Privacy Policy
Privacy Notice
Last Revised: November 2024
This Privacy Notice informs you of important information about how Edecree (together, “Edecree,” “we,” “us,” or “our”) processes the personal data that we collect in online and offline formats through the Services. The controller for your personal data will be identified when you purchase a product or service or interact with us.
When we use the term “Services,” we refer collectively to:
The provision of transcription technology and related services to our customers, including technical support (“Customer Services”);
The websites owned and controlled by us that link to this Privacy Notice (“Sites”); and
Interactions with prospective customers, as well as marketing and business development activities, including events we host, social media properties we operate, and emails that we send (“Marketing Activities”).
When we use the term “personal data,” we mean data that can reasonably be used to identify a person or that reasonably relates to a person.
This Privacy Notice applies to our processing of personal data within the scope of the General Data Protection Regulation (“GDPR”) and/or the GDPR as it is incorporated into the laws of England, Wales, Scotland, and Northern Ireland (“UK GDPR”) as follows:
Processing of personal data by Edecree located in one or more of the European Union Member States plus Iceland, Liechtenstein, and Norway (together known as the “European Economic Area” or “EEA”) and/or the United Kingdom (“UK”); and
Processing of personal data by an Edecree company located outside of the EEA and/or the UK but that is offering goods or services into the EEA and/or the UK or monitoring the behavior of individuals in the EEA and/or the UK, in which case this Privacy Notice applies only to the processing of personal data of individuals located in the EEA and/or the UK.
If you are a resident of Canada, click here for additional disclosures.
If you are a resident of California, USA, click here for additional disclosures.
If you do not agree with this Policy, you must not use any of the Services. If you change your mind in the future, you must stop using the Services, and you may exercise your rights concerning your Personal Information as set out in this Policy.
How We Collect and Use Personal Data
We collect and process personal data about a number of different individuals through the provision of the Services. These individuals include our customers, prospective customers and others who may be interested in our products and services, visitors to our offices, visitors to our Sites, vendors, and other individuals.
We use your Personal Data to:
Set up your account. We use your registration information, device information, and information received from third parties (such as your username, email address) to set up an account for you to use our Services. We do so per our contractual and precontractual obligations to you to provide you with an account to use the Services.
Provide you with the Services. We use your data provided to us by you, usage information, and platform information to provide you with the Services. Additionally, we use your communication information to facilitate support (e.g., retrieval of a forgotten password). We do so per our contractual obligations to you to provide you with the Services.
Improve and monitor the Services. Edecree may collect, create, process, transmit, store, use, and disclose aggregated and/or deidentified data derived from data or use of the Services for its business purposes and provide more accurate transcription services, including for machine learning and training, industry analysis, benchmarking, and analytics. All Aggregated Data will be in an aggregated and/or deidentified form only.
Customers and Prospective Customers
The majority of our customers and prospects are corporate entities, and data about entities is not personal data. However, we process personal data of their employees, representatives, and other personal data customers and prospects provide to us or allow us to collect on their behalf.
We collect the following personal data in providing Customer Services and Marketing Activities:
Names
Job titles
Email addresses
Physical addresses
Phone numbers
We also obtain personal data about individuals who may be interested in our products or services from third-party sources, such as lead generation list providers and conference organizers when they provide us with personal data about conference attendees.
Our legal bases for processing personal data in connection with Customer Services and Marketing Activities are:
To comply with legal obligations and professional responsibilities;
To perform contracts;
To pursue our legitimate interests of ensuring that we deliver the best possible service to our customers, keeping individuals informed of developments in our technology, products, and services, business development and general marketing, and ensuring we build and maintain a good working relationship with you;
Your consent, where we make it clear to you in advance that we are relying on your consent (for example, when you sign up for our mailing list).
Visitors to Our Sites
We collect certain personal data from visitors to our Sites. This data is generally collected directly from you when you fill out form fields, interact with our product, download product documentation, or register and use our services. We may collect:
Name
Customer account number
Company name
Email address
Phone number
The legal bases we rely on to process this personal data are:
To pursue our legitimate interests in operating and growing our business, operating and improving the Sites, delivering the Customer Services, and engaging in Marketing Activities; and
Your consent, where we make it clear to you in advance that we are relying on your consent (for example, when you sign up for our mailing list).
Vendors and Business Partners
We process personal data of vendors and business partners, including name, contact information, financial information, tax information, and information to verify identity. This allows us to liaise about the services the vendors are providing to us now and in the future.
The legal bases we rely on to process this personal data are:
To perform contracts;
To comply with our legal obligations; and
To pursue our legitimate interests of managing and operating our business, including through use of vendors and business partners.
Social Media Platforms
Social media channels, pages, and blogs offered as a service to users of the Services (“Social Media”) are hosted by third-party vendors. These vendors normally require registrants to provide personal data, including name and email address, among other kinds of information. This personal data is not collected by us but may be shared with us. We use this personal data to manage our online communities and for other purposes as set forth in this Privacy Notice.
Additional Uses of Personal Data
In addition to the uses described above, we may use your personal data for the following purposes. Some of these uses may, under certain circumstances, be based on your consent, may be necessary to fulfill our contractual commitments to you, are necessary to serve our legitimate interests in the following business operations, or to comply with our legal obligations:
Operating our business, administering the Services and managing your accounts;
Contacting you to respond to your requests or inquiries;
Processing and completing your transactions including, as applicable, order confirmation and delivering products or services;
Providing you with newsletters, articles, alerts and announcements, event invitations, and other information that we believe may be of interest to you;
Providing you with marketing information, and other information that is tailored to your interests;
Conducting research, surveys, and similar inquiries to help us understand trends and customer needs;
Analysing your interactions with us, and improving our products, services, programs, and other offerings;
Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorised access to or use of Personal Information, our website or data systems; or to meet legal obligations; and
Enforcing our Terms of Use and other agreements.
How We Share and Disclose Personal Data
We share personal data with the following categories of recipients.
Service Providers:
We may disclose your personal data to third-party service providers to provide us with services such as website hosting, professional services, including information technology services and related infrastructure, customer service, e-mail delivery, auditing and other similar services.
To Perform Customer Services:
We may disclose personal data to third parties in order to perform services you request or functions you initiate, such as when you post information and materials on message boards and forums.
Corporate Transactions or Events:
We may disclose your personal data to a third party in connection with a corporate reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or capital, including in connection with any bankruptcy or similar proceedings.
Other Legal Reasons:
In addition, we may use or disclose your personal data as we deem necessary or appropriate: (1) under applicable law, including laws outside your country of residence; (2) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (3) to comply with subpoenas and other legal processes; (4) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of Loom, our affiliates, you and others; and (7) to enforce our terms and conditions.
Security
Loom takes reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. However, please be advised that when information is transmitted over the internet, it cannot be guaranteed to be completely secure.
E-mail Marketing
We may periodically send you relevant alerts and newsletters by e-mail. To help improve our marketing activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.
Data Retention
We retain personal data pursuant to our records retention program, for as long as is necessary for the purposes set out in this Privacy Notice, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights, in accordance with the principles set forth in Articles 5(1) of the GDPR and the UK GDPR and any other laws in jurisdictions in which we operate, as applicable.
When deciding how long to retain personal data we take into account our legal and regulatory obligations, the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means. The specific criteria used to determine the period for which personal data about you will be stored varies depending on the legal basis under which we process such personal data:
Legitimate Interests
For a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of the data subjects.
Contractual Necessity
For the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the limitation period for legal claims that could arise from the contractual relationship.
Legal Obligation
For the duration of time we are legally obligated to keep the personal data.
Consent
For the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain personal data about you erased (see Data Subject Rights below).
We may face any threat of legal claim and in that case, we may need to apply a “legal hold” that retains personal data beyond our typical retention period. In that case, we will retain the personal data until the hold is removed, which typically means the claim or threat of claim has been resolved.
Transfers of personal data across borders
Any personal data that you provide to us is stored and processed in, and transferred between, any of the countries in which Loom and its agents, contractors and affiliated organisations have offices, in order to enable Loom to use that personal data as set out in this Privacy Notice.
Not all of these countries have data protection laws equivalent to those in force in the EEA and/or the UK. In order to ensure the protection of your personal data outside of the EEA and/or the UK we rely on appropriate or suitable safeguards, including:
Using standard contractual clauses approved by relevant authorities as ensuring adequate safeguards.
Transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data by relevant authorities.
Obtaining your consent to transfer personal data after first informing you about the potential risks of the transfer.
Transferring personal data when it is necessary for the performance of a contract between you and us, or if the transfer is necessary for the performance of a contract between us and a third party and the contract was entered into in your interest.
Transferring personal data when it is necessary to establish, exercise or defend legal claims.
Data Security
We seek to use reasonable organisational, technical and administrative measures to protect personal data within Loom. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below.
Data Subject Rights
Individuals whose personal data we process subject to the GDPR and/or the UK GDPR have certain rights as required by law, including the right of access, erasure and data portability, as well as the right to rectification, to restrict processing, to withdraw consent, and to object to processing as follows.
Access:
Individuals have the right to know if we are processing personal data about them and, if so, to access and obtain a copy of personal data about them, as well as information relating to the processing of that data.
Rectification:
Individuals have the right to have us correct or update any personal data about them that is inaccurate or incomplete without undue delay.
Restriction:
Individuals have the right to restrict or limit the ways in which we process personal data about them where the accuracy of the personal data is contested by them, where data has been obtained by us unlawfully, where the individual has objected to our processing of the data (see right of objection below) and we are considering whether to cease processing, or where we no longer need to process the personal data.
Objection:
Individuals have the right to object to our processing of their personal data where we are relying on legitimate interests as our legal basis and their rights override our legitimate interests in processing their personal data. Individuals also have the right to object to our processing of their personal data for direct marketing purposes.
Withdrawal of Consent:
Where we rely on consent as the basis for processing personal data, individuals have the right to withdraw their consent.
Erasure:
Individuals have the right to request deletion or erasure of their personal data in a number of circumstances where required by law. These include where we no longer require the personal data for the purposes for which it was collected, the individual has withdrawn consent, or where we are relying on legitimate interests as a legal basis and the individual’s rights override our legitimate interests.
Portability:
Individuals have the right to obtain a copy of the personal data we hold about you in a structured machine-readable format and to have it transmitted to another controller. This right only occurs where we are relying on your consent or performance of a contract as our legal basis and the processing is carried out automatically.
Make a Complaint:
Individuals also have the right to make a complaint about our personal data handling practices to their local Supervisory Authority.
Cookie Notice
How we use Cookies:
We use cookies and related technologies (“Cookies”) to provide Services, gather information when users navigate through the Sites to enhance and personalise the experience, to understand usage patterns, and to improve our Sites, products, and Services.
Cookies on our Sites are generally divided into the following categories:
Required Cookies: These cookies are necessary to enable basic features of the Sites to function, such as providing secure log-in or remembering how far you are through an activity or order.
Functional Cookies: These cookies allow us to analyse your use of the Sites to evaluate and improve our performance. They may also be used to provide a better customer experience on the Sites, for example, by remembering your log-in details, saving what is in your shopping cart, or providing us information about how the Sites are used.
Advertising Cookies: These cookies are used to show you ads that are more relevant to you. We may share this information with advertisers or use it to better understand your interests. For example, advertising cookies may be used to share data with advertisers so that the ads you see are more relevant to you, allow you to share certain pages with social networks, or allow you to post comments on our site.
How to control Cookies:
You can review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies. If you disable or delete certain Cookies in your settings, you may not be able to use features of the Sites.
The opt-outs described above are device- and browser-specific and may not work on all devices. If you choose to opt-out through any of these opt-out tools, this does not mean you will cease to see advertising. Rather, the ads you see will just not be based on your interests.
Links to Other Sites
Occasionally we provide links to other websites for your convenience and information. These sites operate independently from our Sites and are not under our control. These sites may have their own privacy notices or terms of use, which you should review if you visit any sites linked through our Sites. We are not responsible for the content or use of these unrelated sites.
Updates to this Privacy Notice
Although most changes are likely to be minor, eDecree may change its Privacy Notice from time to time, and at eDecree’s sole discretion. eDecree encourages visitors to frequently check this page for any changes to this Privacy Notice.
Contact Us
Data Subject Access Request:
You may exercise your rights to review, know, correct, update, delete, restrict, or object to the processing of your personal information at any time by requesting a Data Subject Access Request at privacy@edecree.com.
Complaints:
You may submit a complaint regarding the processing of your personal data at any time by emailing privacy@edecree.com.
If you have any queries, questions, or concerns about this Privacy Notice or our personal data handling practices, please email privacy@edecree.com or write to:
Edecree
Suite 720, 200 Yorkland Blvd., North York, ON, M2J5C1
Additional Disclosure for California
State of California, United States: We may disclose personal data to affiliates of Edecree, Inc., which may use this information for all purposes outlined in this Privacy Notice. Under California Civil Code Section 1798.83, separate legal entities are considered “third parties,” and certain communications with our affiliates might be viewed as promoting our services. Therefore, we are providing the following information for California residents who have provided us with their personal data during the creation of or during the course of an established professional services relationship that is primarily for personal, family, or household purposes (“California Residents”).
Individual California Residents may request information about our disclosures of certain categories of personal data to third parties (i.e., our affiliates) for such third parties’ direct marketing purposes, consistent with California Civil Code Section 1798.83.
Individual California Residents must submit requests to us either by email at privacy@edecree.com or by mail at the following address:
Edecree
Suite 720, 200 Yorkland Blvd., North York, ON, M2J5C1
In response, we will provide a list of the categories of “Personal Information,” as defined by California Civil Code Section 1798.83, disclosed to third parties for direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties.
This request may be made no more than once per calendar year. We reserve the right not to respond to requests submitted other than to the email or mailing addresses specified in this section.
Additional Disclosure for Canada
These disclosures (the “Disclosures”) supplement the Edecree Privacy Notice. All terms not defined in these Disclosures have the same meaning as in the Edecree Privacy Notice.
The Disclosures apply only to our processing of personal data within the scope of the Personal Information Protection and Electronic Documents Act (“PIPEDA”) as well as those federal, provincial, and territorial laws and regulations that apply to Edecree’s processing of personal information (together, the “Privacy Laws”).
Edecree is comprised of Edecree, Inc. and its group of subsidiary companies, which are different legal entities. These Disclosures are issued on behalf of this group of entities, so when we mention “Edecree,” “we,” “us,” or “our” in this Privacy Notice, we are referring to the relevant company in the group responsible for processing your data. The controller for your data will be Edecree Canada ULC or the Edecree entity that is identified when you purchase a product or service or interact with us.
Data Retention
We retain personal data per our records retention program, for as long as is necessary for the purposes set out in the Edecree Privacy Notice, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights.
Transfers of Information Across Borders
If you are a resident of Canada and you use the Services, your personal data may be stored or accessed outside of Canada, including by our affiliated companies or by third-party service providers. This means that your personal data will be subject to the laws of the jurisdiction in which it is stored or accessed, including the access rights of the government of that jurisdiction. If you do not wish for your personal data to be stored or accessed outside of Canada, you have the option of not using the Services. If you have questions about storage of your personal data outside of Canada, please contact us as set forth above in the “Contact Us” section.
Data Subject Rights
Under PIPEDA and related provincial legislation, you have the right, under certain circumstances, to access information we hold about you. Any such access request must be in writing and provided to us at the email or postal addresses described in the “Contact Us” section below.
We may need to verify your identity before responding to your request. In some circumstances, we may not provide access to your personal information, for example, if it contains the personal information of other persons, if it constitutes confidential commercial information, or if it is otherwise not properly the subject of an access request.
Contact Us
If you have any questions, requests, or complaints about our information practices, please contact our Privacy Officer:
Privacy Officer
privacy@edecree.com
Edecree
Suite 720, 200 Yorkland Blvd., North York, ON, M2J5C1