Privacy Statement
Last updated : June 2, 2022
This statement describes how AtmanCo Inc. ("we"), the operator of the AtmanCo service, collects, processes, uses and shares personal information and personal data about users of the AtmanCo service available as a web application (the "Service") and personal information collected through our website presenting our products and services (the “Website”).
“Customer” means the person or business who purchased a subscription to the Service or for whose benefit the Service is used;
“User” means an individual using the Service on behalf of the Customer or Partner, such as a human resource director or a human resource consultant;
“Respondent” means an individual using the Service at the request or direction of the Customer or Partner, such as a candidate for a position or an employee of the Customer performing an assessment.
“Respondent Data” means means data provided or inputted directly by a Respondent on the AtmanCo Platform, but excluding any data generated or derived from such data though our services.
“Visitor” means an individual browsing our Website.
“Partner” means an intermediary who resells access to the Service or uses the Service to provide services to third parties.
“personal data” refers to information about an identifiable individual.
The second person (you, your) refers to a Customer, User and/or Respondent, depending on the context.
The contact details of the person responsible for data processing is the following:
Leen Sawalha, VP Product & Growth
Atmanco Inc.
300-1050 rue de la Montagne
Montréal QC H3G 1Y8 Canada
[email protected]
1. Basis for data processing
We collect and process personal data about Customers (as applicable), Users and Respondents in connection with the operation of the Service. Our processing of personal data is mainly based on the following :
- We process personal data about Respondents based on their explicit consent, which is obtained through a consent form filled out before each assessment.
- We process personal data about Customers or Partners (as applicable) to fulfill our obligations under our agreement with Customers.
- We process personal data about Users based on our legitimate interests to fulfill our obligations to our Customers.
We may collect and process personal data about Visitors in connection with the operation of the Website in order to improve the quality of the Website, to learn about the browsing habits of our Visitors, to organize advertising campaigns targeted based on Website traffic and to offer personalized services to our users. Our processing of personal data on the Website is based on consent where visitors voluntarily provide personal data, for example by subscribing to a newsletter, and where applicable law requires that Visitors provide explicit consent for the collection of analytics data.
2. Privacy Laws
Subject to Customer’s obligations under any service agreement between us and Customer, we process Personal Data in compliance with the requirements of applicable laws and regulations relating to privacy and data protection, including, where applicable, the General Data Protection Regulation (GDPR).
3. Data collected through the Service
3.1 Respondent Information
We collect personal data about Respondents as set forth in the consent form accepted by Respondents.
3.2 User Information
We collect the following data about Users of the Service.
| Data Category | Purpose of use |
| Name, first name, email and password | User identification and authentication. |
| The content of communications transmitted by users | Respond to Users’ requests. |
Analytics data which may include:
|
4. Data collected through the Website
4.1 Information collected from Visitors
We collect the information that Visitors communicate to us (for example, by filling out a form) through the Website interface or otherwise. This information may include the data described below:
| Data category | Purpose of use |
| Name | Communicate with Visitors |
| Phone number | Communicate with Visitors |
| Email address | Respond to Visitors’ requests and for promotional purposes (only as permitted by law) Advertisement Retargeting |
| The content of the communications | Respond to Visitors requests; |
Data Collected Automatically Through the Website
We collect information automatically during Visitors’ use of the Website. This information is recorded each time a Visitor interacts with the Website. Data collected includes certain information specific to Visitors’ devices and data about Visitors’ interactions with the Website, including the data described below:
| Data category | Purpose of use |
Analytics data which may include :
|
Personalization of the Website; Detection of misuse; Advertisement retargeting; |
Where applicable law requires explicit consent from Visitors prior to the collection of analytics data we only collect strictly necessary data before such consent is given.
4.2 Data from analysis tools
When Visitors access the Website, we collect data from analytics tools such as Google Analytics. This data may include, for example, gender, age, interests. This data is not associated with a specific Visitor personally and is transmitted to us in aggregate form. Google Analytics may be deactivated on a browser through an add-on available at this address: https://tools.google.com/dlpage/gaoptout.
4.3 Data from social networks
We collect information from social networking sites or applications (Facebook, LinkedIn, Twitter, YouTube, Google+, etc.) when Visitors interact with profiles that we operate on these social networking sites or applications. These sites or applications are also governed by their own policies relating to personal data, which may differ from ours and may be applicable.
4.4 Tracking Technology
We use browser cookies and other tracking technologies to improve the performance of the Website, to personalize Visitors’ experience on the Website, and to deliver advertisements to targeted audiences (based on Website traffic only). Visitors can control the storage of browser cookies from their browser. Cookies and trackers that are not strictly necessary for the operation of the Website will not be used without the Visitor’s consent. Some tracking technologies are provided by our suppliers, and our suppliers may be able to combine some of the data collected through the Website with other data they hold about Visitors.
5. Data Processing
We process the personal data collected through the Website and the Service for the purposes described below.
5.1 Communication with Users and Customers
We process personal data about Customers and Users (such as name and email address) to communicate with Customers and Users about their use of the Service. We may also send communications about our company, products and promotions, but only if Customers and Users agree to receive marketing communications from us. We comply with all applicable regulations regarding unsolicited electronic messages. If you no longer wish to receive electronic communications from us, you may notify us at any time by writing to us at [email protected].
5.2 Operation of the Service
We use the personal data collected through the Service to identify Respondents and allow our Customers to use the Service to perform assessments involving Respondents.
5.3 Processing Based on Explicit Consent
We process personal data about Respondents as set forth in the consent form accepted by a Respondent as part of the onboarding process on the Service. Data collected from a Respondent may be used in automated profiling based on criteria selected by our Customer.
5.4 Scientific Validation
We process data derived from personal data on an anonymous basis for scientific validation purposes.
5.5 Personalization of our services and Website
We use the data collected during through the Website to offer Visitors content that corresponds to their situation or interests. For example, the home page of the Website may be displayed according to language preferences and the products and services displayed may be different depending on geographic location.
5.6 Maintenance and Security
We use the data collected through the Website and the Service and data from analytics tools to monitor users' use of the Website and the Service generally, to prevent misuse of the Website or the Service, to identify problems or bugs with the Website or the Service, and to determine what features need to be improved. We may use certain data collected automatically to ensure the security of the Website, the Service and our computer systems, for example to prevent misuse or to prevent or deter fraud.
5.7 Personalized marketing and retargeting
We use the data collected through the Website to customize our advertising campaigns based on certain data collected, such as subscription to our newsletter, interest in our products and services, and clickthrough data, such as the pages visited or the products viewed on the Website. This data allows us to target audiences to partners offering advertising services. Data collected through the Service is not used for this purpose.
6. Data Storage and Transfer
We retain personal data about Respondents for a period of 7 years from the last interaction with the Service. Any other data is kept until our business no longer requires keeping such data.
Personal data about Respondents collected through the Service (such as Respondent identity and assessment results) is stored electronically by our service providers on servers located in Canada.
Some data relating to the use of the Service and the Website, email automation, support requests and payments are processed by our service providers through facilities that may be located in jurisdictions other than Canada.
Data generated from Google Analytics is stored on servers controlled by Google.
Personal Data about individuals outside of Canada is transferred to Canada. Canada is recognized as an adequate jurisdiction for the transfer of Personal Data from the European Union. Certain data that is disclosed to our suppliers in accordance with this notice is transferred to other jurisdictions. We ensure that the transfer of such Personal Data is made with appropriate safeguards with regard to the nature of the Personal Data being transferred.
7. Security Measures
Your personal data is hosted on servers operated by our service providers and is protected by security measures proportionate with the sensitivity of the data against unauthorized access. Any financial data is subject to security measures that comply with the standards established by payment card networks.
Our employees and suppliers are informed of the confidential nature of personal data collected through the Website and the Service and are made aware of the appropriate security measures to prevent unauthorized access to personal data through an enterprise-wide cybersecurity policy.
A more complete description of the security measures in effect to protect personal data is available upon request.
8. Data Sharing
We only share personal data in the manner described in this statement and when we have obtained the consent of the relevant data subject. Your personal data may be disclosed to the categories of persons described below for the following purposes.
8.1. Employees
Personal data is accessible to our officers and employees who must have access to it in order to use the same as set forth in this privacy statement.
8.2. Customers
We share personal data collected through the Service about a Respondent with our Customer administering assessments for that Respondent. The shared data may include all data collected in connection with an assessment as set forth in the consent form executed by the Respondent.
8.3. Partners
Where a Customer purchased our services through a Partner, such Partner has access to all data collected through the Service.
8.4. Service Providers
We share personal data with service providers that allow us to provide our services more efficiently. We only share personal data with service providers that agree in writing to keep personal data confidential and to use the same only to the extent necessary to provide us with services. We ensure that any sensitive data about Respondents is processed by service providers in Canada.
A list of our service providers processing personal data is available upon request.
8.5. Legal Obligations
We may also disclose personal data to third parties if expressly permitted or required to do so by law, or if we are compelled to do so by a competent authority. We may disclose personal data in connection with legal proceedings if necessary to protect our rights or those of our users.
8.6. Transfer of Business
In the event that the sale or restructuring of all or part of our business is contemplated, we may disclose personal data to the persons or organizations involved before and after the transaction, whether or not the transaction actually takes place. In such a case, these persons or organizations commit to us to maintain the confidentiality of personal data so disclosed and to use the same exclusively for the purpose of evaluating the feasibility of the transaction and in accordance with this statement, if the transaction is completed.
9. Rights of Data Subjects
Respondents may contact us directly to exercise their rights regarding Respondent Data, including to request the deletion of Respondent Data from our systems. In some cases where we process personal data on behalf of a Customer, we may have to refer an inquiry or request from a User or Respondent to such Customer.
Users and Respondent should note that our Customers may access personal data stored within the Service and may export such data. Even if we confirm that personal data has been deleted from the Service, our Customer may continue to process such data on its own systems and Respondents should exercise their rights directly with the relevant Customer.
9.1. Right of Access and Rectification
If you would like to access personal data we hold about you or have inaccurate personal data modified in our files, you may make a written request at [email protected]. We will provide Respondents with access to Respondent Data directly. Other data about Respondents which is generated through our services, such as assessment results or psychometric profiles are processed by us on behalf of our Customer and consequently, any request regarding such data should be addressed to the relevant Customer (your employer or prospective employer in most cases).
We will respond to your request promptly (within 30 days of receipt).
If required by law, we will provide personal data in a structured, commonly used and machine-readable format.
9.2. Withdrawal of Consent
Your browser allows you to withdraw your consent to certain processing of your personal data, in particular by preventing the recording of browser cookies.
If you wish to withdraw your consent to the processing of your personal data beyond what is permitted by the Website or your browser, please notify us by writing to us at [email protected]. Using the Website or the Service entails some processing of your personal data. The only way to stop all processing of your personal data is to stop using the Website and the Service.
Respondents may withdraw their consent to the processing of their personal data based on their explicit consent (which includes processing described in the consent form) by notifying us in writing at [email protected]. Upon withdrawal of consent, we will delete such personal data from our systems, but we will not require our Customer to delete any data they may have on their own systems.
9.3. Deletion
Respondents may request the deletion of personal data collected based on their explicit consent directly from us in writing at [email protected]. Deletion of personal data from the Service does not imply that the same data will be deleted from our Customer’s systems.
Customers, Users and Respondents may request the deletion of other personal data in certain circumstances.
9.4. Restriction of Processing
Respondents may request the restriction of the processing of their personal data where such processing is unlawful, if Respondents contest the accuracy of such personal data or where deletion of personal data is not permitted under applicable law.
9.5. Complaint
If you reside on the territory of the European Economic Area, you may lodge a complaint about our processing of personal data to the supervisory authority of your place of residence.
Our business is primarily governed by the laws and regulations applicable in Quebec and Canada and is subject to the jurisdiction of privacy protection authorities in Quebec and Canada. Other than as explicitly permitted under applicable law, any complaint or claim based on this statement or on our processing of your personal data should be addressed to the authorities in the province of Quebec or in Canada.
9.6. Identity Validation
We may verify the identity of individuals asking to exercise their rights with respect to their personal data. Any information collected to perform this verification will not be used for any other purpose.
10. Modifications
We may modify this Privacy Statement from time to time to reflect changes in our personal data processing practices. If a modification is made, the new statement will be available through the Service and on the Website at the following address atmanco.com/privacy-policy.
If we have collected your contact information, we will notify you of any material changes to our privacy statement by email before the new statement takes effect.
11. Additional Information
For any additional information with respect to our processing of personal data, you may contact us at the address indicated at the beginning of this privacy statement.