Privacy Policy

& Terms of Service

Last Updated: June 14, 2023

1.INTRODUCTION

We at Sensei Labs are strongly committed to transparency, and we want you (“you” or “your”) to understand how we collect, use, share and protect your personal information, as well as how you can manage the personal information we collect.

These Privacy & Terms of Service (“Terms”) govern your access to and use of the services, including our various websites, SMS, APIs, email notifications, applications or other products or services (collectively the “Services”, “Sensei Labs”, “Decoded”, “Sensei Labs Inc.”, “we” or “us”) and any information, text, graphics, photos or other materials uploaded, downloaded or appearing on the Services (collectively referred to as “Content”). Your access to and use of the Services are conditioned on your acceptance of and compliance with these Terms. By accessing or using the Services, you agree to be bound by these Terms. This Privacy Notice supplements any other privacy policies provided or communicated to you and applies to individuals who apply for a position with us.

We may change or modify these Terms at any time and in our sole discretion. If we make changes to these Terms, we will update the “Last Updated” date above. Your continued use of the Services will confirm your acceptance of the revised Terms. We encourage you to frequently review the Terms to ensure you understand the terms and conditions that apply to your use of the Services.

Please see the Contact Us section below to contact a representative of Sensei Labs regarding this Privacy Notice.

The information we collect

Sensei Labs collects data from you through our interactions with you and through our products and services. You provide some of this data directly, and we get some of it by collecting data about your interactions, use, and experiences with our products. The data we collect depends on the context of your interactions with us and the choices you make, including the products, services, and features you use. We also obtain data about you from third parties.

Using information

Sensei Labs uses data to:

  • Provide our Services, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data with specific service providers when it is required to provide the service or carry out the transactions you request.
  • Maintain, improve, and develop our Services.
  • Personalize our Services and make recommendations.
  • Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers (we will collect consent from you when required by applicable law).

We also use the data to operate our business, which includes analyzing our performance, meeting our legal obligations, developing our workforce, and doing research. In carrying out these purposes, we combine data we collect from different contexts or obtain from third parties to give you a more seamless experience, to make informed business decisions, and for other legitimate purposes.

Sharing information

We do not rent or sell your Personal Information to anyone. We share data with your consent or to complete any transaction or provide any product or service you have requested or authorized when necessary for the fulfillment of your request. We also share data with Sensei Labs-controlled affiliates and subsidiaries, with service providers working on our behalf, when required by law or to respond to legal process, to protect our customers, to maintain the security of our products and services, and to protect the rights and property of Sensei Labs and its customers.

How to access and control your data

You can also make choices about the collection and use of your data by Sensei Labs. You can control the data that we have obtained and exercise your data privacy rights by contacting Sensei Labs or using various tools we provide. In some cases, your ability to access or control your data will be limited, as required or permitted by applicable law. How you can access or control your data will also depend on which products or services you use.

Other important privacy information

This website is hosted and operated from Canada and therefore subject to The Personal Information Protection and Electronic Documents Act (PIPEDA) and any applicable provincial privacy and data protection laws.

If you are a resident of the European Union (EU), the United Kingdom (UK), or Uruguay, please see Appendix 3: Europe/United Kingdom/Uruguay for the contact details of our data protection officer for the purposes of EU and UK data protection laws.

If your personal information is collected, used, disclosed, or processed by us in Singapore, or is otherwise regulated under the Singapore Personal Data Protection Act 2012, please see Appendix 6: Singapore for the contact details of our data protection officer for the purposes of Singapore data protection laws.

IF YOU DO NOT UNDERSTAND OR YOU ARE NOT CONTENT WITH THIS PRIVACY NOTICE, PLEASE CONTACT US BEFORE USING OR CONTINUING TO USE OUR SERVICES.

2. THE TYPES OF INFORMATION WE COLLECT

We collect two basic types of information from you when you provide it to us or when you use or interact with our Services: personal information and non-personal information.

Personal information includes all information that relates to you or are opinions about you personally and either identifies or may be used to identify you personally (collectively, “personal information”). We may only collect the following limited types of personal information from you depending upon the device you are using and how you interact with us or use or interact with our Services, such as your:

  • Contact Information. Name, mailing address, email address, phone number, and other contact information.
  • Device Information. IP address, browser type and version, browser plug-in types and versions, operating system and platform, device type, device identifiers, and information about how you use our Services.
  • Employment Information. If you apply for a job with us, we will collect information about your employment status and history, education history, Social Security number or tax ID number, and other employment-related information.
  • Account Information. If you create an account, we may store and use your name, email address, zip or postal code and other personal information you may provide with your account. You can modify some of the personal information associated with your account. If you believe that someone has created an unauthorized account, you can request its removal.

We strive to uphold data minimization principles and only seek to collect personal information from you for the purposes described in this Privacy Notice. We are required to disclose the categories of personal information we collect under California law.

Non-personal information includes information that does not personally identify you or information that has been anonymized (collectively, “non-personal information”). When we combine non-personal information with personal information, we treat the combined information as personal information.

You can always refuse to provide your personal information, but please note that collecting and using personal information is necessary to provide our Services.

3. HOW WE COLLECT PERSONAL INFORMATION

We need to collect personal information from you in order to provide you with our Services, as well as to improve your experience. You may provide us with personal information in several ways, including, for example, when you:

  • Visit our website or use our Services;
  • Register for or create an account;
  • Correspond or communicate with us in any way, including when requesting customer service, support, or responding to a questionnaire or survey;
  • Sign up to receive our newsletter or promotional information;
  • Connect to us through a social media platform, such as Facebook, LinkedIn, or Twitter; or
  • Interact with us in any other way, online or offline, including through our Services.

4.  Cookies

Cookies are data that a web server transfers to an individual’s computer for record-keeping purposes. Cookies are an industry standard used by most web sites, and help facilitate users’ ongoing access to and use of a particular web site. Cookies do not cause damage to your computer systems or files, and only the web site that transferred a particular cookie to you can read, modify or delete such cookie. If you do not want information collected through the use of cookies, there are simple procedures in most browsers that allow you to delete existing cookies, to automatically decline cookies, or to be given the choice of declining or accepting the transfer of particular cookies to your computer. You should note, however, that declining cookies may make it difficult or impossible for you to use portions of the Services. You can also visit https://www.aboutads.info/choices and https://optout.privacyrights.info/ to opt out of certain uses of cookies for advertising purposes.

If you do not want information collected through the use of certain cookies, there are procedures in most browsers that allow you to delete existing cookies, to automatically decline cookies, or to be given the choice of declining or accepting the transfer of particular cookies to your computer. You should note, however, that declining cookies may make it difficult for you to use portions of our Services.

5.Pixel Tags

Some of our Services use “pixel tags”, “web beacons”, “clear GIFs” or similar tracking technologies (collectively, “pixel tags”) to collect information and compile aggregate statistics about our emails or website usage and response rates. Pixel tags allow us to count users who have visited certain areas of our Services, to deliver targeted advertisements, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, pixel tags can tell the sender whether and when the email has been opened.

6. Google Analytics

We use Google Analytics, a web analysis service provided by Google, to better understand how individuals use our website. Google Analytics uses cookies or other tracking technology to help us analyze how users interact with and use the website, compile reports on the related activities, and provide other services related to website and app activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a return visitor, and any referring website or app. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to the Google Analytics Terms of Service and the Google Privacy Policy. To opt out of analytics tracking by Google, click here.

7.HOW WE USE PERSONAL INFORMATION

We primarily use personal information to provide, maintain, and improve our Services, but we also use personal information to do any or all of the following:

  • facilitate your interactions and transactions with us, such as requests for support or additional Services;
  • respond to your requests, communications, suggestions, comments, inquiries, and requests (including your feedback about our Services);
  • administer our relationship with you, including creating and managing your account;
  • develop new products, features, and services;
  • better understand the preferences of our customers;
  • provide you with, and improve, relevant marketing offers or information from us or relevant third parties (we will collect consent from you when required by applicable law);
  • facilitate your participation in our surveys and promotions;
  • ensure our systems and premises are secure;
  • develop and manage relationships with our business partners;
  • respond to legally binding requests from law enforcement, regulatory authorities, or other third parties;
  • defend, protect or enforce our rights or applicable terms of service or to fulfill our legal or contractual obligations;
  • manage any dispute and accidents and take legal or other professional advice;
  • to prevent fraud or the recurrence of fraud;
  • assist in the event of an emergency;
  • comply with applicable law; or
  • any other purpose with your consent.

We may also combine your personal information collected through various sources, including information collected through our Services, and develop a customer profile that will be used for the purposes above.

If you are a job applicant, we will use your personal information as necessary to determine your fitness for the position applied for, to make any relevant adjustments during the recruitment process, and for equal opportunities monitoring. You can also register on our website to receive additional information about jobs at Sensei Labs. Information you submit on our website will not be used for employment purposes unless you fill out the relevant registration form. The information that you provide will be used to send you the information that you have requested to receive, or to evaluate and communicate with you regarding your application for employment, as applicable.

We can use personal information to create non-personal information. We use non-personal information for any legitimate business purpose.

8.WHY WE USE PERSONAL INFORMATION

We use personal information as described above in the How We Use Personal Information section for a number of reasons:

  • to fulfill our contractual obligations to you, including to provide our Services to you;
  • the individual has given consent for a particular purpose (for example, where an individual has given, us consent to send them electronic marketing);
  • when using the information is necessary for our legitimate interests or those of a third party, provided we have balanced these against the individual’s rights and interests;
  • (in the context of employment related purposes) where necessary for hiring decisions or, after hiring, for carrying out or terminating the employment contract; and
  • to comply with a legal obligation (for example, responding to government or law enforcement information requests).

Our legitimate interests for using personal information as described above in the How We Use Personal Information section are:

  • to effectively administer and manage our business;
  • to ensure effective administration and management of the individual’s relationship with us, including providing our Services;
  • to understand how our members use our Services and to manage our Services;
  • to carry out research and analysis on what Services or products our members want or how they would like us to improve our Services and products;
  • to understand how our members use our Services and identify any issues in how the Services are used and how we can improve the member’s experience;
  • to tell our customers about the various products and Services we can offer;
  • to understand and respond to inquiries and feedback;
  • to better tailor and personalize the promotions and benefits that we can offer to our members;
  • to ensure our systems and premises are secure;
  • to develop relationships with business partners;
  • to operate suppressors to exclude you from direct marketing if you unsubscribe;
  • to share data in connection with acquisitions and transfers of our business;
  • to manage our relationships with business partners;
  • to prevent, detect, or investigate unauthorized use of our Services and ensure we comply with the law and our policies; and
  • to manage any dispute and accidents and take legal or other professional advice.

9. HOW WE SHARE PERSONAL INFORMATION

We only share personal information in limited circumstances. For example, we share personal information within our family of companies. This includes our parent, subsidiaries and affiliates. These related organizations use your information for the same purposes described in this Privacy Notice. We also share personal information with our third party service providers, suppliers, vendors, professional advisors and business partners, which may include IT service providers, financial institutions and payment providers, customer relationship management vendors, other cloud-based solutions providers, lawyers, accountants, auditors and other professional advisors. We contract with such vendors and advisers to ensure that they only process your personal information under our instructions and ensure the security and confidentiality of your personal information. We share personal information with these third parties to help us:

  • with the uses described in the How We Use Personal Information section above;
  • in the operation, management, improvement, research and analysis of our Services;
  • with our marketing and promotional projects, such as sending you information about products and services you may like and other promotions (provided we have collected consent from you where required by applicable law and you have not unsubscribed from receiving such marketing and promotional information from us); and
  • comply with your directions or any consent you have provided us.

Employment information that you provide to us may be shared with service providers that vet job applicants on our behalf and help us determine fitness for a position.

We may share personal information with law enforcement and regulatory authorities or other third parties as required or permitted by law for the purpose of:

  • responding to a subpoena, court order, or other legal processes;
  • defending, protecting, or enforcing our rights;
  • assisting in the event of an emergency; and
  • complying with applicable law.

In accordance with applicable law, we may also transfer or assign personal information to third parties as a result of, or in connection with, a sale, merger, consolidation, change in control, transfer of assets, bankruptcy, reorganization, or liquidation. If we are involved in defending a legal claim, we may disclose personal information about you that is relevant to the claim to third parties as a result of, or in connection with, the associated legal proceedings.

We are required to disclose the categories of personal information we share under California law.

We share non-personal information with third parties as reasonably necessary to meet our business needs.

10. HOW LONG WE RETAIN PERSONAL INFORMATION

Except as otherwise permitted or required by applicable law, records containing personal information will only be retained as long as necessary to accomplish the purposes listed above, including to meet statutory, contractual, administrative, and operational requirements. Once we no longer need such records and there is no longer any legitimate need to use your personal information, we will delete, destroy, aggregate, or otherwise anonymize your personal information, subject to any retention period provided by applicable law.

11.HOW WE PROTECT PERSONAL INFORMATION

To prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or loss of your information or other similar risks, and to maintain the accuracy and confidentiality of such information, we have put in place appropriate physical, organizational, technological, and managerial procedures to safeguard and secure the information we collect from you. With respect to personal information that we collect from you online, please note that the Internet is not 100% secure and we cannot guarantee that your use of our Services will be completely safe, or that communications will not be intercepted. We encourage you to use caution when using the Internet or email. If you believe that your personal information held by us has been compromised, we urge you to notify us promptly.

Access to personal information is restricted to personnel who require access in order to perform their duties and job responsibilities, and access is limited to only that information that is strictly necessary for the performance of those duties and responsibilities.

12.OUR COMMITMENT TO CHILDREN’S PRIVACY

Our Services are not for, or directed at, children or those under the age of 18. We do not knowingly collect personal information from children or other persons under 18 years of age. Individuals who are children or under the age of 18 should not attempt to provide us with any personal information. If you believe we have received personal information from children or those under the age of 18, we urge you to notify us promptly to have it deleted.

13. YOUR PRIVACY RIGHTS AND CHOICES

The following rights and choices are available to you, but some exceptions may apply based on our reason for processing your personal information and the local privacy laws in your jurisdiction. We will respond and address privacy rights requests within the relevant timeline requirements as stipulated by the privacy laws in your jurisdiction.

14. Access to your personal information

You have the right to request access to the personal information that we collect, use, and disclose about you. You also have the right to not receive discriminatory treatment for exercising your access right. To submit a request or designate an authorized agent to make a request,

you may email us at privacy@sensei-corporate-wordpress.azurewebsites.net.

15.Deleting your personal information

You have the right to request that we delete your personal information, subject to some exceptions under applicable law. Once we have received and confirmed your request, we will delete (and direct our partners and service providers to delete) your personal information, unless an exception under applicable law applies. You have the right to not receive discriminatory treatment for exercising your deletion right.

16.Correcting your personal information

The accuracy of the personal information we have about you is very important. You have the right to correct and update your personal information by directly accessing your account and profile information. You may also request that we correct your information by contacting us. You have the right to not receive discriminatory treatment for exercising your correction right. To submit a request or designate an authorized agent to make a request, you may email us at privacy@sensei-corporate-wordpress.azurewebsites.net.

17. Opting out of the sale of your personal information

You have the right to opt out of the sale* of your personal information. You also have the right to not receive discriminatory treatment for exercising this right. You can exercise your right to opt out by clicking the “Do Not Sell or Share My Personal Information” link on our website. You can also submit a request or designate an authorized agent to make a request by email at privacy@sensei-corporate-wordpress.azurewebsites.net.

*”sale” is used here as defined by California and Nevada law. While we do not sell your personal information to third parties for money, we may share certain categories of personal information to others in order to receive certain benefits or services. Such sharing may be considered a “sale” under California and Nevada law.

18. Opting out of the sharing of your personal information

You have the right to opt out of the sharing of your personal information for cross-context behavioral advertising purposes. You also have the right to not receive discriminatory treatment for exercising this right. You can exercise your right to opt out by emailing us at: privacy@sensei-corporate-wordpress.azurewebsites.net. You can also submit a request or designate an authorized agent to make a request by contacting us using the information below.

19.  Email Communications / Direct Marketing

You may have the opportunity to receive certain communications from us related to our Services and, when necessary, we will obtain consent from you for these communications. If you provide us with your email address in order to receive communications, you can opt out of marketing emails at any time by following the instructions at the bottom of our emails or by contacting us using the information below. Please note that certain emails may be necessary for the operation of our Services. You will continue to receive these necessary emails, if lawful and appropriate, even if you unsubscribe from our optional marketing communications.

20. Cookies / Beacons

If you wish to minimize information collected by cookies or beacons, you can adjust the settings using the Cookie Settings by emailing us at: privacy@sensei-corporate-wordpress.azurewebsites.net. You can also adjust the settings of your device or browser. You can also set your device or browser to automatically reject any cookies. You may also be able to install plug-ins and add-ins that serve similar functions. However, please be aware that some Services may not work properly if you reject cookies. In addition, the offers we provide when you visit us may not be as relevant to you or tailored to your interests.

21.DATA TRANSFERS

We are a global business. As such, information we collect may be transferred to, stored, and processed in any country or territory where one or more of our business partners or service providers are based or have facilities which may be different to your home country. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect personal information that we transfer in line with this Privacy Notice requiring that our business partners or service providers adhere to this Privacy Notice and the applicable privacy laws and regulations in your home country.

22. THIRD PARTY WEBSITES AND APPS

Our website and Services may contain links to other websites or apps operated by third parties. Please be advised that the practices described in this Privacy Notice do not apply to information gathered through these third party websites and apps. We have no control over, and are not responsible for, the actions and privacy policies of third parties and other websites and apps.

23.  CONTACT US

We welcome requests, questions, comments, and feedback on this Privacy Notice and our management of personal information. If you have requests, questions, concerns, or feedback, you can always contact us using the method provided below. If you are submitting a privacy right request, the request must provide sufficient information that allows us to verify that you are the person you are claiming to be or that you are the authorized representative of such person. You must also include sufficient details to allow us to properly understand the request and respond to it. We cannot respond to certain requests or provide you with personal information unless we first verify your identity or authority to make such a request and confirm that the personal information relates to you. If you are submitting a request using an authorized agent, please ensure the appropriate individual is identified as the authorized agent.

For your protection, we will need to verify your identity before assisting with your request, such as verifying that the information used to contact us matches the information that we have on file.

You may email us at: privacy@sensei-corporate-wordpress.azurewebsites.net

You may call us at 1-855-SENSEI5

You may send mail to the following postal mail address:

Attn: Privacy Policy
Sensei Labs Inc.
33 Bloor Street East, Suite 1106
Toronto, Ontario M4W 3H1

24. Changes to this policy

We reserve the right to change this Privacy Notice from time to time by posting the changes here. If we choose to amend this Privacy Notice, we will revise the Last Updated date at the top of this Privacy Notice when we post the updated version. We may also provide you with notice by prominently posting on our website, via email or both if we make any significant changes to this Privacy Notice. We may also highlight those changes at the top of this Privacy Notice and provide a prominent link to it for a reasonable length of time following the change. To the extent that our Privacy Notice changes in a material way, the notice that was in place at the time that you submitted, or we collected your personal information will generally continue to govern that information unless we receive your consent to the new Privacy Notice, where required. If your consent is not necessary, the new version of the notice will apply from the date stated. We encourage you to bookmark this page and to periodically review it to ensure familiarity with the most current version of our Privacy Notice.

25. Complaints

You may contact us using the information above to make a complaint regarding this Privacy Notice, our privacy practices, and/or our handling of your personal information. For more information on how we will handle and process your complaint, please refer to Appendix 1c: Process for Handling Inquiries and Complaints.

26. Accountability

Along with our Privacy Committee, there is a Privacy Team at Sensei Labs that is accountable for all personal information we collect and use.

Should you have any questions or concerns about this Privacy Notice or our collection of your personal information, please contact the Privacy Team:

You may email us at: privacy@sensei-corporate-wordpress.azurewebsites.net

You may call us at 1-855-SENSEI5

You may send mail to the following postal mail address:

Attn: Privacy Committee
Sensei Labs Inc.
33 Bloor Street East, Suite 1106
Toronto, Ontario M4W 3H1

Without limiting the above, individuals in Alberta may contact our Privacy Committee if they have questions about the collection, use, disclosure or storage of personal information by our service providers or affiliates outside Canada, or to obtain access to written information about our policies and practices with respect to such service providers and affiliates outside Canada.

Appendix 1a: Roles and Responsibilities of Sensei Labs Personnel Throughout the Life Cycle of Personal Information

Sensei Labs™ (“Sensei Labs”) personnel will have the following roles and responsibilities with respect to handling personal information throughout its lifecycle within our organization:

Roles and Responsibilities:

The Privacy Committee is responsible for:

  • Ensuring that Sensei Labs complies with relevant privacy and data protection legislation, including the Personal Information Protection and Electronic Documents Act and any other applicable federal, provincial or state privacy and data protection laws, including (without limitation), where applicable, the Act respecting the protection of personal information in the private sector (Quebec), the Consumer Privacy Act of 2018 (CCPA), and HIPAA (The Health Insurance Portability and Accountability Act);
  • Promoting privacy and data protection within Sensei Labs;
  • Drafting and enforcing the Sensei Labs Privacy Policy
  • Developing policies, practices, standards, and procedures to appropriately manage and safeguard personal information in accordance with applicable laws, the Sensei Labs Privacy Policy, Privacy Notice, and contractual requirements;
  • Ensuring that Sensei Labs’ Privacy Policy, Privacy Notice and standard operating procedures are in accordance with applicable laws and regulations as well as its contractual obligations, including procedures applicable to the collection, use, sharing, disclosure, retention and destruction of personal information;
  • Developing appropriate consent processes for collection, use and disclosure of personal information;
  • Confirming that appropriate security controls are developed, implemented and maintained to protect personal information in a manner that is consistent with the sensitivity of the information;
  • Establishing procedures for receiving and responding to requests to access and/or rectify personal information and responding to such requests;
  • Establishing procedures for receiving and responding to privacy and data protection inquiries and complaints, including complaints regarding the protection of personal information, as well as investigating and responding to such inquiries and complaints;
  • Evaluating new contracts to ensure that Sensei Labs and Sensei Labs’ customers, suppliers, partners, and other parties conduct business in a legal and ethical manner when it comes to issues of privacy;
  • Assessing privacy-related factors for any new Sensei Labs project dealing with access to, or use or disclosure of, personal information before its implementation by Sensei Labs and ensuring the project’s compliance with applicable privacy laws;
  • Monitoring employee email and computer use for policy violations and other improper conduct;
  • Developing an incident/breach response plan as well as an appropriate breach recording system and managing breach records;
  • Receiving reports of privacy and data breaches, leading breach response and containment process, and directing investigations into such breaches;
  • Directing and managing compliance with court orders and other legal processes requiring disclosure of personal information;
  • Developing an appropriate data retention schedule and document disposal procedures; and
  • Communicating with privacy regulators, including in the event of an audit, complaint or investigation.

Sensei Labs Security Committee is responsible for:

  • Defining, implementing, maintaining and enforcing policies, procedures and safeguards related to information technology and systems of record;
  • Designing, implementing and maintaining computing hardware, software, processes and controls, as needed to support the effective, compliant management of records containing personal information throughout their lifecycle;
  • Developing data back-up policies and procedures and regularly testing back-ups;
  • Conducting vulnerability assessments, as well as security threat and risk assessments, and developing and managing risk mitigation plans;
  • Assisting with development and delivery of information security training to personnel;
  • Monitoring use of Sensei Labs email and systems for security risks; and
  • Notifying the Privacy Committee of any data breach, technology failure, or other incident that results in (or may result in) loss of or unauthorized access to or disclosure of personal information (or other confidentiality incident). Participating and fully cooperating in any investigation into such incidents (including cooperating with outside investigators, where applicable).

Sensei Labs Technical Staff are responsible for:

  • Maintaining a consent log (as required by applicable laws), an up-to-date master unsubscribe list for each marketing program, as well as a global unsubscribe list;
  • Ensuring that marketing and commercial communications are not sent to any person on the program or global list;
  • Restricting access to unsubscribe lists to only the Privacy Committee and those Technical Staff on a need-to-know basis; and
  • Granting access to personal information on a “need to know” basis, and ensuring access is revoked for departing employees and employees transferring into positions where they no longer need access to certain information.

Sensei Labs compliance staff are responsible for:

  • Assisting the Privacy and Security Committees in understanding all applicable regulatory requirements and helping teams convert requirements into technical, physical and administrative/organizational controls as appropriate;
  • Assisting in the development, implementation and maintenance of any policies, procedures or training required by those regulations or by contract, including the tracking and reporting of privacy and data protection training;
  • Hosting and/or responding to external audit requests relative to these areas as well as periodically conducting internal audits to help ensure compliance with appropriate policies; and

Sensei Labs management employees are responsible for:

  • Making reasonable efforts to ensure that personal information maintained by Sensei Labs is accurate, timely, relevant, and complete;
  • Making reasonable efforts to ensure that all personal information is used only as intended, and that precautions preventing unauthorized access and misuse are both effective and appropriate;
  • Establishing appropriate controls to ensure that personal information is disclosed to and accessed only by persons who have a legitimate business need, and only retained as long as needed to accomplish the purposes for which it was collected or for compliance with relevant legal and contractual obligations except as otherwise permitted or required by applicable law; and
  • Notifying Sensei Labs Technical Staff of personnel changes requiring modifications to access privileges.

All Sensei Labs employees are responsible for:

  • Reading, understanding and complying with Sensei Labs’ Privacy Policy and related policies, notices, standards and procedures;
  • Acting within applicable laws and regulations;
  • Notifying individuals of the purposes for which their personal information will be collected, used and disclosed, and obtaining consents in accordance with Sensei Labs policies and procedures when collecting personal information;
  • Limiting collection of personal information to what is needed to accomplish the purposes identified to individuals in accordance with Sensei Labs policies, standards, and procedures;
  • Refraining from accessing, using, or disclosing personal information unless required for performance of their job duties and permitted by applicable policies, standards, and procedures;
  • Taking reasonable steps to confirm that information is accurate and up to date before using personal information, where appropriate;
  • Protecting the security and confidentiality of any personal or other confidential information they have access to in connection with their employment;
  • Regularly identifying and disposing of transitory information, which is no longer needed to support business activities, in a secure manner and in accordance with Sensei Labs’ retention and destruction policies and procedures;
  • Forwarding any unsubscribe requests received to a member of the Technical Staff for implementation;
  • Forwarding any requests received with respect to access and rectification of personal information to the Privacy Committee;
  • Asking the Privacy Committee for clarification on any privacy-related questions that may arise and seeking guidance from the Privacy Committee if they are unsure of their obligations under Sensei Labs’ policies, standards and procedures or applicable law; and
  • Reporting any privacy related complaints to Sensei Labs’ Privacy Committee and Security Committee.

Sensei Labs will take steps to communicate to personnel their roles and responsibilities in connection with processing personal information as described above.

APPENDIX 1B: RECORD RETENTION AND DESTRUCTION POLICY

Sensei Labs™ (“Sensei Labs”) has developed a records retention and destruction policy that aligns with the guidelines provided by the Office of the Privacy Commissioner in Canada and the Commission d’Accès à l’Information (Québec).

I. Retention of Records

Except as otherwise permitted or required by applicable law, Sensei Labs will retain records containing personal information (“Records”) only as long as necessary to accomplish the purposes for which such information was collected and to meet statutory, fiscal, contractual, administrative, and operational requirements.

Sensei Labs undertakes to ensure that Records are accurate, complete, and are retained for the periods of time required pursuant to applicable laws and regulations.

The Records will be handled in accordance with a Document Management Procedure that includes the following components:

  • identification of the types of Records containing personal information (e.g., human resources files, customer files, etc.);
  • defining the levels of confidentiality of Records (e.g., protected, confidential and secret) according to factors such as sensitivity, purpose, quantity, distribution and medium;
  • distinguishing the types of media to associate an appropriate method of retention and destruction for different types of Records (e.g., paper, computerized or electronic media);
  • determining and implementing a retention schedule for different types of Records that meets legal requirements, including maximum and minimum retention periods that take into account legislative requirements and restrictions and appeal mechanisms (where applicable);
  • destroying personal information that does not fulfill a specific purpose or is no longer required to fulfill an identified purpose. If information is to be retained solely for statistical purposes, effective de-identification techniques will be used;
  • ensuring that all personal information is completely deleted before recycling or disposing of electronic devices (e.g., computers, photocopiers, cell phones);
  • using effective processes to destroy, erase or de-identify personal information;
  • developing guidelines and implementing procedures for secure retention of personal information; and
  • conducting periodic reviews to assess the need to retain personal information.

II. Destruction of Records

  1. Types of Records

Sensei Labs will determine the appropriate destruction methods for the Record, depending on whether it is a Paper Record or an Electronic Record, as defined below:

Paper Records include physical representations of data, such as paper printouts, notes, memos, messages, correspondence, transaction records and reports in hard copy.

Electronic Records include information stored on electronic devices, such as computer hard drives, copier and printer hard drives, removable solid drives including memory, disks and USB flash drives, mobile phones and magnetic tapes. Electronic Records include emails, draft versions of documents saved on a server or document management system, scanned/imaged documents, faxes (where there is no paper copy), voicemails, metadata and any other information or data saved to or stored in electronic form.

2. Destruction Techniques That May Be Used

Sensei Labs will use the following destruction techniques recommended by the Office of the Privacy Commissioner in Canada, so that the personal information contained in such Records cannot be recovered:

  • Completely destroying the media, whether hard or electronic copy, so that the information stored on it can never be recovered. This can be accomplished using a variety of methods including disintegration, incineration, pulverizing, shredding and melting.
  • Deleting information using methods that resist simple recovery methods, such as data recovery utilities and keystroke recovery attempts. One method for clearing media is overwriting, which can be done using software and hardware products that overwrite the media with non-sensitive data.
  • Degaussing, in which magnetic media are exposed to a strong magnetic field to make data unrecoverable. This can be used to protect against more robust data recovery attempts, such as a laboratory attack using specialized tools (for example, signal processing equipment). Degaussing cannot be used to purge nonmagnetic media, such as CDs or DVDs.

3. Destruction by a third-party service provider

Sensei Labs may engage the services of a third-party service provider to destroy Records, including where it does not possess the equipment necessary to allow for secure and definitive destruction.

When Sensei Labs uses the services of a third-party service provider, Sensei Labs will ensure that the contract for the provision of Record destruction services specifies:

  • the process used for the destruction;
  • an acknowledgement by the service provider that the information being processed is confidential;
  • that the service provider will inform Sensei Labs if it uses a subcontractor for the destruction of Records;
  • that a confidentiality agreement will be signed by the service provider’s employees who have access to the Records;
  • that secure storage of the Records is required prior to destruction (e.g., stored in secure premises with limited access);
  • that Sensei Labs has the right to access the service provider’s premises during the term of the contract to confirm compliance with the contract;
  • that the service provider is required to report regularly to Sensei Labs on the destruction of the Records.

In the event that the third party service provider fails to comply with its obligations, Sensei Labs will take appropriate measures, including to obtain the return of the Records and terminate the contract.

Appendix 1c: Process for Handling Inquiries and Complaints

Individuals have the right to make inquiries or complaints about the collection, use, disclosure or other processing of their personal information by Sensei Labs, or otherwise regarding Sensei Labs’ compliance with applicable privacy and data protection laws.

Sensei Labs’ employees who receive or are made aware of an inquiry or complaint must:

Sensei Labs’ Privacy Committee shall be responsible for undertaking a reasonable investigation into and responding, in writing, to all such inquiries and complaints. In particular, the Privacy Committee shall:

  • Acknowledge receipt of the inquiry or complaint promptly;
  • Validate/confirm the identity of the individual/claimant;
  • Seek clarification regarding the inquiry or complaint, as needed;
  • Fairly and impartially evaluate the validity of a complaint, having regard to all relevant factors;
  • Notify the individual of the response to their inquiry or outcome of their complaint clearly and promptly, together with any steps taken as a result of the inquiry or complaint, within the time period required by applicable law;
  • If a complaint is found to be justified, take appropriate measures to address and rectify the substance of the complaint and to ensure compliance with the applicable laws, including, if necessary, correcting any inaccurate Personal Information and/or amending Sensei Labs’ policies and procedures concerning the processing of personal information; and
  • Ensure that relevant Sensei Labs employees are aware of any changes to Sensei Labs’ policies and procedures as a result of an inquiry or complaint, including arranging for necessary training to implement and give effect to such changes.

Records of decisions made with respect to an inquiry or complaint, and any personal information that is the subject of an access request or a request for rectification, will be maintained for as long as necessary to allow the relevant individual(s) to exhaust any recourse they may have under applicable laws. The Privacy Committee will approve an override of Sensei Labs’ regular retention and deletion schedule/practices where necessary to permit such retention.

Appendix 2: California

In accordance with California law, please see the information below to learn more about the categories of personal information we collect, how we collect it, why it is collected, with whom we share the information, and how long we retain it.

The categories of personal information we have collected about consumers in the preceding 12 months are:

  • Identifiers such as a real name, postal address, online identifier, internet protocol address, email address, or other similar identifiers.
  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement.
  • (If you apply for a job with us) Professional or employment related information, such as work history, professional experience, and other information from resumes.
  • (If you apply for a job with us) Non-public education information, such as educational history and academic records.
  • Geolocation data (collected via IP address).
  • Inferences drawn from any of the information identified in this section to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
  • (If you apply for a job with us) Sensitive personal information, such as racial or ethnic origin, Social Security number, driver’s license number, or other government-issued identification information.

The sources from which we collect the categories of personal information described above are:

  • Consumers when you submit information directly through our Services.
  • Website visitors and their devices from which we passively collect information, such as device information.
  • Service providers that we engage to provide services on our behalf, including vendors that host or maintain our Services, employment vendors that assist with hiring, and advertising and technology vendors.
  • Others we interact with, such as job networks or social networks, if you choose to import your information from those platforms when applying for a job with us.
  • We also develop inferences or combine the personal information with information we already have.

The business or commercial purposes for collecting and using the personal information described above are:

  • Providing, maintaining, and improving our Services, including developing new products and services.
  • Sending marketing communications and engaging in promotional activities.
  • Conducting and developing our business with our customers.
  • Supporting or responding to your requests or questions.
  • Complying with our legal and contractual obligations.
  • Processing for security, safety, or due diligence purposes.
  • Recruiting and hiring.
  • Other purposes as disclosed to you at the time we collect your information.

We may share the categories of personal information described above with our affiliates, partners, suppliers, vendors, and service providers for the purposes described in the How We Share Personal Information section above.

We retain the categories of personal information described above for as long as necessary for the purpose for which it was initially collected, including the purposes listed in the How We Use Personal Information section above.

We do not “sell” personal information of known minors under 16 years of age.

APPENDIX 3: EUROPE / UNITED KINGDOM / URUGUAY

The following only applies if you are a resident of a member state of the European Union (EU), the United Kingdom, Uruguay, or the European Economic Area (EEA).

If you have questions or concerns regarding the use of your personal information, please contact us using the information below.

International Transfers

The personal information we collect from you is transferred to and stored by our group companies or IT vendors and other service providers (as specified in How We Share Personal Information above) who operate on our behalf. We also transfer information to a number of providers of business applications—such as CRM and marketing applications—as well marketing service providers. These providers are primarily located in the United States, but are also located in other jurisdictions.

In certain cases, there may not be an adequacy decision by the European Commission and/or United Kingdom/Uruguay authorities in respect of those countries. Adequacy of data protection is instead ensured by Standard Contractual Clauses approved by the European Commission in accordance with Article 46(2)(c) of the General Data Protection Regulation, or any equivalent clauses approved by the authorities in the United Kingdom including any additional safeguards as required by EU/UK data protection laws that we have in place with that third party. A copy may be requested by contacting our Data Protection Officer.

Data Retention

We retain your personal information for as long as necessary for the purpose(s) for which it was initially collected. The criteria we use to determine the retention period is as follows:

  • whether there are contractual or legal obligations that exist which require us to retain the information for a period of time;
  • whether there is an ongoing legal claim that relates to any business (or otherwise) relationship you have with us, or that is otherwise related to your relationship with us; and
  • whether any applicable law, statute, or regulation allows for a specific retention period.

Your Privacy Rights

You have—in accordance with applicable data protection laws—the following rights when it comes to our handling of your personal information. Please note that many of these rights are not absolute, and we have grounds for refusing to comply with your request to exercise them (for example, where we are (a) required or permitted by law to process your personal data in a way that is incompatible with your request, or (b) able to rely on exemptions under data protection law which entitle us to process your personal data in a way that is incompatible with your request). Where such circumstances apply, we will inform you of this at the time you make a request to exercise your rights.

  • Right of access – you have the right to request a copy of the personal information we have about you and to request supporting information explaining how the personal information is used;
  • Right of rectification – you have the right to request that we rectify inaccurate personal information about you;
  • Right of erasure – you have the right to request that we erase personal information about you;
  • Right to restrict processing – in certain situations, you have the right to request that we do not use the personal information you have provided (for example, if you believe it to be inaccurate);
  • Right to data portability – you have the right to receive your personal information in a structured, commonly used and machine-readable format and to transmit such information to another controller;
  • Right to withdraw consent – where we process your personal information based on consent (including direct marketing consents), you have the right to withdraw consent at any time. However, this will not affect the lawfulness of the processing based on consent before its withdrawal. Furthermore, even in case of a withdrawal we continue to use your personal information as permitted or required by law; and
  • Right to object – where we are processing your personal information based on a legitimate interest (or those of a third party) you can challenge this. However, we are entitled to continue processing your personal information where we can demonstrate that we have compelling legitimate grounds to process your information (which override your rights and freedoms), or where continuing to process your personal information is relevant to the establishment, exercise or defence of legal claims. You also have the right to object where we are processing your personal information for direct marketing purposes.

If you would like to exercise any of these rights or in case you should have any concerns about how we process your personal information, please contact us using the information below.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We typically need to request specific information from you to help us confirm your identity and ensure your right to access your personal information, or access someone else’s personal information on their behalf (or to exercise any of the other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated. Should we be unable to comply with your request, we will provide an explanation.

You may email us at: privacy@sensei-corporate-wordpress.azurewebsites.net

You may call us at 1-855-SENSEI5

You may send mail to the following postal mail address:

Attn: Privacy Committee
Sensei Labs Inc.
33 Bloor Street East, Suite 1106
Toronto, Ontario M4W 3H1

You have the right to make a complaint at any time to the supervisory authority in the UK, Uruguay, or the Member State of the EU or EEA in which you are resident. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.

APPENDIX 4: JAPAN

The following only applies if you are a resident of Japan.

If you have questions or concerns regarding the use of your personal information, please contact us using the information in the Contact Us section.

Security management measures

To prevent unauthorized access, loss, or unauthorized use of your information, and to maintain the accuracy and confidentiality of such information, we have put in place the security management measures listed below.

  • Formulation of basic policies. In order to ensure the proper processing of personal information, we formulate basic policies on “compliance with relevant laws, guidelines, etc.”, “contact point for questions and complaints”, etc.
  • Establishment of rules for handling personal information. We establish rules on the processing of personal information for each stage of acquisition, use, storage, provision, deletion, and disposal of personal information, including processing methods, responsible persons and persons in charge, and their duties.
  • Organizational security management measures. In addition to appointing a person responsible for the processing of personal information, we clarify the employees who process personal information and the scope of personal information processed by such employees and establish a system for reporting to the person responsible in the event that we become aware of facts or signs of non-compliance with the law or rules for handling personal information. In addition, we regularly conduct self-inspections and audits by other departments and external parties on the status of the handling of personal information.
  • Personnel security management measures. Regular training is provided for employees on matters to be considered in the handling of personal information and matters relating to the confidentiality of personal information are included in the employment regulations.
  • Physical security management measures. In areas where personal information is processed, we control employees’ access to rooms, restrict the equipment they bring in, and implement measures to prevent unauthorized persons from accessing personal information. We take measures to prevent the theft or loss of equipment, electronic media and documents that process personal information and implement measures to ensure that personal information is not easily revealed when such equipment, electronic media, etc. are carried, including when moving within the business premises.
  • Technical security management measures. We implement access controls to limit the scope of persons in charge and the databases of personal information to be processed. In addition, we have put in place measures to protect the information systems that process personal information from unauthorized external access or unauthorized software.
  • Understanding of the external environment. We store personal information in the U.S. and Canada and take necessary and appropriate measures based on the nature of the personal information.

Joint Use

We jointly use personal information from you as follows.

  • The categories of personal information. The categories are described in “The Types of Information We Collect” section above.
  • The utilization purposes. The purposes are described in the “How We Use Personal Information” section above.
  • The name, address, and the name of its representative of a business operator responsible for the management of the personal information.

Name – Sensei Labs
Address – 33 Bloor Street East, Suite 1106
Toronto, Ontario M4W 3H1

Data Transfers

We may provide personal information to third parties outside Japan who are establishing a system conforming to standards prescribed by rules of the Personal Information Protection Commission as necessary for continuously taking action equivalent to that which a personal information handling business operator takes concerning the handling of personal data pursuant to the provisions of Chapter IV, Section 2 of the Act on the Protection of Personal Information (the “equivalent action”). In such case, we will take necessary action to ensure continuous implementation of the equivalent action by the third party and, in response to your request, provide information on the necessary action.

Rights of Data Subjects

You have—in accordance with the Act on Protection of Personal Information (the “APPI”)—the rights listed below when it comes to our handling of your personal information. Please note that many of these rights are not absolute, and we have grounds for refusing to comply with your request to exercise them (e.g., (a) cases in which disclosure is likely to seriously impede the proper execution of the business of the business operator handling personal information, or (b) cases in which special procedures are prescribed by any other laws and regulations for correction, addition or deletion). Where such circumstances apply, we will inform you of this at the time you make a request to exercise your rights.

  • Notice of purpose of use of retained personal data
  • Disclosure of retained personal data
  • Disclosure of records when personal data is provided or received by a third party
  • Correction, addition or deletion of retained personal data
  • Cessation or suspension of the use of retained personal data or discontinuation of provision to a third party if the customer satisfies the requirements under the APPI

If you would like to exercise any of these rights or in case you should have any concerns about how we process your personal information, please contact us using the information in the Contact Us section.

We may charge a reasonable fee when you request the notice of purpose of use of retained personal data or disclosure of retained personal data or records when personal data is provided or received by a third party.

We typically need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is complex or you have made a number of requests. In this case, we will notify you and keep you updated. Should we be unable to comply with your request, we will provide an explanation.

APPENDIX 5: ARGENTINA

The following only applies if you are a resident of Argentina.

If you have questions or concerns regarding the use of your personal information, please contact us using the information provided in the Contact Us section.

Changes to the Privacy Notice

In the case of relevant changes that require your consent, we will present the new Privacy Notice to obtain your consent in relation to the new Privacy Notice.

International Transfer

You consent that your personal data may be processed and stored on a server located outside of the country where you live.

Sensitive Data Consent

You consent that we may collect Sensitive Data (as defined by Argentinian law), if required by applicable law, and we take steps to protect and limit any use of it to the purposes for which it is provided.

Processing Purposes

Notwithstanding the foregoing principal processing purposes, you consent that your personal data may be processed for purposes described in the Why We Use Personal Information section above, and the following secondary purposes:

  • Sending of presentations, courses, calls and communications
  • Sending relevant information about Sensei Labs
  • Publishing information about employees on the website and social networks of Sensei Labs

Transfer of Data to Third Parties

You consent that your personal data may be processed and stored by third parties.

Governmental Authority

For the purposes of this Privacy Notice, “Government Authority” means any of the executive, legislative or judicial powers of Argentina or any country related to the entity and the data subjects of the personal data, regardless of the way they act, whether they are federal, state or municipal, as well as any government agency, secretary, decentralized or deconcentrated body or equivalent entity, or any state, municipality, department or other political subdivision thereof, or any government body, authority (including any central bank or tax authority) or any entity (including any court) that exercises government, executive, legislative or judicial functions in Argentina or in any country applicable to the entity and the data subjects.

Your Rights

The Argentinean Data Protection Law No. 25,326 and its regulations give data subjects the rights to access, rectify, cancel and/or oppose the processing of their personal data. You can request the exercise of your privacy rights by contacting us using the information provided in the Contact Us section. Data subjects have at all times the right to revoke their consent to the processing of their information. Please refer to the contact information provided for these purposes.

Sensei Labs observes the principles established by the Argentinean Data Protection Law and its regulations. l Therefore, Sensei Labs will comply with these regulations as well as all notice and consent requirements depending on the category of data being collected, processed and/or transferred.

You can limit the use and disclosure of your personal data by registering in our exclusion list, so that your personal data is not processed for marketing, advertising or commercial prospecting purposes. To be included on the exclusion list, please contact us using the information provided in the Contact Us section.

AAIP

If you consider that your right to the protection of personal data has been harmed by any conduct or omission on the part of Sensei Labs or presumes any violation of the provisions provided in the Law, its Regulations and other applicable regulations, you may file your disagreement or complaint before the Agency of Access to Public Information (AAIP). For more information, we suggest you visit the official website: https://www.argentina.gob.ar/aaip. We would, however, appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance.

APPENDIX 6: SINGAPORE

The following only applies if your personal data is collected, used, disclosed, or processed by us in Singapore, or is otherwise regulated under the Singapore Personal Data Protection Act 2012 (“PDPA”).

Legitimate Interests

For the avoidance of doubt, and without prejudice to your consent to any other purposes as set out in the Privacy Notice, you fully understand and unambiguously consent to our collection, use, disclosure and processing of your personal data for the specified purposes associated with legitimate interests, as listed in the section “WHY WE USE PERSONAL INFORMATION” above.

International Transfers

You fully understand and unambiguously consent that we may transfer your personal data to any country (including to third parties where necessary) for the purposes set out in this Privacy Notice or as notified to you. When we transfer your personal data outside of Singapore, we will require foreign recipients of the personal data to protect your personal data in accordance with this Privacy Notice and to a standard of protection comparable to that under the PDPA.

Marketing Communications

We will not contact you for marketing purposes unless you have provided us with your express consent, or unless we are otherwise exempted from having to obtain your consent. If you do not wish to receive any such marketing communications or information from us, or wish to restrict the manner by which we may contact or send you such information, please contact us using the contact information below.

Your Rights

The following rights are available to you pursuant to the PDPA:

  • Right of access – you may request that we provide you with access to your personal data and information about the ways in which such personal data may have been used or disclosed by us.
  • Right of correction – you may request that any incomplete or inaccurate personal data we hold about you is corrected.
  • Right of withdrawal of consent – you may withdraw your consent for our collection, use or disclosure of your personal data.
  • Right of data portability – you may request the transfer of certain of your personal data to another party under certain conditions.

We may require that you submit certain forms or provide certain information to process your request. We may also charge a reasonable fee to process your request. Under certain circumstances, we may refuse to comply with your request as may be permitted under the PDPA. If you have any questions about your rights or if you would like to exercise any of your rights, please contact us using the contact information below.

Data Protection Officer contact information

You can always contact our Data Protection Officer with any issues or questions you have regarding our processing of personal data in Singapore.

Email – privacy@sensei-corporate-wordpress.azurewebsites.net
Mail – Attn: Privacy Committee
Sensei Labs Inc.
33 Bloor Street East, Suite 1106
Toronto, Ontario M4W 3H1