The following is the Data Privacy Policy of Enrich Software in collecting, storing, and processing personal data received from Enrich Software customers, customer employees, website visitors, Enrich Workflow Solutions application users, Enrich Software employees, and Enrich Software job applicants. In addition, it sets forth the company’s controls surrounding data loss prevention. For purposes of this Data Privacy Policy, “personal data” means any information provided to Enrich Software that relates to an identifed or identifiable individual.

Enrich Software is committed to controlling the collection, use, and disclosure of personal information provided by its clients. Enrich Software utilises many best practices concerning the protection of customer data and ensuring that all data is secure and protected. Enrich Software is committed to protecting customers’ data and to the use of data destruction, scrubbing, retention, segregation, and encryption in accordance with industry best practices.

Policy

The IT Team at Enrich Software is responsible for ensuring that the Data Privacy Policy is kept current as needed for purposes of compliance with Service Organization Control (SOC) 2 initiatives. The Chief Information Security Officer (CISO) has ultimate responsibility for the Data Privacy Policy and for all staff adherence to the policy.

We may collect, process, and/or store personal data from a number of sources, primarily to provide products and services under our contracts with our customers.

Enrich Software shall ensure that data is encrypted when it leaves the secure systems of the data center. Whether the data is in transit or at rest, Enrich Software will conform to what is commonly understood to be unbroken encryption standards.

Enrich Software shall practice log retention where applicable for tracking access for a minimum of 30 days.

Enrich Software uses physical, technical, and administrative controls to safeguard sensitive data provide to Enrich Software and to protect it from loss, misuse, and unauthorized access, disclosure, alteration, unnecessary retention, or destruction. To mitigate the inherent risk of electronic transmission over public internet, electronic communications will adhere to the following standards:

            • Email signature disclaimers will be on every email.
            • Confidential information will only be sent when necessary, and only to those who require it. Confidential information will be encrypted (e.g. Excel password-protected files at a minimum), with the password sent separately.
            • No email will be forwarded unless it does not contain confidential information (either included in attachments or in the email body).
            • For internal emails, confidential information will remain on an Enrich Software server, with just a link sent.
            • For system access credentials, login user IDs and passwords will be sent separately, and only to the person requiring them (others will not be cc’d). Phoning to deliver a password will be used whenever possible.
            • Any electronically stored data will be encrypted.
            • All outside devices, including USB storage devices, will be checked by Information Technology (IT) personnel prior to company use.

Data From Enrich Software Job Applicants and Enrich Software Employees

We collect personal data from Enrich Software job applicants to conduct our applicant review and hiring activities. We collect personal data from our employees for the purposes of fulfilling our human resources obligations to our employees, such as conducting employee performance evaluations, administering payroll and benefits (and related record-keeping), filing government reports, performing company network management and authentication, security, emergency notification management, and enhancing employee health and safety. Enrich Software employee personal data may be accessed by our human resources, IT, and management teams, and their subcontractors, in Canada and other countries, as reasonably required to fulfill these obligations, consistent with applicable law. Enrich Software takes reasonable steps to ensure that all job applicant and employee data collected is accurate, complete, and current for its intended use.

Data From Visitors and Users of our Websites and Applications

Sometimes we collect data, such as name, company name, IP address, and email or physical address, directly when visitors and users provide contact and other information through an Enrich Software website, or when a visitor asks an employee a question, makes a comment, requests support, or uses certain services. By voluntarily providing us with personal data, visitors and users consent to our use of that information in accordance with this Data Privacy Policy. If a visitor or user provides personal data to us electronically, they acknowledge and agree that such personal data may be transferred from their current location to our corporate electronic files and servers and to our subcontractors located in Canada and other countries to provide our services to the visitor or user, consistent with applicable law.

We may also obtain personal data by recording how visitors and users use our products, for example through error reports or other usage data. When the site is visited, certain personal data may be collected by recording how the visitor interacts with that site via cookies or web beacons (see the “Information Collected via Cookies” section below for further details).

Non-identifiable information

Upon a visit to our site or application, we may receive certain personally non-identifiable information about those visitors. We may store such information ourselves or it may be included in databases owned and maintained by us, our subcontractors, agents, or business partners. We may use such information and pool it with other information to track, for instance, the total number of visitors to a site and the domain names of our visitors’ internet service providers.

Information Collected via Cookies and Similar Technologies

Like most websites and applications, we also collect and/or log specific site visitor information, which may include both non-identifiable information and personal data, including what kind of browser visitors are on, what operating system they are using, their IP address, cookie information, timestamp, and clickstream information. This data is collected using log files, “cookies,” “web beacons,” or other similar technologies. “Cookies” are small files of data that may be sent to web browsers and stored on computers. With “web beacons,” when a visitor accesses certain pages on a site, an anonymous notice of that visit is generated which may be processed by us. Web beacons work in conjunction with cookies to let us know what portions of our sites are of interest to our visitors and to help us provide them with tailored information from our sites. We may collect and store this information and combine it with other personal data the visitor has provided.

Social Media Use

Social Media use is often required for marketing or even disaster recovery purposes. In the event of a disaster, social media may be used to efficiently eliminate fears and communicate accurate information regarding recovery actions. Any use of social media will involve the IT department for security, privacy, and bandwidth concerns.

Communications in written, audio, or video form will be around for a long time, so we consider the content carefully and are judicious in its use. The content will be respectful, and topics like politics and religion are not appropriate for Enrich Software communication. Brand, trademark, copyright, fair use, and privacy laws are always respected. All Enrich Software employees who participate in social media as part of their role are expected to always represent Enrich Software in a professional manner, with no exceptions. Failure to do so could have a negative impact on Enrich Software. It could also jeopardize an employee’s ability to participate in social media in the future and lead to discipline. No information will be released that could identify, or is likely to harm the reputation of, another Enrich Software employee, vendor, or customer without their prior authorization. Proper disclaimers and disclosures will also be stated where necessary. What is written, produced, or recorded is ultimately the employee’s responsibility. Participating in social media on behalf of Enrich Software is not a right and, therefore, must be taken seriously and treated with respect. Third-party site terms and conditions will be followed as well.

Enrich Software owns all authorized social media and networking content. All employees are prohibited from taking, saving, or sending any Enrich Software content distributed via social media (outside of the scope of their job) while employed or after resignation or termination. Enrich Software may limit access to social media sites to only those employees who use it in their employment duties.

Employees may not use social media websites in any way to harass, threaten, discriminate against, disparage, or defame any other employee, vendor, product, service, or business philosophy.

Our website may include social media features, such as video links, “Like” buttons, and widgets such as “Share” buttons or interactive mini-programs. Use of such social media features may collect personal data such as the IP address and website page being visited and may set a cookie to enable the feature to function. Social media features and widgets may be hosted by a third party or hosted directly on our sites. Use and interactions with these features are at the visitor’s discretion and are governed by this privacy policy.

Use of Enrich Software email addresses to register on social networks, blogs, or other online tools for personal use is prohibited. Downloading and installing plug-ins or helper applications such as those that try to access the Enrich Software email directory is also strictly prohibited.

Personal Blogs and Posts

Enrich Software takes no position on an employee’s decision to start or maintain a blog or personal website or to participate in other online social media activities outside of work. Employees identifying themselves as associated with Enrich Software on social media will ensure their profile and related content is in line with corporate values. This content would include written posts and published photos. No proprietary or confidential information (especially related to cash, security procedures, employees, vendors, and customers), exaggerated posts, obscenities, or other characterizations that could invite litigation will be shared on social media.

Research

In an ongoing effort to better understand and serve all users of Enrich Software services, we may conduct research on user demographics and interests based on the personal data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregated data with our affiliates, agents, and business partners. This aggregate information does not identify anyone personally.

How Enrich Software Uses Personal Data

If Personal Data is Provided to us Directly in Another Manner

We may use personal data in connection with the reason for which it was provided, such as to deliver the product or service requested, answer the question posed, or diagnose a technical support issue. We may also use it to send product or service notices that may be of importance to prevent, detect, or investigate illegal or fraudulent activity, or use it as otherwise disclosed when the information is provided. We may use personal data information to contact visitors to our website in the future to tell them about services we believe will be of interest. When we reach out to contact in these ways, we will do so based on prior consent received for such communications, or upon our “legitimate interest” to communicate, for instance if we have information to share based upon a prior relationship with Enrich Software. In every case, we offer the opportunity to “opt-out” from receiving further such communications.

For Employees of an Enrich Software Customer

When Enrich Software collects and processes customer employee data in accordance with a customer’s instructions set forth in our customer contract, we only use that employee data to provide products and services consistent with those customer instructions.

Our Disclosure of Personal Data

Enrich Software does not sell, rent, or provide any customer, employee, or corporate personal data to third parties, including list services, telemarketing firms, or outside companies for independent use or promotional purposes.

Enrich Software will not use, share, or distribute personal data except as follows: as necessary to maintain the security of our products; as required by applicable law; as described in a contract between Enrich Software and our customer; or as otherwise set forth in subsequent paragraphs of this section directly below.

Business Transfers

As we develop our business, we might sell or buy businesses or assets. In the event of a sale, merger, reorganization, dissolution, or similar event relating to all or a portion of our business, assets, or a site, personal data may be part of the transferred assets. There may be exceptions to this and specific contracts with customers will reflect this.

Partners and Related Third Parties

We may share information with third-party partners who resell our products and services and/or provide value-added services. We may offer with third parties (solely or jointly) webinars, white papers, or other services related to our offerings or services. We may share contact information and expressed interest in these offerings or services with third parties, if prior consent has been provided for use of this data, or if we believe we have a legitimate interest in doing so, based on those specific prior business relationships.

Legal Requirements

We may also disclose personal data if required to do so by law or in the good faith belief that such action is necessary to: comply with a legal obligation; protect and defend our rights or property; act in urgent circumstances to protect the personal safety of users of a site or the public; or protect against legal liability.

Access and Control of Personal Data

Employees of Enrich Software Customers

Employees of Enrich Software’s customers should contact the appropriate person within their employer’s organization to understand, access, change, and/or control what employee information is provided by the employer to Enrich Software so that Enrich Software may deliver its products and services to the employer under their contract.

Enrich Software Job Applicants

Job applicants to Enrich Software should reach out to their Enrich Software recruiter or Human Resources (HR) contact, as applicable, to understand, access, change, and/or control personal data that has been provided to Enrich Software in their job application submission.

Enrich Software Employees

Enrich Software employees should reach out to their Enrich Software HR contact to understand, access, change, and/or control personal data that has been provided to Enrich Software regarding their employment.

Retention of Information

We will retain personal data for any user whose web registration with us is active as needed to provide their user (or their employer, as applicable) services or information requested, or for the period needed as described in this policy or advised to the user at the time of collection. Specific contracts with customers set out the length of time specific data is retained.

Opt-outs

If, at any time after providing contact or other personal data, this data changes, or to withdraw consent about receiving information (e.g. types of marketing materials, newsletters, etc.), or to change any other use of personal data described above which we control, requests with updated information and/or new choices must be sent to the Enrich Software Help Desk: help@enrichsoftware.com. We will respond to your request to access, change, or delete your personal data within 30 days.

Contacting Us with Questions

You may contact us in the event you have questions about this Data Privacy Policy or any of our information practices, or if you have a question concerning the handling of your personal data, at help@enrichsoftware.com.

Changes to Our Privacy Policy

At times it may be necessary for us to make changes to this Data Privacy Policy. Accordingly, we reserve the right to update or modify this Data Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any personal data to us. Your continued disclosure of personal data to us after any changes or revisions to this Data Privacy Policy shall indicate your agreement with the terms of such revised Data Privacy Policy.

Mobile Phones

Employees’ mobile phones that contain employee information such as names, emails, and phone numbers, shall be protected by a password or biometric method. Mobile phones shall revert after 10 minutes, no longer, to be re-opened with a password or biometric method.

Retaliation Prohibition

Enrich Software prohibits taking negative action against any employee for reporting a possible deviation from this policy or for cooperating in an investigation. Any employee who retaliates against another for reporting a possible deviation from this policy or for cooperating in an investigation will be subject to disciplinary action, up to and including termination of employment at Enrich Software.

Policy Compliance

This policy applies to all employees, directors, volunteers, contractors, consultants, temporaries, and other workers at Enrich Software, including all personnel affiliated with third parties with authorized access to any Enrich Software information system. If any user is found to have breached this policy, they may be subject to the company’s disciplinary procedure. If a criminal offence is considered to have been committed, further action may be taken to assist in the prosecution of the offender(s).

All new hires will review and sign off on all policies at date of hire. Annually, all staff will review and sign off on all policies.