Privacy Policy

Last Updated: March 1, 2019.
At CRESS, we pride ourselves on our commitment to protecting your privacy. This Privacy Policy describes the privacy practices of CRESS Inc. and its affiliates and subsidiaries, meaning companies related by common ownership or control (“us,” “we,” “our”) responsible for collecting and maintaining certain information collected about you.

If you have questions or complaints regarding our Privacy Policy or practices, please contact us as detailed under the “How to Contact Us” section below.

1. WHEN THIS PRIVACY POLICY APPLIES.

If a Service you’re using links to this Privacy Policy, this Policy applies to you.

This Privacy Policy (“Policy”) applies to our sites, software products, and services (collectively, “Services”) that link to this Policy. CRESS Inc. is the controller of all Personal Information subject to this Policy for our Services.

There are two basic types of users that this privacy policy applies to:

  • Users who browse the CRESS (Cress.systems, CRESS.tech), or one of the specific Company product websites (CRESS.blue, CRESS.red, CRESS.green, CRESS.orange, CRESS.purple), or
  • Users who are, or are employed by a client company (“client”, “clients”), that have or had a SAAS contract with CRESS Inc. All users who log into and use the Services as a client have all of their actions and interactions logged as required for auditing and security purposes. Client user information is governed by the terms of your Client SAAS contract with us.

2. WHAT WE DO WITH YOUR INFORMATION.

We want to be clear about what information we collect and how we use it to deliver our Services to you, improve your financial life, operate our business, and help make our Services useful, more intelligent, and work better for you. We do not sell or share your Personal Information with third parties for their own commercial uses without your consent.

a) Types of Information We Collect. In connection with accessing our Services, we may collect information from you which can be used to identify you (“Personal Information”), such as your name, shipping/billing address, email address, phone, username and password.

We collect information when you register or use an account, purchase a Service, use a Service, call us for support, or give us feedback. We may also get information from other companies or third parties, such as when you sync a third party account or service with your CRESS Service, or when we may use service providers to supplement the Personal Information you give us (e.g., validate your mailing address) to help us maintain the accuracy of your data and provide you with better service. Finally, we also collect content or other information that you may provide or create when you interact with our Services.

We may also automatically collect certain usage information when you access our Services (“Usage Data”), such as Internet Protocol (“IP”) addresses, log files, unique device identifiers, pages viewed, browser type, any links you click on to leave or interact with our Services, and other usage information collected from cookies and other tracking technologies. For example, we collect IP addresses to track and aggregate non-personal information, such as using IP addresses to monitor the regions from which users navigate to our Services. We also collect IP addresses from users when they log into the Services as part of our log-in and security features. We may also, when you enable location-based Services, collect Global Positioning System (GPS) location data and/or motion data.

Our Services may change over time and we may introduce new features that may collect new or different types of information.

b) How We Use Your Information. We may use your information, including your Personal Information, for the following purposes:

  • Account Registration. We may use your name, address, phone number, and email address to register your account for certain Services we provide and to communicate important information to you. We may obtain additional Personal Information about you, such as address change information, from commercially available sources, to keep our records current. If you set up an administrator account that may be accessed by people other than you, please note that they may see and have the ability to change or delete your Personal Information.
  • To Provide Our Services and Operate Our Business. We may use your information to operate our business, including providing Services you requested, provide you with support related to our Services, and to help us protect our Services, including to combat fraud and protect your information.
  • Customer Service and Technical Support. We may use your name, address, phone number, email address, how you interact with our Services, and information about your computer configuration to resolve questions you may have about our Services and to follow up with you about your experience. We also offer various Internet chat services, for example, to speak with a CRESS support representative. Internet Chat transmissions are encrypted but you should not supply more Personal Information than is required to address your specific issue. A transcript of the session is retained to resolve questions or issues related to our Services.
  • Communicate with You and Tell You About Other Services. We may use your information to communicate with you about our Services and to give you offers for third party products and services that we think may be of use to you. Please see below under “What You Can Do to Manage Your Privacy” for the choices you have regarding these communications.
  • To Improve Services and Develop New Services. We will use your information to personalize or customize your experience and the Service, develop new features or services, and to improve the overall quality of CRESS’s Services.
  • Feedback. We may use any information you volunteer in surveys you answer for us and combine them with answers from other customers in order to better understand our Services and how we may improve them. Answering any survey is optional.
  • Research, Including Publishing or Sharing Combined Information from Many Users, But Only in a Way that Would Not Allow You or Any Other Person to be Identified. Only in a way that would not allow you or any other person to be identified, we may prepare and share information about our customers with third parties, such as advertisers or partners, for research, academic, marketing and/or promotional purposes. For example, we may share demographic data that describes the percentage of our customers who use mobile services or who use a particular operating system. We or our third party partners may publicly report the aggregated findings of the research or analysis, but only in a way that would not allow you or any other person to be identified.

c) How We Share Your Personal Information. From time to time, we may need to share your Personal Information with others.

Third Party Service Providers. We may share your information, including Personal Information and Usage Data, with third party service providers who perform various functions to enable us to provide our Services and help us operate our business, such as website design, sending email communications, fraud detection and prevention, customer care, or performing analytics. Our contracts with these third parties require them to maintain the confidentiality of the Personal Information we provide to them, only act on our behalf and under our instructions, and not use Personal Information for purposes other than the product or service they’re providing to us or on our behalf.

Response to Subpoenas and Other Legal Requests. We may share your information with courts, law enforcement agencies, or other government bodies when we have a good faith belief we’re required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request.

Protection of CRESS and Others. We may share account information, Personal Information and Usage Data when we believe it is appropriate to enforce or apply our products’ Terms of Service and other agreements; or protect the rights, property, or safety of CRESS, our Services, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. This does not include selling, renting, sharing, or otherwise disclosing Personal Information of our customers for commercial purposes in violation of the commitments set forth in this Privacy Policy.

Reporting to Credit Bureaus. We may share your information with credit bureaus, consumer reporting agencies, and card associations. Late payments, missed payments, or other defaults on your account may be reflected in your credit report and consumer report. We may also share your information with other companies, lawyers, credit bureaus, agents, government agencies, and card associations in connection with issues related to fraud, credit, or debt collection.

Information Sharing Between CRESS Entities. We share your information, including your Personal Information, with and among our affiliates and subsidiaries, except where prohibited by law. Affiliates and subsidiaries mean companies related by common ownership or control. The reasons why we share your information include for our everyday business purposes, such as to: process your transactions, maintain your accounts, operate our business, use CRESS Single Sign-in, etc. We will also share your information in order for us to be able to offer our products and services to you. We may also share information about your creditworthiness, your transactions and experience so that we can operate our business effectively, detect and prevent fraud, and improve our Services.

Sale of Our Business. If we sell, merge, or transfer any part of our business, we may be required to share your information. If so, you will be asked if you’d like to stop receiving promotional information following any change of control.

With your Consent. Other than as set out above, we will provide you with notice and the opportunity to choose when your Personal Information may be shared with other third parties.

d) Syncing, Linking, Connecting Your Bank Account or Other Third Party Services with Your CRESS Service. You may choose to sync certain CRESS Services with information from other financial accounts. To sync your financial account information, we must access your online account with your financial institution. We will request your user name, password, and any other login bank data that you have set up with your financial institution to enable access. We use this information to update and maintain the account information you download, to assist with the download process, and to enhance the Services we may provide in the future.

We work with other companies or developers to offer you products and services and you may choose to sync, link or connect other third party services with your CRESS Service. Sometimes CRESS may let you know about the service or product, or another company may let you know about a CRESS service or product. It will be clear who is referring the service or product, and who is providing the service or product. If you choose to accept these services, providing your consent to either the third party or to us, we may exchange your information, including your Personal Information, as well as information about how you interact with each company’s service or product. This exchange of information is necessary to maintain business operations and to provide the ongoing service you’ve requested. By requesting or accepting these products or services, you are permitting us to provide your information, including your Personal Information, to the other party.

e) CRESS Single Sign-in. CRESS Single Sign-in is a Service that allows you to sign in to a variety of CRESS Services. We will collect certain information for security purposes in order to verify your authorized access to an account or to reset your password if you cannot access your CRESS account. Some Services may require added security and may be asked to provide additional information. The email address and password that you use to sign up for a CRESS account are your “credentials” that you will use to authenticate with our network. We assign a unique ID number to your credentials to track you and your associated information. CRESS Services do not allow sharing of accounts between users or individuals.

3. WHAT YOU CAN DO TO MANAGE YOUR PRIVACY.

You can view and edit information that identifies you online through your CRESS Service. How you can access and control information that identifies you will depend on which Services you use. You have a choice about the use of information that identifies you, marketing communications you receive from us, and our use of cookies and other tracking technologies.

a) Updating Your Personal Information. In connection with your right to manage your Personal Information you provide to us, you may access, update, change, correct or request deletion of your information either through the Service or through our customer support. You can reach our customer support by using the contact information provided in the “How to Contact Us” section of this policy.

b) Managing Marketing Communications From Us. We will honour your choices when it comes to receiving marketing communications from us.

You have the following choices if you have been receiving marketing communications from us that you no longer wish to receive:

  • Click the “unsubscribe” or opt-out link in the email or newsletter you received.
  • For SMS messages, reply “STOP” or follow the instructions in the message or settings to discontinue the Service.
  • Subject to your control, our mobile applications may send push notifications to your mobile device. If you are receiving push notifications and no longer wish to receive these types of communications, you may turn them off at the device level.
  • You can also change your marketing preferences by sending your request to the mail and/or email addresses in the “How to Contact Us” section. Please include the contact information to which you no longer wish to receive marketing communications.

Remember that even if you choose not to receive marketing communications from us, we will continue to send you mandatory service or transactional communications.

c) Cookies and Other Tracking Technologies. The following is a high level summary of our practices and your controls for cookies and other tracking technologies. For more information, please see our Cookies Policy.

In accordance with applicable law, CRESS and our service providers may use commonly-used tools to recognize your visit and track your interactions with our Services such as cookies, web beacons, pixels, local shared objects, and similar technologies (collectively, “Cookies”). Sometimes this tracking is necessary in order for us to provide you the Service you requested. Other times, we combine Usage Data collected from Cookies with that of other customers to improve your and other customers’ experience. You have control over some of the Usage Data we collect from Cookies and how we use it. Information on changing your browser settings to opt out of Cookies can be found in your browser settings.

CRESS also uses advertising networks and other third parties to display advertising on our website or to manage our advertising on other sites. Our third party partners may place Cookies on our Services and unaffiliated websites in order to serve advertisements that may be relevant to you based on your browsing activities and interests, and to determine the effectiveness of such advertisements. If you wish to opt out of interest-based advertising, click here, or if located in the European Union, click here.

Please note that even if you out-out of such Cookies or otherwise opt-out of interest based advertising, you will still receive advertisements, they just won’t be tailored to your interests. Also, if you opt-out and later delete your Cookies, use a different browser, or buy a new computer, you may need to renew your opt-out choices.

d) Do Not Track. Like most other companies, our Services are not currently configured to respond to browsers’ “Do Not Track” signals because at this time no formal “Do Not Track” standard has been adopted. Click here for more information on “Do Not Track.”

e) Social Media Features. Our Services may use social media features, such as LinkedIn (“Social Media Features”). These features may collect your IP address and which page you are visiting within our Service, and may set a cookie to enable the feature to function properly. Social Media Features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing the relevant Social Media Features.

4. DATA RETENTION AND YOUR ACCESS RIGHTS.

a) Data Retention. In accordance with and as permitted by applicable law and regulations, we will retain your information as long as necessary to serve you, to maintain your account for as long as your account is active, or as otherwise needed to operate our business. When you close your account, we may continue to communicate with you about our Services, give you important business updates that may affect you, and let you know about products and services that may interest you, unless you have opted out of receiving marketing communications. We may also continue to use some of your information for business purposes and to improve our offerings or in some cases to develop new ones. We will retain and use your information as required by applicable regulations and CRESS’s records and information management policies to comply with our legal and reporting obligations, resolve disputes, enforce our agreements, complete any outstanding transactions and for the detection and prevention of fraud.

b) Your Access Rights. As required by applicable law, you may contact us to confirm whether we maintain, or process on behalf of a third party, any of your Personal Information and to review it in order to verify its accuracy and the lawfulness of our processing of such Personal Information. Where you have determined that the Personal Information we collected about you is inaccurate or processed in violation of applicable law, you may also request that your Personal Information be corrected, amended, or deleted. Requests for access to your Personal Information and to have it corrected, amended, or deleted should be sent to the email or mailing address provided in the “How to Contact Us” section.

5. SECURITY OF YOUR INFORMATION.

Keeping your Information safe is important to us. We provide reasonable and appropriate security measures in connection with securing Personal Information we collect. For example, we:

  • Constantly work to update our security practices to implement accepted best methods to protect your Personal Information, and review our security procedures carefully.
  • Comply with applicable laws and security standards.
  • Securely transmit your sensitive Personal Information.
  • Train our staff and require them to safeguard your data.
  • Transmit, store, protect, and access all cardholder information in compliance with the Payment Card Industry’s Data Security Standards.

6. INTERNATIONAL DATA TRANSFERS.

In accordance with and as permitted by applicable law and regulations, we reserve the right to transfer your information, process and store it outside of your country of residence to wherever we or our third party service providers operate.

7. HOW TO CONTACT US

All inquiries or complaints regarding privacy, including any questions or comments about this Privacy Policy, should be directed to the privacy officer by mail or e-mail at the addresses below.

MAIL
CRESS Inc.
Attention: Privacy Officer
55 Fleming Drive, Suite 3
Cambridge, ON N1T 2A9

EMAIL
Subject: Opt Out
privacyofficer@cress.systems

8. CHANGES TO OUR PRIVACY POLICIES.

From time to time we may change or update our Privacy Policies. We reserve the right to make changes or updates at any time. If we make material changes to the way we process your Personal Information, we will provide you notice via our Service or by other communication channels, such as by email or community post. Please review any changes carefully. If you object to any of the changes and no longer wish to use our Services, you may close your account(s). All changes are effective immediately upon posting and your use of our Service after a notice of material change or posting of an updated Privacy Policy shall constitute your consent to all changes.

9. COLLECTION AND USE OF CHILDREN’S PERSONAL INFORMATION.

CRESS Services are intended for and directed to adults. Our Services are not directed to minors and we do not knowingly collect Personal Information from minors.