Caseware Privacy Statement
Version: 4.0
Last Updated: November 2023
- Caseware’s Commitment to Privacy
Caseware International Inc., together with its affiliates and subsidiaries (collectively “Caseware”, “we”, “us” or “our”) has developed this Privacy Statement (this “Statement”) to describe Caseware’s policies and practices with respect to Personal Data we receive from (i) current and potential customers, (ii) visitors to our cloud platforms, www.caseware.com, caseware.co.uk, caseware.com.au, and related Caseware webpages (collectively the “Website”), (iii) employment candidates and/or (iv) other individuals (collectively “you”, or “your”). For the purposes of this Statement, “Personal Data” refers to any information relating to an identified or identifiable natural person, and shall also mean all “Personal Information” as defined in the California Privacy Rights Act (“CPRA”) and the Privacy Act 1988 (Cth) (“Australian Privacy Act”).
We will review this Statement on a regular basis to ensure it (i) aligns with our privacy practices and (ii) remains compliant with applicable law. In the event we update and/or amend this Statement in a material way, we will publish a notice on the Website. The effective date of this Statement is as is set out at the beginning of it as the Last Updated date.
If you have any questions about this Statement or Caseware’s privacy practices, please contact us at:
Global Privacy Office
Caseware International Inc.
351 King Street East, Suite 1100
Toronto Ontario M5A 2W4 Canada
Data Protection Officer/Chief Privacy Officer
Angela D. LeBreton
Email: privacy@caseware.com
- Personal Data We Collect & Purposes for Collection
From time to time, we will collect from you Personal Data when you (i) use our products, and services or request technical support from us, (ii) register or attend an event that Caseware is hosting or participating in, (iii) access or download content from our Website (such as whitepapers), (iv) use our Website to apply for a job at Caseware, and (v) otherwise communicate with us via email, in person or through our Website or third-party related entities such as plugins, links and web hosting services.
The types of Personal Data collected may include the following:
- last name, first name;
- contact information such as telephone number, address, or email address;
- education and professional history, professional certifications, contacts for background checks, and other relevant information; and/or
- IT usage data (e.g., cookies, user ID, passwords, roles, geolocation data) as applicable.
The purposes for which we collect, use, hold and process your Personal Data include the following:
- to identify you;
- to communicate with you;
- to perform a contract with you;
- in accordance with a legal obligation;
- to review and consider your job application for consideration of employment at Caseware; and/or
- to provide you access to, and to improve or develop, our products and services, including our Website, MyCaseware and other technical support portals made available by Caseware.
Our products and services are intended for business use, and we do not expect them to be of any interest to minors. We do not intentionally collect any Personal Data of consumers below the age of 16. By providing your Personal Data to us, you are indicating you agree and consent that we may collect, use, disclose and process your Personal Data in accordance with this Statement. If you do not agree with the terms set out in this Statement, we request that you do not provide any Personal Data to us.
Please note that certain services, such as a request for information about our products or access to our Website, may only be able to be provided to you if you provide us with your Personal Data. If you do not provide us with your Personal Data, we may be unable to provide you with all our products and services, and some functions and features of our products and services (including our Website, MyCaseware and other technical support portals) may not be available to you.
In addition, Caseware may use anonymized (that is, where an individual is not or is no longer identifiable) information regarding the usage of Caseware products and services for the purpose of making additions, adjustments, or modifications to our products and services.
- Cookies and Web Beacons
When you visit our Website, we may use “cookies”, web beacons, tags, JavaScript and similar technologies to automatically collect Personal Data from your computing or mobile devices as you navigate our Website. This Personal Data may include IP address, device and application identification numbers, geolocation, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage.
Cookies are small files that can be saved on your computer to track, save and store information about you when you use our Website. Sometimes we use third-party cookies (such as Google Analytics and HubSpot). We use this information to (i) support the functioning of our Website, (ii) understand the usage of the Website, (iii) determine browsing preferences to improve site behaviour, (iv) improve your website experience by providing you with a tailored experience within the Website, including custom marketing advertisements, (v) provide secure log-in, and/or (vi) to show you geographically relevant content.
The types of cookies used on the Websites include the following:
- Strictly Necessary Cookies: These cookies are essential in supporting the functionality and operation of the Website. Strictly necessary cookies on our site include cookies that allow you to access the secure area of our website. If users block or disable these cookies, parts of the website may not work or become inaccessible.
- Performance Cookies: These cookies gather statistical data to measure the performance of the Website and to provide a better user experience. Examples of performance cookies include tracking which pages are most visited and monitoring page load speeds. Performance cookies collect data anonymously, meaning they do not collect identifiable information on visitors. While performance cookies are typically first-party session and persistent cookies, sometimes we also use cookies to enable us to monitor Website usage and traffic, conduct market research and improve site functionality.
- Functional Cookies: These cookies enable the Website to remember your preferences and provide enhanced user functionality and personalization. Examples of functional cookies include remembering your settings such as region and language preferences or allowing you to watch videos on the Website. Functional cookies include first-party and third-party persistent or session cookies.
- Advertising & Targeting Cookies: These cookies (including tracking tags) track user activity on the Website and are designed to gather information from you to provide targeted adverts based on relevant topics and interests on other sites on other websites. Examples of advertising and targeting cookies include social media cookies that display ads to users on social media platforms. Advertising and targeting cookies are typically authorized third-party persistent cookies. These cookies do not collect Personal Data, rather, they gather data based on uniquely identifying your browser and internet device to build user profiles from site visitors.
When you access the Website, a pop-up cookie banner will appear. You may select to opt out of our use of cookies when you visit the Website by changing the cookie settings through your browser.
Additionally, web beacons may be used in email communications to you. Web beacons are designed to check if a user has accessed content and monitor the activity on a website for the purpose of web analytics. Accordingly, they would record your visits to a particular web page or viewing of a particular email. For example, Caseware may place web beacons in marketing emails that notify us when a link in an email is clicked on that directs the visitor to the Website. Such technologies are used to operate and improve the Website and email communications.
- How We Share Personal Data
We do not sell the Personal Data of consumers. We share Personal Data with our service providers for the purposes set out in this Statement, including but not limited to assisting us to provide you with Caseware products and services or consider you for employment at Caseware. For example, Caseware uses (i) ‘Amazon Web Services’ to store Personal Data belonging to our customers and (ii) ‘Lever’ to help coordinate employment applications with us. Our service providers are obligated, through contractual clauses, to use the Personal Data we transfer to them exclusively for the purpose of providing their services and to protect it
Exceptionally, we may be required to disclose Personal Data to comply with applicable laws, regulations, court orders, subpoenas or other legal processes or investigations, with or without your consent. In any case, we ensure the disclosure is allowed or required by applicable law and we will not disclose more information than is required.
- Where Personal Data is Stored
Caseware is a Canadian headquartered company, however, we have customers (both actual and potential), employees, service providers, resellers/distributors, partners, and job candidates across the world. In order to operate our business on a global scale, we may be required to process and transfer Personal Data outside of your state, province, or country. Further, through our service providers, Personal Data may also be stored on servers located throughout the world.
The countries to which we may transfer your Personal Data include:
- Australia;
- United States of America;
- Canada;
- the countries in the European Economic Area including the Republic of Ireland; and
- the United Kingdom.
With respect to customer data in our products and services, which may include Personal Data, at the time of subscribing to such products and services, customers will be advised as to the geographic server that will host Personal Data and will be given an opportunity to consent thereto prior to Personal Data of Customer being stored with any such data hosting provider.
Where Personal Data is transferred or stored across borders, we take steps to protect and safeguard it, including ensuring it is transferred in accordance with applicable law. For example, if you are in the European Union, the UK, or Switzerland, Caseware’s Data Processing Agreement will apply to you. Also, when we send your Personal Data to Canada it is protected under Canadian law, which the European Commission has assessed as providing an adequate and comparable level of protection for any Personal Data transferred as exists under European Union law. If your Personal Data is then transferred to our service providers outside of Canada, this information is transferred and protected by contractual terms and conditions that are comparable to those provided in the European Commission’s Standard Contractual Clauses (SCCs).
- How We Protect Personal Data
Caseware protects the security and confidentiality of Personal Data transferred to us using reasonable and industry-standard security measures against unauthorized access, modification, and disclosure according to its level of sensitivity. For example, we generally store Personal Data on secure servers that are encrypted and limited on the basis of ‘need to know’, where applicable. Unfortunately, the risk of cyberattacks and data breaches always remains. If Caseware discovers or is advised of an incident where Personal Data is lost, stolen, accessed, used, disclosed, copied, modified or disposed of by unauthorized persons or in an unauthorized manner, we aim to advise you as soon as we can and to comply with all applicable legal requirements.
To increase the level of security of Personal Data on our systems, you are required not to share your password or other forms of authentication to the Website, products or services with another person. If you become aware of any misuse of your login credentials, you must immediately change your password and notify us through the customer portal on the Website or by emailing us at privacy@caseware.com.
- How Long We Retain Personal Data
Caseware retains Personal Data for only as long as necessary to fulfill the purposes for which it is provided. For example, if you provide us with your Personal Data for us to consider you for employment with Caseware and you are hired, the Personal Data becomes part of your personnel file. If you are not hired, we usually retain the Personal Data for one (1) year after completion of the recruitment process unless you ask us to delete it earlier.
Exceptionally, we may be required to retain Personal Data for longer to comply with our legal obligations, resolve disputes, and enforce agreements with Caseware.
- Your Individual Privacy Rights
You may access, update and/or correct your Personal Data with Caseware (including but not limited to requesting us to return, remove, or make amendments to it) or exercise any other right available to you as a ‘data subject’ under applicable privacy laws, including to make complaints about how we collect, use, disclose or process your Personal Data, by contacting us at privacy@caseware.com.
To protect your Personal Data, we may need to verify your identity before assisting with your request, such as verifying that the information used to contact us matches the information that we have on file, provided we are not prohibited to do so by law, for example, if doing so would disclose Personal Data about another individual.
If you use an authorized agent to exercise a right on your behalf, for example, where a job applicant uses an agent to request access to information relating to their application, you must provide the authorized agent written permission to do so. We may deny the request if the authorized agent does not submit sufficient proof that they have been authorized by you to act on your behalf.
If we are able to verify your identity, we will provide you with a response to your request within 30 days. If we need an extension to fulfill your request, we will also let you know.
If you are not satisfied with our response either to your request to exercise your individual rights or to your complaints about our collection, use, disclosure or processing of your Personal Data at, you have the right to lodge a complaint with the data protection or privacy authority where you reside.
Australia Privacy Rights
The Australian Privacy Act 1988 (Cth)) regulates the way individuals’ Personal Data is handled and under that law, you have the right to:
- know why your Personal Data is being collected, how it will be used and who it will be disclosed to;
- have the option of not identifying yourself, or of using a pseudonym in certain circumstances;
- ask for access to your Personal Data (including your health information);
- stop receiving unwanted direct marketing;
- ask for your Personal Data that is incorrect to be corrected; and
- to make a complaint about Caseware if you think we have mishandled your Personal Data with the regulator, who is the Office of the Information Commissioner, using their online form.