How we Use Information
Customer Data will be used by Nittio in accordance with Customer's instructions, including any applicable terms in the Customer Agreement and Customer's use of Platform functionality, and as required by applicable law. In these respects, Nittio is a data processor of Customer Data and Customer is the controller of that data. Customer may, for example, use the Platform to grant and remove access to a Customer Group, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Platform.
Nittio uses Other Information it collects in furtherance of our legitimate interests in operating our Platform, Websites, and business. More specifically, Nittio uses Other Information:
- To provide, update, maintain and protect our Platform, Websites and business. This includes use of Other Information to support delivery of the Platform under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Authorized User's request.
- As required by applicable law, legal process or regulation.
- To communicate with you by responding to your requests, comments and questions.
If you contact us, we may use your Other Information to respond.
- To send emails and other communications.
We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Platform, our Platform offerings and important Platform-related notices, such as security and fraud notices. These communications are considered part of the Platform and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Nittio. These are marketing messages so you can control whether you receive them.
- In addition, we may contact you about new product features, promotional communications or other news about Nittio. We will only send you commercial messages if you agree to receive them. You can control this process and have the ability to opt-in to these messages or unsubscribe should you no longer wish to receive any commercial messages from us.
- We may de-identify and aggregate Other Information.
- To investigate and help prevent security issues and abuse.
If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person (that is, no longer considered personal information), Nittio may use it for any business purpose.
Data Retention
Nittio will retain Customer Data in accordance with a Customer's instructions, including any applicable terms in the Customer Agreement and Customer's use of Platform functionality, and as required by applicable law. Nittio may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information for the period of time needed for Nittio to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.
How we Share and Disclose Information
This section describes how Nittio may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Nittio does not control how they choose to share or disclose Information.
- Customer's Instructions. Nittio will solely share and disclose Customer Data in accordance with a Customer's instructions, including any applicable terms in the Customer Agreement and Customer's use of Platform functionality, and in compliance with applicable law and legal process.
- Customer Access. Administrators, Authorized Users and other Customer representatives and personnel may be able to access, modify or restrict access to Other Information. This may include, for example, your employer using Platform features to export logs of Customer Group activity, or accessing or modifying your profile details.
- Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services. We will ensure that any third party processing your information on our behalf does so in compliance with this Policy and applicable law.
- Corporate Affiliates. Nittio may share Other Information with its corporate affiliates, parents and/or subsidiaries.
- Aggregated or De-identified Data. We may use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Nittio customer the average amount of time spent within a typical Customer Group.
- To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
- With Consent. Nittio may share Other Information with third parties when we have consent to do so.
Information Security
Nittio makes reasonable efforts to ensure that any Information you provide is maintained in a secure environment. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. While we strive to protect your Information, Nittio cannot warrant the security of any Information you transmit to us or from our Platform or Websites, and you do so at your own risk.
Nittio has implemented and maintains reasonable and appropriate security measures, procedures and practices to protect against the loss and unauthorized access, use, modification, destruction or disclosure of your Information while it is in our custody or under our control. For example, we use TLS encryption, firewalls, anti-virus and system security monitoring.
We also limit access to your Information to those employees, contractors and agents who have a business need to know.
Changes to this Privacy Policy
Nittio may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, Nittio will provide additional notice, such as via email or through the Platform. If you disagree with the changes to this Privacy Policy, you should contact your Employer to deactivate your Platform account. Contact your Employer if you wish to request the removal of Personal Data under their control.
Data Residency and Global Access - Platform
Data protection laws in certain jurisdictions differentiates between the data controller and data processor of information. In the case of the Platform the Customer is the data controller and Nittio is the data processor.
Currently customer data is stored in the US region.
While the data will be stored as chosen by each Customer based on the above, Nittio personnel may access the data from other locations outside of the specified region. The data will continue to reside in the US region.
By accepting this Privacy Policy, or providing us with any personal information, you agree to the above data residency conditions as chosen by your Employer.
Links to third party Websites
The Website may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Nittio neither owns nor controls these third-party websites and accordingly assumes no responsibility for the information practices of those websites. You should inform yourself with the privacy policies (if any) of those third-party websites.
Withdrawal of Consent
If you wish to withdraw (revoke) your consent for the collection, use or of your Information or Personal Information through the Website at any time, please contact us at hello@nittio.com. Your withdrawal of consent is not retroactive, since Nittio may already have used your information for the purposes described here; it will be applied on a go-forward basis.
If you wish to withdraw (revoke) your consent from the Platform you will need to contact your Employer.
Contact our Privacy Officer
Nittio is responsible for personal information under its control and has designated a Privacy Officer who is accountable for this Privacy Policy and applicable Canadian governing laws. Should you have any questions about your personal information or Nittio's privacy practices, please contact our Privacy Officer at the information below.
In relation to our Websites users may contact us with requests that we delete their personal information from our systems, or to request access or correction to their personal information. We will attempt to accommodate such requests to the extent possible. In relation to the Platform user must contact your Employer to request the deletion of personal information from the Platform. If all such information is deleted from our systems, your account may become deactivated. In any event, we may retain an archived copy of your records as required by law or for legitimate business purposes.
The Privacy Officer may be contacted at: hello@nittio.com