Privacy Policy

Updated: December 9, 2019

At ProcedureFlow, we recognize the importance of protecting your personal information and are committed to acting in compliance with applicable data protection laws in all countries in which we operate. This Privacy Policy is here to help you understand what personal information we collect at ProcedureFlow, how we use, store, share, secure and process that information, and what rights you have with respect to your personal information. ProcedureFlow is the controller of your personal information as described in this Policy, unless specifically noted otherwise.

This policy describes how ProcedureFlow treats your personal information, not other organizations. Where we provide ProcedureFlow under contract with an organization (for example, your employer), that organization is the controller of your personal information, and has its own policies regarding storage, access, modification, deletion, and retention of data which may apply to your use of ProcedureFlow. Data that would otherwise be considered private to you will be accessible by your organization’s Administrator, who has complete control over and can access all data published within the organization's ProcedureFlow environment. This Policy does not apply to the extent we process personal information in the role of a processor on behalf of such organizations. Full details of your choices as an end user of ProcedureFlow are provided below under ‘Notice to End Users’.

Collection of personal information

We collect different kinds of information. Some of it is personally identifiable and some is non-identifying or aggregated. We collect personal information only for the purposes we’ve identified and for the uses described herein.

  • Registration. When you wish to enroll for a live or virtual event or request a free trial, we may ask you to provide your name and contact information, as well as other information in connection with your request. We use this information in connection with your request and to communicate with you.
  • Access and use of ProcedureFlow. We collect and record information necessary to provide you access and use of ProcedureFlow, including your name, email address, password and organization name.
  • Responding to your request for information or support. When you contact us (online or offline) in connection with a request for information or for support to help you resolve an issue you are experiencing with ProcedureFlow, we collect information necessary to assist you with your request and to contact you. For instance, we collect your name and contact information, details about your request or the problem you are experiencing, and your organization’s name.
  • Contract management and billing information. In our relationship with customers, partners and suppliers, they provide us with contact information (such as names, contact details, position or title of their employees, contractors and authorized users) for purposes of contract management and fulfillment. For billing and invoicing purposes, we collect the following information: organization name and address, contact name, email address and telephone number, PO number (if required), number of active users, and Accounts Payable contact name, email address and telephone (if different from the organization's primary contact person). You might also provide payment information, such as payment card details, which we collect via secure payment processing services.
  • Log data. When you use ProcedureFlow, our servers automatically record information, including information that your browser sends whenever you visit a website. This log data may include your Internet Protocol (IP) address (including information derived from your IP address such as geographic location), browser type, settings, configuration and plug-ins, language preferences, access time and duration of access, referring website addresses and cookie data. This information is used to maintain the security of ProcedureFlow, to provide necessary functionality and to assess the performance of ProcedureFlow, to assess and improve customer and user experience, to review compliance with our Terms of Service, and to identify future opportunities for development.
  • Marketing. Most information we collect about you comes from our direct interactions with you. From time to time, we may also collect information that pertains to you indirectly through other sources, such as list vendors. When we do so, we ask the vendors to confirm that the information was legally acquired by the third party and that we have the right to obtain it from them and use it. When you provide us with your business contact information (such as by handing over a business card) we may use this to communicate with you. The information that we collect, either directly or indirectly, may be combined to help us improve its overall accuracy and completeness, and to help us better tailor our interactions with you.
  • Other users of ProcedureFlow. Other users of ProcedureFlow, such as your organization’s Administrator, may provide information about you, such as your name and email address, in order to invite you join their ProcedureFlow environment. Similarly, an Administrator may provide your contact information when they designate you as the billing or technical contact on your organization’s account or when they designate you as an Administrator.
  • Other third-party applications. We receive information about you when you or your administrator links a third-party service with ProcedureFlow, such as your CRM or telephony solution. We also receive information about you when you join third-party applications that allow you to login, post content or join communities associated with ProcedureFlow, for example the ProcedureFlow user forum on procedureflow.uservoice.com or our online status page at status.procedureflow.com. What information we receive when you use a related or integrated application depends on the settings, permissions and privacy policy controlled by that third-party application. Please review the privacy settings and notices in such third-party applications to understand what data may be disclosed or shared with us.
  • Information from other partners. We work with a global network of partners who provide consulting, implementation, training and other services for ProcedureFlow. Some of these partners also help us to market, promote and resell ProcedureFlow and generate new leads for us. We may receive information from these partners, such as billing and technical contact information, company name, evaluation information you have provided, what events you have attended, and what country you are in.

Use of cookies and other technologies

ProcedureFlow uses cookies, or similar technologies to record log data. We use both session-based and persistent cookies. Cookies are small text files sent by us to your computer and from your computer to us, each time you visit procedureflow.com. They are unique to your ProcedureFlow account and your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

Some cookies are associated with your ProcedureFlow account and personal information in order to remember that you are logged in. Other cookies are not tied to your account but are unique and allow us to do site analytics and customization. If you access ProcedureFlow through your browser, you can manage your cookie settings there, but if you disable all cookies you may not be able to use ProcedureFlow.

In addition, we also use third parties, like Google Analytics, to gather website analytics. You may opt-out of third party cookies from Google Analytics on their website.

Use of personal information

We may use your personal information for any of the following:

  • Providing ProcedureFlow. We use information about you to provide you with access and use of ProcedureFlow, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain ProcedureFlow.
  • Understanding and improving ProcedureFlow. We are always looking for ways to make ProcedureFlow smarter, faster, more secure, more integrated, and more useful to you. We may use information collected on your use of ProcedureFlow and feedback provided directly by you to establish statistics about the usage and effectiveness of ProcedureFlow, to improve your use and experience of ProcedureFlow, to inform our clients on their overall use of ProcedureFlow, and to improve and develop new features and functionality. This policy is not intended to place any limits on what we do with usage data that is aggregated or de-identified so it is no longer tied to a specific ProcedureFlow user.
  • Investigating and preventing bad stuff from happening. We work hard to keep ProcedureFlow secure and to prevent abuse and fraud. We use information about you and your use of ProcedureFlow to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of our Terms of Service.
  • Protecting our legitimate business interests and legal rights. Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we may use information about you in connection with legal claims, compliance, regulatory, and audit functions, and/or in connection with the acquisition, merger or sale of a business.
  • Communicating with you.
    • Responding to your requests and resolving technical issues. If you contact us with a question or request via phone, email or a ‘Live Chat’ session on our website, we will use your information to respond to your request for assistance, to help us resolve technical issues you may be experiencing, and to repair and improve ProcedureFlow as needed.
    • In-product communications and email messages. We may use information you provide to contact you through ProcedureFlow to inform you of upcoming maintenance windows, new features or functionality, or to contact you via email for service-related, administrative and billing purposes.
    • Marketing. The personal information you provide to ProcedureFlow, as well as the personal information we have collected about you indirectly, may be used for marketing purposes (i.e. to keep you informed about upcoming events or webinars, new product updates, customer newsletters, or for customer satisfaction surveys or other market research purposes). Before we do so, however, we will offer you the opportunity to choose whether or not to have your personal information used in this way, and you may choose at any time to stop receiving marketing materials from us by (1) following the unsubscribe instructions included in each e-mail, or (2) by contacting us directly. We may also combine the personal information we collect from you to develop aggregated analyses and business intelligence for conducting our business and for marketing purposes.
    • Recruitment. In connection with a job application or inquiry, whether advertised on ProcedureFlow or otherwise, you may provide us with information about yourself, such as a resume, LinkedIn Profile, or online portfolio. We may use this information to address your inquiry or to consider you for employment purposes.
    • Monitoring or Recording of Calls, Chats and Other Interactions. Certain interactions may involve you calling us or us calling you. They may also involve online chats, or online payment transactions. In some cases, these interactions may be recorded for staff training, or to retain evidence of a particular transaction or interaction.
  • With your consent. We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, with your permission, we may publish and share testimonials or featured customer success stories to promote and market ProcedureFlow.

Sharing and Disclosure

There are times when personal information, content and other user information may be shared by ProcedureFlow. This Policy discusses only how ProcedureFlow may share your user information. Organizations that use ProcedureFlow may have their own policies for the sharing and disclosure of information they enter and access through ProcedureFlow.

ProcedureFlow may share your personal information as follows:

  • With your consent, to comply with a legal process, or to protect ProcedureFlow. We may share your information when we have your consent, if we believe that disclosure is reasonably necessary to comply with a law, regulation or legal request, to protect the safety, rights, or property of the public, our users or ProcedureFlow, to enforce our agreements, policies and Terms of Service, or to detect, prevent, or otherwise address fraud, security or technical issues. If we receive a request for information from law enforcement, a government agency pursuant to a judicial proceeding, court order or legal process, or other third party, we will provide prior notice to the subject of the request where we are legally permitted to do so.
  • With our suppliers and partners. We may share personal information with suppliers who provide us with website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing and other services. We also work with partners who promote, market and resell ProcedureFlow (including co-branded or co-sponsored offerings and events), and provide implementation and technical support on our behalf. If a supplier or partner provider needs to access information about you to perform these services, they do so under close instruction from us, including policies and procedures designed to protect the confidentiality, security and integrity of your personal information, and are prohibited from using your personal information for any purposes other than as stipulated in this Policy.
  • With your organization administrator(s) or organization’s users. ProcedureFlow will share your user information with your organization’s Administrator. If the email address under which you've registered your ProcedureFlow account belongs to or is controlled by an organization (i.e. not free web-based email providers like Gmail, Hotmail or Yahoo! Mail), we will disclose that email address and associated user name to that organization in order to help it understand who associated with that organization uses ProcedureFlow, and to assist that organization with its enterprise accounts. Please do not use a work email address for ProcedureFlow unless you are authorized to do so and are therefore comfortable with this kind of sharing. If you are an Administrator for a particular site or group of users within ProcedureFlow, we may share your contact information with current or past users of your organization for the purposes of facilitating service and support-related requests.
  • In the event of a merger or sale. We may share or transfer personal information in connection with a merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • That is aggregated and non-identifiable. Aggregate data is general information about groups that does not identify individual users. We may share aggregated or non-personally identifiable information with our partners or others for business or market research purposes.
  • With third party applications. You or your organization’s Administrator may choose to add new functionality to ProcedureFlow by installing an integration with a third party application. Doing so may give that application access to your account and information about you, like your name, email address, and any content you choose to use in connection with that application. Third party application policies and procedures are not controlled by us, and this Policy does not cover how those third parties use your information. We encourage you to review the privacy settings and policies of all third party applications before connecting to or using their services.
  • With your consent. We share information about you with third parties when you give us your consent to do so, such as customer success stories and testimonials displayed on our website.

Security and retention

ProcedureFlow takes all reasonable steps to protect your information from loss, misuse, and unauthorized access or disclosure. When you enter information into ProcedureFlow, we encrypt all transmissions of that information to our service using Transport Layer Security (TLS). We follow generally accepted standards to protect the privacy, security and integrity of all information, including your personal information, that is shared with us, both during transmission and after we receive it.

We will not retain personal information longer than necessary to fulfill the purposes for which it is collected, as outlined below and elsewhere in this Policy:

  • Account information. We retain your account information for as long as your account is active and for a reasonable period thereafter. We also retain some of your information as necessary to comply with our legal and regulatory obligations (i.e. audit, accounting and statutory retention requirements), to resolve disputes, to enforce our agreements, policies and Terms of Service, to support business operations, and to continue to develop and improve ProcedureFlow. Where we retain information for the improvement and further development of ProcedureFlow, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of ProcedureFlow, not to specifically analyze personal characteristics about you as a user.
  • Information you share on ProcedureFlow. If your account is disabled and ProcedureFlow was made available to you through an organization (i.e. your employer), some of your information and the content you have provided will be retained as long as required by your organization’s Administrator. Please be aware that disabling your account does not delete your information - your information remains visible to other ProcedureFlow users based on your past participation within ProcedureFlow. For more information, see ‘Notice to End Users’ below.
  • Marketing information. If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in ProcedureFlow, such as when you last opened an email from us or ceased using your ProcedureFlow account. We also retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was collected.

Notice to End Users

Where ProcedureFlow is made available to you through an organization such as your employer, that organization is the Administrator and is responsible for the ProcedureFlow accounts over which it has control. We are not responsible for and have no control over the privacy or security practices of an individual user’s organization, which may be different than those outlined within this Policy.

If your personal information has been submitted to us on behalf of an organization and you wish to exercise any rights you may have under applicable data protection laws, please inquire with that organization directly. If you wish to make your request directly to us, please note that we will refer your request to that organization and will support them as needed to respond to your request.

As a user of ProcedureFlow, you have control over a number of things with respect to your own information and ProcedureFlow account. If you are an organization’s Administrator, you have additional choices that impact your organization's settings and privacy. For more about these privileges, choices and permissions, see our help page.

Choices for End Users

  • As a ProcedureFlow user, you cannot completely delete your user account because it's considered part of the organization's data.
  • Your account can only be disabled by your organization’s Administrator. You can, however, change or update your account information at any time, including your name, email address and password.

Choices for Organization Administrators

  • Organization Administrators have the ability to manage and change most of their organization's settings, including inviting and disabling users, and restricting users’ ability to edit, modify or delete content.
  • You currently cannot completely delete your organization from ProcedureFlow, but you can delete all entry points and disable all users associated with the organization.
  • You can also request from us an export of all your organization's data.

Notice to Residents of European Economic Area (EEA)

In compliance with the General Data Protection Regulation (GDPR), we will collect your personal information only with your knowledge and consent, or where we have a legal basis for doing so under applicable EEA laws.

Legal Basis for Collection of Personal Information. Our legal bases for collecting and using your personal information depends on the specific type and context for which the information is collected, and are as follows:

  • To operate and provide you with ProcedureFlow and all associated customer and technical support, to process your payments (including recurring payments as requested by you) and to protect the safety and security of ProcedureFlow and our legal rights and interests.
  • To communicate with you about product revisions, updates, upcoming maintenance windows or other service-related communications about ProcedureFlow.
  • To comply with a legal obligation.
  • Where you give us consent to do so for a specific purpose.

Where we collect your personal information on the legal basis of your consent, you have the right to withdraw your consent at any time, though in some cases, this may mean no longer being able to use ProcedureFlow. Also, please note that the withdrawal of your consent will not affect the lawfulness of our collection and use of your personal information prior to the date of said withdrawal.

Your Rights. As a resident of the EEA, you have the following rights regarding the collection and use of your personal information:

  • Right to be informed about how we collect, use and share your personal information.
  • Right of access to the type and the purposes for which the information is being collected.
  • Right to rectification of inaccurate or incorrect personal information.
  • Right to erasure of personal information in certain circumstances. For instance, if your personal information is no longer necessary for the purposes for which it was collected or if you withdraw your consent.
  • Right to restrict processing and collection of your personal information in certain circumstances (i.e. if you think that the personal information we are collecting about you is incorrect or unlawful).
  • Right to object to the collection of your personal information in certain circumstances (i.e. if we collect your personal information on the legal basis of a legitimate interest, or if we use your personal information for marketing purposes).
  • Right to data portability to receive your personal information you have provided to us, in a structured, commonly used and machine-readable format, and/or to ask us to transmit that information to another controller.
  • Rights in relation to automated decision making. We do not use your personal information for automated decision making, but if that ever changes, we will update this policy accordingly.

International Transfers. The international footprint of ProcedureFlow sometimes involves transfers of personal information between us and suppliers or other third parties located in countries outside of the EEA, and those countries may not require the same level of data protection as the EEA. Whenever we transfer your information, we take all necessary steps to protect it, including acting in compliance with the Data Protection Act 1998 in respect of any such transfers, binding corporate rules, and any other appropriate legal mechanisms deemed necessary. In all cases, our collection, storage and use of your personal information will continue to be governed by this Policy and will be subject to the investigatory and enforcement powers of the Office of the Privacy Commissioner of Canada pursuant to the Personal Information Protection and Electronic Documents Act (PIPEDA).

Right to Lodge Complaint. As a resident of the EEA, you have the right to lodge a complaint in the event you consider our processing of your personal information not to be compliant with the GDPR. The name and contact details of the Data Protection Authorities within the EEA can be found here.

Notification of Changes

We may change this Policy from time to time, and if we do, we'll post any changes on this page. If you continue to use ProcedureFlow after those changes are in effect, you agree to the terms and conditions of the revised Policy. If the changes are material, we may provide more prominent notice and/or seek your consent to the new Policy.

You can see past versions of our Privacy Policy and Terms of Service in our Policy Archives.

Contacting ProcedureFlow

Please feel free to contact us if you have any questions about ProcedureFlow's Privacy Policy or practices. You may email us at help@procedureflow.com or at our mailing address below:

GEMBA Software Solutions Inc.
One Germain Street, Atrium Suites
Saint John, New Brunswick
Canada E2L 4V1