- Purpose and Scope
For the purposes of this Policy, “Personal Information” means any information, recorded in any form, about an identified individual or an individual whose identity may be inferred or determined from the information. Information, recorded in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred from the information (“Aggregated Information”) is not subject to this policy. March Networks Corporation (“March Networks”) retains the right to use Aggregated Information in any way that it determines appropriate. Also excluded from this Policy is business contact information of an individual that is collected by March Networks solely for the purpose of communicating with the individual in relation to their employment, business or profession.
- March Networks’ Collection, Use and Disclosure of Personal Information
March Networks uses the Personal Information provided verbally or in writing (including electronic media) by its affiliates, and also by, among others, its customers, consultants, users, channel partners, strategic partners, resellers, suppliers, contractors, and distributors (including their employees) in order to: (a) manage its relationship, including the provision of information about products and services, with among others, March Networks’ affiliates, customers, consultants, users, channel partners, strategic partners, resellers, suppliers, contractors and distributors; (b) deliver products and services (including without limitation, hosted software solutions) to customers; (c) meet any legal or regulatory requirement; and (d) such other purposes consistent with these purposes.
March Networks collects only such information from individuals or organizations as is required for the purposes of providing products, services or information to them. As March Networks is a global organization, Personal Information may be shared among March Networks’, and/or its affiliates’, offices or channel partners in other countries, including but not limited to Canada, the United States, APAC and the European Economic Area. While March Networks will take all reasonable measures to ensure the standards of protection found in Canada are applied, this cannot always be guaranteed and Personal Information may be accessed by law enforcement and other authorities in foreign jurisdictions. Your information may be stored and processed in Canada or any other country where March Networks, and/or its affiliates, suppliers, or channel partners are located. With regard to the specific rules concerning data transfers for users residing in the European Union, please refer to Section 3.
Personal Information will be collected, to the extent possible, directly from the individual concerned. Unless permitted by law, no Personal Information is collected about an individual without first obtaining the consent of the individual to the collection, use and disclosure of that information. March Networks does not sell, trade, barter or exchange for consideration any Personal Information it has obtained.
Except in connection with personnel and benefit administration, March Networks does not knowingly collect Personal Information from anyone under the age of eighteen (18), especially children under the age of thirteen (13), and does not use such information if it discovers that it has been provided by a minor.
March Networks may disclose Personal Information to, among others, its affiliates, agents, contractors or third party service providers, which perform services on behalf of the company or assist March Networks as part of its delivery of products, services or information. Using contractual or other arrangements, March Networks shall ensure that such Personal Information is used solely as directed by March Networks and that such affiliates, agents, contractors or third party service providers, with respect to that information, act in a manner consistent with the relevant principles articulated in this Policy.
Personal Information may also be subject to transfer to another organization in the event of a proposed merger, sale of assets or business units or change of ownership of all or part of March Networks. This will occur only if the parties have entered into an agreement under which the use and disclosure of the information is restricted to those purposes that relate to the business transaction, and pursuant to which the information is subject to security safeguards and the obligation to return or destroy the information should the transaction not proceed. In the event that the transaction is completed, March Networks may use and disclose the Personal Information under its control for the purposes for which the information was originally collected, used or disclosed before the transaction was completed, with appropriate conditions as required by law.
Please note that there are circumstances where the collection, use and/or disclosure of Personal Information, without consent, may, subject to the laws of the applicable jurisdiction, be justified or permitted. There are also circumstances where March Networks is obliged to disclose information without consent. Circumstances in which March Networks may be required or permitted to collect, use and disclose Personal Information without consent include:
- Where required by the laws of the applicable jurisdiction or by order or requirement of a court, administrative agency or other governmental tribunal, including pursuant to a subpoena or warrant, or pursuant to a request made by a government institution that has lawful authority and for the purpose of administering or enforcing the law.
- Where March Networks believes, upon reasonable grounds, that it is necessary to protect the life, health or security of a person(s) or to identify an injured, ill or deceased person and communicate with his/her next of kin.
- Where it is necessary to establish or collect monies owing to March Networks.
- Where it is necessary to permit March Networks to prevent, detect or suppress fraud; to protect victims of financial abuse; or to pursue investigation of a contravention of law as permitted by law.
- Where the information is publicly available, as specified by applicable law.
Where obliged or permitted to disclose information without consent, March Networks will not disclose more information than is required.
- Accuracy and Retention
March Networks endeavors to ensure that any Personal Information provided and in its possession is as accurate, current and complete as necessary for the purposes for which March Networks uses that information.
March Networks retains Personal Information as long as the company believes it is necessary to fulfill the purpose for which it was collected. March Networks has in place procedures for the retention and subsequent disposition of March Networks’ records including those that contain Personal Information.
Currently, March Networks holds Personal Information in Canada as well as in other countries where March Networks does business.
March Networks endeavors to maintain appropriate physical, procedural and technical security with respect to its offices and information storage facilities to prevent any loss, misuse, unauthorized access, disclosure, or modification of Personal Information.
March Networks further protects Personal Information by restricting access to it to those employees that need to know the information in order that March Networks may provide its products, services or information.
If any March Networks manager or employee misuses Personal Information, this will be considered a serious offence for which disciplinary action may be taken, up to and including termination of employment. If any individual or organization misuses Personal Information, provided for the purpose of providing services to March Networks, this will be considered a serious issue for which action may be taken, up to and including termination of the agreement between March Networks and that individual or organization.
- March Networks’ Web Sites and Networks
March Networks provides clients and others with general access to public web sites and restricted access to extranets. March Networks’ web servers track general information about visitors such as their domain name and time of visit. March Networks’ web servers also collect and aggregate information regarding which pages are being accessed. This information is used internally, only in aggregate form, to better serve visitors by helping March Networks to manage its sites; diagnose any technical problems; and improve the content of March Networks’ web sites.
March Networks may permit third party analytic providers, such as Google Analytics to use technologies such as cookies and web beacons to collect and process certain non-personally identifiable information regarding usage of March Networks website and services. Those wishing to opt out of Google Analytics data collection should use the Google Analytics Opt-out Browser Add-on.
Please note that for security purposes and to ensure that March Networks’ website and networks remain available for use, March Networks employs software programs to monitor network traffic, to identify unauthorized attempts to upload or change information, and to prevent denial of service or other attacks intended to cause damage. Evidence of such acts may also be disclosed to law enforcement authorities and result in criminal prosecution under the laws of the applicable jurisdiction.
- Accessing and Updating Personal Information
March Networks permits the reasonable right of access and review of Personal
Information held by the company about an individual and will endeavor to provide the
information in question within a reasonable time and no later than thirty (30) days following the request. March Networks reserves the right not to change any Personal Information but will append any alternative text the individual concerned believes to be appropriate.
To guard against fraudulent requests for access, March Networks will require sufficient information to allow it to confirm that the person making the request is authorized to do so before granting access or making corrections.
March Networks reserves the right, subject to the laws of the applicable jurisdiction, to decline to provide access to Personal Information where the information requested:
- Would disclose (a) Personal Information, including opinions, about another individual or about a deceased individual; or (b) trade secrets or other business confidential information that may harm March Networks or the competitive position of a third party or interfere with contractual or other negotiations of March Networks or a third party.
- Is subject to solicitor-client or litigation privilege.
- Is not readily retrievable and the burden or cost of providing it would be disproportionate to the nature or value of the information.
- Does not exist, is not held, or cannot be found by March Networks.
- Could reasonably result in (a) serious harm to the treatment or recovery of the individual concerned, (b) serious emotional harm to the individual or another individual, or (c) serious bodily harm to another individual.
- May harm or interfere with law enforcement activities and other investigative or regulatory functions of a body authorized by statute to perform such functions.
- Where information will not or cannot be disclosed, the individual making the request will be provided with the reasons for non-disclosure.
March Networks will not respond to repetitious or vexatious requests for access. In determining whether a request is repetitious or vexatious, March Networks will consider such factors as the frequency with which information is updated, the purpose for which the information is used, and the nature of the information.
- Withdrawing Consent and Complaints
Individuals have the right to withdraw consent to the use and disclosure of their Personal Information. The withdrawal of consent does not apply retroactively and may result in the inability to fully access March Networks’ products and services. Consent may be withdrawn by contacting March Networks as specified in Section 1 to this Policy. Complaints regarding March Networks handling of Personal Information also may be directed to the contact identified in Section 1.
- Specific rules for users residing in the European Union (EU)
For the processing of personal data of users residing in the European Union (“EU Data Subjects”), the following rules shall apply and prevail over any other conflicting provision contained in this Policy. The remaining rules of this Policy shall apply to EU Data Subjects in so far as compatible with Regulation EU/679/2016 (“GDPR”).
Where reference in this Policy is made to “Personal Information”, it shall mean “Personal Data” as defined by article 4 (1) (1) of the GDPR.
Processing of Personal Data of EU Data Subjects is normally carried out by March Networks’ affiliates and subsidiaries established in the European Union (the “EU Affiliates”). Therefore, Personal Data of EU Data Subjects usually do not leave the EU. However, where necessary to pursue one or more of the purposes identified in Section 2 above, Personal Data of EU Data Subjects may be directly processed by March Networks’ affiliates outside the EU (“Non-EU Affiliates”) on a viable legal basis provided for by the GDPR, including but not limited to, the EU Data Subjects’ unambiguous consent where necessary.
Where EU Data Subjects’ Personal Data are transferred by the EU Affiliates to the Non-EU Affiliates, the transfer takes place either under (i) the European Commission adequacy decision of 20 December 2001 regarding Canada or (ii) in accordance with the model clauses adopted by the European Commission with Decision EU/87/2010, which are entered between March Networks Inc. (established in the U.S.A.) and the EU Affiliates.
Where reference in this Policy is made to “minors”, it shall be noted that March Networks does not knowingly collect Personal Data from children (under the age of 16) residing in the EU. However, and in the event March Network realizes that a minor requests an information society service, March Networks shall request the parental consent for the processing of Personal Data of the minor (according to article 8 of the GDPR).
EU Data Subjects shall have the rights enshrined by Articles 15 to 22 GDPR, such as the right of access, rectification, portability and erasure of their Personal Data, as well as the right to object at any time to any processing activity carried out for direct marketing purposes, as well as to obtain the restriction of the processing.EU Data Subjects shall also have the right to lodge a complaint with the Supervisory Authority of the Member State where they reside or work. The rights can be exercised by sending an email to firstname.lastname@example.org.
The rights of EU Data Subjects may undergo only the restrictions provided for by the GDPR; any rule of this Policy conflicting with it shall not affect EU Data Subjects.
- Amendment of March Networks’ Practices and This Policy
Other means may also be used to provide notice of any change in policy and practices. Policy changes will apply to the information collected from the date of posting of the revised Policy Statement to March Networks’ web site as well as to existing information held by March Networks.
MARCH NETWORKS and the MARCH NETWORKS logo are trademarks of March Networks Corporation.
© 2019 March Networks Corporation. All rights reserved.