TeejLab Privacy Statement
Last Modified: 10th August 2019
Please review this TeejLab Privacy Statement (“Privacy Statement”) carefully. Wherever used in this Privacy Statement, “you”, “your”, “Customer”, and similar terms mean the person or legal entity accessing or using the Products and/or Services and/or other resources provided by TeejLab (collectively the “TeejLab Services”). For the avoidance of doubt, if you are accessing and using TeejLab Services on behalf of a company (such as your employer) or other legal entity, “you”, “your” or “Customer” means the company or other legal entity that you are using the TeejLab Services on behalf of.
You are responsible for regularly reviewing the most current version of the Privacy Statement, which is published at: https://apidiscovery.teejlab.com/privacy. When we change this Privacy Statement, we will update the “Last Modified” date above.
Thank you for using TeejLab. This Privacy Statement explains how TeejLab collects, uses, processes, discloses, retains, and protects personal information: i) when we provide TeejLab Services to you; and ii) when we process personal information at your instruction that may be included as part of the Content which you view, upload, download or otherwise appears on TeejLab Services.
When this Privacy Statement refers to “TeejLab”, “us”, “we” or “our”, it refers to TeejLab Inc. (a Canadian federal corporation).
TeejLab is committed to protecting the privacy of all individuals who:
visit any of TeejLab’s websites, https://teejlab.com including all subdomains, present and future (the “Website”);
use any of TeejLab’s products and services made available from time to time through Individual, Academic, Business, Enterprise plans (the “Platforms”).
use any of TeejLab’s supporting applications (the “Applications”);
We call the Website, the Applications, the Platforms together the “TeejLab Services”.
TeejLab provides software platform, Enterprise Data Services Network (“EDSN”), which is also referred to as API Discovery, to discover various Web Based Data Services (“WEBDAS”) offered by third-parties such as Google, Twitter, Facebook, IBM, etc. through their Application Programming Interface (“API”). TeejLab Services enable you to discover (automatically as well as manually) thousands of WEBDAS provided by various third-parties for easy access and utilization of WEBDAS in your products and services. TeejLab Services also enable you to manage WEBDAS built by you. Furthermore, TeejLab Services help you in managing security and compliance risks that inherently come with the usage of WEBDAS in your products and services. When you explore various WEBDAS in EDSN using your TeejLab account, you can choose to instantly collect, process, share and access various pieces information that enable you to test, utilize and/or manage various WEBDAS in your products and services in a more secure and compliant way. TeejLab Services also enable an ecosystem where you can choose to purchase a multitude of third-party WEBDAS.
Personal information we collect
Personal information is information relating to an identified or identifiable natural person. An identifiable natural person is an individual that can be identified, directly or indirectly, be referenced to an identifier such as: a name, an identification number, specific location data, an online identifier, or other attributes specific to that natural person.
Personal information does not include information that has been anonymized or aggregated in such a way that it can no longer be used to identify a specific natural person, whether on its own or in combination with other information.
The personal information that we collect falls into two broad categories: Account Data and Content.
Account data (“Account Data”) is personal information that you provide to TeejLab, or that we collect from you and your devices in connection with your access to and use of TeejLab Services (such as when you provide us information to register for an account, or information we collect about your browser when you connect to one of TeejLab Services, etc.). In legal terms, we collect and use this Account Data as a data controller.
There are two general categories of Account Data we collect in order to provide you with TeejLab Services.
1. Information you give us
Account information: You may provide us with information in connection with the creation and management of your account for TeejLab Services, such as a name, email address and a password to create a TeejLab account.
Billing information: If you have purchased a paid version of the TeejLab Services, or if you make another financial transaction using TeejLab Services (such as purchasing a Third-Party App), we (and our third party payment processors) will collect information about the purchase or transaction. This includes billing details and credit card information, other account and authentication information.
Other information. You may otherwise choose to provide us with information when you fill in a form, contact our customer support, respond to surveys or use other features of TeejLab Services. You may also provide us with other optional information as part of your account profile, including your usernames, avatars and links to the Social Network profiles you authenticate with your TeejLab profile.
2. Information we automatically collect from your use of TeejLab Services
Log data and usage information. Like most websites, when you view content on or otherwise interact with TeejLab Services our servers automatically record information, including information that your browser sends whenever you visit a Website or that your Application sends when you are using it. This log data may include your IP address, the address of the web page you visited before using TeejLab Services, your browser type and settings, your device information, the date and time of your use of TeejLab Services, information about your browser configuration and plug-ins, language preferences, unique identifiers and cookie data.
Location information: When you use TeejLab Services, we may collect information about your geographic location.
Account Data – How we use it
We use, store, and process Account Data as a data controller to provide, understand, improve and develop TeejLab Services, keep TeejLab Services safe and to comply with our legal obligations. More particularly, we use it to:
Identify our users: We use Account Data to identify you when you login to your account.
- enable your access to TeejLab Services,
- allow you to communicate with us and with other users,
- verify your transactions, for purchase confirmation, billing, security, and authentication (including security tokens for communication with installed Third-Party Apps),
- contact you about your account and provide customer service support, including responding to your comments and questions,
- keep you informed about TeejLab Services, features, surveys, newsletters, offers, contests and events we think you may find useful or which you have requested from us,
- sell or market TeejLab products and services to you.
- better understand your needs and the needs of users in the aggregate, diagnose problems, analyze trends, perform analytics, conduct research and improve the features and usability of TeejLab Services, test and troubleshoot new products and better understand and market to our users,
- analyze the Website or the other Services and information about our visitors and users, including research into our user demographics and user behavior,
- create aggregate (non-identifiable) statistics about users of TeejLab Services with a view to introducing improvements and improving usability of TeejLab Services.
We use Account Data to verify accounts and activity, maintain the integrity of TeejLab Services, and to keep TeejLab Services safe and secure.
Account Data – Legal basis for use
Our legal basis for collecting and using Account Data as a data controller will depend on the specific context in which we collect it. However, as a data controller, we will collect personal information from you where:
- we have your consent to do so,
- where we need the personal information to perform a contract with you (e.g. to deliver the TeejLab Services you have requested), or
- where the processing is in our legitimate interests (and not overridden by your data protection interests or fundamental rights and freedoms)
In some cases, we may also have a legal obligation to collect personal information from you, or may otherwise need the personal information to protect your vital interests or those of another person.
Where we rely on your consent to process Account Data, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
If we ask you to provide Account Data to comply with a legal requirement we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate interest which are not already described in this Privacy Statement, we will make clear to you at the relevant time what those legitimate interests are.
Account Data – Rights, Access, Control and Correction of Personal Information
As a user, you may update or correct most of your Account Data by logging in to your account to edit your profile or organization record. To make a request to have Account Data returned to you, removed, or to make additional corrections, please email our privacy team. Requests to access, correct, or remove your information will be handled within thirty (30) days and may be subject to a fee as permitted by applicable law.
Depending on where you reside, you may have the right to exercise additional rights available to you under applicable laws with regards to the personal information TeejLab holds about you as a data controller, including:
Right of erasure: In certain circumstances, you may have a broader right to erasure of personal information that we hold about you – for example, if it is no longer necessary in relation to the purposes for which it was originally collected. Please note, however, that we may need to retain certain information for as long as you maintain an account for TeejLab Services, or as needed to provide you with TeejLab Services, for record keeping purposes, to comply with our legal obligations, resolve disputes and enforce the Terms.
Right to object to processing: You may have the right to request that TeejLab stops processing your personal information and/or to stop sending you marketing communications.
Right to restrict processing: You may have the right to request that we restrict processing of your personal information in certain circumstances (for example, where you believe that the personal information we hold about you is inaccurate or unlawfully held).
Right to data portability: In certain circumstances, you may have the right to be provided with your personal information in a structured, machine readable and commonly used format and to request that we transfer the personal information to another data controller without hindrance.
If you would like to exercise such rights, please contact us. We will consider your request in accordance with applicable laws. To protect your privacy and security, we may take steps to verify your identity before complying with the request.
You also have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.
Content – TeejLab as a Data Processor
You, as a TeejLab user, control how Content is generated, requested, submitted or published and processed on TeejLab Services. When you use TeejLab Services, you may view, create, and analyze Content, which may be consumed in Third-Party Apps through the usage of their APIs while using TeejLab Services. You can also choose to access and/or link your TeejLab account to a wide range of Third-Party Apps including to apps that are available in our App Directory. If you are an Enterprise user, we may also sell some of these Third-Party Apps to you in our capacity as an authorized reseller (these are called “Partner Services” in our Enterprise Terms). When you link these Third-Party Apps to your TeejLab account, you allow those Third-Party apps to access and process Content. The Content that flows through TeejLab Services may include personal information of all types, including but not limited to the following categories: (1) user generated content (such as names, phone numbers, addresses, messages, posts, comments, pages, profiles, images, feeds or communications exchanged on the Third-Party Apps), (2) contact details (such as name, email address, telephone number), (3) additional individual information (such as age, gender, employer, profession, geographic location, education information, financial status, habits and preferences), (4) information relating to an individual’s real time location.
As the user, you are the data controller of your Content and we are the data processor for such Content. Where we process Content, we do so at your direction and on your behalf in accordance with the instructions you give us through TeejLab Services. When you connect to Third-Party Apps through TeejLab Services, we only access, process, and use the Content to provide TeejLab Services subject to the Terms and the various terms and conditions imposed by the Third-Party Apps. We may, in limited circumstances process Content for the purposes of improving TeejLab Services and functionalities users ask for as part of their TeejLab experience.
If you are using TeejLab Services by invitation of a TeejLab customer, whether that customer is your employer, another organization, or an individual, that customer determines its own policies regarding storage, access, modification, deletion, sharing, and retention of Content, which may apply to your use of TeejLab Services. Please check with the customer about the policies and settings it has in place.
Access, correction, and deletion of Content
You should be aware that TeejLab acts as a conduit between you and various Third-Party Applications (“Apps”) through their Application Programming Interface (“API”). In several instances, the Content received/published via TeejLab Services will not be in TeejLab’s custody, and any Content that has been shared by you through any Third-Party Apps and APIs via the TeejLab Services may continue to be available to the corresponding Third-Parties and the public at large, as this Content is now under the control of the providers of the Third-Party Apps and APIs.
Third-Party Apps and APIs
For our users with a principal location in the European Economic Area (EEA) or otherwise subject to the General Data Protection Regulation (GDPR)
Under EU law, TeejLab is a data processor of Content generated, requested or published via Third-Party Apps and APIs. We process this Content in accordance with the instructions of our users. Because our users control how their Content is collected and used by them, our users are, in legal terms, the controllers of the Content that they process through TeejLab Services and are responsible for complying with applicable data protection laws, including the GDPR.
To facilitate the lawful processing of your Content through TeejLab Services, TeejLab makes available to its users a data processing agreement as an addendum to their existing TeejLab agreement (“Data Processing Addendum”). This Data Processing Addendum implements the GDPR’s Article 28 terms for processors and also incorporates the European Commission’s Standard Contractual Clauses (processors) of 2010 (also known as “model processor clauses” or “SCC 2010”) to facilitate the lawful transfer of Content that contains personal information from the EU to outside of the EU, where necessary and as required. More information regarding International Transfers is set out below.
The Data Processing Addendum is available for all of our users here. If you would like to incorporate the Data Processing Addendum into your existing agreement with TeejLab, please sign TeejLab’s Data Processing Addendum and return it to us via email. If you have any questions, please feel free to contact our privacy team.
Privacy Information that applies to both Account Data and Content
When we may share personal information
Except as provided in this Privacy Statement, TeejLab does not share any personal information gathered via TeejLab Services with third parties. We may however share Account Data or Content under the following circumstances:
- with your consent or at your direction, such as when you connect a Third-Party App to TeejLab Services or authorize a Third-Party App to access your account
- with service providers (including payment processors) we engage to perform functions or provide services to us, where those service providers are subject to obligations that are consistent with this Privacy Statement and to appropriate confidentiality and security measures
- with TeejLab’s authorized resellers if you purchase TeejLab Services from an authorized TeejLab reseller who you authorize to access and process your personal information in order to support your use of TeejLab Services
- where we believe that it is reasonably necessary to comply with a law, regulation or if we are otherwise legally required to do so, such as in response to court orders or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands
- if we believe it is necessary in order to investigate, prevent, or take action against illegal activities, fraud, situations involving potential threats to our rights or property (or to the rights or property of those who use TeejLab Services), or to protect the personal safety of any person
- if we believe it is necessary to investigate, prevent, or take action regarding situations that involve the security of TeejLab Services, abuse of the infrastructure related to TeejLab Services, or the Internet in general (such as voluminous spamming, denial of service attacks, or attempts to compromise the security of TeejLab Services)
- to a parent company, subsidiaries, joint venture, or other companies under common control with TeejLab
- if we are acquired by or merged with another entity (in which case we will require such entity to assume our obligations under this Privacy Statement), if we are involved in a bankruptcy, or if the ownership or control of all or part of TeejLab Services or their assets changes
How long we keep personal information
We retain Content for as long as needed to provide TeejLab Services, or until you ask us to delete it pursuant to the Terms. We retain and use this Content as necessary to comply with our legal obligations, resolve disputes, and enforce the Terms.
Please note that certain personal information may need to be retained by TeejLab for a period of time following the cancellation of your account where this is necessary for our legitimate business purposes or required or authorized by applicable law. Our specific retention periods for personal information are documented in our internal retention policies and any applicable retention schedules that we maintain as required by applicable law.
After it is no longer necessary for us to retain your personal information, we will dispose of it in a secure manner, according to our data retention and deletion policies.
How we protect personal information
TeejLab follows industry best practices to protect personal information from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Account Data and Content we collect, use, process and store, and the current state of technology.
We constantly update our practices and policies regarding security and confidentiality of personal information. Please check this Privacy Statement to get updates on our practices and policies.
TeejLab Inc., the entity which provides TeejLab Services, is a Canadian company with its head-office located in Burnaby, British Columbia. For the purposes of EU data protection law, Canada is considered a country which provides adequate protections for personal information, as confirmed by the European Commission in Commission Decision 2002/2/EC.
TeejLab Services are mainly provided from our offices in Canada. TeejLab uses third-party service providers (such as managed cloud/hosting providers, card processors, CRM systems, sub-processors of Content and technology partners) to provide the necessary software, networking, infrastructure and other services that we use to operate TeejLab Services. These third party providers may process, or store, personal information on servers outside of the EEA, including in Canada or the United States.
Also, by the very nature of the TeejLab Services provided, the data that is viewed, collected, stored or posted on or through the TeejLab Services also needs to flow from wherever you are located in the world, to where Third-Party Apps and APIs are storing the same data (we anticipate, in most cases, they are located in the United States [AC1] [MM2] ).
Whenever we transfer personal information from data subjects located in the EEA to a third-party service provider located in a country that has been deemed inadequate, whether that personal information is contained in Account Data or in Content, we do so with and approved legal adequacy mechanisms in place. For any transfers of personal information to the US, we rely on either the third-party’s registration in the EU-US Privacy Shield or on the implementation of the EU’s Standard Contractual Clauses.
By using any of TeejLab Services, or submitting or collecting any personal information via TeejLab Services, you authorize TeejLab and its authorized service partners to use and process Content and Account Data (including any personal information) in these countries.
Cookies and similar technologies
Processing of Content
When we receive or access data from Third-Party Apps and APIs, we do so at your request and within each Third-Party’s terms and conditions. As our user, you ultimately decide which Third-Party Apps and APIs you want TeejLab Services to connect with and which Third-Party Apps and APIs you want to share your data with. We process your Content, at your instruction, acting as a conduit between you and the Third-Party Apps and APIs that you connect through TeejLab Services.
You may opt out of marketing communications sent by TeejLab by managing your email preferences, or by following the unsubscribe instructions included in our marketing emails.
We may use Account Data to customize advertising that we direct to you, utilizing third parties. The Network Advertising Initiative has developed a tool that may help you understand which third parties have currently enabled cookies for your browser and opt-out of those cookies. For more information and to opt-out of customized advertising, you can go to http://optout.networkadvertising.org/?c=1#!/
TeejLab Services are not intended for use by children and should only be accessed by individuals of at least 18 years old. In certain educational/research cases, TeejLab Services can be used by children under the supervision of parents, teachers and/or other authorized individuals.
Changes to this Privacy Statement
TeejLab reserves the right to make changes to its Privacy Statement at any time. Data are constantly evolving as well as our security policies, local and international laws, regulations and industry standards evolve, which may make changes to our Privacy Statement necessary. If we do make changes to the Privacy Statement, we will post them to this page, so we encourage you to stay informed by checking back here periodically [AC3] [MM4] .