In the context of this policy, “Personal Data” refers to any information that can be used to identify Customers or clients of Customers, such as: name, email address, phone number, account credentials, banking information, support details, communication within LASA Ltd. web applications, and any documents uploaded in connection with use of the Services.
What Personal Data we collect from you
We collect information when you provide it to us, when you use our Services, or when other sources provide it to us. The following sections detail the type and source of information collected.
Information you provide to us
Information inputted by you while using the Services or otherwise directly provided to us is collected, including the following:
When you sign up to use the Services, basic profile information is collected, including: name, title, email address, phone number, and government credentials required for accessing all features of the Services. Any profile updates or account preference information provided by you is also collected. Billing information for a primary contact is also collected; however no credit card or account information is stored for this primary contact.
Information provided through use of the Services
Through the use of our Services, including our web applications, information you provide during regular use of the Services is collected and stored. Examples of information collected and stored includes, but is not limited to: general file information, information from your clients, information retrieved directly from government websites, information and communication shared between users of the Services through notes within our web applications, as well as sensitive files, links, and correspondence uploaded to our web applications.
Information provided through marketing channels
The Services include websites owned and operated by us, as well as any promotional events and training provided by us. Any information collected from contact forms on websites, through social media channels, from participation in surveys or contests, and during promotional or training events, such as names and email addresses, is collected when submitted.
Information provided through customer support channels
The Services include customer support channels operated by us, such as email or phone support. When submitting a request to a support channel, contact information, details of the issue or request, and any supporting screenshots, information, documentation, or forwarded email chains may be stored. Notes based on phone communication with you in relation to support requests may also be stored.
Information provided through other sources
Other users of our Services may provide Personal Data about you through their regular use of the Services, including but not limited to: uploading files, communicating within our web applications, and submitting your Personal Data via our marketing events, website, or customer support channel on your behalf, with or without your prior consent.
We also may receive your Personal Data from third-party partners, such as marketing and affiliate partners, or existing Customers, who provide information about your interest or potential interest in our Services.
Information collected automatically by using our services
We collect information about you that is not directly provided to us when you use our Services, including use of any websites owned and operated by us and use of any of our web applications.
Cookies and other tracking technologies
When using our Services, we collect log data that your browser sends to us for purposes of troubleshooting, improving our Services, and identifying any misuse or security threats. This log data may include, but is not limited to: your username, the time of the event, the location of your computer, and what information was accessed.
How we use your Personal Data
We use your Personal Data for a variety of purposes, all with the intent to provide an optimal experience. The use of your Personal Data also depends on which Services you use, and is adjusted for any preferences you have communicated to us. The following sections detail how we use and disclose your Personal Data.
General use of Personal Data
We use your Personal Data to provide you with the Services, including: allowing you to use the features of the Services as intended (including processing and completing transactions), authenticating you when you log in and saving your preferences, storing your information for data retention purposes on your behalf, and ultimately for providing you with a seamless personal experience. We also may use your Personal Data such as your email address or affiliation with a particular organization to optimize your experience and deliver personalized assistance, content, or features related to that organization. Your Personal Data is also used to create efficiencies and enhance your productivity, including identifying yourself to other users and allowing communication between parties.
Customer and technical support
We use Personal Data submitted to our customer support team to troubleshoot and resolve any issues or requests you may have when using the Services. This information may include: contact information, a summary of the issue or request, and any related files or attachments. This information may be submitted directly by you through our email support system, or may be noted from telephone conversations. We also use Personal Data collected automatically (e.g. log data) to identify, troubleshoot, and resolve any issues.
We use Personal Data submitted to us or collected automatically to improve our Services. This information may be collected from Personal Data sent to our customer support team, from Customer surveys or meetings, or noted from telephone conversations. We use this Personal Data to identify feedback trends and popular feature requests, and is used for the sole purpose of enhancing our Services to deliver more value to you as a Customer. We also use information collected automatically (e.g. log data) to identify ways to improve the speed, integration capability, and reliability of our Services.
Safety and security
Your Personal Data is used to verify and authenticate your account and all associated information, as well as to monitor any abnormal activity that may be fraudulent.
Communicating with you
Marketing our Services
Aside from service-related communication, your Personal Data may also be used for the purposes of sending tailored marketing material that may be of interest to you or any affiliate organization. The marketing content received will be adjusted based on what Services you use and how you interact and engage with the Services and associated marketing efforts. These marketing communications are intended to provide you with additional valuable experiences, content, and services, and are aimed at ensuring you get the most out of the Services. Marketing communications may include, but are not limited to: information about new products, services, or features; exclusive events and contests; newsletters, content, case studies, and white papers; or affiliate promotions and services.
Marketing communications may be delivered if you have registered to use our web applications, if you submitted contact information via our website or marketing events, or if we have received your contact information from other sources. You have the ability to opt out of marketing communications with us at any time via a link at the bottom of an email sent to you by us, or by contacting our customer support team at email@example.com.
With your specific consent
Protection of business of legal interests
Your Personal Data may be shared where required by law, or when disclosure is required in connection with the acquisition, merger, or sale of a business.
Sharing with other Customers of the Services
Our Services include web applications that allow collaboration and sharing of information among various users. While there are many levels of user roles and privileges incorporated into our web applications, in many cases other Customers (e.g. team members or authorized affiliates) will be able to view, update, and delete Personal Data related to you, or submit Personal Data on your behalf, with or without your consent. While this is intended to promote the collaboration and enhance productivity using the Services, we also log user actions within our web applications to monitor misuse and ensure you are protected should issues arise. Below is a description of the most common cases where Personal Data is shared with other Customers.
The collaboration tools that are part of our web applications allow communication and collaboration among team members within an organization, as well as between independent organizations. Examples of this collaboration may include: communicating directly within our web applications and notifying internal team members or external parties, uploading or retrieving sensitive files within the web application for viewing by internal team members or external parties, and distributing sensitive documents directly from the web application via email to internal team members or external parties. Other authorized team members or external parties can view and download this Personal Data. Other authorized team members or external parties can also provide Personal Data about you when they submit information in our web applications.
Account administrators for your affiliate organization within our web applications have overarching access to view your Personal Data, including the ability to make updates and amendments to this Personal Data as they deem necessary. Account administrators can also submit Personal Data about you when they register you as a user of the Services, either with or without your consent.
In some of our web applications, Authorized Recipients (as defined and agreed to in our Standard Licensing Agreement) have access to your Personal Data, including files uploaded and communication within web applications. This access is provided solely for the purposes of using the Services as intended to create efficiencies, as well as allow the Authorized Recipients to audit and provide superior customer experience to their clients.
Sharing with third-party service providers
We share Personal Data with certain third-parties for the purposes of: providing website and web application development; providing customer and technical support; for hosting, backup, and data storage; for invoicing and payment processing; or to communicate and/or market our Services to you. However, we do not sell your Personal Data to advertisers or other third parties – your Personal Data is provided to third-parties for the sole purpose of ensuring a superior and seamless experience using our Services. We only share your Personal Data with third-party service providers with strict privacy policies and data security measures in place.
How we store and secure your Personal Data
The security of your Personal Data is a top priority for us, and we’re committed to ensuring measures are in place to securely store your Personal Data and respond to any issues in a timely manner.
Where we store your Personal Data
All Personal Data will be stored using a cloud-hosted server on the Canadian Microsoft Azure platform. Our web applications use the Canada Central (Toronto) location to store all data. Microsoft may copy customer data between regions within Canada (the Canada Central Toronto location or the Canada East Quebec location) for data redundancy or other operational purposes, but will not transfer data outside of Canada.
How we transmit and store your Personal Data
In terms of Personal Data stored in our web applications, several different approaches are taken to ensure data security and integrity is upheld at all times (at rest or in transit).
Personal Data at rest
Your Personal Data will be encrypted upon being written to the target database, and decrypted when read from that database. The technology in use for this security protocol is called Transparent Data Encryption (TDE). Data will only be accessible from a properly authenticated account, and cannot be directly copied from hardware.
File and document data at rest
Your Personal Data in the form of files or documents stored will be encrypted upon being written to the target container, and decrypted when read from that container. The technology in use for this security protocol is called Storage Service Data Encryption. Data will only be accessible from a properly authenticated account, and cannot be directly copied from hardware.
Personal Data in transit
Any Personal Data transmitted to or from a database is performed using a secure and encrypted SSL connection. This includes any connections made from client to web service via internet browser, or from web server to data resources behind the scenes.
All front-end connections also require a minimum version of TLS v1.2 to connect when using HTTPS, to ensure highest level of security and data integrity and to prevent cyber-attacks on secured connections between client and server.
If a database has been corrupted or large amounts of data has disappeared (whether deleted by accident, or no longer accessible due to system failure), daily backups can be retrieved for a period of up to 30 days prior to the current date. These backups are automatic and implemented as part of the standard server resource on Azure. Retrieving a daily backup and restoring over top of the current database minimizes potential data loss, and usually takes a few minutes to perform.
Microsoft is dedicated to the security of data stored on their servers, and as described by Microsoft, their “global incident response team works around the clock to mitigate the effects of any attack against our cloud services”. More information regarding the security measures in place to protect data stored on Microsoft servers and their commitment to compliance can be found here.
How long we retain your Personal Data
How long we retain your Personal Data depends on the type of data, what it is being used for, and if there is a business need to retain it (e.g. to comply with legal or accounting regulations). Examples of types of data we retain are described below.
We retain your account information that you provided or was provided to us when registering to use the Services until you delete your account. At this time, your information (e.g. name, phone number, email address, government credentials, and preferences) will be removed from our web applications. We will retain contact information for a primary billing contact and all financial information (e.g. invoices) for the period required to comply with applicable accounting standards.
We retain contact information (e.g. your name and email address) for communication and/or marketing purposes until you choose to opt out of receiving communications from us. More information on how to opt out can be found in the next section on “How to access and manage your Personal Data”. This contact information may have been submitted from a website owned and operated by us, a marketing event, a third-party submitting your information on your behalf, or by registering to use our Services.
Information shared using the Services
Information you share while using the Services will be retained even if your account is deleted, provided you are a part of an associated organization continuing to use the Services (e.g. your employer) or there are Authorized Recipients using the Services that require retention of your Personal Data. If your associated organization discontinues use of the Services and no Authorized Recipients require retention of your Personal Data, data will be deleted in accordance with our Standard Licensing Agreement, and you will have the opportunity to download the data during this time (more information in the “How to access and manage your Personal Data” section below).
This Personal Data (e.g. comments or files uploaded) is retained in order to allow your team members, collaborators, and Authorized Recipients continue to use the Services as intended.
How to access and manage your Personal Data
You have certain rights relating to your Personal Data, including how we can use your information and how you can manage your information. A summary of those rights can be found below:
Your Personal Data rights
View, update, and delete your Personal Data
You will be able to view and update your Personal Data from directly within our web applications by navigating to the appropriate account settings page. Information you may update includes, but is not limited to: your name, address, phone number, email address, password, and affiliated government account credentials. Organization account managers can also edit and delete information about your organization, as well as other users within your organization. In certain cases, you may also be able to view, update, and delete content you have shared (e.g. notes, files, and general information) in our web applications using the appropriate edit or delete tools.
Requests for updating Personal Data that cannot be directly updated or deleted within our web applications can be sent to firstname.lastname@example.org.
Opt out of communications
We use your Personal Data to send you communications relating to support, feature updates, surveys, and marketing promotions. You can opt out of receiving marketing or service-related communications from us by selecting the “unsubscribe” link and updating your email preference settings from the bottom of an email you have received from us, or by sending a request and your preferences directly to email@example.com.
Request a copy of your data
If you or your organization decides to discontinue use of our Services at any time, you have the right to download all related Personal Data in a timely manner in accordance with our Standard Licensing Agreement. You also have the right to request a copy of your data, and know what Personal Data we are retaining, at any point in time.
Should you have any questions, concerns, or general inquiries relating to your Personal Data, including your rights to access and control your information, please do not hesitate to contact us at firstname.lastname@example.org.