Noibu is Committed to Protecting Your Personal Information
We are committed to protecting your privacy in accordance with the highest level of privacy regulation. As such, we follow the obligations under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the applicable provincial legislations, the EU’s General Protection Data Regulation (GDPR), and California’s Consumer Protection Act (CCPA).
1 WHAT DOES THIS POLICY COVER?
This policy applies to all Noibu websites, domains, applications, services, and products.
This Policy covers our collection, use and disclosure of information about identifiable individuals (“Personal Information”), particularly those individuals who complete transactions with our e-commerce clients (our “Clients”).
- Make use of our application and services as an authorized user
- Visit any of our websites that link to this Privacy Statement
- Visit any of our branded social media pages
- Visit our physical offices
- Attend any of our branded or sponsored events
- Receive any communication from us including newsletters, emails, calls, or texts
- Register for, attend and/or take part in our events, webinars, or contests
2 COLLECTION AND USE OF PERSONAL INFORMATION AND OTHER DATA
2.1 Client Account Information
In order to use certain aspects of the Service, representatives of our Client Users may be required to have a valid Noibu account to log in to the Service (“Account”). When our Clients register for the Service, we generally collect only business contact information, including the company name and address. Noibu may also collect credit card billing information in order to process payments for the Noibu Service and Professional Services.
2.2 End User Data
When end users of our Client, including online shoppers (“End Users”), engage in a transaction with the e-commerce Client of Noibu, Noibu records de-identified behaviour with only the IP. No other PI or PII is captured or retained.
Purpose and Legal Basis for the Processing of Personal Data
We collect and use personal data about you with your consent to provide, maintain, and develop our products and services and understand how to improve them.
These purposes include:
- Building a Safe and Secure Environment
- To Verify or authenticate your identity; and
- Investigate and prevent security incidents such as breaches, attacks and hacks.
- Providing, Developing, and Improving our Products and Services
- Deliver, maintain, debug and improve our products and services.
- Enable you to access Noibu services and set up accounts.
- Provide cloud services to enable the user and administrator to access, activate, administer, and monitor Noibu and other IoT solutions.
- Provide you with technical and customer support
- Organize and Deliver Advertising and Marketing
- Aggregate your information in an anonymized form to generate usage statistics.
- Send you newsletters and other marketing communications about current and future products, programs and services, events, competitions, surveys and promotions held by us or hosted on our behalf; and
- Organize events or register attendees and schedule meetings for events.
Where we process your personal data to provide a product or service, we do so because it is necessary to perform contractual obligations. All of the above processing is necessary in our legitimate interests to provide products and services and to maintain our relationship with you and to protect our business for example against fraud. Consent will be required to initiate services with you. New consent will be required If any changes are made to the type of data collected. Within our contract, if you fail to provide consent, some services may not be available to you.
3 STORAGE LOCATION AND TRANSFER OF PERSONAL INFORMATION
4 DISCLOSURE OF PERSONAL INFORMATION WITH THIRD PARTIES
4.1 Disclosure of Results to Clients
We do not sell your personal data to third parties, including to third-party advertisers.
4.2 Disclosure of Statistical Data
Noibu discloses aggregate statistical data to its partners and clients, such as advertisers and other third parties, who may use the data for business purposes. This information does not include any Personal Information or otherwise identify any individual End Users.
4.3 Service Providers and Business Partners
We may from time to time employ other companies and people to perform tasks on our behalf and need to share Personal Information with them to provide the Service. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. This includes third-party companies and individuals employed by us to facilitate our Service. Our current list of Sub-processors is available here.
4.4 Business Transfers
If we (or substantially all of our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information may be made available or otherwise transferred to the new controlling entity, where permitted under applicable law.
4.5 With Your Consent
The security of your Personal Information is important to us. We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
7 ACCESS, CORRECTION AND ACCURACY
7.1 Your Rights for Your Personal Data
Depending on your geographical location and citizenship, your rights are subject to local data privacy regulations. These rights may include:
Right to Access (GDPR Article 15, CCPA, PIPEDA)
You have the right to request a copy of the personal data we are processing about you.
Right to Rectification (GDPR Article 16, PIPEDA)
You have the right to have incomplete or inaccurate personal data that we process about you rectified.
Right to be Forgotten (right to erasure) (GDPR Article 17, CCPA, Bill 64)
You have the right to request that we delete personal data that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.
Right to Restriction of Processing (GDPR Article 18)
You have the right to restrict our processing of your personal data where you believe such data to be inaccurate; our processing is unlawful; or if we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal or other obligation or because you do not wish us to delete it.
Right to Portability (GDPR Article 20)
You have the right to obtain personal data we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you or the third party that subscribes to Noibu’s services.
Right to Objection (GDPR Article 21)
Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defense of a legal claim.
Right Not to Be Discriminated (CCPA)
You have the right not to be denied service or have an altered experience based on having executed any of your CCPA rights.
7.2 Withdrawing Consent
If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge, such as where you wish to opt out from marketing messages that you receive from us. If you wish to withdraw your consent, please contact us at firstname.lastname@example.org.
7.3 How to Exercise Your Rights
You can make a request to exercise any of these rights in relation to your personal data by sending the request by mail or by email to the Noibu Privacy Compliance Officer as listed below.
For your own privacy and security, at our discretion, we may require you to prove your identity before providing the requested information.
8 CHANGES TO THIS POLICY
We may amend this Policy from time to time. Use of Personal Information we collect is subject to the Policy in effect at the time such information is collected, used or disclosed. If we make material changes or changes in the way we use Personal Information, we will notify you by posting an announcement on our App or Services or sending you an email prior to the change becoming effective. You are bound by any changes to the Policy when you use the App after such changes have been first posted.
9 CONTACT US
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer at email@example.com or by mail at
Privacy Compliance Officer
979 Bank Street Suite 500
Ottawa, ON Canada K1S 5K5
Last Updated: 25-11-2021