Skip to content

Supplemental privacy statements - special jurisdictions

Last updated: July 16, 2023

The EU, EEA and the UK

This statement applies to Data Subject residing in the EU, EEA or the UK, and supplements the terms provided in the privacy statement.

Our general privacy statement was designed with the EU GDPR transparency requirements in mind. The following data subject rights will be available in addition to those described under the general statement:

  1. Right to the restriction of processing: you may ask us to temporarily cease the processing of your  Personal Information, or, only for a specific purpose or function. Please note that this too might cause us to not be able to provide you with the Products and Services or part thereof.
  2. Objection to processing: You may request us to stop processing your Personal Information. Similar exceptions as mentioned above will apply to such a case as well.
  3. Right to lodge a complaint: if you live in the EU, EEA or UK, you may lodge a complaint with the authority responsible for protecting Personal Information in your country of residence, if you believe that your rights have not been respected by us. In such a case, you are welcome to reach out to us first so we are able to help you with such a matter at: [email protected].

For any data protection-related matter, you may contact our group DPO at [email protected]

California

This statement applies to Data Subject residing in California, USA, and supplements the terms provided in the general privacy statement.

This privacy notice for California residents supplements the information contained in the Privacy Policy of Avanquest Software SAS and its subsidiaries (collectively, “we,” “us,” or “our”) and applies to Visitors, Users, and Customers who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Privacy Rights  Act of 2020 (“CPRA”) and other California privacy laws.  Any terms defined in the CPRA have the same meaning when used in this notice.

This statement refers to the information collected either automatically or, as submitted by you, when you access, use or visit any of our digital assets or support channel (digital or other), that link or otherwise refer to the general privacy statement or this supplemental statement.  

According to the California Privacy Rights regulation, the following information we wish to provide the following information about our data collection and data processing practices. Please note that the general privacy statement includes the most required information and the following disclosures are provided for the sake of extra clarity.

For any data protection-related matter, please contact our DPO at [email protected].

  1. Categories of personal information we collect and process.

    As described in our Privacy Policy, one or more of the following personal data categories may be processed by us or our affiliated companies:

    • Identifiers (such as email address, physical address, and phone number)
    • Online identifiers (such as cookies and IP address)
    • Online and network activity (engagement you make with us online, clicks, page views)
    • Device and OS information (type, versions, models)
    • Installation reports (timestamp and type of installation)
    • Products usage information (activity logs)
    • Payment and billing information
    • Marketing and advertising information (clicks, campaign metrics, referrer URLs)
    • Customer support and customer relation information (tickets, subject matter, status)
    • Signing up, registration, and account management
    • Subscription information
    • Analytics and BI

    For more details about the elements in each category, please refer back to our Privacy Policy.

  2. How we may share personal information.
  • As a rule, we do not sell your personal information or share it for monetary gain. We do use advertising services of vendors such as Google, Facebook, Bing and Linkedin, which under California law may be considered data selling. If you wish this type of data selling (i.e. sharing of IP address and cookies information for targeted advertising), you can use the opt-out option available from the footer of the page labeled as “do not sell my data“. 
  • We may share your personal information with a third party for a business purpose, including our Affiliated Companies. When we do so, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
  • In the preceding twelve (12) months, we have shared the following categories of personal information for business purposes:

Category

Business Purpose

All categories

Our hosting, processing, infrastructure and security service providers in order to provide, facilitate, process and secure the Applications, the data and the services.

Internet and network data

Service providers, web platforms, analytics services and online marketing platforms.

Support and customer services

Support and help desk services

Customer relations management and mailing list

Manage and secure your Personal Information, or, manage subscriptions and notifications lists.

Business relations

CRM and mailing list platforms

Contact information

Customer support services

Billing information

Payment processing 

Advertising and retargeting services

Displaying and serving ads and offers

Affiliated companies

We may need to disclose your data with our affiliated companies, parent companies, or subsidiaries to provide our services.

Technology partners that are integrated into Products or Websites

Widgets, or features in order to enhance a product’s functionality

Cookies and certain online identifiers

Marketing and advertising of the Services, analytics, Website and Services functionality

Legal Proceedings or law requirements

complying with applicable Laws, regulations, legal processes, or governmental requests

Merger, sale, or bankruptcy

Due diligence according to structural changes 

Special cases

Such as fraud prevention or investigation

3. Consumer privacy rights

Under the CPRA you may exercise the following rights:

  • Access and data portability rights. You may request us to access certain information we may hold about you in the past 12 months. You may also ask us to provide it to you in a human-readable fashion (subject to exemptions). If you have an account with us, you can exercise your right directly via your account, or make a request to us via the form available in the portal or via email to [email protected]. Upon receipt of your verifiable request, and provided no exceptions apply, will process the requested information. The right to access includes the following type of information (preceding 12 months):
    • The categories of personal information we collected about you.
    • The categories of sources for the personal information we collected about you.
    • Our business or other purposes for collecting that personal information.
    • The categories of third parties with whom we share that personal information.
    • The specific pieces of personal information we collected about you (also called a data portability request).
    • If we sold or shared your personal information for a business purpose.

You may only make such a request for access or data portability twice within a 12-month period.

  • Delete personal data.

    You have the right to request the deletion of personal information retained about you, subject to certain exceptions (see below). If you have an account with us, you can exercise your right directly via your account, or make a request to us as described below. When applicable, once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

    We may deny your deletion request if retaining the information is necessary for us or our service providers to:

    • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with a customer/you.
    • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
    • Debug products to identify and repair errors that impair existing intended functionality.
    • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
    • Comply with the California Electronic Communications Privacy Act (CalOPPA) or any other applicable law.
    • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
    • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
    • Comply with a legal obligation.
    • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

  • Rectify personal information. You have the right to request that we correct any inaccurate personal information that it has collected about you, including:
    • The right to request that we delete any incomplete or inaccurate personal information that it has collected about you.
    • The right to request that we provide a method to directly correct your personal information only if you have an online account and the information is reasonably available through the account.

Note: These rights to rectification only apply to the personal information we collected about you directly and do not apply to personal information that we received from a third party.

  • Opt-out of data selling or sharing. Avanquest is not in the business of selling, renting, or disclosing personal information to third parties for their direct marketing goals. We do, from time to time, may share your personal information for our marketing, advertising, and analysis purposes. If you do not want us to share your personal information, please click the ‘Do Not Sell/Share My Personal Information’ link at the footer of this page.

4. Exercising your rights and choices

  • Exercising rights to access, data portability, deletion, and rectification is best done via your account. Otherwise, you can submit a verifiable consumer request to us by email to: [email protected] or via the ‘privacy rights’ section in the portal. 
  • A verifiable consumer request is “a request that is made by a consumer, by a consumer on behalf of the consumer’s minor child, or by a natural person or a person registered with the Secretary of State, authorized by the consumer to act on the consumer’s behalf, and that the business can reasonably verify, pursuant to the regulations adopted by the Attorney General pursuant to paragraph (7) of subdivision (a) of Section 1798.185 to be the consumer about whom the business has collected personal information.”
  • Any consumer request must: (1) Be made by a registered California resident or someone on their behalf; (2) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; (3) Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
  • Making a request does not require you to create an account with us if you do not already have one.  We will only use personal information provided in a verifiable consumer request to verify the identity or authority to make the request.

 

5. Response Timing and Format

  • We strive to respond to a verifiable consumer request within 45 days of its receipt. If we require more time and meet the extension requirements defined by law, (up to 90 days), we will inform you of the reason and extension period in writing (electronically).
  • If you do not have an account with us, we will deliver our written response by email. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request if that is the case.
  • For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.
  • We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

6. Non-Discrimination

We will not discriminate against you for exercising any of your CPRA rights. Unless permitted by the CPRA or any other law, or due to your violations, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you with a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

 

7. Do not Track Signals (CalOPPA)

Do Not Track is a privacy preference that can be configured in certain web browsers (the “DNT Feature”); the DNT Feature, when enabled on a web browser, signals the websites you visit that you do not want certain information about your visit collected. Undertone does not currently respond or recognize DNT Feature signals.

8. Changes to this privacy statement

We reserve the right to amend this privacy notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you as per the notification mechanism described in our Privacy Policy, or, as otherwise required by applicable laws.

9. Contact info

If you have any questions or comments about this notice, our privacy statement, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at: [email protected].

Canada

About this statement

Complementing (however, do not substitute) the general Privacy Policy provided by Avanquest Software SAS (“Avanquest”) and its affiliated companies.

Scope and applicability

This statement applies to Data Subjects residing in Canada and is designed to comply with the Personal Information Protection and Electronic Documents Act (“PIPEDA”), and with the Quebec Privacy Legislation Modernization Act, also known as Law 25 (“Law 25”).

Terms and definitions

Any terms defined in the Privacy Policy have the same meaning when used in this notice. Any terms we use in this Canadian notice that are not defined will have the meaning we provide in the Privacy Policy or other agreements.

Collection of Personal Information

  As described in our Privacy Policy, the following data categories are collected about you:

    • Identifiers (online and physical)
    • Online and network activity
    • Device information
    • Usage information
    • Payment and billing information
    • Marketing and advertising information
    • Customer support and customer relation information

For more details about the elements in each category, please refer back to our general Privacy Policy.

Use of Personal Information

We may use your personal information for the following purposes:

    • To provide products and services to you
    • To communicate with you about your orders and shipments
    • To improve our products and services
    • To personalize your experience on our website
    • To send you marketing communications.

 

Retention and disposal of personal information

In our general privacy policy we explain the retention schedule of each personal data we collect. As a general rule, these are our data retention policies:

  • We retain personal data for as long as is required to establish the purpose for which it was collected.
  • We retain personal data beyond such a period of time when applicable legislation requires us to do so (for example, tax, labor, and so forth).
  • We may retain personal data for a longer period of time when we want to develop and improve our products and services over time. Depending on the nature, type and scope of such data, we may employ pseudo-anonymization measures to safeguard longer retention periods of such data.
  • Account and subscription information is retained until a valid and verified required for deletion is processed.
  • Subject to exemptions, we delete personal data in the following circumstances:
    • Valid and verifiable request to delete
    • No longer necessary to serve the purpose for which it was obtained or to comply with legal requirements
    • If we discover it was unlawfully processed (for example, minors, or if a valid consent was not obtained).

 

Third parties and data transfers

As part of Avanquest’s global operations, we share data with third parties, as described in our general privacy policy. This includes parties residing outside of Quebec and/or Canada. The following are categories of third parties with whom we share personal data. You have the right to request to know the name of a specific third party or the names under each category.

  • Avanquest affiliated companies (such as subsidiaries and parent companies)
  • Hosting services and storage vendors (such as Microsoft, Google and Amazon Web Services)
  • Analytics, business intelligence and statistics vendors (such as Google Analytics)
  • Support and customer services (such as ZenDesk)
  • Compliance vendors (such as OneTrust)
  • Customer relations management and mailing list (Such as Probance)
  • Billing and payment solutions (such as Upclick)
  • Advertising and marketing services (such as Google Adwords, Adsense, Facebook, Linkedin)
  • Technology partners that are integrated into Products or Websites (such as Chip.de and other features)
  • Special cases (fraud prevention or investigation)

For more details about third-party data disclosures, please refer back to our general Privacy Policy or contact our DPO at [email protected].

Your Rights

Subject to certain exemptions provided by law, you may request to exercise one or more of the following rights.

  • Right to be informed
  • Right to access
  • Right to rectification
  • Right to erasure
  • Right to withdraw consent
  • Right to restrict processing
  • Right to data portability

All the information about these rights, what they mean and how to exercise them is available on our Privacy Rights policy page.

We will try to respond to all legitimate requests within 30 days. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you.

If you have a complaint about how we use your Personal Information, we would always prefer you to contact us first at [email protected]. You also have the right to make a complaint to the Privacy Commissioner of Canada (OPC), or, to the Quebec’s Commission d’accès à l’information (CAI), as applicable.

Security Measures

We take reasonable measures to protect your personal information from unauthorized access, use, disclosure, or destruction. We only share your personal information with third parties necessary to provide our products and services, and we require these third parties to adhere to the same privacy standards as we do.

All the information about these rights, what they mean and how to exercise them is available on our Privacy Protection policy page.

Roles and responsibilities

  • For questions regarding data privacy and data governance, please contact our Data Protection Officer (DPO) at: [email protected].
  • For questions about data security, please contact our DPO at the email above or our data security manager at: [email protected].

 

Further information

If you have any questions about the Privacy Policy or have any concerns in terms of this Privacy Policy or the Company’s compliance with this Privacy Policy, please contact our privacy officer at the following address:

7075 Robert-Joncas Place, Suite 142, Saint-Laurent, QC H4M 2Z2 Canada, or [email protected]