Privacy Policy

Financial Modelling Institute, Inc. and its affiliates or subsidiaries ("we", "us", "our", and similar expressions) value your privacy and we want you to understand how we collect, use, share, and protect your personal information when you use our services. These services (the “Services”) include our websites (“Websites”), social media pages, products, services, your account with us, and other activities described in this Privacy Policy. By using our Services, you are agreeing to this Privacy Policy. We may provide additional or supplemental privacy statements for certain products or services as well, which will apply to those specific activities. If you have any questions about how we process your personal information, please see the section “How to contact us” below.

1. Roles and Responsibilities

1. Applicable privacy laws. We are committed to complying with all applicable privacy and data protection laws where we operate or where our customers are located, not only the regions which have specific mention in this Privacy Policy. Our approach is designed to respect the privacy rights of individuals and to maintain all required standards of data protection. We regularly review and update our policies and practices to reflect changes in applicable laws and to ensure ongoing compliance across all regions in which we do business.
2. Data controllers vs. data processors. A data controller is the party that determines the purposes, conditions, and means of processing personal information. A controller can be an individual, a company, a government agency, or any other body that makes decisions about the processing of personal information. In other words, a controller is the organization that decides “why” and “how” personal information should be processed. If multiple organizations jointly determine the purposes and means of data processing, they become joint controllers. A data processor, on the other hand, processes personal information only on behalf of the controller.
3. We act as a data controller. We determine the purposes and means of processing your personal information as described in this Privacy Policy, and so we act as a ‘data controller’ (or equivalent or similar terms under applicable data privacy laws) of your information.
4. Joint controllers. In certain circumstances, there may be more than one data controller processing your personal information. In these situations, we act as an independent data controller over our processing activities. This means we determine how your personal information will be processed independently from the other data controllers. The other data controllers have their own obligations under applicable data privacy laws, and we are not responsible for their processing activities. You should contact these other controllers directly if you have questions about how they process your personal information and about how to exercise your privacy rights.

2. What is personal information?

"Personal information" is generally any information about an identified or identifiable individual, which includes information that can be used on its own or with other information to identify a natural person.

3. What personal information do we collect about you and how do we collect it?

There are several types of information we collect about you:

1. Information you give to us. We collect information that you give us directly. We typically identify the information we are collecting at the time we ask for it from you. While the categories of personal information we collect directly from you will change over time and will depend on the circumstances of our request, they may include the following:
   • Contact data. We may collect your contact information, including your name, previous name(s), title and honorifics, professional title, company name, addresses, phone number, and email address.
   • Job, Career, and Professional Information. We may collect details about your profession, job title, education, professional association membership, and similar details.
   • Account profile data. We collect personal information when you create an account or profile with us. For example, you may be asked for your contact information, a username and password, and billing information (your payment information). We may also collect or record your purchase history with us, preferences, subscription data, and account credentials to access our Services. You may also provide us with other optional information as part of your profile or information you volunteer to give to us. We may also collect links to social network profiles you have (including when used for authentication purposes).
   • Information to verify your identity. We may collect information to verify your identity, such as your name, date of birth, social security number, social insurance number, driver’s license number, passport number, government-issued identification details, and similar information.
   • Communications. You may give us personal information you include in your communications with us, such as information you include in SMS (text) messages, communication means in the Services, and other electronic messages between you and us (collectively, "Electronic Messages"), or by phone or through mail.
   • Marketing preferences, surveys, contests, or promotions. If you select preferences for marketing communications, participate in surveys or contests, or take part in our promotions, we may ask you for and you may choose to provide us with your personal information.
   • Social and community content. When you post on our social media pages and the public areas of our Website (e.g., if you post a comment on an article we feature on the Website), you may be giving us personal information that you include in your content.
   • Business and financial information. We may ask you for information about your business, your finances, tax details, or other business and financial information when you use our Services.
   • Interactions with webforms. We may receive information from you through your use of webforms on our Website or used within our Services.
   • Interactions with chatbots. We may receive information from you through your use of chatbots, digital assistants, or other interactive bots we use with our Services.
   • Device data. If you grant permission in your device settings, certain features of our Services may have access to your device and the information stored on it to provide the functionality intended by our Services. We will tell you which device permissions we need when you install our software. For example, when we administer an exam for our accreditation program, we or our third-party service providers may request access to your device’s permissions to ensure the device is being used according to the rules and procedures for the exam.
   • Payment processing information. If you have made a purchase through us, or if you make a financial transaction using our Services, our third-party payment processors we use will collect information about the purchase or transaction. This includes billing details, credit card information, account, and authentication information. Our systems are not part of the cardholder data environment, meaning that we do not receive or store, in paper or electronic format, your credit or debit card account numbers or other financial account identifiers. However, our third-party payments processing service providers will receive such information and store, use, and disclose it as needed to process your payment, operate and promote their network, perform analytics and create reports, and for other lawful business purposes, as more fully described in their privacy policies. Stripe is our payments processor. For more details on how Stripe uses your information, please refer to Stripe’s website and privacy statements.
   • Data in contracts and other legal agreements. We may also collect information directly from you for contractual or legal reasons. For example, we may ask you for your address and other contact details to give you notices under the contract for our Services and to determine the taxes we may need to charge you. Our agreements with you may also include other personal information related to our Services.
2. Information about you that we get from other sources. We may receive personal information about you from other parties where you have provided consent to the third-party to share your information or where we are permitted by applicable law to receive the information. We protect and process the personal information we receive from third parties as described in this Privacy Policy, consistent with any additional restrictions imposed by the source of the information. Our third-party sources may vary over time and depend upon how you use the Services. For example, we receive information from:
   • Lead generation tools. We may use lead generation tools and services, such as customer relationship management (CRM) platforms, schedulers, social media platforms, and credential verification platforms.
   • Linked third-party services. If you choose to integrate a third-party service that we make available to you, we may receive information from that third-party service according to your settings, agreements, or preferences with that third-party. We use various third party services when we provide our Services to you, including identity verification services and exam proctorial software.
   • Supplemental information and identity verification providers. We also collect personal information about you from third parties that assist us with verifying your identity. For example, organizations that we partner with may give us proof of your residency so that we may determine if you are eligible for our accreditation programs and which program may apply to you, and so we can ensure you meet other regional-specific requirements of our programs.
   • Service providers. We use a variety of third-party service providers to help us deliver our Services and these service providers may give us information about you. We may get information from our marketing service providers to support our marketing initiatives, improve our Services, and better monitor, manage, and measure our ad campaigns, such as details about when our service provider shows you one of our ads on or through its advertising platform. We may hire research firms that help us understand our market and if allowed under applicable laws, these researchers may provide us with personal information. We may receive personal information about you or your interaction with the Services from certain third parties we use to support our troubleshooting activities, for example when we obtain information through customer support interactions, such as technical issues that have been submitted to us, call monitoring records, voicemails, photographs, file uploads, and chat records.
   • Risk management, cybersecurity & anti-fraud providers. We may receive personal information from third parties that help us assess risks associated with our offerings, including to help combat fraud and illegal activity and to help protect your personal information.
   • Business partners. We may also collect information about you from our business partners that assist us with providing our Services, developing our business, and understanding our market. If we partner with another company or organization to collaborate on a new feature of our Services, we may receive personal information about you from that other company or organization. We may receive information from information services and data licensors that provide demographic and preference information to us. Some professional associations, such as accounting governing bodies and professional associations may provide us with personal information to assist us with enrollment data for our accreditation programs.
   • Joint offering partners. We may offer co-branded services or experiences or engage in joint-marketing activities with others, including through webinars, conferences, or live events.
   • Government agencies. We may receive information from government agencies, including from various tax agencies, to help verify your business information or to facilitate your use of our Services.
   • Public information. We may collect individual and household demographic information and preference information from publicly available sources, such as open government databases, social media platforms, and others.
3. Automatic data collection. We may automatically collect personal information about you, such as:
   • Information from your use of the Website. We collect personal information about you when you use our Website. This includes information like: your Internet protocol (IP) address; your geographic location; the website you visited before coming to our Website; your browser type and settings; log data; your device information (for example, if you're using a tablet, mobile phone, or desktop computer and the operating system); the date and time when you visited the Website; and other unique identifiers.
   • Location information. Certain features in the Services may collect your precise location information, device motion information, or both, if you or your organization grant(s) us permission to do so through your device settings. For example, we or our third party service providers may collect your location to ensure that you are writing an exam for our accreditation program in an approved location.
   • Communication interaction data. We or our third-party service providers may collect information from email providers, chat applications, communication providers, and social networks, such as your interactions with our email, text, or other communications (e.g., whether you open or forward emails). We may do this through use of pixel tags (also known as clear GIFs), which may be embedded invisibly in our emails.
   • Online behavioral data. We may automatically collect certain personal information about your use and interactions with our Website, social media, and marketing campaigns that we or our service providers organize, including device information (such as your IP address and unique device IDs), page view information and search results, links, and if you are a customer contact, whether or not a campaign presented or sent to you has been viewed, delivered, opened, clicked on, whether it has bounced, or was treated as spam.
4. Information from cookies and other tracking technologies. We and our service providers may use commonly used tools such as cookies, web beacons, pixels, local shared objects, and similar technologies (collectively “cookies”) to collect information about you (“Cookie Information”) so we can provide the experiences you request, recognize your visit, track your interactions, remember your preferences, and improve your and other customers’ experiences.
5. Sensitive personal information. We generally prohibit sensitive personal information from being used with our Services, such as information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data, health-related data, data about sexual orientation, untruncated financial account identifiers (e.g., credit card numbers or bank account numbers), untruncated government issued identifiers (e.g., social insurance numbers), or other types of sensitive or special category data that is subject to specific or elevated data protection requirements under applicable laws, where the use of such data is not intended by the functionality of our Services. If, however, we collect sensitive personal information from or about you, it will be identified at the time we request it or will be detailed in this Privacy Policy. Please note we cannot monitor all data input into our Services by you or others, including sensitive personal information, and to the maximum extent allowed by law, we will not be liable for how such sensitive personal information is collected, used, or shared where it is not within our commercially reasonable control to prevent the collection, use, or sharing.
6. Biometric information. Some of our Services require biometric personal information (“Biometric Information”) to verify your identity and protect against fraud. We will not collect your Biometric Information without first providing notice and obtaining your consent. We and our service providers will store your Biometric Information for no more than the time reasonably needed to verify your identity and for potential debugging of our identification verification technologies. Your Biometric Information will not be shared or disclosed to third parties unless such disclosure is permitted or required by law, or you otherwise consent to such sharing. Biometric Information may include:
   • Photo identification.
   • A photo of your face (a “selfie”) that you provide when prompted.
   • A scan of your government-issued identification to compare against a photo or screen capture of your face.

4. How do we use your information?

1. To make our Services available to you. We use your personal information to provide our Services to you and to respond to your requests. This may include:
   • Administering our programs, courses, content, and exams for our accreditations and certifications.
   • Running and managing our business, including resolving billing and financial disputes.
   • Evaluating your eligibility for our offers, products, and services.
   • Providing a product, feature, or service that you have requested.
   • Communicating with you.
   • Understanding your needs and interests and personalizing your experience with the Services and our communications.
   • Providing you with support and resolving disputes.
   • Authenticating your identity and keeping our Services secure.
   • Managing event registrations and attendance, including sending related communications to you.
   • Registering visitors to our offices for security reasons.
   • Providing you with customized services, such as when we use your location information to determine your language preferences or display accurate date and time information.
2. To verify your identity. We may use your personal information to verify your identity. For example, when you write one of our exams to receive an accreditation from us, we may require an appropriate piece of identification to ensure you are the person permitted to write the exam. We may also use your personal information from your identification with a real-time image of you for facial recognition to verify that you are a person entitled to write one of our exams.
3. Our own research and development. We may use your personal information to improve and develop our products and services by analyzing how they are used and interacted with. 
4. To de-identify or anonymize your personal information and to aggregate it with other data. Personal information does not include information that has been anonymized in such a way that it can no longer be used to identify a specific natural person, whether on its own or in combination with other information. We may use your personal information to create this kind of anonymized, de-identified, or aggregated data and use it for researching, developing, and improving, our products and services, statistical analysis about our Services and business, and for marketing and promoting our Services. We may also anonymize your information to mask your identity to ensure fair, unbiased grading of your exams when you participate in our accreditation programs.
5. To market and promote our business to you. We use your personal information to market our Services and business to you, including through surveys and promotions, recommendations, and non-transactional communications (e.g., email, post, telephone, SMS or push notifications, in accordance with your marketing preferences). We may use your information to send you tailored marketing communications about products, services, offers, programs, and promotions of ours and those of our partners and measure the success of those campaigns. For example, we may send different marketing communications to you depending on what we think may interest you based on other information we hold about you, we may decide not to advertise our Services to you on a social media site if you already follow us, and we may choose to serve you a particular advertisement based on your service choices with us.
6. Whistleblower reporting. When you report any concern of non-compliance, unethical conduct, or other alleged violation of our policies or terms of service, personal information you provide will be processed as a part of the investigation of the allegations and retained in accordance with our internal policies until the investigation is complete. While we make every effort to maintain confidentiality, depending on the investigation, disclosing your identity to other individuals may be necessary.
7. Compliance and protection. We may use your personal information to:
   • Protect against misuse or abuse of our Services.
   • Comply with applicable legal requirements, such as tax and other government regulations, contracts, and valid law enforcement requests.
   • Protect the rights, property, safety or security of our Services, our customers, employees, or others and prevent fraudulent or illegal activity.
   • Exercise our rights in the course of judicial, administrative, or arbitration proceedings.
   • Enforce, remedy, or apply our agreements.
8. To fulfill the purposes for which you provided the information to us. We use your personal information when you give it to us for a specific purpose or for reasons that were described when it was collected, such as providing Services to you, or any other purpose for which you provide it, including for any other reason described in this Privacy Policy. 
9. To connect you with others. We may use your personal information to connect you with other people and businesses in the way intended by our Services or at your request.
10. Artificial Intelligence (AI) and automated decision-making. We may use artificial intelligence, machine learning algorithms, and forms of automated decision-making. Some jurisdictions give individuals a right to have these automated decisions reviewed by a person or otherwise limited. Please contact our Privacy Officer with any requests or information about our use of automated decision-making technologies with your personal information. See also our jurisdiction specific disclosures below for more details. We may use artificial intelligence, machine learning algorithms, and forms of automated decision-making with your personal information to:
    • Personalize your experience and make it more efficient.
    • Provide and improve the Services.
    • Prevent risk of misuse of our Services and fraud.
    • Communicate with you through chatbots, digital assistants, or other digital conversation tools powered by artificial intelligence.
    • Recommend services, products, or features to you based on your input, preferences, or behaviour.

5. When do we use your information?

1. Consent. We use your personal information when you have consented to the use of it in a particular way. When you consent, you can change your mind at any time and if you withdraw your consent, unless there is a clear and appropriate exception under applicable law, we will cease using your personal information.
2. Implied consent. In some limited circumstances, in the ways allowed by privacy laws, and only when the information is not sensitive, we will use your personal information when your consent to its use is implied. For example, if we tell you that we will be collecting your personal information and using it for a certain purpose and you do not refuse your consent within a reasonable period of time, unless stated otherwise under privacy laws, we may imply your consent. This may happen, for example, if you call us and we advise you that we will be recording the conversation and you do not object or end the call.
3. Exceptions to consent. In some circumstances, such as to respond to an emergency that threatens your security or to prevent fraud, we may use or disclose your personal information without your consent to the extent allowed by privacy laws.
4. Consequences if we do not receive your personal information. We will normally let you know when personal information is required, and the consequences of failing to provide it or withdrawing your consent. If you do not provide personal information when requested, you may not be able to use all or some of our Services if that information is necessary to provide you with the Service or if we are legally required to collect it. Some of the consequences of not receiving personal information from you include:
   • We may not be able to provide you with an accreditation under our programs.
   • We may need to withhold your exam results until we can verify your identity.
   • If you need an accommodation when writing an exam, we may not be able to grant your request without medical information we reasonably require.
   • If you wish to update the personal information we make publicly available about you, such as your status as an accredited participant of our programs, we may not be able to update it without new personal information about you.

6. How do we share your personal information?

In addition to the other scenarios we have discussed in this Privacy Policy, we may share your personal information in the following ways:

1. With your consent. We share your personal information when you consent to us doing so. This includes the consent you give us by using our Services to disclose that you are an accredited alumni of our programs and the results of the exams you wrote as a participant of our programs.
2. Information we make publicly available. With your consent, we make your personal information publicly available. Specifically, we may post your name, title, location, and LinkedIn profile, and the fact that you are an accredited alumni of our programs on our Website.
3. When you connect to your social media account. Some of our Services may enable you to connect to a social media account or share information on social media platforms. Any information you choose to share on social media may potentially be visible to a global audience and will be subject to the social media provider’s privacy policies (not this Privacy Policy). You should take care only to share information on social media that you are comfortable sharing.
4. Business partners. With your consent we may share your personal information with third parties who are jointly providing features, sales initiatives, promotions, or events with us.
5. When you publicly post the information. We may provide opportunities for you to publicly post reviews, questions, comments, suggestions, or other content that may include personal information, such as your name or username. Although we may monitor or even control these types of public posts, we are under no obligation to do so. We also cannot control the actions of others, including how they will use your public posts and any personal information you include in them. Anything you share in a public forum is public, and you should think carefully before you decide to share.
6. Service providers. We share personal information with our service providers or agents who provide services on our behalf for the purposes described in this Privacy Policy. Service providers or agents are required to implement reasonable privacy and information protection controls to maintain the privacy and security of information provided to them consistent with the privacy practices outlined in this Privacy Policy. Service providers or agents may include companies that assist us with our advertising, marketing, and sales efforts, help us with our technology offerings (such as a hosting, security, or anti-fraud providers), and help us run our business.
7. Business transfers. If we're involved in a reorganization, merger, acquisition, or sale of some or all our assets, your personal information may be transferred as part of that deal or the negotiation of contemplated deals.
8. Our own advertising. We share personal information with third parties so we can provide you with tailored advertising for our business and measure and monitor its effectiveness. For example, we may share your actual or pseudonymized email address with a third-party social media platform on which we advertise to avoid serving ads to people who already use our Services. Our advertising partners may place cookies on unaffiliated websites in order to serve advertisements that may be relevant to you based on your browsing activities and interests and determine the effectiveness of such advertisements.
9. For legal reasons. We may share your personal information with third parties for legal reasons without your consent as permitted by law, including: when we reasonably believe disclosure is required to comply with a subpoena, court order, or other applicable law, regulation or legal process; to protect our, our customers’, and others’ rights, property, or safety; to enforce, remedy, or apply our terms of service or other agreements; to detect or prevent fraud, cybersecurity attacks, or illegal activity; for debt collection; and with regulatory agencies, including government tax agencies, as necessary to help detect and combat fraud, or protect our customers, users, or as required for risk control programs.

7. Your rights.

Some jurisdictions’ privacy and data protection laws give individuals specific privacy rights. We outline some of those rights below, which may apply to you depending on where you reside. You can exercise your rights under this Privacy Policy and applicable privacy laws by contacting us privacy@fminstitute.com, by calling our offices, or by following any instructions on opting out of collection, use, or disclosure of your personal information that we make available to you. Please note that we may need to verify your identity in connection with your requests, and such verification process may require you to provide us with additional information (e.g., government identification). If we are unable to verify your identity or request, we may not, in accordance with applicable law, be able to fulfill your request. Additional rights are outlined in the regional-specific privacy statements included later in this Privacy Policy.

1. Rights to access and correct your personal information. Where applicable law requires (and subject to any relevant exceptions under law), you may have the right to be informed about the personal information that we hold about you, to have access to that information, and to correct your personal information.
2. Right to withdraw your consent. If we rely on consent for the collection, use, or disclosure of your personal information, you have the right to withdraw it at any time. When you do so, this will not affect the lawfulness of the collection, use, or disclosure of your personal information before your withdrawal of consent. Please note that if you withdraw consent, certain features of the Service may not have full functionality because certain features rely on your personal information to work as intended.
3. Right to limit or restrict data processing, including regarding automated decision making, profiling, and tracking. Some jurisdictions’ laws may give you the right to restrict or object to the processing of your personal information, including where automated decision making is used with that information, where your information is used for profiling purposes, or when tracking technologies are used with your personal information.
4. Rights regarding commercial electronic messages. Like many other companies, we may ask you to sign up to receive emails, text (SMS) messages, and other Electronic Messages from us. If you no longer wish to receive those messages, you can opt-out by following the unsubscribe link in the messages or by contacting us.
5. Right to make complaints. You have the right to lodge a complaint with a competent supervisory authority, subject to applicable law.

8. How long do we keep your personal information?

In general, we keep your personal information throughout your relationship with us and for as long as we need it to provide our Services to you, to comply with our data retention policies, and as needed to comply with laws.

We may be required to maintain your personal information for as long as necessary to:

• comply with our legal or regulatory compliance needs (e.g., maintaining records of transactions you have made with us);
• for audit purposes;
• to exercise, establish or defend legal claims; or
• to protect against fraudulent or abusive activity on our service.

This means we may keep different information for different periods.

There may be occasions where we are unable to fully delete, anonymize, or de-identify your personal information due to technical, legal, regulatory compliance, or other operational reasons. Where this is the case, we will take reasonable measures to securely isolate your personal information from any further processing until such time as we are able to delete, anonymize, or de-identify it.

9. Where we may store and process your information.

We are based in Ontario, Canada and we may process, store, or transfer personal information in Canada and any of its provinces or territories.

We or our third-party sub-processors may also process, store, or transfer personal information outside of Canada. Locations other than Canada may have different privacy laws, which may be more or less protective. If we move personal information to a location other than Canada, the governments, courts, law enforcement, or regulatory agencies of that country may have access to your personal information through their laws.

In addition to Canada and any of the provinces within Canada, your personal information may be collected, used, disclosed, or stored for any purpose stated in this Privacy Policy in these other regions:

• The United States
• The United Kingdom
• The European Union and its member states
• The European Economic Area
• Australia
• Any other region in which we operate our Services

When we transfer, store or process personal information outside of your jurisdiction, we take appropriate safeguards to require that your personal information remain protected in accordance with this Privacy Policy and applicable law.

Some of the recipients of your personal information are located in countries for which the European Commission or UK Government (as and where applicable) have issued adequacy decisions, which means that these countries are recognized as providing an adequate level of data protection under applicable UK or European data protection laws and the transfer is therefore permitted under Article 45 of the GDPR.

Other recipients of your personal information are located in countries outside the European Economic Area (EEA) or the UK that are not the subject of an adequacy decision. In these cases, we may use the Standard Contractual Clauses approved by the European Commission or, as may be applicable, the International Data Transfer Agreement approved by the UK Government, to help ensure your personal information is protected. 

We comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) regarding the collection, use, and retention of personal information transferred from the European Union (EU), the United Kingdom (and Gibraltar), and Switzerland to the United States. We may rely on the EU-U.S. DPF to transfer data and will rely on the UK Extension to the EU-U.S. DPF and Swiss-U.S. DPF once approved by the appropriate authorities.

We may be subject to the investigatory and enforcement powers of the Federal Trade Commission and other US law enforcement agencies in accordance with applicable US data privacy laws.

10. How do we keep your personal information secure?

We follow industry standards on information security management to safeguard personal information. However, despite these controls, we cannot completely ensure or warrant the security of your personal information since no method of transmission over the Internet or method of electronic or physical storage is completely secure.

11. Children and privacy.

Our Services are not meant for children under 13 years of age. If you are under 13 years old, please do not give us your personal information. If you are the parent or guardian of someone under 13 years of age, please do not give us personal information of that person.

12. How to contact us about privacy questions.

If you have a question or a concern about our Privacy Policy or your personal information, please get in touch with us. Our Privacy Officer can be reached at privacy@fminstitute.com.

13. Changes to our Privacy Policy.

We may update this Privacy Policy from time to time to reflect, for example, changes to our privacy practices or for other operational, legal, or regulatory reasons. If we make material changes to this Privacy Policy, we will give you notice of such changes by posting the revised policy on our Website, and where appropriate, by other means. By continuing to use the Services after these changes are posted, you agree to the revised policy.

Region specific terms

Additional terms may apply to you based upon the country or location in which you reside. These additional privacy terms, notices, and statements are below.

1. Québec privacy statements.

1. Québec residents. This section applies only to Québec residents. It describes how we collect, use, and share personal information of Québec residents in our capacity as an “enterprise” under the Act respecting the protection of personal information in the private sector (“Private Sector Act”) and your rights with respect to that personal information. For purposes of this section, the term “personal information” has the meaning given in the Private Sector Act but does not include information exempted from the scope of the Private Sector Act. Please note that we may claim legal exemptions for certain types of personal information from all or certain parts of the Private Sector Act. In some cases, we may provide a different privacy notice to certain categories of Québec residents, such as employees and job applicants, in which case that notice will apply instead of this section.
2. Data residency. Personal information may be communicated outside of Québec. Unless exempted under the Private Sector Act, prior to communicating personal information outside of the province we take into account (1) the sensitivity of the information, (2) the purposes for which it is to be used, (3) the protection measures that would apply to it, and (4) the legal framework applicable in the jurisdiction in which the information would be communicated, including the legal framework’s degree of equivalency with the personal information protection principles applicable in Québec. The information may be communicated if the assessment establishes that it would receive protection equivalent to that afforded under the Private Sector Act. We also ensure that where required under the Private Sector Act, the communication of the information is subject to a written agreement that considers the results of our assessment and, if applicable, the terms agreed upon to mitigate the risks identified in the assessment.
3. De-indexing. Under certain conditions, you may have the right to have the personal information we make available about you through hyperlinks de-indexed or re-indexed with correct information. To exercise this right, please contact our Privacy Officer.
4. Portability. You may request portability of your personal information in a readily usable format. To make such a request, contact our Privacy Officer or access the settings available in your account.
5. Access. You may request a copy of the personal information by contacting our Privacy Officer or accessing the settings available in your account.
6. Correction. You can edit and correct your personal information at any time by changing it directly in our products and services or by contacting our Privacy Officer or accessing the settings available in your account.
7. Withdraw consent. If we communicate your personal information with your consent, you can withdraw your consent at any time.
8. Third persons to whom we communicate your personal information. If applicable, you have the right to be given the name of the third person for whom your personal information is being collected, and the names of the third persons or categories of third persons to whom it is necessary to communicate the personal information for the purposes for which it was collected.

2. United Kingdom (and Gibraltar) (UK) and European Economic Area (EEA), and Switzerland statements.

1. References to personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by EU and UK data protection laws. Essentially, “personal data” is information about an individual, where that individual is either directly identified or can be identified. It does not include ‘anonymous data’ (i.e., information where the identity of an individual has been permanently removed).
2. UK and EEA residents. This section applies only to UK, EEA, and Swiss residents. It describes how we collect, use, and share personal information under: (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) ( “EU GDPR”); (ii) the Switzerland Federal Act on Data Protection of 19 June 1992 (SR 235.1) and its subsequent revisions (“FADP”); and (iii) the EU GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 (“UK GDPR” and collectively with EU GDPR and FADP, “European Privacy Laws”); and (iv) any and all applicable national data protection laws made under, pursuant to or that apply in conjunction with any of (i), (ii), or (iii); in each case as may be amended or superseded from time to time. For the purposes of this Privacy Policy, “personal information” means “personal data” under European Privacy Laws.
3. Legal basis of processing. We use your personal information only as permitted by law. Applicable European Privacy Laws require us to have a “legal basis” for each purpose for which we collect your personal information. Our legal basis for collecting and using the personal information described in this Privacy Policy will depend on the type of personal information and the specific context in which we collect it. However, we will normally process personal information from you when:
   • We have your consent to do so;
   • We have a contract with you and it is necessary to process your personal information to perform our contract with you, including to provide you with the benefits of the Services and operate our business; 
   • The processing is in our legitimate business interests, such as operating our businesses, improving and developing the Services, communicating with you, marketing our offerings and services and personalizing your experience, and to detect illegal activities; or
   • To comply with legal requirements, including applicable laws and regulations.
4. Your European Privacy Law rights. As a resident in a region where European Privacy Laws apply, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
   • Access. You may request a copy of your personal information by contacting our Privacy Officer or accessing the settings available in your account.
   • Correction. You can edit and correct your personal information at any time by changing it directly in our products and services.
   • Deletion. You may have the right, under certain circumstances, to request that we delete the personal information you have provided to us. You may delete your personal information by contacting our Privacy Officer or accessing the settings available in your account.
   • Objection and restriction. You may object to our processing of your personal information or ask us to restrict processing of your personal information.
   • Portability. You may request portability of your personal information.
   • Withdraw consent. If we process your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
   • File a complaint. You have the right to file a complaint with a supervisory authority about our collection and processing of your personal information. You can find your data protection regulator here.
   • Manage marketing communications from us. You have the right to opt-out of direct marketing. To update your marketing communication preferences, you can go to the marketing preference tools in your account settings or contact us. You may also click unsubscribe at the bottom of the marketing emails.
   • Cookies and other tracking technologies. You have the right to opt-out of interest-based advertising, including through cookies and tracking technologies, through the means we provide on our Website.
   • Automated decision making and profiling. You have the right to not have your personal information be subjected to automated decision making or profiling.

3. United States privacy statements.

1. This section applies only to the residents of Colorado, Connecticut, Delaware, Iowa, Montana, Oregon, Nebraska, New Hampshire, New Jersey, Texas, Utah, and Virginia. It describes how we collect, use, and share “Personal Data” of state residents described in this subsection in our capacity as a business or controller under the corresponding state privacy laws, including:
   • Colorado Privacy Rights Act;
   • Connecticut Data Privacy Act;
   • Delaware Personal Data Privacy Act;
   • Iowa Consumer Data Protection Act;
   • Montana Consumer Data Privacy Act;
   • Oregon Consumer Privacy Act;
   • Nebraska Data Privacy Act;
   • New Hampshire Data Privacy Act;
   • New Jersey Data Privacy Act;
   • Texas Data Privacy and Security Act;
   • Utah Consumer Privacy Act; and
   • Virginia Consumer Data Protection Act;

(collectively, “Applicable State Privacy Laws”), and your rights with respect to that Personal Data. For purposes of this section, the term “Personal Data” has the meaning given in the Applicable State Privacy Laws but does not include information or entities exempted from the scope of the Applicable State Privacy Laws.

2. Your privacy rights. As a resident or data subject of any of the above States, you may have the following rights under Applicable State Privacy Laws. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. To protect your personal information from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect your account has been accessed without your authorization, we may ask you to provide additional personal information for verification. The information below is for summary purposes only; the scope of your rights and the full details of how, when, and to whom they apply are found in the text of the Applicable State Privacy Laws. The information in this section is not intended to provide rights beyond the scope of Applicable State Privacy Law. For a full understanding of your rights, please refer to the full text of the laws applicable to you.

4. Other region privacy statements.

1. We collect personal information from residents in other regions, including residents of Australia, Japan, Nigeria, the Philippines, South Africa, China, India, Mexico, and Brazil. This section applies only to people from these regions, and it describes how we collect, use, and share personal information of individuals in these regions in our capacity as a business or controller under the corresponding national privacy laws, including:
   • Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained within the Privacy Act 1988 (Australia);
   • Personal Data Protection Law (PDPL), Law No. 30 of 2018 (Bahrain);
   • General Data Protection Law (Lei Geral de Proteção de Dados, LGPD) (Brazil);
   • Personal Information Protection Law (PIPL) (China);
   • Digital Personal Data Protection Act, 2023 (DPDP Act) (India);
   • Act on the Protection of Personal Information (APPI) (Japan);
   • Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) (Mexico);
   • Nigeria Data Protection Act (NDPA) and Nigeria Data Protection Regulation (NDPR) (Nigeria);
   • Data Privacy Act of 2012 (DPA) (Philippines);
   • Personal Data Privacy Protection Law, Law No. 13 of 2016 (Qatar);
   • Personal Data Protection Law (PDPL), Royal Decree No. M/19 dated 9/2/1443H (Saudi Arabia);
   • Protection of Personal Information Act (POPIA) (South Africa);

(collectively, “Applicable National Privacy Laws”).

For purposes of this section, the term “personal information” has the meaning given in the Applicable National Privacy Laws but does not include information or entities exempted from the scope of the Applicable National Privacy Laws.

2. Legal basis of processing. We use your personal information only as permitted by Applicable National Privacy Laws. Our legal basis for collecting and using the personal information described in this Privacy Policy will depend on the type of personal information and the specific context in which we collect it. However, we will normally process personal information from you when:
   • We have your consent to do so;
   • We have a contract with you and it is necessary to process your personal information to perform our contract with you, including to provide you with our products and services and to operate our business;
   • The processing is in our legitimate business interests, such as operating our business, improving and developing our products and services, communicating with you, marketing our offerings and services and personalizing your experience, and to detect illegal activities;
   • To comply with legal requirements, including applicable laws and regulations; or
   • As described elsewhere in this Privacy Policy and in compliance with Applicable National Privacy Laws.
3. Rights and choices. As a resident or data subject of any of the above regions, you may have the following rights under Applicable National Privacy Laws. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. To protect your personal information from unauthorized access or deletion, we may require you to verify your credentials before you can submit a rights request. If you do not have an account with us, or if we suspect your account has been accessed without your authorization, we may ask you to provide additional personal information for verification. The information below is for summary purposes only; the scope of your rights and the full details of how, when, and to whom they apply are found in the text of the Applicable National Privacy Laws. The information in this section is not intended to provide rights beyond the scope of Applicable National Privacy Law. For a full understanding of your rights, please refer to the full text of the laws applicable to you.

4. International data transfers. If we transfer your personal information outside of the country or territory in which we collect it, we will ensure that the recipient provides an adequate level of protection if and as required by Applicable National Privacy Law, or we will obtain your consent for the transfer. We may also enter into agreements with recipients to ensure your personal information is handled in accordance with Applicable National Privacy Law. Some of these agreements may be in standard forms or include standard contractual clauses as required by Applicable National Privacy Law.