Privacy Policy

Your privacy is important to us. This privacy policy explains what personal information Pythian collects from you, why we collect it and how we use it. We also explain the choices you have, so that you can exercise the rights to your personal information, as well as the impacts of choosing not to disclose certain information.

Contact Privacy Office

If you have any questions or concerns about the information we provide in this privacy policy related to your personal information, or if you wish to report any suspected privacy breach, please contact:

Marc St. Louis (VP, Security) in our Privacy Office by:

The Pythian Group Inc.

319 McRae Avenue, Suite 700,

Ottawa, Ontario, Canada  K1Z 0B9

Information Covered by This Privacy Policy

This privacy policy applies to Pythian services and websites. The term “Pythian” includes The Pythian Group Inc., and its affiliates, Pythian USA Inc., Pythian Australia Pty Ltd., Pythian India Private Limited, and Pythian UK Ltd. Pythian websites include www.pythian.com and www.tehama.io.

This privacy policy applies only to personal information (also called personal data). Personal information is any information relating to an identified individual or that can be used to identify an individual. Pythian collects personal information only as necessary to operate its business and provide you with services

Personal information protected by this privacy policy is information about a natural person (also called a “data subject”). If identifiers are removed from the personal information so that you can no longer be identified from that information, then the data is said to be anonymized and it is not considered personal information. As such, anonymized information falls out of the scope of this privacy policy. Examples of anonymized information include: demographic information without identifiers, blind information about how you use our services and about the transactions you perform using our websites or services, and other information obtained through your access to or use of our websites that does not identify you personally.

Our websites may contain links to services or products of third parties. If you use those links and provide personal information to those third parties, this privacy policy will not apply.

How Personal Information is Collected

We may collect personal information either directly from you or indirectly through cookies or  third parties.

Direct Collection

You give Pythian personal information directly when you interact with our websites, register a user or service account with us or interact with us in person. Personal information we collect from you may include: your first and last name, address, phone numbers, email addresses, credit card information (typically associated with the name of your employer), and credentials (passwords, password hints and other authentication and account access data).  

We collect this information directly from you, for example, when:

  • you create an account on our website(s)
  • you provide the personal information to us in connection with a services agreement that your employer executes with us  
  • you register with us for a sales event/conference
  • you post comments, participate in forums, wikis or blogs
  • you contact us by phone, email, text or chat sessions relating to customer support or other matters

Indirect Collection of Information

Through Cookies and Similar Technologies

As many other websites do, Pythian websites use cookies that collect some information automatically and store it in log files. A cookie is a small text file that can be placed on your device when you visit a website. This information may include device location, browser type, operating system and other information relating to the use of Pythian websites. 

Pythian uses some cookies that are essential to provide you with services, as for example:

  • session cookies – to distinguish you from other users
  • authentication cookies – to indicate if you are logged in or not
  • Tehama specific cookies – to indicate where within the app demo the user is in

In addition to the cookies that Pythian needs to provide you with services, there may be other cookies that we enable and that, while not essential, help us to provide you with a better experience. For example, we currently use Google Analytics cookies to track your browsing behaviours on our websites.

You may manage your preferences with respect to our use of cookies and similar technologies. 

You have many choices to manage cookies on your computer. All major browsers allow you to block or delete cookies from your system. It is important that you understand that if you choose to block cookies, you may not be able to use certain services or features of a service, including logging into your account.

 

From Third Parties

Pythian may obtain information about you from third parties, for example:

  • third parties who are authorized by you, at the time of registering at an event or otherwise, to share your information with Pythian;
  • services providers we use in order to provide you with our services, as for example, our invoicing and payment processing service provider;
  • publicly available sources.

Any personal information collected from third parties is treated by Pythian in accordance with this privacy policy, along with any additional restrictions imposed on us by the third party; However, the third party’s own use of your personal information will be governed by your own agreement(s) with the third party if the third party is not a Pythian service provider.

How Personal Information is Used

Pythian may process your personal information to: (a) provide, improve or develop the requested services to fulfil our contractual obligations with you or your employer to complete a transaction; (b) send communications to you, including commercial electronic messages and promotional communications;  and (c) comply with legal requirements.

 

Providing, Improving and Developing Pythian Services

We use data to provide and improve the services we offer, as well as to develop new products or services or to provide customer support. For example, we use your personal information to:

  • activate your account, send you invoices, and provide you with technical support;
  • understand and meet preferences;
  • add new features to our existing services or products;
  • send you notices on upgrades and updates;
  • deactivate your account when your relationship with Pythian ends;
  • use your personal data to detect and prevent fraud;
  • authenticate your identity when you log in to your account or when you request information that should only be provided to you; and
  • protect the security of our systems, services and clients, as well as to protect our rights, safety and property, and those of our affiliates, you or others, so that we can pursue available remedies or limit damages that we may sustain


Sending Communications to You

We use your personal information to communicate with you; for example:

  • to fulfill or enforce applicable notices;
  • to respond to your inquiries;
  • to send you communications relating to services, promotions or events


Complying with Legal Requirements

We may need to use your personal information to comply with legal and regulatory requirements and legal processes, including, for example, responding to lawful requests from public and government authorities and court orders.

Sharing and Disclosure to Third Parties

We share your information with third parties with your consent or as necessary to complete a transaction or provide you with a service that you have requested, or as otherwise permitted or required by law.

When we have asked for your consent to share your personal information with third parties, we will only use it and share it in accordance with the consent you gave us. In most instances, the grounds for us to share your personal data is the necessity we have to complete a transaction or provide you with a service you requested or otherwise fulfill the purpose of our business relationship. For example, we may share your personal information within Pythian or with service providers we use to manage our business operations (such as cloud service providers). These third parties do not use your personal information or have access to it for any purpose other than for cloud storage and retrieval or to provide the services Pythian has contracted from them in connection with Pythian’s business operations.

Pythian may also share information in a manner consistent with this privacy policy with third parties involved in providing Pythian services to you, as for example payment processors and subcontractors. When we share your personal information with third parties, we make sure that those third parties have effective controls to protect the privacy of your personal information. Pythian has procedures in place to evaluate those controls and make sure that they are as protective as those offered by Pythian.

We also may share your information with third parties for other purposes:

  • the detection or prevention of fraud;
  • the sale or transfer of Pythian or substantially all of their assets;
  • protecting Pythian property and enforcing Pythian rights under our services agreements;
  • the provision of professional advice Pythian may need from financial, insurance, legal, accounting and other advisors, always under confidentiality terms; and
  • responding to lawful requests, such as to respond to subpoenas, warrants, court orders, or other related legal requests or proceedings

Pythian will only retain your personal information for as long as necessary to fulfill the stated purposes, or for a period specifically required by applicable laws. When no longer required, Pythian will take steps to have the information deleted, destroyed, erased, aggregated or made anonymous.

Your Rights, Choices and Consent

Your Rights and How to Exercise Them

This privacy policy is intended to give you information about the personal information we collect from you and how we use it.  When you provide personal information, the law recognizes certain rights that you may exercise with respect to that information. 

In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) is the law that governs the collection, use and disclosure of personal information we collect. PIPEDA requires that we only collect personal information with your consent, and only collect the amount of information that is essential to the business transaction. If Pythian asks you for personal information, you have the right to know why we need it and how we are going to use it. You have the right to access the personal information Pythian holds about you, and you also have the right to expect that we keep your personal information accurate, complete and up-to-date. This means you have the right to see it and ask for corrections if we don’t have it right. You have the right to expect that your personal information will be protected by Pythian using appropriate security safeguards. This privacy policy should be understandable to you, and if you require any clarifications, you have the right to ask for them and obtain a satisfactory response. Finally, if you have a complaint, you have the right to present it to Pythian. If you think Pythian is not in compliance with PIPEDA you may opt to file a complaint with the Privacy Commissioner Office.

It is important that you know that PIPEDA does not apply to an employee’s name, title, business address, telephone number and email address, which Pythian collects, uses and discloses solely for the purposes of communicating with you in the course of our business relationship with you. For more information about your rights and responsibilities with respect to your privacy, visit https://www.priv.gc.ca/en/about-the-opc/publications/guide_ind/.

Other jurisdictions, such as the European Union, grant to EU residents, in addition to the rights mentioned above, additional rights with respect to personal information. These other rights include the right to get your personal information erased (right to be forgotten); the right to restrict the processing of your personal information; the right to obtain and reuse your personal information for your own purposes across different services; the right to object to our processing of your personal information based on certain legal basis, or for direct marketing or for purposes of scientific/historical research and statistics; and the right not to be the subject of a decision that is based solely on automated means. The law does not make these rights absolute and the law also determines the exceptions that apply or the circumstances where the exercise of your rights has limitations. For more information about your rights under EU law, visit https://ico.org.uk/for-organisations/guide-to-data-protection/principle-6-rights/.

Pythian will respond to any questions, requests or concerns you may have within the timeframe provided by applicable law following receipt of your written request at privacy@pythian.com or at our mailing address. If there are any exceptions that apply, we will inform you about them.

 

Your Choices

You have choices about the information that is collected about them. You can refuse to provide Pythian with your personal data; however, there is a minimum amount of personal information needed so that you can complete any specific transaction, access any particular area of the site, register a user account and/or access certain features of our services. If you choose not to provide the minimum personal information required, you may not be able to register an account or use the applicable service. In some cases, other optional information is requested, which you may elect to provide for a more personalized experience. 

You can view, edit or delete your personal data online for some of Pythian products. You can also make choices about the information we collect from you. You can always choose whether you wish to receive marketing or promotional messages from Pythian (commercial electronic messages) by using the unsubscribe mechanism made available to you in the message or by otherwise contacting the Privacy Office.

 

Your Consent

Where the law requires that we obtain explicit consent from you to collect and use your personal information (as for example when we want to send you marketing emails), we will not collect your personal data unless you give us your consent. In most cases, however, the reason for us to collect and use your personal information is our need to fulfil our contractual obligations with you or your employer or to complete a transaction or provide you with information or services you have requested.

To withdraw your consent from receiving marketing emails or other commercial electronic messages from Pythian, you may use the unsubscribe mechanism provided in the relevant email or contact us using the contact information provided above.  

Security of your Personal Information

Pythian has implemented and maintains administrative, technical, and physical security measures for the safeguard of your personal information from unauthorized access, alteration, loss, theft or disclosure. These measures include computer safeguards, as well as secured files and buildings.

We store your personal information on computer systems that have limited access and are located in secure facilities. In the event we share information with third party service providers, we restrict the ability of such parties to use or disclose the information we furnish. We also require such parties to apply appropriate security measures to protect information.

We use reasonable measures to strive to safeguard and secure the personal information we collect.  Transfers of personal information over the internet are done using encryption technologies. Any transmission of personal information by you to Pythian is at your own risk.  Technology such as Transport Layer Security (TLS) or Secure Shell (SSH) is used to enhance security and reduce risk of loss. We update and test our security technology on an ongoing basis. We restrict access to your personal information to those personnel who need to know that information to provide services to you. In addition, we train our personnel about the importance of confidentiality and maintaining the privacy and security of your information.

You also have an obligation to safeguard your personal information. Our security practices, processes and technology do not guarantee absolute security of your information and you can reduce the risk of unauthorized access to your personal information by using common sense security practices.

Some security best practices include, but are not limited to:

  • control access to your computer systems;
  • create a strong password;
  • use different passwords for different services;
  • use up-to-date antivirus software;
  • keep passwords confidential (no sharing);
  • close browsers;
  • avoid using public networks (e.g., internet cafes, etc.)

Just as Pythian does with its personnel, employees of the Organizations are advised to treat any personal Information with care.

International Operations and Onward Transfers

Pythian is a Canadian company with international presence and offices in multiple jurisdictions. All of Pythian operations and onward transfers are subject to this privacy policy. Pythian complies with PIPEDA, which has been recognized by the European Commission as legislation that offers adequate protection to personal information. You can learn more about the adequacy decisions by the European Commission by visiting https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

Pythian maintains major data centers in Canada and the United Kingdom. To be able to provide and support the functioning of our services, your personal information may be collected, used, processed, transferred or stored by or on behalf of Pythian in multiple jurisdictions, including countries that may be outside of the region where you are located.

When we process your personal information we take steps to make sure that the processing complies with this privacy policy. If you are a resident of the European Economic Area and you provide us your personal information, we many need to transfer it for storage or other necessary processing activity outside of your country of residence. When we do so, we use different mechanisms permitted by law, including contracts with third party service providers, to make sure your personal information is protected in accordance with this privacy policy and the EU data protection legislation.

Parents and Children   

We do not knowingly collect personally identifiable information from children under 16. We will cancel the registration of any user account initiated by a child upon becoming aware of any such registration. Parents have the right to terminate the registration of a child under 16. Please contact Pythian at privacy@pythian.com to instruct such termination.