer personal information across borders, for example, to provide our services, we do so in accordance with the applicable law. We ensure that appropriate protection and mechanisms are in place, such as standard contractual clauses, to comply with applicable privacy law or we refrain from transferring across borders where the applicable law prohibits it.

 

How do we keep personal information secure?

To protect the personal information we process, we have put in place physical safeguards (such as entry-exit controls in our office), technological safeguards (such as firewalls and access controls to our electronic systems), and organisational safeguards (such as limiting access based on a need-to-know).

 

How long do we retain personal information?

We will only retain personal information for as long as necessary to fulfill the specific purposes for which we process it or as required by applicable law. Specifically,

  • We keep basic information as well as financial and transaction information about our Clients for the duration of the relationship with the Client and as long as required by local tax law after the end of that relationship.
  • We keep records of the details provided in anti-money laundering searches as required by applicable local law.
  • We keep records of addresses relating to search reports for the duration of the relationship with the Client and for seven years after the end of that relationship so that we can provide a history of searches to Clients and to investigate any claim, as the case may be.
  • We also generally keep the information that is required to provide services for the duration of the relationship with the Client and for seven years after the end of that relationship unless a legal claim arises and we have to preserve the personal information until the claim is resolved.
  • For people who have requested us to remove them from the marketing database we keep the record of their request indefinitely to ensure we fulfill their request.

In some circumstances we may anonymise personal information, meaning it can no longer be associated with an identifiable individual, for research or statistical purposes. In that case, we may use this information indefinitely since it no longer constitutes personal information.

 

Your privacy rights

As a data subject, you have rights over your personal information under applicable privacy laws, such as:

  • Right of access: You can request access to a copy of the personal information we hold about you as well as details about how and why we use the information. You can make a request for access in writing and with proof of identity, for your own security. We will respond to your request within 30 days and provide access unless we are prohibited from doing so or additional time is needed and an extension is permitted by applicable privacy law. Our ability to provide access may also be limited by applicable laws. For example, we may not be able to provide access where doing so would disclose personal information about another individual. If we cannot provide you access or if we require an extension of time, we will provide reasons.
  • Right of correction: You can request correction of your personal information as necessary and after we have verified accuracy of the new information.
  • Right to erasure: You can request erasure of the personal information we process about you if it is no longer necessary for the purposes for which we process it. As mentioned in section 6 of this Privacy Notice, we only retain personal information for as long as necessary to fulfill the specific purposes for which we process it or as required by applicable law.
  • Right to object: You can object to us processing certain information about you and if the information is not necessary to provide you with our services or review your job application, we will delete it. For example, you may object to our processing of your personal information for direct marketing. In that case, we will make sure your personal information is removed from our direct marketing lists.
  • Right of restriction: You can also request restriction of processing of your personal information. This means you can request that we limit the processing to certain purposes corresponding to the limited service you want to receive.
  • Right to data portability: You can request that we transfer the personal information you have provided us to a third party in a structured, commonly used, and machine-readable format.
  • Automated decision making: In certain circumstances, you have the right not to be subjected to automated decision making and profiling.
  • Where you provide us personal information with consent rather than as required by law, you can withdraw your consent at any time. For example, you can unsubscribe from all of our marketing emails by simply clicking “Unsubscribe” in the email. If you withdraw your consent in relation to personal information that we require to provide you with the service, we will inform you of this at the time you withdraw your consent.

Please note that your privacy rights may be limited by applicable law.

To exercise your privacy rights, please contact our Privacy Officer by email to: [email protected]

If you have unresolved concerns about our processing of personal information, you have the right to lodge a complaint with your local privacy or data protection authority.

 

Other websites

Our website may contain links to third-party websites that are not governed by this Privacy Notice. Although we endeavour to link only to sites with high privacy standards, our Privacy Notice will no longer apply once you leave one of our websites. As we are not responsible for the privacy policies of third parties, we suggest that you review the privacy notices and policies of those sites to understand how they may process, use, or disclose your personal information.

 

Contact information

If you have any questions about this Privacy Notice or our processing of your personal information, please contact our Privacy Officer by mail or email to:

Dye & Durham Corporation
25 York Street, Suite 1100
Toronto, ON, Canada
M5J 2V5
Email: [email protected]