SecurebyKnowledge Inc. ("SBK") is committed to protecting the personal information of its customers and end users. This document outlines the conditions under which SBK collects, stores and processes information and other data from its customers who have entered into a service agreement with SBK (each a "Customer") for the receipt of corporate communications services and products or related services of SBK (the "Services").
PRIVACY POLICY
Data Collection
The Customer is responsible for ensuring that any information identifying a living Person (the Customer's personal information) is provided to SBK and its Subcontractors, in accordance with all applicable privacy laws. The Customer represents and warrants that the use of such personal information of the latter by SBK and its subcontractors in the framework of the service agreement, will not violate any applicable privacy protection law, anti-trust law, spam or other rights of involved parties.
The SBK Voice platform acts as a data processor with regard to indirect end user personal identifiable information.
Specifically, only when enabled via system permission on SBK Mobile Android and SBK Mobile iOS, SBK Telecom shows personal contacts within the respective application. When the user sends an SMS message to one of his/her phone contacts, or when the user initiates a call to one of his/her phone contacts, the phone number is sent securely through SBK Telecom’ API. SBK Telecom does not store this number with any other PII, and it cannot be directly or indirectly attributed to any person or persons; SBK Telecom stores only the phone number and pertinent metadata so as to be compliant with all applicable provincial, state and federal laws, and SBK Telecom does not share this data with any advertisers or third parties under any circumstances. A user can revoke phone contact access on his/her mobile device at any time, and his/her app experience is not hindered or interrupted.
Gravatar: SBK Mobile Android and iOS also uses Gravatar, which is a service that provides avatar images linked to the MD5 hash of the user’s email address. This means that, only when Gravatar use is enabled, we hash each contact’s email address and send it to Gravatar to try and retrieve an avatar image. MD5 hashes cannot be directly or indirectly attributed to any person or persons, and we only send the MD5 hash to Gravatar, never the email address in plain text. Gravatar are unable to determine the original email address from the hash. They can only return an “avatar” icon to us if a Gravatar account matching that hash already exists on their server. The unhashed email addresses never leaves a user’s device and neither the email address nor its hash is ever stored on or transported through SBK’s servers. As with phone contacts, a user can revoke Gravatar access at any time in Settings and his/her app experience is not hindered or interrupted.
For the purposes of single sign-on (SSO), our applications will retrieve the email address associated to your Google™️, Microsoft365™️ or AppleID™️ account for a short duration, for the sole purpose of matching it to the email address already bound to your SBK Voice account. It will also receive from the SSO provider a single-use session token confirming that you have a valid authentication session in effect for said account. No other information provided by Apple, Google or Microsoft will be stored on our servers.
Data Ownership
The customer remains the owner of the information transmitted toSBK. Any non-personal identification information and/or non-client identification information (including aggregated data and statistics) derived from the customer's data and/or derived from the use of SBK’s service does not constitute customer data. SBK will be free to use this information for any purpose.
SBK is commited to:
- not use customer information for purposes other than those required to provide its corporate communications services put in place the necessary protective measures to limit the risk of loss, theft or the communication of customer information;
- put in place the necessary protective measures to limit the risk of loss, theft or the communication of customer information;
- not sell customer information;
- provide reasonable assistance with any request for privacy or data protection legislation authorities;
- handle any complaints relating to the processing of customer information;
- notify of any breach of the security of its IT infrastructure that would result in unauthorized access to customer information.