Privacy Policy
Last Updated: July 31 2023
This policy (the “Privacy Policy”) governs your use of the websites www.breadstack.com, app.breadstackcrm.com, app.chatso.com, app.cantec.com, and canfleet.io services performed by and all applications owned or controlled by Breadstack Technologies Inc., its subsidiaries and affiliates (together “Breadstack”, “we”, or “us”) (collectively, the “Services”).
We respect your privacy and are committed to protect it though our compliance with this Privacy Policy. This Privacy Policy should be read in conjunction with our Master Services Agreement which can be located at www.breadstack.com/MSA. This Privacy Policy describes how we collect, process, use and share information about you when you visit the Services. It also describes the choices available to you regarding our use of information and how you can access and update this information in certain circumstances.
What information do we collect?
Personal Information (“Personal Information”) is personal information you provide us, or what we collect from you and your devices in connection with your access to and use of the Services. In legal terms, we collect and use this Personal Information as a data controller. There are two general ways in which we collect Personal Information when you access or use the Services.
- Information we automatically collect from your use of the Services – When you visit the Services, your browser and computer automatically provide to us certain technical information about your computer or device. This information may be collected using “cookies”, “log files” web beacons”, “tags” and “pixels”. The following are different kinds of information we automatically collect from your use of the Services:
- “Usage Information” – includes information about your use of our Services and how you arrived at the Services, including the URL that referred you, the pages you navigate through the Services, how long you stay on those pages, frequency, time and pattern of your Services use.
- “Technical Information” – includes information collected when you access our Services including your internet protocol address, your access date, browser type and version, time zone setting and location, operating system, device type and other technology of the devices you are using.
- Information you give us – When you fill out a form, send an email to our team or otherwise send us information through the Services, we collect personal information about you. The Services have webpages that allow you to submit a variety of personal information to us. The following are different kinds of information you give us from your use of the Services:
- “Identity Information” – includes your first name, middle name, last name, title and other corresponding identification information.
- “Contact Information” – includes your email address and telephone number.
- “Professional Information” – which includes your job title, email address and phone number.
- “Professional Information” – including your previous positions and professional experience.
- “Enquiry Information” – includes information contained in any enquiry you submit to us regarding our Services or the services that we provide.
Information we collect from our partners and other sources
We may also obtain information about you from other sources and combine that with information we collect about you through your use of the Services. We may also obtain your contact information from third parties that market mailing lists. If we receive Personal Information from a third-party source and/or if we combine the information we receive from these third-party sources with your Personal Information, we will treat that information as Personal Information. We are not responsible for the accuracy of the information provided by third parties or how such third parties collect, use and share such information.
Use of Personal Information
We use the Personal Information we collect to provide, maintain, protect and provide our Services, to develop new products and services, and to protect us and our customers. For example, we may use Personal Information about you for the following purposes:
- Facilitate and improve your online experience of the Services;
- To enable you to access and use the Services;
- To communicate with you, including contacting you electronically for the purposes of responding to your comments, questions and requests, providing customer services and support, providing you with information about any of our services, if any, providing you with technical notices, updates, security alerts and administrative messages. You can opt out of receiving such information at any time.
- To monitor and analyze trends, usage and activities on our Services;
- To investigate and prevent authorized access to our Services and other illegal activities;
- To protect and/or enforce our legal rights and interests, including defending any claims; and
- For other purposes authorized by you or applicable privacy laws.
Legal Basis for Use
Our legal basis for collecting and using Personal Information as a data controller will depend on the specific circumstances in which it was collected. In general, we process your Personal Information under the following legal basis:
- Consent – we process your Personal Information if you have consented to the processing activity. You may revoke your consent at any time, in which case we will cease further processing of your Personal Information based on your consent. This will however not impact the lawfulness of processing your Personal Information based on consent before it was withdrawn. Your access to and use of the Services might only be available based on consent.
- Contract – we process your Personal Information, as allowed for by, and to perform our obligations to you under, a binding contract between you and us.
- Legitimate Interest – we process your Personal Information to further our legitimate interests, such as in connection with managing, developing, testing the Services. Any such processing is conducted subject to appropriate measures to protect your fundamental rights and freedoms related to your Personal Information, and in any event will be subject to restrictions provided in this Privacy Policy. Further information or specification of our legitimate interests may be provided in relevant supplements applicable to such use.
Sensitive Information
Given the nature of our Services, we do not ask for “sensitive” or “special categories of personal data”, such as information about your political opinions, racial origins or sexual preferences and we would ask you not to send any to us. However, if at any time you choose to transmit sensitive personal data over our Services for any reason, you must have full authority to do so and you agree that it will be dealt with in accordance to this Privacy Policy, including possible transfer to third parties, inside or outside the EEA.
Sharing of Personal Information
Except as set forth herein or in the Master Services Agreement or any applicable Terms of Use, we may disclose your Personal Information to our agents, vendors, consultants and other service providers to carry out work on our behalf. These entities acting on our behalf are prohibited from using your Personal Information for any purpose other than to provide this assistance.
We must disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. In addition, we may share information about you as follows:
- To the maximum extent permitted by applicable law, in response to subpoenas or other legal process or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or to investigate fraud;
- To enforce the terms of our Master Services Agreement or other policies applicable to the Services;
- To protect the rights, property, life, health, security and safety of us or any third party;
- To the maximum extent permitted by applicable law, we may also use IP addresses, mobile device identifiers or any other information we collect to identify users, and may do so in cooperation with copyright owners, internet service providers, wireless service providers or law enforcement agencies in our discretion. Such disclosures may be carried out without notice to you;
- With our affiliates for internal business purposes; and
- In connection with, or during negotiations of, any proposed or actual merger, purchase, sale (including a liquidation, realization, foreclosure or repossession), lease, or any other type of acquisition of all or any portion of our assets, financing, disposal, conveyance or transfer of all or a portion of our business to another company, in this event you will be notified via prominent notice on our Services of any change in ownership or uses of your Personal information, as well as any choices you may have regarding your personal information.
In our sole discretion, we may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
HOW LONG do we retain Personal Information?
We endeavour to only collect Personal Information that is reasonably necessary for the purposes for which they are collected, and to retain such data for no longer than is necessary for such purposes. The length of time Personal Information is retained, and criteria for determining that time, are dependent on the nature of the Personal Information, the purpose for which it was provided and any statutory retention periods. This is subject to any valid opt-out or withdrawal of consent where processing based on consent, or other valid exercise of your data subject rights.
Data Security
We take reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Although we use reasonable efforts to help protect your information, transmission via the internet is not completely secure and we cannot guarantee the security of your information collected through the Services.
Promotional Communication
There may be features on the Services which enable you to subscribe to newsletters and other information about us. You can opt out of receiving communications from us at any time by following the instructions provided in those communications or emailing us at [email protected] with the subject of “Unsubscribe”.
International transfers
Depending on where you are located when you use or access the Services, your Personal Information may be transferred across international borders outside the country where you use or access the Services, including to countries outside the European Economic Area (“EAA”) that do not have laws providing specific protection for personal data or that have different legal rules on data protection. In such cases, we ensure that there is a legal basis for such transfer and that adequate protection for your Personal Information is provided as required by applicable law, for example, by using standard contractual clauses approved by the European Commission or other relevant authorities, by using certain service providers that are certified under the EU-US Privacy Shield, and by requiring the use of other appropriate technical and organizational information security measures. You may contact us at [email protected] to obtain additional information about the safeguards we take in connection with these transfers.
Your Rights
You have a right to know what Personal Information we hold about you, and to access it. This section describes the mechanisms for you to control certain uses and disclosures of your information.
Upon request, we will provide you with information about whether we hold any of your Personal Information. You may correct, amend, or delete that information at any time by emailing [email protected] with a Personal Information Request. We will respond to your access request within a reasonable time period. We may require additional information from you to allow us to confirm your identity. There may be circumstances in which we may not be able to accommodate your request to change information if we believe that the change would violate any law or legal requirement or cause the information to be incorrect. Please note deleting the Personal Information we hold about you may result in you not being able to access or use the Services.
EEA Residents
If you are an individual from the EEA, and access or use the Services from the EEA, we process your Personal Information both as a Processor and as Controller, as such terms are used in the European Union’s General Data Protection Regulation (Regulation (EU) 2016/679 (“GDPR”). Our legal basis for collecting and using the Personal Information will depend on the Personal Information concerned and the specific context in which we collect it. We process your Personal Information as a processor and controller when your access or use the Services and submit Personal Information to us. Our legal basis for acting as a controller and processor is further described above under the “Legal Basis for Use” section.
If you are an individual from the EEA, and access or use the Services from the EEA, you have certain additional rights provided by the GDPR as follows:
- Right to be informed of how your Personal Information is used – you have a right to be informed about how we will use and share your Personal Information. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and pain language.
- Right to access Personal Information – you have a right to obtain confirmation of whether we are processing your Personal Information, access your Personal Information and information regarding how your Personal Information is being used by us.
- Right to have inaccurate Personal Information rectified – you have a right to have any inaccurate or incomplete Personal Information rectified. If we have disclosed the relevant Personal Information to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible.
- Right to have the Personal Information erased in certain circumstances - you have a right to request that certain Personal Information held by us is erased. This is also known as a right to be forgotten. This is not a blanket right to require all Personal Information to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your Personal Information.
- Right to restrict processing of Personal Information in certain circumstances – you have a right to block the processing of your Personal Information in certain circumstances. This right arises if you are disputing the accuracy of the Personal Information, if you have raised an objection to processing, if processing of the Personal Information is unlawful and you oppose erasure and request restriction instead or if the Personal Information is no longer required by us but you require the Personal Information to be retained to establish, exercise or defend a legal claim.
- Right to data portability – in certain circumstances you can request to receive a copy of you Personal Information in a commonly used electronic format. This right only applies to Personal Information that you have provided to us (such as Identity Information, Contact Information). The right to data portability only applied if the processing is based on your consent or if the Personal Information must be processed for the performance of a contract and the processing is carried out by automated means.
- Right not be to subject to automated decisions – you have the right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
- Right to object to processing of Personal Information – you have a right to object to the processing being carried out by us if we are processing Personal Information based on a legitimate interest or if we are using Personal Information for direct marketing purposes or if the information is being processed for scientific or historical or other statistical purposes. You will be informed that you have the right to object at the point of data collection and the right will be brought explicitly to your attention.
You may exercise any of your rights referred to above by contacting the Data Protection Officer at [email protected]. We may require additional information from you to allow us to confirm your identity.
CALIFORNIA RESIDENTS
This California Consumer Privacy Act (“CCPA”) disclosure explains how we collect, use, and disclose personal information relating to California residents covered by the CCPA. Under the CCPA, the specific Personal Information that we collect, use, and disclose relating to a California resident covered by the CCPA will vary based on our relationship or interaction with that individual.
Collection and Disclosure of CCPA Personal Information
In the past 12 months, we may have collected, and disclosed to third parties for our business purposes, the following categories of Personal Information relating to California residents covered by this disclosure:
- Identifiers, such as name and government-issued identifier (e.g., Social Security number);
- Personal information, as defined in the California safeguards law, such as contact information and financial information;
- Characteristics of protected classifications under California or federal law, such as sex and marital status;
- Commercial information, such as transaction information and purchase history;
- Biometric information, such as fingerprints and voiceprints;
- Internet or network activity information, such as browsing history and interactions with our website;
- Geolocation data, such as device location and Internet Protocol (IP) location;
- Audio, electronic, visual and similar information, such as call and video recordings;
- Professional or employment-related information, such as work history and prior employer;
- Education information, such as student records and directory information; and
- Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics.
The categories of sources from whom we collected CCPA Personal Information are:
- Directly from a California resident or the individual’s representatives;
- Market research surveys;
- Service providers, consumer data resellers and other third parties;
- Public record sources (Federal, State or Local Government Sources);
- Information from our affiliates;
- Website/mobile app activity/Social media; and
- Information from our customers or their service providers.
The categories of third parties to whom we disclosed CCPA Personal Information for our business purposes described in this privacy disclosure are:
- Our customers to which the Personal Information relates;
- Our affiliates;
- Vendors and service providers who provide services such as website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, auditing, marketing and marketing research activities; and
- Government agencies as required by laws and regulations.
Use of CCPA Personal Information
In the past 12 months, we have used Personal Information relating to California residents to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including the following:
- Performing services, including CRM and similar online or cloud-based sales and marketing management tools;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity;
- Short-term, transient use where the information is not disclosed to a third party and is not used to build a profile or otherwise alter an individual consumer’s experience outside the current interaction;
- Auditing related to a current interaction and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;
- Undertaking activities to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance the service controlled by the business;
- Debugging to identify and repair errors that impair existing intended functionality;
- Undertaking internal research for technological development and demonstration; and
- Complying with laws and regulations and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions)
Sale of CCPA Personal Information
In the past 12 months, we have not “sold” Personal Information subject to the CCPA, including Personal Information of minors under the age of 16. For purposes of this Disclosure, “sold” means the disclosure of Personal Information to a third-party for monetary or other valuable consideration.
Rights under the CCPA
If you are a California resident, you have the right to:
- Request we disclose to you free of charge the following information covering the 12 months preceding your request:
- the categories of Personal Information about you that we collected;
- the categories of sources from which the Personal Information was collected;
- the purpose for collecting Personal Information about you;
- the categories of third parties to whom we disclosed Personal Information about you and the categories of Personal Information that was disclosed (if applicable) and the purpose for disclosing the Personal Information about you; and
- the specific pieces of Personal Information we collected about you;
- Request we delete Personal Information we collected from you, unless the CCPA recognizes an exception; and
- Be free from unlawful discrimination for exercising your rights under the CCPA.
We will acknowledge receipt of your request and advise you how long we expect it will take to respond if we are able to verify your identity. Requests for specific pieces of Personal Information will require additional information to verify your identity.
If you submit a request on behalf of another person, we may require proof of authorization and verification of identity directly from the person for whom you are submitting a request.
In some instances, we may not be able to honor your request. For example, we will not honor your request if we cannot verify your identity or if we cannot verify that you have the authority to make a request on behalf of another individual. Additionally, we will not honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights.
We will advise you in our response if we are not able to honor your request. We will not provide social security numbers, driver’s license numbers or government issued identification numbers, financial account numbers, health care or medical identification numbers, account passwords or security questions and answers, or any specific pieces of information if the disclosure presents the possibility of unauthorized access that could result in identity theft or fraud or unreasonable risk to data or systems and network security.
We will work to process all verified requests within 45 days pursuant to the CCPA. If we need an extension for up to an additional 45 days in order to process your request, we will provide you with an explanation for the delay.
How to Exercise Your CCPA Rights
If you are a California resident, you may submit a request by contacting our Privacy Officer at: [email protected].
THIRD PARTY DATA COLLECTION; NATIONAL LAWS
In most cases we collect personal data directly from you. However, we might also obtain personal data from third parties, if the applicable national law allows us to do so. We will treat this personal data according to this Privacy Policy, plus any additional restrictions imposed by the third party that provided us with it or the applicable national law.
Changes to Our Privacy Policy
It is our policy to post any changes we make to our Privacy Policy on this page. In some cases, we may provide additional notice of changes. If we make material changes to how we treat our users’ Personal Information, we will make reasonable efforts to notify you by through a notice on the relevant Service’s home page.
The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring that you periodically visiting this Privacy Policy to check for any changes.
Contact Information
To ask questions or comment about this Privacy Policy or to enforce any of your rights as outlined in this Privacy Policy, or to request more information about our privacy practices, please contact our privacy team and Data Protection Officer at [email protected].