1. WHAT IS CANOPACT’S APPROACH TO PRIVACY?
As part of our Services, Canopact can be installed into a team's Slack Workspace by a Slack Administrator.Users can then be authenticated using Slack OAuth - users do not create a username and password specifically for Canopact. This provides the benefit that when a user leaves their Slack workspace, their Canopact account is deleted automatically and their permissions are revoked - you don't need to manually remove users in Canopact.
You can review Canopact’s permissions as an app within Slack as part of the installation process and as an existing user. As an existing user, go to the Slack API website, select Canopact on the ‘Your Apps’ page, and then choose ‘OAuth & Permissions’ from the list of options on the left panel. Canopact can be uninstalled at any time through the Slack app directory by a Slack Administrator or by contacting us at firstname.lastname@example.org
. When data is deleted by Canopact, it is permanently deleted (as opposed to soft deleted).4. WHAT INFORMATION DOES CANOPACT COLLECT?
We gather Personal and Company Data, (i) in connection with your access to our Website and Services and (ii) if we are entitled or obligated to process Personal and Company Data under applicable law. Set out below in this Section 4 is the Personal Data and Company Data that we use and the purposes for which we use them. We operate on a basis of lease-privilege: employees are only given access as needed to perform their job.A. Information You Provide to Us:
Your Personal Data: We process Personal Data you actively and knowingly provide to us. For example, we collect your email address if you request a demo of our Services. By signing up for our Services, some information is provided to Canopact (Slack username, Slack profile image and email address). If you choose not to provide us with certain information, you may not be able to register with us or to take advantage of some of our features. Canopact does not collect any Slack login IDs or passwords.
Sensitive Data: We do not knowingly process information revealing political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation (collectively, “Sensitive Information”).B. Information Collected Automatically:
. You may be able to opt-out of some or all of Google Analytics features by downloading the Google Analytics opt-out browser add-on
. For more information about interest-based ads, or to opt out of having your web browsing information used for behavioural advertising purposes, please visit this site
Log Data: The hosting platform for Canopact’s Slack application (Render
) collects log data when there are error messages to help debug issues and improve our service to our customers. Canopact’s Website is hosted on Carrd
We may contact you by email or by other means. For example, we may communicate with you about your use of the Website or Services. If you do not want to receive email or other communications from us, please indicate your preferences by emailing email@example.com
. We may also contact you by email or by other means about new Canopact products or services, offers or other marketing initiatives if you have requested to receive this information from us and have not opted out of receiving this type of information. Canopact will still send you notices as strictly required by applicable law regardless of whether you opt-out or unsubscribe from communications.5. WHERE DO WE STORE AND PROTECT DATA?
Canopact uses Render, which is a secure hosting platform for our servers (located in Germany). Render uses the Advanced Encryption Standard (AES) provided by Amazon RDS for PostgreSQL to encrypt data at rest and during transfer, using 256-bit encryption. Render provides fully managed TLS certificates and redirects all HTTP requests to HTTPS so that users’ security is never compromised. Canopact’s servers support TLS v1.2 and above, providing secure communications over our network. Render also backs up databases on a daily basis to prevent data loss, retaining all backups for at least 7 days.
If you are a resident of the EEA, the United Kingdom or Switzerland, we use a variety of legal mechanisms to help ensure your Personal Data and rights are protected. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulator. Where required by applicable law, we will only share, transfer or store your Personal Data outside of your jurisdiction with your prior consent.6. WILL CANOPACT SHARE ANY OF THE DATA IT RECEIVES?
We neither rent nor sell your Personal or Company Data to anyone. However, we may share such data with third parties as described below.
A. Trusted Third Parties: We may employ other companies and people to either perform tasks on our behalf or to provide specific features to you on your request. Unless we tell you otherwise, such third parties do not have any right to use the Personal or Company Data we share with them beyond what is necessary to assist us. This includes third party companies and individuals employed by us to facilitate our Services, including the provision of maintenance services, sales and marketing applications, database management, web analytics and general improvement of the Services.
B. Protection of Canopact and Others: We may be compelled to access, read, preserve and/or disclose any information to (i) comply with applicable law or a court order; (ii) enforce or apply other agreements with you in our sole discretion; or (iii) protect the rights, property, or safety of Canopact, our employees, our users, or others in our sole discretion. We may send information to fraud protection and credit risk reduction agencies, but only in a manner limited to and consistent with that specific purpose.
C. With your Consent: Except as set forth above, you will be notified when your Personal Data may be shared with third parties and you will be able to object to the sharing of this information.7. IS THE DATA SECURE?
Canopact takes appropriate and reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. Canopact is accessed through your team’s Slack workspace and does not require a separate username and password. However, you must prevent unauthorized access to your team’s Slack workspace and data by selecting and protecting your Slack password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
The transmission of information via the Internet is never completely secure and we are only able to control our Website and Services, but not the connected communication system or systems you use for accessing the Website or Services (e.g. Wifi). Accordingly, unauthorized entry or use, hardware or software failure, and other factors we can neither control nor foresee, may compromise the security of information transmitted over the internet at any time.
When we choose service providers, we assess their technical and organizational measures to ensure the protection of Personal Data. The same applies to other third parties to which we are allowed to transfer this information although these third parties are solely responsible for compliance with applicable laws.8. DO WE PROCESS DATA OF CHILDREN?
Our Services are not directed to persons under the age of 16. We neither knowingly allow such persons to register for the Services on our Website nor knowingly collect Personal Data from children under 16. No one under age 16 may provide any Personal Data to us on our Website or via our Services. If a parent or guardian becomes aware that his or her child has provided us with Personal Data without the parent’s consent, he or she should contact us at firstname.lastname@example.org
. If we become aware that a child under 16 has provided us with Personal Data, we will take steps to delete such information from our files.9. WHAT PERSONAL DATA CAN I ACCESS BY MYSELF?
You have the right to access your Personal Data at any time (see Section 10 regarding your rights). You can access the following information you’ve provided to us as part of installing Canopact in your Slack workspace:
• Slack username
• Slack profile picture
• Email address
The information you can view, update, and delete may change as the Website and Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at email@example.com
. Regarding your further rights concerning your Personal Data, please see below Section 10.10. WHAT RIGHTS DO I HAVE?
In relation to your Personal Data, you always have the following rights to the extent available under applicable law:
• Right to get transparent information about the processing of your Personal Data;
• Right to get access to your Personal Data;
• Right to rectify inaccurate Personal Data concerning you and to get information about any rectification;
• Right to erase Personal Data concerning you and to get information about any erasure;
• Right to restrict processing of Personal Data concerning you and to get information about any restriction;
• Right to receive Personal Data you provided to us and which concerns you and to transmit this received Personal Data to another provider;
• Right not to be the subject of a decision solely based on automated processing including profiling.
Generally, you will find all information about data processing by us in this Privacy & Security Policy. You may be able to add, update, or delete information by contacting us. However, when you update information, we may maintain a copy of the original information in our records (to the extent permitted by applicable law). We will retain your information for as long as you are an existing Canopact user or as reasonably necessary to provide you with the Services. You may request deletion of the Canopact application by contacting us at firstname.lastname@example.org
. Please note that some information may remain in our private records after your deletion of such information from your account (only if and to the extent permitted by applicable law). We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may use any aggregated and anonymized data derived from or incorporating your Personal Data after you update or delete it, but not in a manner that would identify you personally.
If you demand the erasure or object to any data processing, please keep in mind that some Personal Data may be needed to register with us or to take advantage of some of our Services. In some cases, it may not be technically feasible to remove your Personal Data, in which case we will let you know if we are unable to do so and why.
12. CANOPACT’S ONGOING COMMITMENT TO PRIVACY
13. CONCERNS AND RESOLUTION
. We will make every effort to resolve your concerns fully and in a timely manner. In Europe, you can approach any supervisory authority that is competent under the General Data Protection Regulation. If you are resident in the UK, the contact details for data protection authorities are available here
. If you are resident in the EEA, the contact details for data protection authorities are available here
. If you are resident in Switzerland, the contact details for the data protection authorities are available here
. In the U.S., the regulatory agency with the authority to investigate and resolve claims should you consider our practices to be unfair or deceptive is the United States Federal Trade Commission
However, we encourage you to contact us first at email@example.com
, and then we will do our very best to resolve your concern.
Canopy Impact Limited is a registered company in England and Wales (Company number: 12660375) and we are registered with the Information Commissioner's Office in the UK.