Our Commitment to Protecting Our Customers’ Privacy

References in this Policy to "you" are to address any Client for the Hosted Services and any individual Participant of the Hosted Services, and "your" should be construed accordingly; and references in this Policy to "us" are to Applauz and "we" and "our" should be construed accordingly.

This Privacy Policy (the "Policy") applies to information we collect:

1. On any Applauz Site (ApplauzRecognition.com, ApplauzRewards.com, Applauz.co,  Applauz.me, or any subdomain of these sites);

2. In email, live chat, text, call or other electronic communications between you and us;

3. Through mobile and computer applications you access, enable or integrate provided by Applauz;

This Policy does not apply to:

1. Offline usage or through any other means, including on any other website operated by us or any third party; or

2. Any third party, including through any application or content that may link to or be accessible from the Site.

Legal basis for processing (GDPR) for users in the European economic area, we process Personal Data based on

1. Contract performance: Processing necessary to fulfill our Services;

2. Legitimate interests: Processing for business operations, security, and service improvement;

3. Legal obligations: Processing required by law; and

4. Consent: Where explicitly provided by you.

Data Controller and processor roles:

1. Data processor: When processing employee data on behalf of Client organizations;

2. Data controller: For Account management, billing, and Platform analytics; or

3. Joint controller: For certain shared features as outlined in our data processing terms.

We collect several types of information from and about Participants of the Site, including information:

1. By which you may be personally identified, such as name, e-mail address or other contact information, or any other identifier by which you may be contacted online or offline; and

2. That is about you but individually does not identify you, such as information about your internet connection, the equipment you use to access the Site and usage details.

This information is collected:

1. Directly from you when you provide it to us;

2. Automatically as you navigate through the Site, such as usage details, IP addresses, and information collected through cookies and other tracking technologies; and

3. From third parties, such as Hubspot or Google Analytics

We do not knowingly collect Personal Data from minor individuals (under sixteen (16) years of age or the applicable age of consent in your jurisdiction). If we become aware of such a collection, we will delete the information immediately.

The information we collect on or through the Site may include:

1. Information that you provide by filling in forms on the Site, including information you provide when you register to use the Site or send us a request or report a problem with the Site; and

2. Details of transactions you carry out through the Site.

As you navigate through and interact with the Site, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

1. Details of your visits to the Site, such as traffic data, logs, navigation data and other communication data and the resources that you access and use on Site; and

2. Information about your computer and internet connection, including your IP address, operating system, and browser type.

The information we collect automatically is statistical data and may include Personal Information. This information helps us to:

1. Store information about your preferences, allowing us to customize our Site;

2. Improve the Site and deliver a better and more personalized service; and

3. Recognize you when you return to our Site.

The technologies we use for automatic data collection may include:

1. Browser cookies. A browser cookie is a small file placed on the storage unit of your device. You may refuse to accept browser cookies by adjusting the settings on your browser, and you may delete cookies that have already been placed there. However, if you refuse or delete our browser cookies, you may be unable to access certain parts of the Site or have to re-enter information in order to use the Site. We use:

   1. Essential cookies: Required for site functionality;

   2. Analytics cookies: To understand usage patterns; and

   3. Preference cookies: To remember your settings.

2. Web beacons. Pages of the Site and our emails may contain small electronic files known as web beacons that permit us to count users who have visited those pages or opened an email and for other related website statistics.

We do not collect Personal Data automatically, but we may tie this information to Personal Data about you that we collect from other sources or you provide to us.

Where required by law, we will obtain your consent before placing non-essential cookies. You can manage your cookie preferences through our cookie consent tool.

Some content or features on the Site are served by third-parties, such as ad networks and servers, content providers, and application providers. These third parties may use cookies or other tracking technologies to collect information about you when you use the Site. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about any targeted content on the Site, you should contact the responsible provider directly.

1. Cloud infrastructure providers (Google Cloud Platform);

2. Payment processors (Moneris);

3. Communication service providers (Mailgun); and

4. Analytics providers (under appropriate agreements).

We use information that we collect about you or that you provide to us:

1. To present the Site and its contents to you;

2. To provide you with information, Products, or Services that you request from us;

3. To fulfill any other purpose for which you provide it;

4. To provide you with notices about your Account or about changes to the Site;

5. To carry out our obligations and enforce our rights under any contracts entered into between you or your organization and us;

6. To allow you to participate in interactive features on the Site;

7. In any other way we may describe when you provide the information; and

8. For any other purpose with your specific consent.

We may also use your information to contact you about our own Products and Services that may be of interest to you. If you do not want us to use your information in this way, please edit your notification settings in your Account profile.

We may use the information we have collected from you to enable us to display advertisements for our Products and Services.

You have the right to request human review of any automated decisions that significantly affect you. We may use automated systems to:

1. Analyze engagement patterns;

2. Generate performance insights; and

3. Detect anomalous Activity.

We may disclose aggregated, anonymized information about Clients or Participants without restriction.

We may disclose Personal Data that we collect or you provide as described in this notice:

1. To fulfill the purpose for which you provide it, such as to create dashboards for Participants with a role and permission allowing them to view it, to allow you to be involved in reward Activities, to activate an integration that you select with a third-party service provider, or to allow you to redeem Products or perks on the marketplace from a third-party Fulfilment partner;

2. To service providers, such as payment processors or Fulfilment Services partners, we use to support our business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them;

3. To a buyer or other successor of our company in the event of a merger, acquisition, sale of assets or other major corporate event in which the Site is among the transferred assets;

4. For any other purpose disclosed by us when you provide the information;
   For any other purpose with your consent;

5. To comply with any court order, law, or legal process, or to enforce or apply our terms of use or other Agreements between you or your organization and us.

Your information may be transferred to and maintained on servers located outside of your jurisdiction. We ensure appropriate safeguards are in place for such transfers, including:

1. Standard Contractual Clauses (for EU data);

2. Adequacy decisions where applicable; and

3. Your explicit consent where required.

You have the right to request access to your Personal Data; receive your data in a structured, machine-readable format; and transfer your data to another service provider where technically feasible.

You can review and change certain elements of your Personal Data by logging into the Site and visiting your Account profile page. For other corrections, contact us at privacy@applauz.me.

You may request deletion of your Personal Data by contacting us. We will comply unless we have a legal obligation or legitimate business need to retain it. Note that:

1. Some information may be retained in our backup systems temporarily;

2. We may retain anonymized data for analytics; and

3. Certain records must be kept for legal compliance.

You have the right to restrict processing of your data in certain circumstances; object to processing based on legitimate interests; or opt-out of marketing communications at any time.

Where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

We will respond to your privacy rights requests within:

1. thirty (30) days (general standard);

2. fourty-five (45) days for complex requests (with notice); or

3. as required by applicable law in your jurisdiction.

We retain Personal Data for:

1. Active Accounts: Duration of service plus thirty (30) days;

2. Closed Accounts: Up to three (3) years or as required by law;

3. Transaction records: seven (7) years for tax and accounting purposes;

4. Marketing contacts: Until consent withdrawn or two (2) years of inactivity; and

5. Security logs: one (1) year;

We determine retention periods based on legal and regulatory requirements; limitation periods for legal claims; business operational needs; and your consent and preferences. 

We have implemented reasonable and appropriate measures to secure your Personal Data, including encryption in transit (TLS) and at rest; access controls and authentication; regular security assessments and audits; employee training and confidentiality agreements; incident response procedures; and business continuity and disaster recovery plans.

The Site is hosted on secure servers provided by our Hosting Services provider in Canada (with appropriate safeguards for international access).

Security Incidents. In the event of a data breach that poses risk to your rights and freedoms, we will:

1. Notify affected individuals within seventy-two (72) hours where required;

2. Provide information about the incident and mitigation steps; and

3. Notify relevant authorities as required by law.

We are not responsible for any safety or security vulnerabilities or breaches resulting from inappropriate or unsecure handling of your Personal Data by yourself, such as, but not limited to, sharing passwords or leaving a logged in session active on a shared computer.

Unfortunately, the transmission of information online is not completely secure, and we cannot completely guarantee the security of your Personal Data transmitted to or through the Site, which is done at your own risk.

California residents have additional rights under the California Consumer Privacy Act (CCPA) including the right to:

1. know categories and specific pieces of Personal Data collected;

2. delete Personal Data;

3. opt-out of sale (we do not sell Personal Data); and

4. non-discrimination for exercising privacy rights.

Quebec residents have rights under Law 25 including the right to:

1. data portability in commonly used formats;

2. enhanced consent requirements for minors (fourteen (14) years);

3. de-indexation; and

4. specific incident notification requirements.

European residents have additional rights under the General Data Protection Regulation (GDPR) covered in sections above, with additional emphasis on:

1. clear legal basis for all processing;

2. privacy by design and default;

3. Data Protection Impact Assessments where required; and

4. appointment of Data Protection Officer where required.

We may change this Policy from time to time. Changes will be posted on this page with an updated revision date.

For material changes we will notify you via email or Platform notification; we may require renewed consent where necessary; and previous versions will be archived and available upon request.

Your continued use of the Site after changes indicates acceptance of the revised Policy.

For privacy-related inquiries, requests, or complaints, contact our Privacy Officer:

1. Email: privacy@applauz.me;

2. Phone: 1-833-APP-LAUZ (277-5289); or

3. Mail: 
   Applauz Inc.
   ℅ Privacy Officer 
   CP 32521 CSP Lucerne
   Mont Royal, Quebec, Canada, H3R 3L7

For GDPR related inquiries, contact our Data Protection Officer:

1. Email: privacy@applauz.me.

We aim to acknowledge receipt within fourty-eight (48) hours and provide substantive responses within the legal timeframes specified above. 

This Privacy Policy is reviewed annually and updated as needed to reflect changes in legal and regulatory requirements; business practices; technology and security measures; and industry standards and best practices.