Prophix Privacy and Security Statement

Prophix Privacy Policy

Effective Date: 25-JAN-2023

Who we are and what this is

This privacy policy is issued by Prophix Software Inc. (of 350 Burnhamthorpe Road West, Suite 1000, Mississauga, Ontario Canada L5B 3J1) and each of the other Prophix Affiliates (“we”, “us” or “our”).

The following entities are the Prophix Affiliates:

Prophix Software Inc. (Canada)
Prophix Corporation (America)
Prophix UK Limited (UK)
Prophix Europe ApS (Denmark)
Prophix Software GmbH (Germany)
Prophix South America Services De Informatica Ltda. (Brazil)
Sigma Conso SRL/BV (Belgium)
Sigma Conso France SAS (France)
Sigma Conso Luxembourg SA (Luxembourg)
Sigma Conso Netherlands BV (Netherlands)
Sigma Conso Italia SRL (Italy)
Sigma Conso Portugal Unipessoal Lda (Portugal)
Sigma Conso Asia Pte. Ltd. (Singapore)
PT Sigma Konsolidasi (Indonesia)
Sigma Conso Shn Bhd (Malaysia)

Prophix Software Inc is responsible for operation of this website and is the controller of the personal data collected through this website. The Prophix controller with respect to the personal data collected when you apply for employment or interact with us to request or manage the Prophix Services will be the Prophix Affiliate that you apply to or contract with.

Please read this privacy policy carefully as it will inform you about how and why we collect and process your personal data as a controller and tells you about your privacy rights.

We collect and use personal data as a controller when we determine the types of personal data that we collect and how the personal data is used, such as when:

You use this website.
You make an application for employment with us (please see the “Job Applicants” section below for more information).
You are engaging with us on behalf of a customer or a prospective customer organization in connection with our business and services, including the Prophix cloud services and our professional services (the “Prophix Services”).

Our customers are the controllers of the personal data that they transfer to the Prophix Services for us to process on their behalf. We are the processors of this personal data. When we are a service provider providing the Prophix Services, our customer’s privacy notice governs the collection, use, disclosure and other processing of your personal data instead of this privacy notice. We do not sell the personal data that our customers have provided to us for us to process on their behalf.

This website is not intended for children, and we do not knowingly collect data relating to children.

The data we collect about you

Depending on why you engage with us, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data - full name and title.
Contact Data - postal address, email address and telephone number(s).
Financial Data – any personal bank account or payment card details.
Transaction Data - other details of Prophix Services you have purchased from us on behalf of your organization.
Technical Data - internet protocol (IP) address, login details, browser type and version, time zone setting and location, browser plug-in types and versions, internet service provider (ISP), referring/exit pages, the files viewed on our site, operating system and platform, date/time stamp, clickstream data and other technology on the devices you use to access this website.
Profile Data – your role within your organization, interests, preferences, feedback and survey responses.
Usage Data - data about how you use our website and feedback and survey responses.
Marketing and Communications Data - your preferences in receiving marketing from us and our third parties and your communication preferences.
Audio/Video Data – recordings from live or virtual events and recorded meetings.

We also collect, use and share Aggregated Data such as statistical data, for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

How is your personal data collected?

We use different ways to collect data from and about you including through:

Direct interactions. You may give us your personal data when you access our website, register with us, contact us, subscribe to our marketing materials, send us feedback or complete surveys.
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookies policy and cookies settings for further details.
Publicly available sources. We and third parties engaged by us, such as third-party lead generation service providers, may collect personal data from publicly available sources, including public internet websites and databases such as LinkedIn, company registries and news media.
Customers and Business Partners. We may receive information about you from others within your organization or from our business partners we work with to provide the Prophix Services such as resellers of the Prophix Services that you purchase.
Other third parties. We may also receive personal data about you from various other third-party sources, including Technical Data from providers of third-party cookies (please see our cookies policy and cookies settings for further details) and Identity and Contact Data from third parties such as our B2B marketing partners and organizers of trade events that we attend.

How we use your personal data

The purposes for which we use your personal data depends on the reasons for our interactions.

Under UK and EU data protection law, we can only use your personal data if we have a lawful basis for doing so, which includes:

Legitimate interests: where we need to use your personal data for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Legal obligation: where we need to use your personal data to comply with a legal obligation (not including contractual obligations).
Consent: where you have given us clear consent for us to process your personal data for a specific purpose.

In other countries, we may rely on the legal bases for the collection, use and disclosure of your personal data that are applicable in that country. For example, in Canada and the United States, we rely on your express or implied consent. In some cases, such as where we state below that the processing is necessary for our legitimate interests, we will not be able to provide you with services unless you agree to our processing of your personal data.

We have set out below, in a table format, a description of how we plan to use your personal data, and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. If you are a job applicant, please refer to the “Job Applicants” section below instead.

Purpose/Activity	Type of data	Lawful basis for processing
To register your organization as a new customer	Identity Contact	Necessary for ours and a third party’s legitimate interests (to set up and manage our customer relationships)
To provide Prophix Services to your organization including: Manage payments, fees and charges with your organization Collect and recover money owed to us from your organization	Identity Contact Financial Transaction	Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: Notifying you about changes to Prophix Services, terms or privacy policy Asking you to leave a review, take a survey or for other market research purposes	Identity Contact Usage Marketing and Communications	Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers use Prophix Services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Identity Contact Technical	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	Identity Contact Usage Marketing and Communications Technical	Consent, only if it involves the use of cookies or other tracking technologies In other situations: Necessary for our legitimate interests (to study how customers use Prophix Services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve Prophix Services, marketing, customer relationships and experiences	Technical Usage	Consent, only if it involves the use of cookies or other tracking technologies In other situations: Necessary for our legitimate interests (to define types of customers for Prophix Services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about Prophix Services that may be of interest to you or your organization	Identity Contact Technical Usage Marketing and Communications	Consent, if required by applicable law In other cases: Necessary for our legitimate interests (to develop Prophix Services and grow our business)

Disclosures of your personal data

We routinely share your personal data with the parties set out below for the purposes set out in the table in the section “How we use your personal data”.

Other Prophix Affiliates (as listed at the start of this policy) for the purpose of receiving intra-group operational support and to enable the appropriate entity to provide the Prophix Services to your organization or manage your job application.
Third parties we use to help provide Prophix Services to your organization, such as our payment processing and invoice management providers.
Other third parties we use to help us run our website and business, such as:
- Our website hosting providers, CRM provider and providers of research and analysis services.
- Our sales platform and call recording service providers (also see the “Call recording” section below)
- Our forecasting and project management software providers, such as Clari and Mango Technologies.
- Corporate business application service providers, such as Microsoft.

We only allow our service providers to handle your personal data if we are satisfied that they take appropriate measures to protect it.

We may disclose your personal data to law enforcement agencies and regulatory bodies if we are required by law to do so or we have a good faith belief that it is appropriate and lawful to do so according to applicable laws or regulations.

We may also need to share some personal data with other parties during a corporate re-structuring or with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. Usually, data will be anonymized, but this may not always be possible prior to completion of the relevant transaction. The recipient of the data will be bound by confidentiality obligations.

International transfers

Please be aware that to provide you with access to this website and to manage our relationship with you, we may need to transfer your personal data outside of the country in which you are located including to service providers and other Prophix Affiliates.

Whenever we transfer your personal data, we ensure a similar degree of protection is afforded to it in the recipient’s location.

For example, if our processing of your personal data is subject to the UK GDPR or EU GDPR and we transfer your personal data out of the UK or EEA as applicable, we will ensure at least one of the following safeguards is implemented:

We will ensure that the country we are transferring your personal data to has been deemed to provide an adequate level of protection for personal data, by either the UK or European Commission.
We will use specific contracts approved for use in the UK or EEA, which give personal data the same protection it has in the UK or EEA (such as an approved International Data Transfer Agreement or Standard Contractual Clauses).
You may be entitled to additional information about our transfers of personal data, such as our policies relating to those transfers. Please contact us if you have questions. For example, please contact us if you want further information on the specific mechanisms used by us when transferring your personal data out of the UK or EEA.

Cookies and other tracking technologies

We use cookies on our website. A cookie is a small text file which is placed onto your device (e.g., computer, smartphone or other electronic device) when you use our website. Cookies help us recognise you and your device and store some information about your preferences or past actions.

For more information about the cookies we use, when we ask for your consent before placing them and how to disable them, please see our cookies policy.

Call recording

We may record and transcribe certain calls that we have with you, including audio and video calls and online demos. We will notify you before call recording occurs. Depending on the nature of the call, we may rely on your consent or our legitimate interests for recording the call.

We do so for internal training and sales analysis purposes. We may use our chosen video call platform or a third-party sales intelligence software provider, to record the calls on our behalf.

You can choose not to participate in a recorded call at any time by not joining a recorded call after being provided with notice of the recording or by terminating the call. In some cases, you may be able to ask the call host to stop recording. If recording the call is necessary for our legitimate interests, you may contact us through other means, such as by writing to us. If you are in the UK or EEA, you can also exercise your “right to be forgotten” at any time (see the “Your legal rights” section at the end of this policy).

We will routinely retain call recordings and during this period they will be stored securely, with access limited to only those personnel who require access in relation to their job role. The length of time that we retain calls depends on the nature of the call and the purposes of the recording. Most call recording will be retained for no longer than 12 months. However, we may retain call recordings for longer, if necessary, as described in “Data Retention”.

Marketing

We may use your personal data to send you updates (by email, text message, telephoner or post) about Prophix Services, including exclusive offers, promotions or new products and/or services.

We have a legitimate interest in using your personal data to send you business-to-business marketing communications. This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.

We will never sell your personal data to a third party for marketing purposes. You can ask us to stop sending you marketing communications at any time by:

Following the opt-out links on any communications sent to you.
Contacting us (see the “Contact us” section at the end of this policy).

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, our response to queries you have raised or any other communications which are service communications and are not considered a form of marketing communication.

Job Applicants

If you apply for employment with any Prophix Affiliate, we may collect and process Employment Application Data about you, in addition to Identity Data and Contact Data.

Employment Application Data is information that you provide to us or that we otherwise collect in the course of evaluating your eligibility for employment including education and qualifications, employment history and experience, references and background check information (including criminal history), voluntary self-disclosure information relating to demographics and disability status, government identification and eligibility to work, and other information that you voluntarily provide during the hiring process. This information may therefore include Special Category Data and Criminal Offence Data.

Subject to any applicable law, we collect personal data about job applications from the following sources:

You, the applicant.
Any recruitment agent you use.
Your named referees, including former employers and character reference contacts.
Publicly available websites, such as LinkedIn and company registries.
Publicly available social media accounts, such as Facebook.
Our chosen background screening provider from time to time in respect of pre-employment record checks relevant to your role.

We may collect the information in the following table during the recruitment process. Please see the section “How we use your personal data” for an explanation of the different lawful bases for processing.

Purpose / Activity	Type of data	Lawful basis for processing
To contact you regarding your application for a position with a Prophix Affiliate, such as to invite you to the next stage of the recruitment process, arrange an interview or let you know that you’ve been unsuccessful.	Identity and Contact Data.	Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (i.e., to process your job application).
To determine whether you are suitable for that job role and whether you meet the application criteria, to carry out background / reference checks (where applicable) as well as ensuring we have a fair recruitment process.	Details of your qualifications, experience, employment history (including job titles, salary and working hours), interests reference details, and details provided by your references.	Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (i.e., to process your job application). Necessary to comply with our own legal obligations relating to employment law. Necessary to establish, exercise and/or defend any legal claims that may be brought by or against us in connection with your recruitment. Necessary for our legitimate interests (to appoint someone suitable and appropriate to that role).
To ensure you have the right to work in the relevant country.	Nationality and immigration status.	Necessary to comply with our own legal obligations relating to employment law.
To determine whether you are suitable for that job role and whether you meet the application criteria, as well as ensuring we have a fair recruitment process.	Any other information that you voluntarily provide to us or that your references provide to us as part of the recruitment process or which you include on your application or CV (such as education details, social media profiles and personal experiences).	Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (i.e., to process your job application). Necessary to establish, exercise and/or defend any legal claims that may be brought by or against us in connection with your recruitment. Necessary for our legitimate interests (to appoint someone suitable and appropriate to that role).

If you fail to provide information when requested, which we consider is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully. For example, if we require references for a role and you fail to provide us with relevant details, we will not be able to take your application further.

Special Category Data and Criminal Offence Data. We will only collect and process this information about you where it is necessary and in accordance with any applicable law:

For our or your obligations or rights in the field of employment law or social security law.
In relation to legal claims.
For reasons of substantial public interest.

We will only share job applicant personal details with our staff and third parties, as is necessary for the purposes of processing your application and complying with our legal and regulatory obligations. In addition to our routine IT service providers and other relevant third parties listed in the “Disclosures of your personal data” section above, we will also engage recruitment portals and recruitment software tools from time to time to help us manage the application process.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. You should view the third-party’s privacy policy, or contact them, if you require information about how they collect and process your personal data.

Data security

We have appropriate use technical, physical and organizational security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised unauthorized way. The type of measures we use depend on the sensitivity of the personal data and the risks to that personal data.

We limit access to your personal data to those personnel who have a business need to know. They will only process your personal data in an authorized manner, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

We will only keep your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, for example for the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you. Subject to foregoing, when we no longer need your personal data, we will delete or anonymise it.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

If your organization purchases Prophix Services, we will keep your personal data collected for the purpose of billing and contract management whilst we are providing those Prophix Services. Thereafter we will keep this personal data for as long as is necessary:

To respond to any questions, complaints or claims made by you or on your behalf.
To show that we treated you and your organization fairly.
To keep records required by law.

If you apply for employment with a Prophix Affiliate:

If we do not appoint you to a role, subject to applicable law, we will (save for any emails that have been sent to or by us in connection with your application, which we retain in line with our standard email retention period from time to time) retain your personal data for a period of up to 2 years after we have communicated to you our decision not to appoint you to a role. We retain your personal data for that period to show, in the event of a legal claim, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way. We may request your consent to retain your personal data for a longer period of time including for purposes related to potential future employment opportunities. You may withdraw your consent at any time by emailing us at privacy.officer@prophix.com.
If your application is successful, your personal data will be retained on your personnel file and will then be governed by our Employee Privacy and Confidentiality of Personal Information Policy. We will provide you with a copy of this before you accept a job opportunity with us.

You can request further details of retention periods for different aspects of your personal data by contacting us.

Your legal rights

You may have certain rights with respect to your personal data depending on the laws that apply to you. Subject to certain exceptions, we provide the following rights to data subjects:

Request for Information	Upon request Prophix will provide you with information about whether we hold any of your personal information
Access	The right to receive a copy of your personal data (the right of access)
Rectification	The right to make us to correct any mistakes in your personal data
To be forgotten	The right to make us delete your personal data—in certain situations
Restriction of processing	The right to make us restrict processing of your personal data—in certain circumstances, e.g. if you contest the accuracy of the data
Data portability	The right to receive the personal data we hold on you in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object	The right to object: at any time to your personal data being processed for direct marketing (including profiling) in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests

If you are located in the UK or EEA, you also have the following rights:

Not to be subject to automated individual decision making

The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

If you would like to exercise any of your rights, please:

Email, call or write to us — see the “Contact us” section at the end of this policy.
Let us have enough information to identify you e.g. your full name and email address.
Let us have proof of your identity if requested.
Let us know which right you want to exercise and the data to which your request relates.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We will respond to all legitimate requests within a reasonable timeframe and will endeavour to respond within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. In certain circumstances we may be required by law to retain your personal information or may need to retain your personal information in order to continue providing a service.

Contact details

If you have any questions about this privacy policy or the data that any of the Prophix Affiliates hold about you, please contact us in the following ways:

By email: privacy.officer@prophix.com
By post care of: 350 Burnhamthorpe Rd. West, Suite 1000, Mississauga, Ontario, Canada L5B 3J1

How to complain

Please contact us if you have any query or concern about our use of your data (see below “How to contact us”). We hope we will be able to resolve any issues you may have.

You have the right to make a complaint at any time to the relevant data protection supervisory authority or privacy commissioner.

Disputes

Prophix will attempt to investigate and promptly resolve any disputes or complaint regarding the interpretation or compliance with this Policy. You can submit a dispute or complaint to us as set forth in the section entitled Contacting Prophix above. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Alternatively, you can contact the data protection supervisory authority in your jurisdiction for assistance.

Changes to the privacy policy

We keep our privacy policy under regular review. This version was last updated in January 2023. If we change our privacy notice from time to time, we will post the updates on our website. We may also take reasonable steps to notify you if such changes affect how your personal data is processed.

See
in action

See demo

U gaat nu verder op een engelstalig gedeelte van onze website

Cancel Ok

Book a call

Ready to chat?

First Name:

Last Name:

Work Email:

Company Name:

Country:

Phone:

Industry:

Yes, send me emails on Prophix Products, Services, and Events.

By completing the above form you are agreeing to receive further communications from Prophix and share your contact information with authorized and approved Prophix partners as we are committed to complying with GDPR regulations. We consider your privacy to be of utmost importance and work hard to protect it. You can unsubscribe from Prophix email communications at any time.