Privacy Policy

Last Updated October 31, 2023

The Privacy Policy takes effect on November 30, 2023


This privacy policy (“Privacy Policy”) is designed to help you understand how Helcim Inc. and its affiliates, including Helcim USA Inc. ("Helcim," "we," "us," or "our") collect, use, and share your personal information and to help you understand and exercise your privacy rights.

SCOPE

This Privacy Policy applies to personal information processed by us on our website https://www.helcim.com/ and/or other Helcim-branded websites ("Website"), mobile and web applications, and related services, products, and offerings including Support Services (collectively, the “Services”). By visiting our Website or accessing our Services, you are agreeing to the terms of this Privacy Policy. This Privacy Policy is incorporated by reference into the Helcim Terms of Service and any other agreement or terms governing the use of Helcim Services (the “Agreement”).

Our Website may contain links to other sites. We are not responsible for the content and the privacy practices of other websites, and encourage you to examine each site's privacy policy and disclaimers and make your own decisions regarding the accuracy, reliability, and correctness of material and information found.

Capitalized terms not otherwise defined in this Privacy Policy shall have the meaning ascribed to them in the Agreement.

Personal Information” means information that can be used to identify you or your customers, as further described below. Your submission of Personal Information is voluntary, but we may be unable to provide you requested information or services if you choose not to provide Personal Information.

The categories of information we collect depend on how you interact with us, our Services, and the requirements of applicable law. For example, we may collect different information from you depending on whether you are a visitor to our Website or register to use our Services.

Support Services” means services we provide to you when you request technical or other support related to your use of the Services, use our documented help resources such as those found at https://learn.helcim.com, or report incidents to us such as bug reports, improvement requests, and security incidents.

INFORMATION YOU PROVIDE

Account Information. If you apply for and/or use Helcim's Services you may be required to create an account with Helcim as a Merchant or as a Secondary User, and to submit information about yourself and your business ("Account Information"). Examples of Account Information include:

Type of Account Information Examples
Financial Information Bank account information, bank statements, financial statements
Tax and Corporate Information Business entity type, EIN or business number, withholding information, tax filing status
Commercial Information Information about the products and services you sell, payment transaction details, billing and shipping information, payment methods
Employment and Owner Information Information about you and your employees, principals, and owners such as names, job titles and appointment or hire dates
Business Information Tax and Corporate Information, Commercial Information, and Employment and Owner Information, collectively
Identity Information

(including information about you, your Secondary Users, and the owners, controllers and other principal individuals associated with your business)

Name, email address, postal address, signature, and phone number; passport number, driver's license number, social security number, social insurance number, taxpayer Identification number, or other government-issued identification number; biometric information
Information in categories listed in the California Customer Records law (Cal. Civ. Code §1798.80 (e)) Name, signature, physical characteristics or description, address, telephone number, and other data

Feedback and Requests. As part of our Services to Merchants and their Customers, we may provide the ability (either ourselves or through third parties) to submit reviews and feedback, participate in questionnaires, surveys, contests or other promotional and marketing forms or events, submit information to chatbots, user forums, and other support tools, and to comment on or rate goods, products, and services on websites and mobile applications within our network (collectively, “Feedback”). You should be aware that Feedback may be published on a publicly facing website or mobile application and may be read, collected, and used by Helcim, its affiliates, subsidiaries, employees, and vendors. Therefore, please do not include with your Feedback any information that you do not want to share with the general public, including personally identifiable information, such as your name, email address or financial information. We use this information to provide Services to Merchants and for market research, product development, service improvement, fraud detection, and analytics.

Others may be able to identify you, or associate you with your content, if you include personal information in the content you post publicly.

You are encouraged to review the privacy policies of any third party service providers before completing any optional survey or questionnaire.

INFORMATION WE COLLECT WHEN YOU INTERACT WITH OUR SYSTEMS

When You Use the Services. We, or our third-party partners, may collect Personal Information and de-identified information automatically when you use our Services ("Usage Data").

When You Visit Our Website. Our server logs capture information when you visit our Website (“Website Data”). Some of this information, such as your domain name or IP address, may identify you depending on the naming standards followed by your Internet service provider.

We use Usage Data and Website Data to provide the Services to you and for purposes such as analytics, machine-learning, product improvements, business intelligence, security, targeting marketing, and otherwise providing more streamlined/optimized, personalized, or relevant features and functionality on the Services.

Examples of Usage Data and Website Data include:

Type of Usage Data and Website Data Examples
Location Data Internet Protocol (IP) address, approximate location
Device, Internet and Network Activity Browser, operating system and device characteristics and settings, user agent string, user settings, internet service provider, access attributes and logs such as time logged in, navigation and click-stream data such as http requests
Online Identifiers Internet Protocol ("IP") address, device identifiers, domains accessed; cookies, beacons, pixel tags, ad identifiers and similar technology; customer number; unique alias
Behaviour Logs Actions taken on the Services such as clicks per page, navigation behaviours, pages visited, redirection logs
Support Data Information collected and used when you request technical or other support related to your use of the Services, use our documented help resources such as those on learn.helcim.com, or report incidents to us such as bug reports, improvement requests, application diagnostics, and security incidents

INFORMATION WE COLLECT FROM OTHER SOURCES

External Data. We may collect information about you from third parties (“External Data”). We use External Data to confirm your identity and your eligibility to use the Services, to ensure your lawful use of the Services, to operate our loss prevention measures, and to protect your data and our services from potential fraudulent or illegal activity. Examples of External Data include:

Type of External Data Examples
Background Check (“Know Your Client” or “KYC”) Information Credit reports, identity verification information (which may include biometrics), information about parties with whom you have or may have a financial or corporate relationship
Credit and Fraud Information Credit and tax bureau reporting, matches and potential matches with government watchlists, financial and employment information, corporate database reports

Third Party Providers. The Services may give you the option to link your accounts on third-party platforms or use those platforms via our Services (collectively, "Third-Party Providers") and we may import relevant Personal Information from those Third-Party Providers. This linking is entirely optional and subject to the consent you provide to either us or to the Third Party Provider, but may enable a richer and more effective user experience. If you do link such accounts, you acknowledge and agree that we, via the Services, will receive Personal Information from such Third-Party Providers.

Non-personal information. We also collect "Non-Personal Information," meaning technical and other information that does not identify you personally. Non-Personal Information also includes information that may originally have been Personal Information but has been aggregated or anonymized such that it cannot be used to identify any individual or has been segregated from other Personal Information.

INFORMATION YOU PROVIDE AND WE COLLECT ABOUT YOUR CUSTOMERS

Your Customer's Information. We also collect "Customer Information," meaning information you provide to us, or that we obtain about your Customers on your behalf as your service provider. The specific Customer Information we collect varies depending on which Services you use.

Processing. To the extent Customer Information includes the Personal Information of your Customers ("Customer Personal Information"), then: (1) you are the Controller of such Customer Personal Information and we are solely a Processor acting on your behalf; and (ii) we will promptly report to you any requests received from individuals for access to, correction or deletion of their Customer Personal Information. Notwithstanding the foregoing, Helcim may provide your Customers with publicly available information about your business, such as contact information published on your public-facing website. "Controller" means a legal or natural person which, alone or jointly with others, determines the purposes and means of the processing of personal data, and "Processor" means a legal or natural person who processes Personal Information on behalf of a Controller.

Examples of Customer Personal Information we may collect include:

Type of Customer Personal Information Examples
Device Information Hardware model, operating system and version, device name, unique device identifier, mobile network information, and information about the device's interaction with our Services
Financial Information Bank account and payment card numbers
Identifiers Name, email address, mailing address, phone number, government-issued identification, other historical, contact, and demographic information
Location Information Location of your Customer's device
Transaction Information When and where transactions occur, the names of the transacting parties, a description of the transactions which may include item-level data, the payment or transfer amounts, billing and shipping information, and the devices and payment methods used to complete the transactions
Usage Information How your Customers interact with you using our Services, including access time, "log-in" and "log-out" information, browser type, history and language, country and language setting on your device, IP address, the domain name of your customer's Internet service provider, other attributes about your customer's browser, mobile device and operating system, features your customer uses, and the date and time of use of the Services
Other Information Information that your Customers voluntarily provide, or that you input into Helcim's systems about your Customers

If you are a Customer of a Merchant, please refer to the Merchant's own privacy notice or policy.

HOW WE OBTAIN PERSONAL INFORMATION

The table below summarizes the methods we use to obtain Personal Information as described above:

Type of Information How We Obtain the Information
Account Information When you apply for and/or use the Services by inputting information into online forms or by otherwise communicating with Helcim
Feedback When you post to a Helcim web page or submit information through a chatbot or form or other public or Helcim-provided feedback channel
Usage Data and Website Data When you use and interact with the Services or visit our Website, such as via server logs and behavioural analytics or via mobile SDKs, pixels or cookies on our websites, which may be provided by us or our third-party partners (e.g., Google Analytics)
External Data From third parties including paid service providers and freely available public databases
Customer Information When you and your Customers use the Services information may be automatically stored or is entered into fields in the Services by you, your Secondary Users or your Customers

Cookies. Cookies are identifiers that we transfer to your device to enable our system to recognize you and your personalized settings, to better understand how you interact with the Services, to monitor aggregate usage, and to optimize web traffic routing on our Website. You may be able to disable or limit the use of cookies in your browser or device settings, but please note that certain parts or features of the Services may not be fully functional if you do so. The length of time that a cookie will reside on your device will depend upon the specific set-up of the particular websites you visit. If you are concerned about the use of cookies, you can refer to the help information in your browser software for information on how to disable cookies. If you wish to delete cookies from your machine, consult your browser's help files for instructions on how to do so.

Targeted Advertising. We may take advantage of certain targeted or interest-based advertising, which will utilize technologies such as cookies to recognize you across websites for these purposes. Please see the “YOUR PRIVACY CHOICES AND RIGHTS” section below for more information on the opt-out options provided by these companies in relation thereto and within the advertising industry generally.

HOW WE USE YOUR INFORMATION

In addition to the purposes described above, we use your information for a variety of business purposes, as described below.

To Provide Our Services. We use your Personal Information to provide you with our Services, such as:

  • Conducting identity verification, fraud prevention and anti-money laundering activities, as required by law;
  • Managing your information and accounts;
  • Sending you invoices, statements, and otherwise administering billing and finance activities related to your account;
  • Facilitating account creation and authentication and otherwise managing Merchant and Secondary User accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order;
  • Delivering and facilitating delivery of Services. We may process your information to provide you with the requested service. We may process your Personal Information to detect and prevent fraud or bugs on our Website and Services to the extent necessary;
  • Providing access to certain areas, functionalities, and features of our Services, including enablement and educational resources;
  • Facilitating connections to, and transactions with, third-party partners as part of our Services;
  • Facilitating display and re-display of Feedback;
  • Answering requests for technical and other support;
  • Communicating with you about your account, activities on our Services including policy changes; and
  • Shipping hardware to you.

For Legitimate Business Purposes. We may process your Personal Information for a variety of reasons, depending on how you interact with our Services, including:

  • Improving, upgrading or enhancing our Services, including through automation and machine learning, such as by providing you with personalized suggested tasks based on your and your Secondary Users' usage of the Services;
  • Saving or protecting an individual's vital interest. We may process your information when necessary to save or protect an individual's vital interest, such as to prevent harm;
  • Operating, maintaining and improving our websites and Services. For instance, we may use your browsing information for this purpose;
  • Providing you with personalized recommendations when you are visiting our websites. By using Personal Information for this purpose, you may expect to be presented with more engaging and relevant content than without the use of personalization;
  • To improve our websites. We process your information, including device and usage information, to track your browsing behavior for analytics purposes. This allows us, based on our legitimate interests or on your consent, to improve our websites as well as the overall user experience.
  • Pursuing our legitimate business interests such as research and development (including marketing research), direct marketing or advertising (as set forth in this Privacy Policy), network and information security, and fraud/crime prevention;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and assisting law enforcement authorities;
  • Measuring interest and engagement in our Services;
  • Developing new products and Services;
  • Ensuring internal quality control and safety;
  • Authenticating and verifying individual identities;
  • Debugging to identify and repair errors or issues with our Services;
  • Auditing relating to interactions, transactions, and other compliance activities;
  • Enforcing our agreements, policies, and intellectual property rights;
  • Monitoring and analyzing trends, usage, and activities in connection with the Services and for marketing or advertising purposes;
  • Conducting studies and research with third parties to operate, analyze, improve, and support the Services;
  • Linking or combining with other information we receive from third parties to help understand your needs and provide you with better service;
  • Complying with our legal obligations or otherwise establishing, exercising, or defending legal claims; and
  • For other purposes, which we will notify you about and seek your consent.

In Aggregate and De-Identified Form. We may aggregate and/or de-identify any information collected so that such information can no longer be linked to you or your device ("Aggregate/De-Identified Information"). We may use Aggregate/De-Identified Information for any purpose we deem appropriate, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors, in our discretion.

Usage Data. Helcim may collect and use quantitative, transactional and performance data on the use of the Services and may also generate technical logs, data and learnings about use of the Services or Website visits (collectively the “Usage Data”). If you have an account, this Usage Data may be linked to your account. If you do not have an account, this Usage Data may be linked to your device ID; however, we only use your device ID if necessary to help us diagnose and/or respond to any issues with the Services. Helcim may use such information to operate, analyze, improve and support the Services and for other lawful purposes.

HOW WE DISCLOSE YOUR INFORMATION

We disclose your information to to third parties to assist with the business purposes set forth above.

Disclosures to Provide our Services. The categories of third parties with whom we may share your information are described below:

Type of Third Party Description of Disclosure
Service Providers We may share Personal Information we collect, store and process with our third-party contractors and service providers who are subject to reasonable confidentiality terms and who are only permitted to use that information to help us provide our Services (each, a “Service Provider”). This also includes our sub-processors and Service Providers that provide us with IT support and tools, cloud hosting, customer service tools, marketing and analytics, identity verification, and related services. This also includes Service Providers that provide us with web hosting and maintenance services, technology assistance and support, phone, email and other communications, analytics providers, data storage providers, web and video hosting providers and developers, and shipping and logistics providers.
Business Partners We may share Personal Information we collect, store and process with business partners to provide you with a product or service you have requested, including our bank partners. We may also share your Personal Information to business partners with whom we jointly offer products or services. For example, we may disclose certain of your information to a business partner if you choose to purchase and/or use their product to help you fulfill a task in the Services (such as an integration or API).
Helcim Entities and Affiliates We may share with other companies and brands owned or controlled by Helcim, and other companies owned by or under common ownership as Helcim. These companies will use your personal information in the same way as we can under this Privacy Policy.

Disclosures to Protect Us or Others. We may access, preserve, and disclose any Personal Information we store that is associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement or bona fide national security requests and legal processes, such as a court order or subpoena; or to adhere to anti-money laundering and similar regulations related to financial crime prevention; protect your, our, or others' rights, property, or safety, such as operating our anti-fraud measures; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

Disclosure in the Event of Merger, Sale, or Other Asset Transfers. If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your Personal Information may be sold or transferred as part of such a transaction (including in connection with any diligence by any potential transacting party conducted prior to and in connection with such transactions).

Other Purposes. We may also share your Personal Information for other purposes or to other parties as requested by you, as permitted by applicable law, or in any manner you have otherwise consented to.

Aggregate and De-Indentified Information. We may share Aggregated/De-Identified Information with any third party we deem appropriate in our discretion, including advertisers, promotional partners, and sponsors.

YOUR PRIVACY CHOICES AND RIGHTS

You may choose not to provide Personal Information. If you choose not to provide Personal Information (or ask us to delete it), we may not be able to provide you with our Services or certain functionality of the Services. We will tell you what information you must provide to receive the Services or to conduct business with us, including by designating it as required at the time of collection or through other appropriate means.

Marketing Communications. If you register for our services, you may receive marketing communications from us or our partners. You can use an “unsubscribe” (or similar) link found at the bottom of a marketing email or reply to the email with the subject line “unsubscribe” to opt out of receiving future marketing emails. You can opt out of receiving marketing communications via text message by replying “STOP” to the message.

Note that you will continue to receive transactional or administrative emails and text messages regarding products or Services you use (if applicable).

Accessing, Correcting, or Deleting Your Information; Exercising Your Jurisdiction's Privacy Rights. If you have a direct relationship with Helcim and would like to access, correct, amend or delete any of your personally identifiable information collected or held by Helcim via its Services or Website or exercise the data privacy rights applicable to your jurisdiction, please email [email protected]. We will respond to such requests within a reasonable timeframe.

Please note that in certain circumstances we may be required by law to retain your Personal Information or to continue providing a service. For example, we retain Personal Information used to conduct our anti-money laundering activities and operate our fraud prevention and monitoring program for a minimum period of five (5) years.

Do Not Track”. Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

Advertising. To the extent we work with third-party services for advertising purposes on our Services (e.g. Google, LinkedIn, or Instagram), please see the policies of these respective companies for opt-out purposes. We are not responsible to the extent any such opt outs are not honored by these or companies, as opt-out preferences provided by these companies are not under our control.

Further, you may stop or restrict the placement of third-party cookie technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, please note that cookie-based opt-outs are often not effective on mobile applications. You may opt-out of personalized advertisements on some mobile applications by following the instructions for Android, iOS and others.

More broadly, the online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada. Please note you must separately opt out in each browser and on each device.

SECURITY OF YOUR INFORMATION

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We have taken commercially reasonable safeguards designed to keep your Personal Information protected and require our Service Providers and partners to have appropriate safeguards as well. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

By using our Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. Your personal information may be accessible by our employees, contractors, business partners, and service providers who require access solely for the purposes described in this Privacy Policy.

SUPPLEMENTAL PRIVACY RIGHTS FOR CALIFORNIA RESIDENTS

California law may entitle California residents to certain additional protections regarding Personal Information. For purposes of this section alone, "Personal Information" means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

Information We May Collect. We collect the categories of Personal Information as described in the “INFORMATION WE COLLECT” section above. We collect, use, and disclose Personal Information in the ways described above in this Privacy Policy. We do not sell Personal Information to third parties. We may collect the following categories of personal information:

Category Collected by Helcim Categories Collected
Identifiers Yes Name, nickname, postal address, unique personal identifier, online identifier, Internet Protocol address, email address
Personal Information Yes Name, physical characteristics or description, address, telephone number
Protected classification characteristics Yes Date of birth, gender/sex
Protected classification characteristics No Race, pregnancy, childbirth
Commercial information Yes Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
Biometric information Yes Photo identification, facial identification verifications
Biometric information No Voice or video recordings
Internet or other similar network activity Yes Consumer's interaction with a website
Geolocation data Yes Physical location
Sensory data Yes Audio and audio-visual recordings of support calls or marketing interviews
Professional or employment-related Yes Job titles and other employment related identifiers
Non-public educational No Information about education history
Inferences drawn from other personal information Yes Preferences, characteristics, and behaviour. For example, if you use a product or service after receiving a marketing communication about it.

Commercial Disclosures or Personal Information Sold by Helcim. Helcim does not sell Personal Information and has not sold any Personal Information in the prior 12 months as of the “last updated” date of this Privacy Policy. We may share personal information with service providers to perform functions on our behalf, such as processing payments and providing customer support. Helcim will not sell Personal Information in the future belonging to Website visitors, users, and other consumers.

Your Rights. California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared Personal Information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided herein.

If you are under 18 years of age, reside in California, and have a registered account with us, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided herein and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

California residents have the following rights to the extent granted by applicable law:

  • To request and receive information regarding your Personal Information we have collected in the past 12 months (including the categories of Personal Information we have collected, the categories of sources of such information, and the purposes for which we have collected such information);
  • To request and receive information about whether we have disclosed your Personal Information to third parties in the past 12 months (and if so, which categories of information we have disclosed, and which categories of third parties we have disclosed it to);
  • Not to be subject to a decision based solely an automated decision-making, including profiling, which produces legal effects or otherwise significantly affects you (“Automated Decision Making”)
  • To request and receive a copy of your Personal Information collected by us in the past 12 months; and
  • To request specific treatment relating to the processing of Sensitive Personal Information elements described above.
  • Our timely response to your request that your Personal Information be deleted.

As a California resident, you also have a right to opt-out of the sharing of your Personal Information. You may opt-out of the sharing of Personal Information by:

  • Selecting the option to opt-out of the use of cookies in the cookie settings banner;
  • Turning on a Global Privacy Control in your web browser or browser extension. For more information on valid Global Privacy Controls, please refer to this website: https://oag.ca.gov/privacy/ccpa
  • Clicking on the “unsubscribe” link at the bottom of a Helcim commercial message;
  • Opt-out of the use of your email address by emailing [email protected].

Methods to Exercise Your Rights as a California Resident. To exercise any of these rights, please read the “Access, Correct or Delete Your Information or Exercise Your Jurisdiction's Privacy Rights” section above. We may require verification of your identity before further processing your request. Please be as specific as possible in relation to the personal information you wish to access. Once we receive your request, we will review it, determine whether we can verify your identity, and process the request accordingly. If we need additional information to verify your identity, we will let you know. We will respond to your request within 45 days of receipt, or notify you if we require additional time.

We will not discriminate against you if you choose to exercise any of these rights. In certain instances, we may be permitted by law to decline some or all of such a request, including if we determine that our business does not fall within the scope of the California statutes. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Information, you may be charged a fee to the extent permitted by law.

If you would prefer, you may designate an authorized agent to make a request on your behalf.

For more information, please reference Helcim's Data Processing Addendum, which is available on our website.

SUPPLEMENTAL PRIVACY RIGHTS FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA

If you are a natural person residing within the European Economic Area (“EEA”) or your personal data is processed by us on behalf of a controller residing in EEA (“Data Subject”), then the EU General Data Protection Regulations (“GDPR”) require us to explain the valid legal bases we rely on in order to process your Personal Information. As such, the following additional rights are applicable to you:

Helcim aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Information (known as “Personal Data” under the GDPR). If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us using the contact information set out below. Note that where we act as the data processor on behalf of Merchants you will be required to contact the data controller directly to exercise your rights.

In certain circumstances, where we act as data Controller, you have the following data protection rights:

Request access to your Personal Data (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Information we hold about you where we are the data controller and to check that we are lawfully processing it.

Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.

Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your Personal Data. Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms, you also have the right to object where we are processing your Personal Information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish the information's accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your Personal Data to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

Please note that we may ask you to verify your identity before responding to such requests.

Legal Basis. We may rely on the following legal bases to process your Personal Information:

Consent We may process your information if you have given us permission (i.e., consent) to use your Personal Information for a specific purpose. You can withdraw your consent at any time by visiting the “Access, Correct or Delete Your Information or Exercise Your Jurisdiction’s Privacy Rights” section above.
Performance of a Contract We may process your Personal Information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
Legal Obligations We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
Vital Interests We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

Automated Decision-Making and Profiling. Helcim may use automated decision-making processes, including profiling, to expedite application processes, enhance user experience, improve our services, or for marketing purposes. These processes may be based on your preferences, interests, or behavior while using our platform. If such automated decision-making has a significant impact on you or produces legal effects concerning you, you have the right to:

  1. Obtain human intervention in the decision-making process;
  2. Express your point of view regarding the decision;
  3. Contest the automated decision; and
  4. Receive an explanation of the decision and its underlying logic.

To exercise these rights, please contact us using the contact information provided in our privacy policy.

Cross-Border Data Transfers. Please be aware that your Personal Data may be transferred to, processed, sub-processed and stored in Canada and the United States, where our servers, sub-processors, and central database are located. To ensure the protection of your data during these transfers, Helcim relies on the European Union's Standard Contractual Clauses (the “SCCs”) and other legal mechanisms as safeguards. The SCCs are contractual commitments between parties transferring personal data, binding them to protect the privacy and security of your data, in compliance with EU data protection regulations.

Lodging a Complaint with a Data Protection Authority. If you believe that our processing of your Personal Data infringes upon the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where the alleged infringement occurred. To find the contact information for your local Data Protection Authority, please visit the following link: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

For more information, please reference Helcim's Data Processing Addendum, which is available on our website.

SUPPLEMENTAL PRIVACY RIGHTS FOR QUEBEC RESIDENTS

Access to Information & Data Portability. Helcim is committed to being open and transparent about the personal data we collect from you. We want to ensure that the Personal Information we collect is up-to-date, accurate, and easily accessible to you. If you would like a copy of the Personal Information we have collected about you, please send us your request in writing to [email protected]. Once we receive your request, we will endeavor to respond to you within 30 business days. Any information we provide will be in a structured, commonly-used technological format so you can easily view the information.

Right of De-Indexation. As a resident of Quebec, you have the right under s. 28.1 of Law 25 to “de-index”, or to delete any of your Personal Information that Helcim has. You can exercise your right of de-indexation by sending us a written request to [email protected] outlining the Personal Information you wish to be deleted. Please note that we reserve the right under s. 28.1 to retain your Personal Information if it is absolutely necessary to provide our Services to you or if retention is required to comply with our legal obligations. We will review your request and respond to you in writing.

INTERNATIONAL DATA TRANSFERS

All information processed by us may be processed and stored anywhere in the world, including, but not limited to, Canada, the United States or other countries, which may have data protection laws that are different from the laws where you live. If you use our Services, you consent to the transfer and processing of your information from any country to any other country in accordance with this Privacy Policy.

RETENTION OF PERSONAL INFORMATION

Unless consent is withdrawn earlier, we retain all the Personal Information we collect as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purposes for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, reply to legitimate data subject requests, and comply with applicable laws.

We retain biometric data for a period of one year from the date the record was created.

CHILDREN'S PERSONAL INFORMATION

Our Services are general audience services not directed at children under the age of 18. We do not knowingly collect, share, or sell any information from children under the age of 18. If we learn that any information we collect has been provided by a child under the age of 18, we will promptly delete that information.

UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes to our information practices. When we do, we will also revise the “last updated” date at the beginning of the policy. If we make any material changes we may notify you either by prominently posting a notice of such changes or by directly sending you a notification (sent to the e-mail address specified in your account, if applicable). We will always post the then-current version of this Privacy Policy on our Website. You understand and agree that you will be deemed to have accepted the updated Privacy Policy if you continue to use our Services after the new Privacy Policy is posted. We encourage you to review this Privacy Policy periodically to stay informed on our privacy practices.

CONTACTING US

Questions regarding this Privacy Policy or Helcim's privacy practices should be directed to our Privacy Officer by email at [email protected] or by mail at:

Helcim Inc.

Attention: Privacy Officer

440 2nd Avenue SW, Suite 400

Calgary, Alberta, Canada T2P 5E9