Introduction

Benbria Corporation ("Benbria", "us", "our" or "we") provides a Software as a Service (SaaS) omni-channel messaging platform Loop (“Loop”) to our customers that stores, manipulates, analyzes and transfers messages between their end-user customers, their end-user staff and related business systems over a variety of messaging channels (the "Service").

This document is intended to supplement and clarify the Benbria Privacy Policy with regard to Personal Data processed on behalf of our Customers during provision of the Service ("Service Data"). This Privacy Statement for Service Data represents an Agreement between Benbria and the Customer and governs the use of Service Data. If there is any inconsistency between this Agreement and any negotiated Agreement between Benbria and the Customer, the terms of the negotiated agreement will prevail.

Definitions

  1. Customer: a legal entity with whom Benbria has an agreement to provide the Services. For clarity, a Customer may be a Controller or a Processor of Personal Data. Where a Customer is a Processor of Personal Data, Benbria shall process Personal Data as sub-processor on behalf of the Controller. Instructions from the Controller regarding the processing Personal Data shall be given through the Processor.
  2. Users of Loop include the following: Contact: the end-user customer or guest of the Customer. Team Member: a staff member of the Customer who engages on behalf of the Customer or a representative of a third party to whom support has been outsourced. System: a third-party system using Loop services through API or other automated interaction.
  3. Participants include any Users involved in any of the Experience on the Platform.

The following terms are used as defined in the EU General Data Protection Regulation (GDPR):

  1. Personal Data: any information relating to an identified or identifiable natural person ("Data Subject").
  2. Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  3. Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  4. Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Processed Data

This document is intended to supplement and clarify the Benbria Privacy Policy with regard to Personal Data processed on behalf of our Customers during provision of the Service ("Data Subject").

Benbria may collect and process Personal Data about individuals for the purposes of account creation, billing, usage tracking, recruiting and marketing. These data types and processing activities are governed instead by the Benbria Privacy Policy. Data that is not related to an identified or identifiable natural person, including aggregated or de-identified data, is not Personal Data and is not addressed by this document.

Benbria Services are not directed to children under 16. If you learn that a child under 16 has provided us with Personal Data without consent, please contact us.

Service Data Types

Benbria may process the following types of Service Data on behalf of Customers:

Contact Profile Information

The Benbria user interfaces and APIs enable Users to communicate via multiple channels such as SMS texting, Twitter Direct Message, Facebook Messenger, email and web apps ("Messaging Channels"). Each Channel transmits certain data about the User. Some examples include: First Name, Last Name, Email Address, Phone Number, IP Address, Location, Avatar/Image, Username/Handle, Linked IDs and others.

The types of Personal Data transmitted in the Contact Profile depend on the data collected by the Controller, and the User’s privacy settings and preferences. The Controller may be the Messaging Channel (e.g. Facebook Messenger, Twitter); or the Customer, when messages are received via a System, or web apps created using Benbria’s API or SDK.

User Profile Information

Users may upload configuration data for their profiles including details such as name, email, phone number and avatar image.

Messaging Content

Three core Experiences with Contacts include:

  1. The Messaging Experience involving Conversations with Contacts where Messages are exchanged,
  2. The Measurement (aka Feedback) Experience involving Responses to Pulse Surveys, and
  3. The Fulfillment Experience involving Requests made by Contacts using the OnDemand features,

all of the above are Messaging Content. Messaging Content may be structured or unstructured, and may or may not contain Personal Data. Benbria handles all Messaging Content in Loop as Personal Data.

Metadata

Benbria servers automatically record some information when Services are used, including information sent by browsers or mobile apps.

Benbria may collect information about the devices Services are being used on, including what type of device it is, operating system, device settings, application IDs, unique device identifiers, and crash data.

Purposes for Processing

Benbria processes the Personal Data types outlined above for the following purposes:

  1. To provide and enhance our product and service offerings
  2. To provide insights and statistics on an aggregated basis to help our Customers measure their performance, better understand their customers and improve their product and service offerings
  3. To respond to Customer requests for support or assistance

This policy is not intended to place any limits on what we do with data that is aggregated and/or de-identified. It is no longer associated with an identifiable user or Customer of the Services and is therefore not Personal Data.

How We Protect Data

With regard to the Service and Service Data, Benbria acts as a Processor on behalf of Customers. Customers have primary responsibility for interacting with Contacts, and the role of Benbria is generally limited to assisting Customers as needed. Benbria processes Service Data only upon a Customer’s instruction and shall have a duty to respect the security and confidentiality of Personal Data, pursuant to the measures outlined in agreements with Customers and as required by applicable law.

Privacy Program

Benbria maintains a managed privacy program to identify risks and implement preventative measures. Our product management team, supported by a network of senior professionals throughout the business and development teams, is responsible for managing the privacy program. The privacy program is and will be reviewed on a regular basis to provide for continued effectiveness.

Personal Data collected and processed by Benbria is governed by the Benbria Data Privacy Policy. Employees with access to Personal Data are trained on the Policy and their responsibility to protect the data, and they are bound by confidentiality agreements. Benbria has implemented a Privacy by Design (PbD) approach, and our development team receives specific training related to their job responsibilities.

Information Security

Benbria takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.

To learn more about current practices and policies regarding security and confidentiality of Customer Data and other information, please see our Security Guide.

Jurisdiction

Benbria is headquartered in Canada and does business as a Canadian Corporation. Benbria has sales and support offices in the United States and Europe.

Loop production data is stored and processed on servers in both Canada and the continental United States.

Data submitted to or read from the Loop platform by an end-user device will be transmitted over the Public Internet using SSL encryption over HTTPS. While the encrypted data will originate or terminate at a Loop production server (in the United States), the encrypted data may transit other countries including, but not limited to, the end-user's current country.

Transparency and Cooperation with Customers

Benbria undertakes to be transparent regarding its Personal Data processing activities and to provide Customers with reasonable cooperation to help facilitate their respective data protection obligations regarding Personal Data.

Data Breach Notification

In the event that Benbria becomes aware of any unauthorized access to or disclosure of Personal Data, Benbria will promptly notify affected Customers to the extent such notification is permitted by applicable law.

Customer Audits

Upon a Customer’s request, and subject to appropriate confidentiality obligations, Benbria shall make available to the Customer (or such Customer’s independent, third-party auditor) information regarding Benbria and third-party sub-processors’ compliance with the data protection requirements set forth in our agreements.

Certifications

If your needs require a particular certification, please contact us.

Obligations Upon Termination

Upon termination of the Services, Benbria shall, at the request of the Customer, delete, render un-identifiable, or return all Personal Data to the Customer. Benbria will certify that it has done so, unless legislation prevents it from returning or destroying the data. In that case, Benbria will protect the data in accordance with its commitments and will not actively process the personal data transferred anymore.

Sharing and Disclosure

There are times when information described in this privacy statement may be shared by Benbria. This section discusses how Benbria may share such information. Customers determine their own policies for the sharing and disclosure.

Benbria reserves the right to disclose or use aggregate or de-identified information for any purpose. For example, we may share aggregated or de-identified information with our partners or others for business or research purposes like sharing benchmark score results in an industry or the average daily messaging volume by channel.

Sub-processing by Third Parties

Benbria may retain third party sub-processors and depending on the location of the third-party sub-processor, processing of Personal Data by such sub-processors may involve transfers of Personal Data. Such third-party sub-processors shall process Personal Data only in accordance with the Customer’s instructions.

As of the date hereof, these third-party providers include technical operations such as database monitoring, data storage and hosting services and customer support software tools.

Such third-party sub-processors have entered into written agreements with Benbria in accordance with the applicable requirements.

Compliance with Laws

Benbria may share or disclose data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.

Enforcing Our Rights, Preventing Fraud, and Safety

Benbria may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.

Changes to our Business Structure

Benbria may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Benbria’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).

Data Subject Rights

Benbria acts as a data Processor on behalf of Customers. Customers have primary responsibility for interacting with Data Subjects, and the role of Benbria is generally limited to assisting Customers as needed.

Access, Correction, Amendment or Deletion Requests

Benbria shall promptly notify a Customer if Benbria receives a request from a Data Subject for access to, correction, amendment or deletion of that person’s Personal Data. Benbria shall not respond to any such Data Subject request without the Customer’s prior written consent except to confirm that the request relates to that Customer.

Benbria shall provide Customers with cooperation and assistance in a reasonable period of time and to the extent reasonably possible in relation to any request regarding Personal Data to the extent Customers do not have access to such Personal Data through their respective uses of the Services.

Handling of Complaints

Data Subjects may lodge a complaint about processing of their respective Personal Data by contacting the relevant Customer or the Benbria Privacy department using the Contact Us web-form. Benbria shall promptly communicate the complaint to the Customer to whom the Personal Data relates.

Customers shall be responsible for responding to all Data Subject complaints forwarded by Benbria, except in cases where a Customer has disappeared factually or has ceased to exist in law or become insolvent. Where Benbria is aware of such a case, it undertakes to respond directly to Data Subjects’ complaints within thirty (30) days, including the consequences of the complaint and further actions Data Subjects may take if they are unsatisfied by the reply.

Regulatory Inquiries and Complaints

Benbria shall, to the extent legally permitted, promptly notify a Customer if it receives an inquiry or complaint from a data protection authority in which that Customer is specifically named. Upon a Customer’s request, Benbria shall provide the Customer with cooperation and assistance in relation to any regulatory inquiry or complaint involving Benbria’s processing of Personal Data.

Changes to this Statement

We may change this statement from time to time, and if we do we will post any changes on this page. Feel free to use the 'follow' feature of this page to remain up to date on changes.

If you continue to use the Services after those changes are in effect, you agree to the revised policy.

This document was last updated in May 2018.

Contacting Benbria

Please feel free to contact us if you have any questions about Benbria’s Privacy commitments or practices. You may contact us at Benbria.com/contact us or at our mailing address below:

Benbria Corporation Inc.
 390 March Road, Kanata, ON, K2K 0G7

Did this answer your question?