Privacy Policy for Cyan Analytics Inc.
Last Updated: May 2024
Cyan Analytics Inc. is a corporation under the laws of Canada (“We”). We value and respect your privacy and are committed to respecting the privacy of users of our Site and Service. This privacy policy identifies the way we collect, use, and disclose personal information through our website www.cyananalytics.io (the “Site”) and our web and mobile application platform, and your rights in connection with that information.
This Privacy Policy applies to anyone accessing our Site or Service (collectively, “You”), including (a) casual visitors to our Site who do not create an account (“Site Visitors”) and (b) individuals who have registered to use our Site or Service (“Users”). This Privacy Policy is incorporated into our Terms of Use, as applicable. If We make any changes to our Privacy Policy, we will post the revised policy to the Site and update the “Last Updated” date of the Privacy Policy.
Cyan Analytics designed and developed a data-driven platform that integrates critical information in the supply chain to create a single system of record for provenance, transparency, track & trace, sustainability, and ESG reporting &compliance. Ultimately, we present an Immutable Data-Driven Transparent Platform that provides granular insights to all partners within the supply chain and ESG ecosystem.
Defining personal information
Personal information is any information recorded in any form that identifies or can identify an individual. Thus, personal information includes your name, phone number, email address, role, and employer details (name, contact number, address/ location). Below, we outline the type of Personal Information we collect and its uses.
Collecting and Using Your Personal Information
As described above, We collect Personal Information from you in connection with your use of, or your submissions to, the Site and the provision of the Service. While using the Site or Service, We will ask you to provide the Site or Service with personally identifiable information that can be used to contact in relation to your role in using the application and services. Any information collected is subject to the Fair-Trade Principles found in Schedule 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA).
Types of Data Collected
Types of information that will be collected:
- Identifiers: first name, last name, email address, phone number
- Employment related information: employer details and contact information, job title, employee identification number
- Information supplied by the individual: Any information supplied by an individual through the ‘contact us’ section of the web page or via email or other means during the procurement of services or service delivery.
Information that will not be collected:
We only collect payment for services from companies, through pre-arranged invoicing processes and never from individuals or via email. If you are asked for payment in any way through our Site or our Service, please contact us immediately. Our contact information is found at the bottom of this Privacy Policy.
De-identified and Anonymized Data
We may create de-identified or anonymized data from your Personal Information when using it to inform policies and identify trends. This would mean removing identifiers that would link your responses back to you. We will not share your individual information outside of your organization, but We will use your information to create statistics and aggregated data for people outside of your company.
Use and Purpose of your Personal Information
Source of Information
Below, We identify how We collect User Personal Information by identifying the source and the purpose for collecting and disclosing that information where necessary.
- Registration form/ Account creation: Email, Phone number, Full name, Employment information, Inferences from other personal information
- The purpose of collection includes personalizing the Service to the User, to provide and enhance the Service, as needed, to protect against unauthorized access and to comply with legal and regulatory obligations.
- Communication with Us: contacting Customer Support, emailing Us directly, participating in surveys: Email, phone number, full name, employment information, inferences from other personal information
- To personalize the Service to the User, to enhance the User experience, to address technical issues, to provide and enhance the Service as needed, to protect against unauthorized access, to comply with legal and regulatory obligations
- Use of web and/or mobile applications: email, phone number, full name, employment contact information, inferences from other personal information, survey question responses
- To personalize the Service to the User, to enhance the User experience, to address technical issues, to provide and enhance the Service, as needed, to protect against unauthorized access, to comply with legal and regulatory obligations, to inform Your organization’s business processes and procedures
We may use your Personal Information in the following purposes:
- To provide and maintain our Service, including to monitor the usage of our Service.
- To manage your Account:to manage your registration as a user of the Service. The Personal Information you provide can give you access to different functionalities of the Service that are available to you as a Registered User.
- For the performance of a contract:the development, compliance and undertaking of the purchase contract for the products, items, or services you have purchased or of any other contract with Us through the Service.
- To contact you:To contact you by email or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To manage your requests:To address and manage your requests to Us, including technical support.
- Internal purposes, such as auditing, data analysis, and research to improve our products, services, and communications with our Users.
At any time, the User can control notification levels and communications from Us in their settings found on the Site or Service. This includes frequency of emails and mobile application push notifications. If there are significant changes to the use of your data, other than that outlined above, consent will be requested from the User.
Through data minimization, we only collect and use Personal Information as outlined above.
Limiting Collection
We limit the collection of Personal Information to that which is required for the identified purposes listed above. We are responsible for ensuring that all information collected is limited, both in amount and type, to what is needed to fulfill the identified purposes.
We will collect personal information directly from the individual who the information is about, but may also collect personal information from other sources, with the consent of the individual or where permitted or required by law, including but not limited to your organization.
Consent to Use Data
Consent to collect and use your Personal Information is gathered prior to downloading the mobile application or using any of our Services. This is also applicable when agreeing to receive email or push notifications from Us.
Consent may be implied based upon the reasonable expectations of the individual. For example, if you provide your email in response to a request for Us to communicate with you, consent will be implied for the purpose of using the information to send information to your inbox. In determining the appropriate form of consent, we will consider the sensitivity of the Personal Information. Express consent will always be sought should the primary purpose of collection be to disclose your personal information to a third-party.
Retention of your Personal Information
We will retain your Personal Information only for as long as necessary to fulfill the purposes set out in this Privacy Policy. Once those purposes have been met, your Personal Information will be securely deleted. This includes the need to provide the Service and to retain and use your Personal Information as necessary to comply with applicable law (for examples, resolve disputes, enforce legal agreements, additional legal obligations).
Our data retention period follows internal guidelines to meet applicable statutes and limitations. If you choose to no longer share your Personal Information with us, your information will be retained for six (6) months after requesting to delete or processed immediately. Once we have deleted your Personal Information, you will not be able to exercise your right to access or the right to correct or amend your data.
Data is securely stored within the Firebase database within Google Cloud.
Accuracy of Data
We make reasonable efforts to ensure your data is accurate, complete, and up to date. If you submit incorrect data and require it to be amended, you can reach out to Us directly since We rely on the submission of accurate information to make informed decisions.
Safeguarding your Personal Information
The security of your Personal Information is important to us. We implement technical, physical, and administrative safeguards to protect it. Please note, however, that we cannot fully eliminate security risks associated with the transmission or storage of Personal Information over the Internet. We encourage you to follow privacy best practices to keep your login and password information confidential. While We strive to use commercially acceptable means of protecting your Personal Information, we cannot guarantee its absolute security.
Some examples of safeguards we use include but is not limited to:
- Administrative oversight by Employer Senior Management team
- Database will not be accessed unless by authorized accounts
- Data will be hosted in Amazon
- Role based security for the client and the Service so that Organization can only access information for their own employees
- The use of two factor authentication by the technical team
- Identity Access Management is leveraged to grant access permissions based on the roles and responsibilities of users within the organization, adhering to the principle of least privilege
Transfer of your Personal Data
Your information, including Personal Information, will be held in our cloud storage locations in Canada. It means that this information may be transferred to – and maintained on- systems located outside of your province or provincial governmental jurisdiction where the data protection laws may differ.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. No transfer of your Personal Information will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
By using any portion of this Site or Service, you acknowledge and consent to the acceptance (which may include the transfer) of your information to our facilities in Canada. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Use by Minors
Our Service is intended for use by individuals 16 years of age or older. We do not knowingly collect information from individuals under the age of 13 years of age without parental consent. If you believe an individual aged 13 or under has provided us with Personal Information without parental consent, please reach out to us by using the information listed in the “Contact Us” section found at the bottom of this privacy policy.
Withdrawing your Consent
In most cases, we need access to certain Personal Information to meet contractual obligations to provide Services. Users do, however, have the right to object to the processing of the Personal Information at any time and may choose to withdraw consent. If you choose to withdraw consent or choose not to provide Personal Information, this may hinder your ability to access some or all our Services available to you. You can withdraw consent by reaching out to the contact person found in the “Contact Us” section at the bottom of this policy. At this time, Users will have access to a “Right to Delete” functionality that will purge all data collected, stored, and used by Us, should the User decide to no longer use the Service (website and/or mobile application). This will be done unless we are prohibited by legal requirements.
At any point, you may choose to opt-out of email communications with us and that can be done by hitting the “Unsubscribe” button found directly in the email communication.
Disclosure of your Personal Information
Business Transactions
If We are involved in a merger, acquisition or asset sale, your Personal Information may be transferred. We will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy.
Law enforcement
Under certain circumstances, we may be required to disclose your Personal Information if required to do so by law or in response to a court order or warrant by public authorities (e.g. a court or a government agency).
Other legal requirements
We may disclose your Personal Information in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of Our company
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of Users of the Service or the public
- Protect against legal liability
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise that you review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Changes to this Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the updated Privacy Policy on this page. The most recent version date is located at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If there are questions or concerns about Our compliance with the privacy actions listed in this policy, you can reach out to us directly.
As per the Accountability principle found in Schedule 1 of PIPEDA, you can contact us by email by reaching out Dennis Young, Chief Executive Officer who is accountable for the Site and the Service’s compliance with this Privacy Policy. He can be reached at:
Dennis Young, Chief Executive Officer
Cyan Analytics Inc.
Or by regular mail at:
1326 Barrington Street
Halifax, NS B3J 1Z1
Further information on the privacy principles and your rights in regard to your Personal Information may be found on the website of the Privacy Commissioner of Canada: https://www.priv.gc.ca/.