Updated: October 2023
Loopio Inc., together with its subsidiaries, affiliates, and related entities (collectively “Loopio”, “we”, “us”, or “our”, as applicable) respects your privacy and is committed to protecting the privacy and security of the Personal Data (as defined below), that is entrusted with us.
Loopio provides a software as a service (SaaS) platform that assists companies in curating, reviewing, maintaining and accessing a library of content for responding to requests for proposals (RFPs), request for information (RFIs), due diligence questionnaires (DDQs), and security questionnaires (SQs), collectively the (“Services”). Loopio’s Services provide technology that empowers its Users to deliver their own services, which requires at times processing confidential information, including Personal Data.
For purposes of this Policy, “Personal Data” is defined as any information relating to an identified or identifiable natural person, as may be defined, or limited under applicable privacy legislation.
Our use of your Personal Data is treated in accordance and in compliance with applicable privacy laws, including the General Data Protection Regulation (EU) 2016/679, the UK Data Protection Act, the Information Technology Act, 2000 (read with Information (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011), and the California Consumer Privacy Act of 2018 (“CCPA”).
By using or accessing our Services, our websites (including downloading content), registering for an event we are hosting, applying for a job with us or otherwise generally interacting/communicating with us, you acknowledge that we will collect, use and share your Personal Data as described in this Policy. If you do not agree to any of the provisions set out in this Policy, then you should not provide your Personal Data to us.
WHAT WE COLLECT
In order to provide you with the Services and to carry out our other contractual obligations to you, we may be required to collect, store, transfer and use the following categories of Personal Data:
- General Contact Information: First name, last name, username (or similar identifier), business billing addresses, business telephone number, business title and business email addresses.
- Technical Information: Including cookies, full/partial Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, or operating system and platform.
- Non-Personal Usage Information: Information related to your website interactions, including the full URL, clickstream information to, through, and from our website (including date and time), products viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), or methods used to browse away from the page.
- Recruitment Information: Information contained in your resume/CV, cover letter, or similar employment-related materials, including employment history, work experience and education background and any social media handles or information available about you on social media if you connect with us through any professional platforms.
- Financial Information: Bank account or credit card or debit card or other payment instrument details provided to use for payment in respect of our Services.
- Other Information: Passwords created for using our Services, and other information related to password recovery
In Loopio’s provision of the Services to you, you are the “Data Controller” (who controls the Personal Data when using the Services) and Loopio is the “Data Processor” (who processes Personal Data (either on your behalf or someone else’s) on your behalf to provide you with the Services). To the extent that you upload Personal Data you are responsible for ensuring that your use of the Services and provision of such Personal Data is in compliance with all applicable privacy laws and that you have provided all necessary notice, obtained all necessary consents, and otherwise have all authority to provide such Personal Data to Loopio for provision of our Services to you. You agree to not provide us with any sensitive Personal Data (as defined by applicable privacy laws).
To the extent the CCPA applies to you, you shall be deemed the “business” and Loopio will be deemed the “service provider”.
If you are applying for a job or otherwise interacting with Loopio beyond the use of the Services (i.e., accessing our website), you will be deemed the “Data Controller” and Loopio will be deemed the “Data Processor”.
HOW YOUR PERSONAL DATA IS COLLECTED
We use different methods to collect your Personal Data, such as directly from you when you access our website, subscribe to our Services, apply for a job with us or otherwise interact with us.
We may also collect Personal Data from you indirectly when you interact with our website by using cookies, server logs and other similar technologies. This may include Technical Information about your equipment, browsing actions and patterns from (i) third-party analytics providers (such as Google based outside the EU) and (ii) search information providers (such as Google based outside the EU). We may also collect Contact Information from publicly available sources.
HOW WE USE PERSONAL DATA
We use your Personal Data to provide you with our Services, communicate with you, deliver advertising and marketing, consider you for employment with us, or to conduct other business operations, such as using data to improve and personalize your experiences.
Examples of how we may use the Personal Data we collect include:
- Present our website and provide you with the information, products, services, and support that you request from us.
- Meet our obligations and enforce our rights arising from any contracts with you, including for billing or collections, or comply with legal requirements.
- Fulfill the purposes for which you provided the data or that were described when it was collected.
- Notify you about changes to our website or services.
- Ensure that we present our website content in the most effective manner to you and to your computer.
- Administer our website and conduct internal operations, including for troubleshooting, data analysis, testing, research, statistical, and survey purposes.
- Improve our website, products or services, marketing, or customer relationships and experiences.
- Enable your participation in our website’s interactive, social media, or other similar features.
- Measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you.
- Make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them.
- For job candidates, consider and respond to your application and assess your suitability for current and future career opportunities.
- For legal, safety, and security purposes. We may also use personal information to comply with law or for safety and security reasons, as follows:
- We may use and share personal information as we believe necessary or appropriate to comply with laws that apply to Loopio and to support our bank partners’ compliance with applicable law, including anti-money laundering (AML) and sanctions screening rules.
- We may use and share personal information to respond to lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
- We may use personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (i) protect our or others’ rights, privacy, safety or property (including by making and defending legal claims); (ii) audit our internal processes for compliance with legal and contractual requirements; (iii) enforce the terms and conditions that govern the Services; and (iv) prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
- For other disclosed purposes and with consent. We may also use personal information for other purposes that are disclosed at the time you provide personal information, or purposes where we obtain your consent.
SHARING OF PERSONAL DATA
We will only share your Personal Data with third parties where required by law or to our employees, contractors, designated agents, or third-party service providers who require it to assist us with administering our relationship with you, including providing services to us or on our behalf. Third-party service providers include, but are not limited to, those who may host our website, store data, provide back-up services, provide customer support, process customer payments, provide data analytic services, conduct surveys or obtain your feedback. We will not publish any Personal Data without specific consent and any third party to whom the Personal Data is shared, should not be permitted to disclose it further without our consent.
We require all of our third-party service providers, by written contract, to implement appropriate security measures to protect your Personal Data consistent with our policies and any data security obligations applicable to us as your service provider. We do not permit our third-party service providers to use your Personal Data for their own purposes; we only permit them to use your Personal Data for specified purposes in accordance with our explicit instructions. Details about our trusted third-party service providers is available upon written request.
We may also disclose your Personal Data to third parties for the following purposes:
- To other members of the Loopio group of companies for: (a) the purposes set out in this Policy, (b) as necessary to perform our rights or obligations with this Policy and (c) as part of our regular reporting activities to other members of the Loopio group of companies.
- To comply with legal obligations or valid legal processes such as search warrants, subpoenas, or court orders. When we disclose your Personal Data to comply with a legal obligation or legal process, we will take reasonable steps to ensure that we only disclose the minimum Personal Data necessary for the specific purpose and circumstances.
- During emergency situations or where necessary to protect the safety of persons.
- Where the Personal Data is publicly available.
- If a business transfer or change in ownership occurs, and
- For additional purposes with your consent where such consent is required by law.
CHILDREN’S PERSONAL DATA
Loopio’s Services, including our website, and web and mobile apps, are not directed to children. We do not knowingly collect personal information through the Services from children younger than the legally qualifiable age under applicable data privacy laws in different jurisdictions. If a parent or guardian becomes aware that his or her child younger than such indicated age prevalent in the appropriate jurisdiction has provided us with personally identifiable information without his or her consent, he or she should contact us at email@example.com. If we become aware that we have unknowingly collected personally identifiable information from a child younger than indicated age prevalent in the appropriate jurisdiction, we will make reasonable efforts to delete such information from our records.
Where the processing of your Personal Data by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us. You can also change your marketing preferences at any time by emailing us at firstname.lastname@example.org.
- Visiting our Website: We collect the IP (Internet protocol) addresses of all visitors to our website and other related information such as page requests, browser type, operating system and average time spent on our website. We use this information to help us understand our website activity, and to monitor and improve our website.
- Cookies: Our website uses technology called “cookies” (and/or other similar technologies such as device-IDs, in-App codes, pixel tags and web beacons). A cookie is a tiny element of data that our Website sends to a user’s browser, which may then be stored on the user’s hard drive so that we can recognize the user’s computer or device when they return. Cookies may provide us and our service providers with information that we will use to personalize our website in accordance with a user’s preferences. You may set your browser to notify you when you receive a cookie or to not accept certain cookies. However, if you decide not to accept cookies from our website, you may not be able to take advantage of all of the website features. We may also use a third party to help us gather and analyze information about the areas that users visit on the website to evaluate and improve the customer experience and the convenience of the website.
You can also obtain additional information on Google Analytics’ data privacy and security at the following links:
Please note that if you opt-out, you may still receive online advertising from us, but it will not be tailored to your interests based on online behavioural information about you. To successfully opt-out, you must have cookies enabled in your web browser (see your browser’s instructions for information on cookies and how to enable them). Your opt-out only applies to the web browser you use so you must opt-out of each web browser on each device you use. Once you opt-out, if you delete your browser’s saved cookies, you will need to opt-out again.
When you engage with Loopio’s content on or through third-party social networking websites, plug-ins and applications, we may have access to certain information associated with your social media account (e.g., name, username, email address, profile picture, gender). We may use this information to personalize your experience on the website and on the third-party social networking websites, plug-ins and applications, and to provide you with other information you may request.
We have implemented appropriate and reasonable physical, technical, and organization security measures designed to secure your Personal Data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit Personal Data access to only those employees, agents, contractors, and other third parties that have a legitimate business need for such access.
CROSS-BORDER DATA TRANSFERS
Where applicable law permits, we may be required to transfer your Personal Data to the United States and other jurisdictions, as necessary to perform the Services and for the purposes set out in this Policy. We shall make reasonable efforts to ensure that the same level of data protection as provided by us, is adhered to by the organization to whom such Personal Data is transferred. However, the measures that we use to protect Personal Data are subject to the legal requirements of the jurisdictions to which we transfer Personal Data, including lawful requirements to disclose information to law enforcement and government agencies in those countries. We will take all steps reasonably necessary to ensure that your data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this Policy and applicable law.
Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Under some circumstances we may anonymize your Personal Data (“Anonymized Data”) so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent. This Anonymized Data does not directly identify and could not reasonably be used to identify any specific individual and we use this Anonymized Data to understand, develop, improve, and market our Services, and it may be used or shared with third parties for any lawful purpose.
RIGHT OF ACCESS, CORRECTION, ERASURE, AND OBJECTION
It is important that the Personal Data we hold about you is accurate, current, and complete. Please keep us informed of any changes to your Personal Data. By law you have the right to request access to and request us to correct the Personal Data that we hold about you or withdraw your consent to the use of your Personal Data under certain circumstances. If you are no longer an active customer or are no longer interacting with Loopio, we may need to request specific information from you to help us respond to your request.
Applicable law may allow or require us to refuse to provide you with access to some or all of the Personal Data that we hold about you, or we may have destroyed, erased, or made your Personal Data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your Personal Data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
If you would like to exercise any of these rights, please contact us at email@example.com.
RIGHT TO WITHDRAW CONSENT
Where you have provided your consent to the collection, use, and transfer of your Personal Data, you may have the legal right to withdraw your consent. To withdraw your consent, if applicable, please contact us at firstname.lastname@example.org.
DATA PRIVACY OFFICER
We have appointed Neetu Toor, Loopio’s General Counsel as our Data Privacy Officer (“DPO”) to oversee compliance with this Policy and to address any questions you may have. If you have any questions about this Policy or how we handle your Personal Data or would like to request access to your Personal Data please contact us at email@example.com.
If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority, (for example, see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html), who can provide further information about your rights and our obligations in relation to your Personal Data, as well as deal with any complaints that you have about our processing of your Personal Data.
CHANGES TO THIS POLICY
We reserve the right to update this Policy at any time to reflect changes to our personal information practices. If we make material changes to the Policy, we will provide notification by updating the “Last Updated” date at the top of the Policy and posting the new Policy to our website or other Services. We may also notify you about updates through email (sent to the email address specified in your account) or use other reasonable means to alert you to changes. We strongly encourage you to refer to this Policy often for the latest information about our privacy practices.
If you have any questions or comments about this Policy or the way in which we handle your Personal Data, please contact us at:
310 Spadina Ave. Suite 600
Toronto, Ontario M5T 2E8 Canada
Attention: Legal Department