Last update: October 05 2021
1. Collection of Information
We collect different types of information from or through the Service. The legal bases for our processing of “Personal Information” (i.e. information that personally identifies you or could be used to personally identify you) are primarily that the processing is necessary for providing the Service and that the processing is carried out in our legitimate interests, which are further explained in the “Use of Information” section. We may also process Personal Information upon your consent, asking for it as appropriate.
Our Service allows you to integrate various third-party services (“Third-Party Services“). In order to take advantage of this feature, you may need to authenticate, register for, or log into Third-Party Services through the Service or on the websites of their respective providers. When you enable linking between or log in to Third-Party Services through the Service, we will collect relevant information necessary to enable the Service to access that Third-Party Service and your data and content (including Personal Information) contained within that Third-Party Service (“Login Credentials“). We store your Login Credentials long enough to enable linking to the Third-Party Service. When you enable the Service to link content and data (including Personal Information) between Third-Party Services, the Third-Party Services will provide us with access to certain information that you may have provided to the Third-Party Services, and we will use, store, and disclose such information in accordance with this Policy and the rules you set to govern the linking. Your content and data (including Personal Information, except your name and email address(es)) from Third-Party Services are not permanently stored in unencrypted form by us. Said content and data may be stored temporarily for troubleshooting purposes (e.g. in temporary logs). Furthermore, please remember that the manner in which Third-Party Services use, store, and disclose your information is governed by the policies of such Third-Party Services, and we shall have no liability or responsibility for the privacy practices or other actions of any Third-Party Services that may be enabled within the Service. You should therefore review the policies and privacy settings of each Third-Party Service carefully before using their services and connecting to our Service.
When you use the Service, you may provide and we may collect Personal Information, including, but not limited to, the following categories of information: name, email address(es), photos, credit card information and charge history, unique identifiers such as user name, user ID, account number and password, device information, and data. Personal Information also includes other information, such as preferences, when any such information is linked to information that identifies a specific individual. You may provide us with Personal Information in various ways on the Service. For example, when you use the Service, send us customer service-related requests, register for an account, interact with other users of the Service through communication or messaging capabilities, etc. If you choose to withhold any Personal Information requested by us, it may not be possible for you to gain access to certain parts of the Service.
If you are invited to join a Unito team account, and you accept the invitation, you are agreeing that some of your information will be shared with the team account holder and other team members. In particular, the team account holder will have access to your name, email address, avatar (if any), and task usage, and other team members will have access to your name, email address, and avatar (if any). Any information you share via a team account, including Third-Party Services you link to, will be available to all team members of the team account you have joined. You are solely responsible for any information you share via a team account, which is posted at your own risk.
Automatically Collected Information
When you use the Service, we may automatically record certain information from your device by using various types of technology, including cookies, “clear gifs” or “web beacons.” This automatically collected information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content you view or interact with on the Service, and the dates and times of the visit, access, or use of the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you open, click on, or forward a message. You may limit the automatic collection of certain information by our Service, for instance by disabling the cookies using your browser options. Please be aware that by doing so it may prevent you from using specific features on our Service, such as maintaining an online account. We use automatically collected information and other information collected on the Service through cookies and similar technologies to: (i) personalize our Service, such as remembering your information so that you will not have to re-enter it during a visit or on subsequent visits; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of Service and third party marketing activities; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the Service.
Information From Other Sources
We may obtain information, including Personal Information, from third parties and sources other than the Service, such as our partners, advertisers, credit rating agencies, and Third-Party Services. If we combine or associate information from other sources with Personal Information that we collect through the Service, we will treat the combined information as Personal Information in accordance with this Policy.
2. Use of Information
We take steps designed to ensure that only those employees who need access to your Personal Information to fulfil their employment duties will have access to it.
We use the information that we collect in a variety of ways in providing the Service and operating our business, including:
- to operate, maintain and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions, and to provide support to users of the Service. Applicable legal basis under the GDPR: performance of an agreement;
- to understand and analyze the usage trends and preferences of our users, to monitor and improve the Service, and to develop new products, services, features, and functionality. Applicable legal basis under the GDPR: legitimate interest;
- to conduct research and analysis related to our business, products and services. Applicable legal basis under the GDPR: legitimate interest.
- to send you communications. If you have received a commercial electronic message from us (regarding our products, services, news and events), it is because either you have previously provided your express consent, we have your implied consent under Canada’s Anti-Spam Legislation, or because the type of message sent is exempt under Anti-Spam Legislation. You have the option not to receive this commercial electronic message. We provide an opt-out function within all electronic marketing communications, or will cease to communicate with you for this purpose if you email us at email@example.com and tell us not to communicate this information to you. While you maintain an account with us, we may contact you to notify you about changes to the Services, and other important Service related notices, including but not limited to security and fraud notices, Service suspensions, and outages. These emails and messages are considered essential, non-marketing communications, and you may not opt-out of them.
- to comply with legal and regulatory requirements, where applicable.
3. Communication of Information
In certain circumstances, in order to perform the Service, we may disclose certain information that we collect from you:
- within our family of companies, including parents, corporate, affiliates, subsidiaries, business units and other companies that share common ownership;
- with third party service providers who provide website, application development, hosting, maintenance, and other services for us. These third parties may have access to, or process Personal Information as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information;
- with law enforcement and governmental entities when required by law. For greater clarity, we may disclose Personal Information or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies; and
When we disclose your Personal Information to third parties, we take reasonable measures to ensure that the rules set forth in this Policy are complied with and these third parties provide sufficient guarantees to implement appropriate technical and organisational measures.
We may finally make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding your interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Service.
4. Security and Retention
We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate physical, technical and administrative safeguards to protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. If you believe your Personal Information has been compromised, please contact us as set forth in the “Contact Us” section. If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.
We will maintain your Personal Information for as long as they are needed, or as required by applicable laws, regulations, or government orders.
5. Data Transfer
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage third party service providers. By using the Service, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of Canada, it is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. However, our practices regarding your Personal Information will at all times continue to be governed by this Policy and, if applicable, we will comply with the General Data Protection Regulation (“GDPR“) requirements providing adequate protection for the transfer of Personal Information from the EU/EEA to third country.
6. Data Deletion
Upon request, the user is able to delete their account and delete their account data. Once a customer cancels their Unito account, they can contact support through our chat interface or email to request that their personal information be forgotten. We respect those wishes and will irrevocably anonymize their Unito data.
7. Third-Party Services
The Service may contain features or links to websites and services provided by third-parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
8. Rights to Access and Correct
On written request and subject to proof of identity, you may access the Personal Information that we hold, used or communicated and ask that any necessary corrections be made, where applicable, as authorized or required by law.
However, to make sure that the Personal Information we maintain about you is accurate and up to date, please inform us immediately of any change in your Personal Information by mail or e-mail.
9. Additional Rights for Europeans Users
Please note that the term Personal Information used in this Policy is equivalent to the term “Personal Data” under the GDPR and other applicable European data protection laws (collectively, together with the GDPR, the “EU Laws“).
Under the GDPR, you may be entitled to additional rights, including: (i) the right to withdraw consent to processing where consent is the basis of processing; (ii) the right to access your Personal Information and certain other supplementary information, under certain conditions; (iii) the right to object to unlawful data processing, under certain conditions; (iv) the right to erasure of Personal Information about you, under certain conditions; (v) the right to demand that we restrict processing of your Personal Information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, are processing, or believe your Personal Information is inaccurate; (vi) the right to data portability of personal data concerning you that you provided us in a structured, commonly used, and machine-readable format, under certain conditions; (vii) the right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions; (viii) the right to lodge a complaint with data protection authorities. If you want to learn more about your rights under the GDPR, you can visit the European Commission’s page on Data Protection at: http://ec.europa.eu/justice/data-protection/index_en.htm.
10. Data Controller / Data Processor
Under the GDPR, Unito is acting both as a “Data Controller” and as a “Data Processor”. As a Data Controller, Unito is responsible for safeguarding the data of our customers as they interact directly with our services like https://unito.io/. As a Data Processor, Unito is responsible for safeguarding the data of our partners’ and customers’ users as it flows through our system.
11. Children’s Privacy
The Service is not directed to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Information has been collected on the Service from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided Personal Information, then you may alert us as set forth in the “Contact Us” section and request that we delete that child’s Personal Information from our systems.
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood and agreed to the current version of the Policy.
13. Contact us
If you have any questions or comments about this Policy or your Personal Information, to make an access or correction request, to exercise any applicable rights, to make a complaint, or to obtain information about our policies and practices with respect to any service providers outside Canada, our Privacy Officer (or Data Protection Officer) can be reached by email using the following contact information:Privacy Officer