Effective date: 19 April 2020
Responsible entity. The company that is responsible for the processing of your personal data through LxT is Linguistix Tank Inc. having a registered business address at 4312 Village Centre Court, Mississauga ON L4Z 1S2, Canada, and the corporation number 892607-7 (“we”, “us”, and “our”).
Our role as a data controller and data processor. When handling personal data, we act as a data controller and a data processor in terms of the applicable data protection laws, including, but not limited to, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and the EU General Data Protection Regulation (GDPR), UK Data Protection Act and ISO 27001 Information Security Management System. Our role depends on the specific situation involving personal data as explained in detail below:
We act in the capacity of a data controller when we ask you to submit your personal data that is necessary to ensure your direct access and use of LxT (e.g., when you conclude a contract for the Services or communicate with us). In such instances, we are a data controller because we make decisions about the types of personal data that should be collected from you and the purposes for which such personal data should be used. Therefore, we comply with the data controller’s obligations set forth in the applicable laws.
We act in the capacity of a data processor in situations when our clients submit to us materials within the scope of the Services (the “Files”) and those Files contain personal data. We do not own, control, or make decisions about the personal data in the Files and such personal data is processed only in accordance with the instructions provided by the respective client. The client submitting the Files acts as a data controller and the client is responsible for deciding what personal data should be collected from data subjects and how such data should be processed by us. In the situations when we act in the capacity of a data processor, we comply with data processors’ obligations set forth in the applicable laws. In order to ensure that personal data is processed in accordance with the strictest data protection standards, we offer our clients a data processing agreement that can be received for a review by contacting us.
Minors. LxT should not be accessed or used by persons under the age of 18. Therefore, we do not knowingly collect personal data of persons under the age of 18. When our clients submit the Files within the scope of the Services, those files may contain personal data belonging to minors. Although we may process minor’s personal data upon our client’s request within the scope of the Services, the respective client remains solely responsible for obtaining that personal data in a lawful manner and complying with the applicable data protection laws when transferring such data to us via the Files.
Types and purposes of personal data
We collect only a minimal amount of personal data and use it for specified and limited purposes. In this section, we explain what personal data we collect, for what purposes we use that data, and on what lawful bases we rely on when processing personal data.
Types of personal data. We comply with data minimization principles. It means that we collect only a minimal amount of personal data that is necessary to ensure your proper use of LxT. No excessive personal data is collected via LxT. The list of the types of personal data that we collect from you or process on behalf of our clients is provided in the table below.
HR Data. When we hire our employees, contractors, or other personnel, we collect certain personal data from them that is necessary for (i) concluding employment and service contracts, (ii) maintaining our business records, (iii) complying with our legal obligations, and (iv) pursuing our legitimate business interests. The lawful bases that we rely upon are ‘pursuing our legitimate business interests’ (i.e., administering our business) and ‘complying with our legal obligations’. The personal data collected within the scope of human resources management includes the data as follows, or employees: full name, address, phone number, email address, background check information, national ID number, social insurance number, and medical insurance documents; for contractors and service suppliers: full name, phone number, email address, social media ID; and instant messaging software ID.
Additional (optional) data. If you request support, participate in an activity organized by us, submit your feedback, reviews, comments, or otherwise communicate with us, we may collect certain personal data that is relevant to the case. Please note that the provision of such data is optional and you may choose what personal data you would like to share with us. We will use such personal data to reply to you, provide you with the requested services, or for pursuing our legitimate business interests (i.e., to analyze and improve our business).
Failure to provide personal data. If you do not provide us with the personal data when requested, we may not be able to perform the requested operation and you may not be able to use the full functionality of LxT, receive the Services, or get our response.
Confidentiality of the Files. We put reasonable efforts to ensure that any data in the Files remains confidential and properly protected. Moreover, we do not intentionally and directly access, manage, correct, delete, share, or disclose the Files, unless it is strictly necessary for the provision of the Services, enforcement of our legal terms, or we are requested by law enforcement agencies to do so. Our clients are solely responsible for the content of the Files.
Sensitive data. In certain cases, we process special categories of personal data (“sensitive data”), if such data is included in the Files. Sensitive data is data related to a natural person’s health, opinion about religious and political beliefs, racial origins, membership of a professional or trade association, or information about sexual orientation. Our clients are solely responsible for obtaining sensitive data in a legitimate manner. The legal basis on which we rely when processing sensitive data is ‘performing a contract with our client’.
Non-personal (technical) data
When you use the Websites, we collect some technical data about your device and visits. In this section, we inform you what non-personal data we collect from you and for what purposes we use that data.
- What non-personal data do we collect? When you use the Websites, we and our analytics service providers automatically collect certain technical non-personal data about your use of the Websites. Although such non-personal data allows us to analyze your use of the Websites, it does not allow us to identify you. The non-personal data collected includes the following information:
- The type of device that you use;
The operating system that you use;
The browser that you use;
Your log files;
URL addresses that you go to from the Websites;
Your country; and
Your other online behavior data.
Your feedback. If you contact us, we may keep records of any questions, complaints, recommendations, or compliments made by you and the response, if any. Where possible, we will de-identify your personal data. Please note that de-identified personal data is considered to be non-personal data.
How do we use non-personal data? We will use non-personal data for the following purposes:
To analyze what kind of users access and use the Websites;
To examine the relevance, popularity, and engagement rate of the content and services available on the Websites;
To investigate and help prevent security issues and abuse;
To develop new services and provide additional features to the Websites; and,
To personalize the Websites for your specific needs.
Aggregated and de-identified data. In case your non-personal data is combined with certain elements of your personal data in a way that allows us to identify you, we will handle such aggregated data as personal data. If your personal data is aggregated or de-identified in a way that it can no longer be associated with an identified or identifiable natural person, it will not be considered personal data and we may use it for any business purpose.
Commercial communication and service notifications
From time to time, you may receive service-related notifications and commercial communication from us. In this section, we explain when you may receive notices from us and what you can do to decline our commercial communication.
Informational notices and service updates. To ensure the proper provision of our Services, we will send you important informational notices in a form of emails and notifications, such as service updates, technical or administrative messages, information about the LxT, your privacy and security, and other important matters. Please note that we will send such notices on an “if-needed” basis and they do not fall within the scope of direct marketing communication that requires your prior consent.
Commercial communication. To keep you updated about the latest developments related to LxT, our Services, additional features of the Websites, or our special offers, we may send you marketing messages, such as newsletters, brochures, promotions, and advertisements. You will receive such marketing messages or be contacted by us for marketing purposes only if:
We receive your express (“opt-in”) consent to receive marketing messages (please note that your voluntary subscription to our newsletters substitutes such consent); or
We decide to send you marketing messages about our new services that are closely related to the Services already used by you.
Opting-out. You can opt-out from receiving marketing messages at any time free of charge by clicking on the “unsubscribe” link contained in any of the messages sent to you, adjusting your Account settings, or by contacting us directly.
We store your personal data only if it is necessary for its specific and limited purposes. In this section, we specify the time period for which we keep your personal and non-personal data in our systems.
Retention of the Files. We store the Files in our systems only as long as the Files are necessary for the provision of the Services. After the provision of the Services ceases or our client requests us to delete the Files and there is no other legal basis for storing the Files, we will immediately securely delete the Files from our systems.
Retention as required by law. Please note that, in some cases, we may be obliged by law to store your personal data for a certain period of time (e.g., for accountancy purposes or business records). In such cases, we will store relevant personal data for the time period stipulated by the applicable law and delete the personal data as soon as the required retention period expires.
Disclosure of personal data to third parties
We share some personal data with external service providers. In this section, you can find information about third parties that have access to personal data and the instances when we make data transfers.
Instances of the disclosure. If necessary, we will disclose personal data to the service providers with whom we cooperate (our data processors). For example, we may share personal and non-personal data with entities that provide certain technical support services to us, such as data processing, business analytics, advertising, and email distribution services, or if you explicitly request us to disclose the personal data. To ensure that the recipient third parties ensure an appropriate level of security of personal data, we take safeguards for the disclosure and transfer of personal data (i.e., choosing third parties that are established in countries that have high-level data protection laws or concluding data processing agreements that ensure the security of personal data). We do not sell personal data to third parties. The disclosure of personal data is limited to situations when such data is required for the following purposes:
Ensuring the provision and delivery of the Services;
Ensuring the proper operation of the Websites;
Providing you with the requested information;
Pursuing our legitimate business interests;
Enforcing our rights, preventing fraud, and security purposes;
Carrying out our contractual obligations;
Law enforcement purposes; or
If you provide your prior consent to such disclosure.
Sharing personal data with our group of companies. To ensure the provision of the Services, your personal data can be transferred to our subsidiaries, including, but not limited to, Linguistix Tank Egypt having a registered business address at Mezzanine floor, 22 Gool Gamal St. Agouza, Giza, Egypt and the commercial registration number 9870.
Live chat and email service provider G Suite located in the United States;
Independent contractors providing legal, design, development, audit, and compliance consultancy services.
Sharing of non-personal data. Your non-personal data may be disclosed to third parties for any purpose because such data does not allow identifying you. For example, we may share it with prospects or partners for business or research purposes, for improving LxT, or developing new products and services.
Legal requests. If we receive a request from a public authority, we will disclose the requested personal data to the extent necessary for pursuing a public interest objective, such as national security or law enforcement.
International transfers of personal data
The personal data handled by us may be transferred outside the country where data subjects reside. In this section, we explain when we transfer personal data abroad and what safeguards we implement to ensure that the transferred personal data is properly protected.
Some of the third parties listed in section 6 above are located outside the country in which data subjects reside. For example, if a data subject resides in the country belonging to the European Economic Area (EEA), we may need to transfer his/her personal data to jurisdictions outside the EEA. In case it is necessary to make such a transfer, we will make sure that the jurisdiction in which the recipient third party is located guarantees an adequate level of protection for personal data, the recipient is a Privacy-Shield certified entity, or we conclude an agreement with the respective third party that ensures such protection (e.g., a data processing agreement based pre-approved standard contractual clauses).
Security measures for the protection of personal data
We put our best efforts to keep your personal data safe and secure. In this section, we inform you about our technical and organizational measures that help us to protect personal data.
Our security measures. We implement organizational and technical information security measures to protect personal data from loss, misuse, unauthorized access, and disclosure. We are an entity certified under ISO 27001 and PCI DSS, which means that we comply with high-security standards when keeping our information assets secure, including securely managing financial information, intellectual property, employee details, and information entrusted by third parties. Other security measures taken by us include: (i) secured networks; (ii) SSL encryption; (iii) firewalls; (iv) strong passwords; (v) limited access to personal data by our staff; and (vi) anonymization of personal data (when possible).
Handling security breaches. Although we put our best efforts to protect personal data, given the nature of communications and information processing technology and the Internet, we cannot be liable for any unlawful destruction, loss, use, copying, modification, leakage, and falsification of your personal data caused by circumstances that are beyond our reasonable control. In case a serious breach occurs, we will take reasonable measures to mitigate the breach, as required by the applicable law. Our liability for any security breach will be limited to the highest extent permitted by the applicable law.
Data subject rights
Data subjects have the right to control how we process their personal data. Below, we list the rights that data subjects can exercise with regard to their personal data and explain how those rights can be exercised.
What rights do you have? Subject to any exemptions provided by law, you may ask us to:
Get a copy of your personal data that we store;
Get a list of purposes for which your personal data is processed;
Rectify inaccurate personal data;
Move your personal data to another processor;
Delete your personal data from our systems;
Object and restrict processing of your personal data;
Withdraw your consent, if you have provided one; or
Process your complaint regarding your personal data.
How to exercise your rights? To exercise any of your rights listed above, please contact us by email at email@example.com and explain in detail your request. In order to verify the legitimacy of your request, we may ask you to provide us with an identifying piece of information, so that we could identify you in our system and authorize your request. We will answer your request within a reasonable timeframe but no later than 2 weeks.
How to launch a complaint? If you would like to launch a complaint about the way in which we handle your personal data, we kindly ask you to contact us first and express your concerns. We will investigate your complaint and provide you with our response as soon as possible. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with your local data protection authority.
Requests regarding the personal data in the Files. We act in the capacity of a data processor with regard to the personal data submitted by our clients via the Files. Therefore, we do not accommodate requests related to the access, rectification, and deletion of personal data in the Files and other rights the data subjects may have with regards to the Files. The persons that would like to exercise their rights with regard to the personal data processed by us via the Files are requested to contact our client that acts as a data controller. In case we receive such requests directly from data subjects, we will not take action and inform the respective data controller without undue delay so that it could act accordingly.
The term, termination, and amendments
Postal address for communication: Linguistix Tank Inc., 4312 Village Centre Ct, Mississauga, ON L4Z 1S2, Canada
Phone: +1 (905) 615-1598
Contact form: lxt.ai/contact