Privacy Policy

D+H GLOBAL PRIVACY POLICY

Effective: January 9, 2017

INTRODUCTION

DH Corporation together with its affiliates, including FundTech Corporation and Bserv Investments, Inc. (“we”, “us” or “D+H”) is a leading financial technology provider that the world's financial institutions rely on every day to help them grow and succeed. Our customers, consumers, prospects, registered users, applicants for employment, and others with whom we do business entrust us with their personal data and personally identifiable information (“Personal Information”) and they expect us to protect that Personal Information with the same level of care we do our own. This is fundamental to the way we do business.

This D+H Global Privacy Policy (the “Policy”) describes and is intended to provide information about the practices we have adopted with respect to processing Personal Information including the collection, use, storage or disclosure of Personal Information, except where there are specific privacy requirements for a product or service (“Service”) and a separate policy has been published for that particular Service.

SCOPE

Whether acting as a data controller, a data processor or data intermediary, D+H is required to comply with all applicable laws and regulations protecting the privacy of Personal Information in the jurisdictions where D+H conducts business.

We may amend this Policy from time to time, should it become necessary or advisable to do so to comply with regulatory requirements or best practices. The most recent modification date of this Policy will appear at the top of this page. If we materially change our practices in processing Personal Information, we will post an updated policy in place of this Policy.

GENERAL DEFINITIONS

These definitions may vary slightly according to local data privacy laws.

"Personal Information" is any information relating to an identified or identifiable natural person (which in some jurisdictions may include individuals who are recently deceased, and whether or not the information is true) or to a legal entity (to the extent protected under applicable data protection law), recorded in any medium including but not limited to electronic, paper, or voice recordings. It may include information such as name, address, date of birth, identification numbers, financial information and any other identifiable personal information. Personal Information may include non-identifiable information which, when combined with other information to which D+H is likely to have access, can be used to identify an individual.

Individuals or entities that are identified or identifiable by Personal Information are referred to as “data subjects”.

Examples of Personal Information relevant to D+H may include:

  • Customer or Prospect Information: Customer or potential customer’s name, email address, business address, and company-related information. This information may be found on marketing, mailing, and contact lists, in corporate data bases, or spreadsheets.
  • Event Attendee and/or Sponsor Information: Name, email address, business address, company-related information, and credit card information. Some of this information may be found on registration forms/profiles, attendee lists, business cards, photos, video clips, online streaming and contest entries.
  • Applicants for Employment at D+H: We regularly post available positions in the "Careers" section of our website and we collect the necessary information to assess a candidate’s qualifications.

"Processing" means any operation that is performed on Personal Information, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, blocking, disabling or destruction.

"Sensitive Personal Information" is a subset of Personal Information, which due to its sensitive nature has been classified by law or policy as requiring additional privacy protection. Sensitive Personal Information may include, without limitation, race, ethnicity, health information, biometric information, religion, gender, sexual orientation, medical/health records, credit card information, dietary requirements, political beliefs and criminal history.

"Third Party" or “Third Party Service Provider” is any natural or legal person, public authority, agency, or other body apart from D+H that processes or stores Personal Information solely on behalf of and under the instructions of D+H.

D+H PRIVACY PRINCIPLES

We take our responsibilities as a controller, processor, intermediary or custodian of Personal Information very seriously. We adhere to the following privacy principles:

1. NOTICE

We will provide notice and, where required by law, obtain consent, when we collect Personal Information that will be used to administer and deliver a Service. We will provide information about D+H offerings that may be relevant in accordance with applicable laws.

  1. The nature of the information we collect or receive varies depending on the Service being provided. We process Personal Information in a reasonable and lawful manner for relevant business purposes. Personal Information is retained for as long as is necessary for the purpose(s) for which it was collected. We request that only the information necessary to fulfill the Service requested be supplied to us.
     
  2. We collect Personal Information in several ways for different purposes, in particular the following:
  • Cookies: We use “cookies” to enable our web servers to identify users each time they initiate a session on a D+H website. Information collected or stored via cookies includes purchases and log in data, among other data. This information is kept in a secure area within our website. We do not use cookies to determine site traffic outside the extranet and we do not share site traffic information with third parties, except through links we provide. Cookies can be disabled using browser settings, but this may affect the browsing experience and the functionality of the website.
     
  • Usage Tracking: We may monitor the use of our websites, including pages visited and documents viewed. For registered users, this information is stored with the registration information. It is uniquely numbered, and is used solely for purposes of enabling us to provide users with a personalized website experience.
     
  • Do-Not-Track: Currently, our systems do not recognize browser “do-not-track” requests. Certain tracking may be disabled by disabling cookies.
     
  • Direct Marketing: We may occasionally use direct marketing to introduce new Services that may be of interest, or to point out different ways that users may be able to take advantage of existing Services. Where required by law, we will obtain consent before using Personal Information for direct marketing purposes. We will also provide an unsubscribe or other mechanism to allow opt out from receiving direct marketing messages from us. However, because of the nature of our Services, users who elect not to receive direct marketing messages from us may still be contacted with messages relating to servicing an account with us, or with notifications about software upgrades or release availability, or of other information related to licensed products, if applicable.
     
  • Service Delivery: In order to deliver some Services, we may gather specific information (contact, financial, and other general information), as well as information relating to business needs and preferences and non-identifiable information (such as core system, domain server, computer operating system, or web browser). We collect this information when we onboard a customer using methods described in this Policy and, to the extent permissible under applicable law, by other publicly available means (such as by accessing publicly available databases).
     
  • Email Alerts: We may ask for an email address upon registration for email alerts on D+H websites or through a D+H mobile app. Additional information may be collected depending on the type of alert requested. We will provide an unsubscribe or other mechanism to allow individuals who no longer wish to receive email alerts from us to opt out.
     
  • Event Registration: We may collect Personal Information (such as hotel, meal, and other travel preferences) as part of the registration process for D+H events. This information is used solely for confirmation and billing purposes and to service the registration. We will not disclose such information to any Third Party (other than in connection with administration of the D+H event) without consent. We do not rent, sell, or otherwise disclose this Personal Information for non-event related mailings without consent.
     
  • D+H Websites: D+H websites may require users to create an account and choose a password. Passwords are for individual use only and may not be shared with others. We do not sell, rent or share Personal Information collected on the D+H websites, except as described in this Policy. We may provide links to various third party websites. We do not control or access information users provided to other websites. We are not responsible for the privacy practices of unaffiliated websites to which a D+H website may link. We encourage users to become familiar with the privacy practices of such websites before providing them with Personal Information.
     
  • Mobile Computing Devices: Some D+H websites and Services are specifically designed to be compatible with and used on mobile computing devices. Information about the use of each mobile version or mobile application will be associated with user account credentials. Some of the D+H websites enable download of applications, widgets or other tools that can be used on a mobile device. These tools may transmit Personal Information to us (i) to enable access to a user account, and (ii) to enhance and track use of these tools as well as develop new tools for quality improvement.
     
  • Purchases and Fulfillment: When Services are purchased, additional Personal Information, such as credit card number and expiration date may in some instances be requested. In doing so, Personal Information may be collected in connection with the specific order and in accordance with the privacy practices associated with that specific Service.

2. CHOICE

We do not share Personal Information outside of D+H unless we have been given permission to do so, on behalf of one of our customers who has authorized us to do so in order to provide that Service, or as permitted or required by law, or as described in this Policy.

  1. We will only collect, use or disclose Personal Information where we have consent to do so or where otherwise permissible under applicable law. Consent can be withdrawn at any time as described under “Rights”; however, the withdrawal of consent may affect our ability to provide the requested Services or information. Where Services are used by our customers to provide services to their customers, employees or other data subjects, and particularly where our customer provides us with its customers’, employees’ and other data subjects’ Personal Information, we may rely on our customers to obtain the consent of their customers, employees or other data subjects to the collection, use and disclosure of their Personal Information by D+H.
     
  2. We may collect, use or disclose Personal Information we hold without consent in circumstances of emergency that threatens life, health or safety or as permitted or required by law.
     
  3. We will limit the collection, use and disclosure of Personal Information to that which is reasonably necessary for the identified purposes for which it was collected. We will not collect, use or disclose any Personal Information that is provided to us, except as necessary to provide the Services that we have been contracted to provide or as permitted or required by law.

3. ONWARD TRANSFER

We are accountable for all Personal Information under our control or provided to us, including any Personal Information transferred to Third Party Service Providers for the purpose of providing the Services that we have been contracted to provide. When using Third Party Service Providers, we use contractual or other safeguards to provide a comparable level of protection.

  1. We take our obligation to protect and safeguard Personal Information seriously and we ensure that our Third Party Service Providers apply the same care when processing information on our behalf.
     
  2. D+H may share Personal Information, consistent with this Policy, with D+H’s affiliates or related entities in order to deliver Services, provided those affiliates or related entities apply at least the same level of protection as set out in this Policy.
     
  3. To perform certain software upgrades or changes, or to provide certain Services, it may be necessary to allow Third Party Service Providers of D+H to access Personal Information. If so, the Third Party Service Providers will have signed an appropriate D+H non-disclosure agreement before receiving access to Personal Information and will be bound to treat that Personal Information in a manner consistent with our commitment to privacy and data security.
     
  4. If we become aware that a Third Party Service Provider is using Personal Information in a way that is contrary to this Policy, we will take the appropriate measures to prevent or stop such use of Personal Information.
     
  5. We will comply with requests to disclose Personal Information where required by local law or government authorities to comply with a legal obligation, and where permissible, we will provide advance notice of such disclosure to the individuals concerned.
     
  6. We may transfer Personal Information in connection with a contemplated reorganization, sale, bankruptcy or transfer of all or a portion of our business or assets, to the extent permitted by applicable law. Following such a sale or transfer, the entity to which we transferred Personal Information will be the data controller and point of contact for any inquiries concerning the processing of that information.
     
  7. D+H is a global business. To provide our Services, we may transfer Personal Information to countries other than the country in which the data was originally collected, including the United States. Countries to which we transfer Personal Information may not have laws providing the same level of protection to Personal Information as the country in which the information was initially provided. When we transfer Personal Information to other countries, we comply with applicable legal requirements to provide adequate safeguards for the transfer and we ensure that information is protected in a manner that is comparable with the protection provided under applicable law and consistent with this Policy.
     
  8. On October 6, 2015, the Court of Justice of the European Union invalidated the U.S.-EU Safe Harbor Framework as a basis for transfer of Personal Information from the EU to the U.S. Due to the invalidation decision, D+H relies on alternative safeguards for Personal Information transferred from the European Economic Area to the U.S., such as European Commission-approved standard contractual clauses. D+H has maintained its certification under the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. D+H has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/.

4. SECURITY

The security of Personal Information is extremely important to D+H.

  1. We implement and maintain a data security program that includes appropriate standard administrative, technical, physical and operational safeguards designed to:
    • Maintain the security and confidentiality of Personal Information entrusted to us; and
    • Protect Personal Information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use that could result in harm.
  2. We implement and maintain practices designed to secure the access, storage and transmission of Personal Information.
     
  3. We maintain appropriate security upon the disposal and destruction of records containing Personal Information.
     
  4. The nature and extent of protection maintained will correspond to applicable local laws and regulations.
     
  5. We restrict access to Personal Information to those employees of D+H who need to know that information to provide our Services. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of Personal Information. Our employees are also required to attest to the values embodied in our Code of Ethics and Business Conduct. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.
     
  6. We have implemented protocols to verify ongoing compliance with this Policy and to enforce disciplinary action against those who violate the privacy and security practices. To report a privacy violation, contact privacy.officer@dh.com.

5. DATA INTEGRITY

We endeavor to keep Personal Information accurate and current; and we update it whenever we receive a request to do so, as described below under “Rights”.

  1. We take reasonable steps to ensure the Personal Information we have collected is accurate, complete, and current.
     
  2. We rely on the accuracy and completeness of the Personal Information that has been provided to us to perform the Services requested.
     
  3. We will ensure that any changes that we are required to make to Personal Information be updated in a timely fashion.

6. RIGHTS

We honor data subjects’ rights under applicable law to access, correct, update, erase, disable and block their Personal Information when lawfully requested to do so. In some circumstances, a data subject may have the right to object to processing of his or her Personal Information; to withdraw consent to the collection, use or disclosure of his or her Personal Information for any purpose; and/or to obtain information about how his or her Personal Information has been used or disclosed.

  1. We will provide data subjects with access to their Personal Information and honor other rights (such as withdrawal of consent as applicable upon request sent to privacy.officer@dh.com.
     
  2. We will correct a data subject’s Personal Information upon request sent to privacy.officer@dh.com.
     
  3. Data subjects may also opt out of direct marketing by contacting privacy.officer@dh.com.
     
  4. Where we are collecting, using or disclosing Personal Information on behalf of one of our customers we will refer requests from data subjects for access to their Personal Information to that customer for handling and we will assist our customers in responding to access requests we receive.

7. ENFORCEMENT

We have policies and procedures in place to implement and audit the privacy principles set forth in this Policy. We have adopted a procedure to receive and respond to complaints and inquiries about our policies and practices relating to the handling of Personal Information. We will investigate all complaints in respect of Personal Information. If a complaint is justified, we will take appropriate measures, including, as necessary, amending our policies and practices. Where we are collecting, using or disclosing Personal Information on behalf of one of our customers, we will assist them in responding to questions and complaints respecting their customers’ Personal Information maintained by us on their behalf.

The following may apply to data subjects resident in the EEA or Switzerland:

  1. Any inquiries or complaints regarding this Policy or our practices relating to the handling of Personal Information should be addressed to D+H’s Chief Privacy Officer by email at privacy.officer@dh.com.
     
  2. If a complaint concerning the U.S.-Swiss Safe Harbor remains unresolved 30 days after contacting D+H’s Chief Privacy Officer, it can be referred under the U.S.-Swiss Safe Harbor to an independent dispute resolution mechanism, operated by the Council of Better Business Bureaus. If a timely acknowledgment of a complaint is not received, or if a complaint is not satisfactorily addressed by D+H, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.
     
  3. The U.S. Federal Trade Commission has been empowered to investigate complaints and to obtain redress in all cases of D+H’s non-compliance with this Policy, as a result of D+H self-certifying annually with the U.S. Department of Commerce U.S.-Swiss Safe Harbor Framework.

8. CONSENT

Use of any of our Services in conjunction with this Policy is deemed to be consent to the collection, retention, processing, transfer to third parties and transfer to other countries of your Personal Information, all in accordance with the purposes set forth herein. Data subjects provide Personal Information at their own volition and may be entitled to withdraw consent as described above under “Rights”.

9. CONTACT US

For further information on our privacy policies and practices relating to the handling of Personal Information, contact our Chief Privacy Officer by email at: privacy.officer@dh.com or by postal mail to D+H 120 Bremner Boulevard, Suite 3000, Toronto, Ontario M5J 0A8.