Xacte - Privacy Policy

Last update: December 2021

Thank you for your visit!

This Privacy Policy (the “Policy”) contains information about the processing of personal data by Petal Solutions Inc., Xacte (Zone3W Inc.) and Petal Solutions Europe B.V. and as well as all its affiliates (“Petal”; “we”; “us”) and about how you can exercise your rights with respect to that personal data. If you have any additional questions, please do not hesitate to contact us directly:

Personal Information Protection Officer
Privacy Officer
privacy@petalmd.com
350 Charest Blvd East, Suite 300
Quebec City, Quebec G1K 3H5

As part of our digital advertising operations, we use cookies and similar tracking technologies. To demonstrate our transparency, we are a member of the AdChoices self-regulatory program, which helps Canadians better understand and control the ads they see. To learn more about this program, visit AdChoices by the Digital Advertising Alliance of Canada (“DAAC”).

To learn more about our use of personalized advertising, click here.

1. WHEN DOES THIS POLICY APPLY?

This Policy applies to our digital marketing activities, such as the use of cookies, or when you interact with us through our social networks, by email or otherwise (our “digital services”). Here are some examples of our digital services:

Your browsing and use of our websites
A request for a demo of our Petal platform
Our use of personalized advertising
Our subscription list
Online applications to our job offers

This Policy applies only to the processing of “personal” data. By “personal data” we mean any data that allows us to identify you directly or indirectly, including cookies.

A “cookie” contains data collected from the websites you visit and stored as a small text file in your browser. In this Policy, “cookie” includes tracking technologies such as tracker pixels and web beacons. If you want to know more about cookies, you can consult this article on the website of the Office of the Privacy Commissioner of Canada.

Some of the data discussed in this Privacy Policy may not be protected under the laws that apply to you. This Privacy Policy is for informational purposes only.

2. WHEN DOES THIS POLICY NOT APPLY?

This Policy does not apply to our professional services, including the processing of health information or personal data of healthcare professionals. Please see our Privacy Policy for our professional services by clicking here for more information on this topic.

This Policy also does not apply to the processing of your personal data by websites, applications or services provided by independent third parties.

For example, if you click on a link on our website that leads to a third party’s site, this Policy does not apply to that third party’s processing of your personal data. Third parties include social networks as well as services referenced through our digital services.

Please review the privacy policies of these third parties for more information on how they handle your personal data.

3. WHAT PERSONAL DATA DO WE COLLECT AND FOR WHAT PURPOSES?

We collect your personal information in order to provide you with our digital services, which include marketing our products and services, responding to your requests or interacting with you on social networks.

When we collect such personal information, we act as the data controller for individuals located in the European Union, the United Kingdom and any other relevant areas (“Europe”). As a result, we determine the lawful basis for processing your personal data.

When we process your personal data on the basis of your consent, you may withdraw that consent at any time by contacting us at privacy@petalmd.com. Some services may not be available without your consent to data processing.

Personal data relating to your communications
Exemples : Email addresses, information related to your social networks, content of emails and messages, requests for demos of our digital services.

We collect and process your personal data when you communicate with us via email or social media, or otherwise. If you communicate with us via our social media, we may have access to the personal data you make publicly available.

We collect the personal data you choose to provide, and do not use it for any other purpose.

If you are located in Europe, we respond to your requests on the basis of our legitimate interests, or with your explicit consent in certain cases.

• Personal data used for digital advertising purposes
Exemples: Browsing preferences, occupation, location, browsing habits, interests, emails

We use targeted advertising cookies to provide you with personalized advertising and to promote our services and products based on your interests. Click here to go to the section of this Policy that deals with targeted advertising. In Europe, the use of targeted advertising is subject to your explicit consent. Click here for more information on withdrawing your consent.

We use your email address to send you promotional communications through our newsletter. In Europe, these communications are only sent with your express consent. You can unsubscribe at any time by clicking on the email link or by writing to us at privacy@petalmd.com.

• Personal data related to employment
Exemples: Professional and academic experience, letters of recommendation, resumé, letters of interest

If you apply for a job offered on our website, we collect the personal information you provide to us for this purpose. If your application is selected, you may be required to provide personal information to complete a criminal record and work experience check. We will only process your personal data for the purposes of your application, but we may retain your application for a few months if we believe that reasonably related positions will be available in the near future, unless you indicate otherwise.

If you are located in Europe, we process your employment-related personal data in accordance with our legitimate interest, namely to respond to your application and fill our open positions.

• Electronic personal data
Exemples : Technical logs, IP address, device ID, browser type and configuration, operating system, mobile device type, number of visitors, number of pages viewed, duration of visits, websites visited, frequency of use, geographic location, language preferences, device information.

We automatically collect usage and technical connection information through cookies when you visit our website. This personal data is used to secure our services, to manage the performance of our services and to provide you with digital services.

In Europe, the lawful basis for our processing of this personal data lies in our legitimate interest in monitoring and securing our services.

4. WHAT TYPES OF COOKIES DO WE USE AND WHY?

We use the cookies described in the table below for the reasons indicated. Click here for more information on managing your cookie preferences..

Type of cookie	Use
Essential	Essential cookies are necessary for you to use our digital services. They cannot be disabled. They allow navigation from one page to another, for example. In Europe, we set these essential cookies on the basis of our legitimate interests, including the security of our website and making our digital services available.
Functional	These cookies collect data to enhance and personalize your experience by offering certain functionalities, such as remembering your choices, preferences and settings. In Europe, we set these cookies on the basis of your explicit consent. You may withdraw your consent at any time.
Analytical	We use Google Analytics to obtain statistics on the performance of our digital services. This data displays key metrics such as the number of visitors to the website and our social media channels, peak traffic times, conversion rates, and the geolocation and preferences of our service users. This data helps us understand how you use our services in an anonymized way so that we can improve your experience. In Europe, we set these cookies on the basis of your explicit consent. You may withdraw your consent at any time.
Marketing	We set advertising cookies such as those used by Google Tag Manager, Search Console, Google Ads, Facebook Ads and LinkedIn Adsin order to show you ads that are more relevant to you. Without these cookies, the advertisements presented to you online would not be personalized to your interests. Click here for more details on our personalized advertising practices. In Europe, we set these cookies on the basis of your explicit consent. You may withdraw your consent at any time.

5. WHAT IS PERSONALIZED ADVERTISING AND HOW DO WE USE IT?

Targeted advertising is done through advertising cookies that collect information about your browsing habits. In this way, the ads you receive are tailored to your interests. Without targeted advertising, you would still receive advertising, but it would not be relevant to you.

Click here to go to the Policy section on managing your cookie preferences.

To learn more, you can also consult the resources published by the Digital Advertising Alliance of Canada.

Here are some examples of our use of targeted advertising. If you still have questions, please don’t hesitate to contact us.

We use Facebook Ads for targeting purposes
We may provide you with interest-based advertising using Facebook Ads. This tool allows us to tailor our advertising to your behavioural patterns. We do not share your personal data or behavioural patterns with Facebook. Instead, the tool converts your email address into a unique number that Facebook uses for real-time sales of automated ad placement.

With your permission, we may also use the Facebook conversion tracking pixel to analyze the effectiveness of our ad placements for statistical and research purposes. The data collected remains anonymous; in other words, we can’t see the personal data of targeted users. Facebook may collect data through your Facebook account for the purposes of its own marketing practices, all in accordance with its own privacy policy, which you can view here.
We use Google Ads for targeting purposes
Google Ads offers a feature to target marketing audiences. We use this feature to create market segments based on the data we’ve obtained, and we use this data for targeted marketing campaigns through our Google Ads account.

6. HOW CAN YOU MANAGE YOUR COOKIE PREFERENCES?

As part of the AdChoice program, the Digital Advertising Alliance of Canada offers tools and plug-ins to help you control your cookies.

To manage preferences on your computer, use the WebChoices Consumer Choice Tool.
• To manage preferences on your mobile device, use the AppChoices tool.

If you opt out of personalized ads, you may still receive ads from Petal, but they will not be personalized.

In addition, browsers and devices have tools for controlling cookies; you can block them, be notified when they’re loaded, and control the ones already placed on your device or computer. However, if you block all cookies, you may not be able to access all the features of the service.

Cookie control tools vary depending on the browser you use. To learn more, click on the link for your browser:

You can also use the “Limit Ad Tracking” feature on iOS devices or turn off the “Ad Personalization” option on Android devices.

Finally, you can prevent your web activity from being used by Google Analytics by installing the Google Analytics Opt-out browser add-on. This add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sending information to Google Analytics about your web activity. For more information about Google’s privacy practices, please visit Google Analytics.

7. WHO DO WE SHARE YOUR PERSONAL DATA WITH?

In the provision of our digital services, some of your information may be shared with advertising partners such as Google AdWord, and with our subcontractors.

We’ll also disclose your personal data in the following situations:

If required by law, subpoena, or a request from authorities that we believe we should respond to, or if the disclosure is made necessary by an urgent and justified medical situation.
With our subsidiaries and affiliates, when necessary for the purpose of providing professional services or for business development..
In connection with a merger, acquisition or sale of some or all of our assets.

In the provision of our digital services, we may share or disclose your personal data to the categories of third parties shown in this table:

Third-party category	Explanations
Subsidiaries	Through Petal Solutions Europe B.V., our European subsidiary, we serve our customers located in Europe. We have a distribution contract with this subsidiary, which is responsible for handling sales in Europe.
Business Partners	We use third parties to promote, sell or distribute our products and services. In conducting these solicitation efforts, our partners may share personal data about their business contacts with us, and vice versa. For example, we work with Dedalus and Zorgi in Europe.
IT Service Providers	We use the services of data centres and other providers to offer you our digital services. For example, we use Hubspot to distribute our emails.
Analytical Service Provider	We use Google Analytics to better understand our digital services traffic and ad performance. We’re not able to track you individually through Google Analytics; we can only see anonymized and aggregated traffic on our website. However, Google Analytics does collect data about your browsing habits through cookies. Click here to read the Google Analytics Privacy Policy.
Recruitment Service Providers	When people apply for a job opening through our websites, we use subcontractors such as Recruitee to process and track the applications.
Advertising Partners	In conducting targeted advertising, we may share your personal information with partners such as Google, LinkedIn or Facebook. This is generally information that these entities collect through our website to provide us with digital advertising functionalities.

8. WHERE DO WE STORE YOUR PERSONAL DATA?

Your data may be hosted outside the region in which you are located. For example, it could be hosted in Canada, Europe or the United States. When we transfer your personal data outside your country of residence, we ensure that appropriate safeguards are in place to provide it with protection similar to that of your country of residence. For example, in the European Union, we can use the standard model clauses, available here.

9. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We retain your personal data for as long as necessary to provide our services to you, or longer if required by the applicable law.

We use both persistent and session cookies. Session cookies are deleted as soon as you exit your browser, while persistent cookies remain on your device for some time. For example, Google Analytics cookies remain on your device or computer for two years.

10. HOW DO WE ENSURE THE SECURITY OF YOUR PERSONAL DATA?

The security of your data is important to us, but please keep in mind that no method of transmission over the web or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We’ve implemented reasonable security measures for the risks associated with your personal data. For more information, please contact us.

11. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?

You have certain rights regarding your personal data. Your rights vary depending on the laws that apply to you and the specific circumstances of your request.

Europe

If you’re located in Europe, including the United Kingdom, we are the data controller for your personal data. We will respond to your requests in connection with statutory rights, including:

The right to be informed
The right to object to processing
The right to rectification
The right of access
The right to be delisted
The right to data portability
The right to erasure
The right to restrict processing
The right not to be subject to profiling and to obtain human intervention in an automated decision concerning you

The Commission Nationale de l’Informatique et des Libertés has published a guide providing more information about these rights. It’s important to understand that these rights are subject to certain conditions and may not be applicable.

Canada

If you’re located in Canada, your rights may vary from region to region, but generally include the right to access and, in some cases, correct your personal information.

Traitement de la demande
To exercise your rights or ask about how we process your personal data, you can contact us:

Personal Information Protection Officer / Privacy Officer
privacy@petalmd.com
350 Charest Blvd East, Suite 300
Quebec City, Quebec G1K 3H5

For security reasons and to prevent fraud, we may ask you to provide proof of identity with your request. Once the request is processed, we will securely delete this personal data.

We will help you at no extra charge. However, if you request a transcription, reproduction or transmission of your personal data, we may charge you a reasonable fee to process your request, subject to the applicable laws. In that case, we will contact you about the fee before processing your request.

If your request is denied, we will notify you in writing, providing detailed reasons and information on how to challenge our decision. We will retain the relevant personal data until you have exhausted your remedies. One thing is certain: we will respond to your request within 30 days.

Recourse in case of refusal

If you are a resident of Europe, you may file a complaint with your local organization if you are not satisfied with our practices with respect to your personal information, or with our response to your request. For example, if you live in France, you can send your complaint to the Commission Nationale de l’Informatique et des Libertés by clicking here.

Similarly, if you are located in Canada, you can file a complaint with the Privacy Commissioner of Canada by clicking here or, if you are located in Quebec, with the Commission d’accès à l’information by clicking here.

We will do our best to improve our processes so that this does not happen again. We’ll also provide you with additional information about our practices if you wish. If you’re not satisfied with our handling of your request, you may file a formal complaint with the Office of the Privacy Commissioner of Canada by completing this form or by addressing the local authorities in your country of residence.

12. WILL THIS PRIVACY POLICY BE UPDATED?

We may update this Privacy Policy as needed and to reflect our privacy obligations. The date of the last update appears at the top of the Policy.