Noibu is Committed to Protecting Your Personal Information
Noibu Privacy Policy
Noibu Technologies Inc. (“Noibu”, “We”, “Us”, or the “Company”) has created this Privacy Policy (“Policy”) in order to set out how we collect, access, store, disclose, and otherwise process personal information In this Policy, “Personal Information” refers to any information that on its own, or in combination with other available information, can distinguish an individual, or any information with a high risk of harm that is linked directly to an individual (eg. financial, medical, government).
We are committed to protecting your privacy in accordance with the highest level of privacy regulation. As such, we follow the obligations under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the applicable provincial legislations, the EU’s General Protection Data Regulation (GDPR), and California’s Consumer Protection Act (CCPA).
1 WHAT DOES THIS POLICY COVER?
This policy applies to all Noibu websites, domains, applications, services, and products.
This Policy covers our collection, use and disclosure of information about identifiable individuals (“Personal Information”), particularly those individuals who complete transactions with our e-commerce clients (our “Clients”).
This Policy does not apply to the practices of companies that we do not own or control, including those practices of our Clients. We cannot accept liability for the actions or policies of these independent sites, and we are not responsible for the content or privacy practices of such sites.You should review the applicable privacy policy of any company with which you do business. We do not knowingly collect or solicit Personal Information from anyone under the age of 16.
This Privacy Policy applies when you interact with us by doing any of the following:
- Make use of our application and services as an authorized user
- Visit any of our websites that link to this Privacy Statement
- Visit any of our branded social media pages
- Visit our physical offices
- Attend any of our branded or sponsored events
- Receive any communication from us including newsletters, emails, calls, or texts
- Register for, attend and/or take part in our events, webinars, or contests
2 COLLECTION AND USE OF PERSONAL INFORMATION AND OTHER DATA
2.1 Client Account Information
In order to use certain aspects of the Service, representatives of our Client Users may be required to have a valid Noibu account to log in to the Service (“Account”). When our Clients register for the Service, we generally collect only business contact information, including the company name and address. Noibu may also collect credit card billing information in order to process payments for the Noibu Service and Professional Services.
2.2 End User Data
When end users of our Client, including online shoppers (“End Users”), engage in a transaction with the e-commerce Client of Noibu, Noibu records de-identified behaviour by IP and no other PI or PII is retained.
Purpose and Legal Basis for the Processing of Personal Data
We collect and use personal data about you with your consent to provide, maintain, and develop our products and services and understand how to improve them.
These purposes include:
- Building a Safe and Secure Environment
- To Verify or authenticate your identity; and
- Investigate and prevent security incidents such as breaches, attacks and hacks.
- Providing, Developing, and Improving our Products and Services
- Deliver, maintain, debug and improve our products and services.
- Enable you to access Noibu services and set up accounts.
- Provide cloud services to enable the user and administrator to access, activate, administer, and monitor Noibu and other IoT solutions.
- Provide you with technical and customer support
- Organize and Deliver Advertising and Marketing
- Aggregate your information in an anonymized form to generate usage statistics.
- Send you newsletters and other marketing communications about current and future products, programs and services, events, competitions, surveys and promotions held by us or hosted on our behalf; and
- Organize events or register attendees and schedule meetings for events.
Where we process your personal data to provide a product or service, we do so because it is necessary to perform contractual obligations. All of the above processing is necessary in our legitimate interests to provide products and services and to maintain our relationship with you and to protect our business for example against fraud. Consent will be required to initiate services with you. New consent will be required If any changes are made to the type of data collected. Within our contract, if you fail to provide consent, some services may not be available to you.
3 STORAGE LOCATION AND TRANSFER OF PERSONAL INFORMATION
Noibu stores its data, including Personal Information, on servers located in the United States and Canada, including through the use of our Sub-Processors. Your personal data may also be transferred to, and maintained on, servers residing outside of your state, province, country or other governmental jurisdiction where the data laws may differ from those in your jurisdiction. We will take appropriate steps to ensure that your personal data is treated securely and in accordance with this Privacy Policy as well as applicable data protection law. We will enter into EU Standard Contractual Clauses (or equivalent measures) with parties outside the EEA and ensure adequate controls are in place for the security of your data.
4 DISCLOSURE OF PERSONAL INFORMATION WITH THIRD PARTIES
4.1 Disclosure of Results to Clients
We do not sell your personal data to third parties, including to third-party advertisers.
4.2 Disclosure of Statistical Data
Noibu discloses aggregate statistical data to its partners and clients, such as advertisers and other third parties, who may use the data for business purposes. This information does not include any Personal Information or otherwise identify any individual End Users.
4.3 Service Providers and Business Partners
We may from time to time employ other companies and people to perform tasks on our behalf and need to share Personal Information with them to provide the Service. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. This includes third-party companies and individuals employed by us to facilitate our Service. Our current list of Sub-processors is available here.
4.4 Business Transfers
If we (or substantially all of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be made available or otherwise transferred to the new controlling entity, where permitted under applicable law.
4.5 With Your Consent
If we need to use or disclose any Personal Information in a way not identified in this Privacy Policy, we will notify you and/or obtain your express consent as required under applicable privacy laws.
5 SECURITY
The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
6 RETENTION
We will keep your Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained Personal Information will remain subject to the terms of this Privacy Policy.
7 ACCESS, CORRECTION AND ACCURACY
7.1 Your Rights for Your Personal Data
Depending on your geographical location and citizenship, your rights are subject to local data privacy regulations. These rights may include:
Right to Access (GDPR Article 15, CCPA, PIPEDA)
You have the right to request a copy of the personal data we are processing about you.
Right to Rectification (GDPR Article 16, PIPEDA)
You have the right to have incomplete or inaccurate personal data that we process about you rectified.
Right to be Forgotten (right to erasure) (GDPR Article 17, CCPA, Bill 64)
You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
Right to Restriction of Processing (GDPR Article 18)
You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or if we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish us to delete it.
Right to Portability (GDPR Article 20)
You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you or the third party that subscribes to Noibu’s services.
Right to Objection (GDPR Article 21)
Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of a legal claim.
Right Not to Be Discriminated (CCPA)
You have the right not to be denied service or have an altered experience based on having executed any of your CCPA rights.
7.2 Withdrawing Consent
If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge, such as where you wish to opt out from marketing messages that you receive from us. If you wish to withdraw your consent, please contact us at privacy@noibu.com.
7.3 How to Exercise Your Rights
You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail or by email to the Noibu Privacy Compliance Officer as listed below.
For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information.
8 CHANGES TO THIS POLICY
We may amend this Policy from time to time. Use of Personal Information we collect is subject to the Policy in effect at the time such information is collected, used or disclosed. If we make material changes or changes in the way we use Personal Information, we will notify you by posting an announcement on our App or Services or sending you an email prior to the change becoming effective. You are bound by any changes to the Policy when you use the App after such changes have been first posted.
9 CONTACT US
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at privacy@noibu.com or by mail at
Privacy Compliance Officer
979 Bank Street Suite 500
Ottawa, ON Canada K1S 5K5
Last Updated: 25-11-2021
GDPR / CCPA Commitment
The GDPR (General Data Protection Regulation) is an important piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union. The CCPA (California Consumer Privacy Act) protects the privacy of California residents.
Our commitment: Noibu has undertaken the required business and technology steps to operate in a manner compliant with GDPR / CCPA.
What has Noibu done about the GDPR / CCPA?
- Ran a compliance gap assessment to ensure our technical and organizational processes meet regulation standards.
- Updated our privacy policy to comply with GDPR / CCPA.
- Created a Data Processing Agreement with SCCs for GDPR and CCPA Service Provider Addendum.
- Ensure that we collect the minimum amount of data needed for you to use Noibu.
- Attest to not reselling anyone’s data.
- Verify that data is used only for the benefit of Noibu users.
GDPR: Data Processing Agreement (DPA)
You can access the Data Processing Agreement here. Please fill out, sign and send to info@noibu.com with the subject “Company Name, Data Processing Agreement”. We will countersign it and provide you with a fully executed downloadable copy via email within 2 business days. If you have any questions about its contents please email privacy@noibu.com.
CCPA Service Provider Addendum
You can access our CCPA Service Provider Addendum (SPA) here. This is a written contract entered into between a business and a service provider as those terms are defined in the CCPA. In order for a business to transfer personal information to Noibu who acts as a Service Provider where that transfer does not amount to a sale of personal information. The CCPA requires that a business and a service provider enter into a written contract in order to share personal information.
What do Noibu customers need to do?
- Make sure your Terms of Service or Privacy Policy properly communicate to your users how you are using Noibu (and any other similar services) on your website or app. We recommend you ensure your policies are up to date and clear to your readers.
- If you have customers in the European Union you will want to sign a DPA with Noibu. You can access the DPA here and we’ll be happy to countersign.
- If you are a business under the CCPA, consider signing our CCPA Addendum.
If you have any questions regarding GDPR please contact privacy@noibu.com.
