ShareGate by Workleap – Privacy Policy

Workleap Platform inc. and its affiliated entities in Canada and in the United States, such as Workleap Technologies inc., Didacte inc., Pingboard inc. and Laboratoire d’innovation technologique GSoft inc. (collectively, “Workleap”) offer migration and workplace environment management software, including ShareGate Protect and ShareGate Migrate (collectively the “ShareGate Products”), and an online platform commercialised as “ShareGate” (“ShareGate”). Workleap understands the importance of protecting Personal Information (as defined below). For this reason, Workleap strives to have business procedures and security safeguards in place to protect Personal Information under its control.

Last update: 2024/08/05 

1. Scope of this Policy

This Privacy Policy (the “Policy”) describes Workleap’s practices with respect to the collection, use and disclosure of Personal Information.

This Policy is intended to establish responsible and transparent practices for the management of Personal Information, and to satisfy applicable legal requirements. This Policy sets out the standards, responsibilities and obligations of Workleap in respect of any Personal Information collected, accessed or processed by Workleap in the course of its business operations, and specifies Workleap’s obligations arising from the respective terms of service (available at https://sharegate.com/terms/) (collectively the “Terms”) governing the use of ShareGate and of the ShareGate Products, entered into between Workleap and its corporate customers (each, a “Customer”), whereby Workleap might process or have access to Personal Information.

This Policy also governs Personal Information collected about Workleap’s website users or users of the ShareGate Products and of ShareGate (collectively the “Users”), and explains how Workleap processes Personal Information collected from people who visit its website and otherwise interact with Workleap through https://sharegate.com and its sister websites provided by Workleap (collectively the “Website”) or through the ShareGate Products and ShareGate. It also explains how Workleap uses cookies and similar technologies. Users who do not agree with this Policy shall not access or use the ShareGate Products or ShareGate, and any related services (collectively, the “Services”) or the Website.

To the extent Workleap provides the Services to an organization (e.g. to a User’s employer), Workleap, as a data processor, processes such User’s Personal Information under such organization’s instructions as a data controller. Users of the Services should first direct their privacy inquiries to the administrator of ShareGate within their organization, as their use of the Services is subject to their organization’s own privacy policies.

2. Definition of Personal Information

“Personal Information” is defined as any information about an identifiable individual. This may include, for example, email addresses and contact details and any similar information provided to Workleap in the course of its business operations, or which Workleap may receive from business inquiries. Personal Information that cannot be associated with an identifiable individual, for instance through aggregation or anonymization, is no longer considered Personal Information.

3. International Compliance

Workleap complies with: (i) data protection laws applicable to Workleap; (ii) anti-spam legislation applicable to Workleap; and (iii) applicable industry standards concerning data protection, confidentiality or information security. Workleap has global operations and therefore, in some cases, information managed by Workleap may be transferred, processed and stored in other countries, although at all times, Workleap will ensure that personal information is protected by confidentiality and security procedures and protections that are, at a minimum, equivalent to those employed by Workleap itself.

Workleap complies with this Policy as well as applicable Canadian private sector data protection laws such as the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and substantially similar provincial laws pertaining to the collection, use and disclosure of personal information. PIPEDA provides for an adequate protection of personal information according to the European Commission Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and the Council.

Workleap also complies with the General Data Protection Regulation (Regulation (EU) 2016/679) and the Data Protection Act 2018 and the GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018. Where applicable, Workleap’s commitment to such regulation may be found in the ShareGate Products’ Data Processing Addendum (available at https://sharegate.com/data-privacy-addendum/). Workleap (or third parties acting on Workleap’s behalf) may transfer Personal Information that Workleap collects to countries outside of the European Economic Area or outside of the United Kingdom. Where such transfer occurs, Workleap will take steps to ensure that Personal Information is protected. Workleap will make such transfers only if at least one of the following conditions is present:

4. Collection of Personal Information through the Services

Workleap collects information about its Users either directly from them, through their use of the Services or of the Website, or when they are provided by another source, as detailed below.

a. Information Provided by Users

Users may provide Workleap with Personal Information by inputting it directly into the ShareGate Products’ interface or via another direct channel such as Workleap’s support system. Such information may include:

b. Information Collected when Users Use the Services

In order to provide the Services, Workleap collects information about how Users interact with the Services under certain circumstances.

c. Information Collected by Customers and through Other Third Parties

Workleap may collect information about its Users through trusted partners, other Users, related companies and more importantly, from Workleap’s Customers.

5. Collection and Use of Personal Information Through the Website

Workleap generally collects and uses Personal Information from or about its Website Users as follows:

a. Information Provided by Users

In many cases, Workleap collects Personal Information directly from Users when they visit or use the Website. For instance, Workleap may collect the following types of information:

b. Technical Information

When users visit the Website, Workleap may collect technical information using electronic means such as cookies. This information may include information about visits to the Website, including IP address of the User’s computer and which browser was used to view the Website, the User’s operating system, resolution of screen, location, language settings in browsers, the site the User came from, keywords searched (if arriving from a search engine), the number of page views, information entered, advertisements seen, etc. This data is used to measure and improve the effectiveness of the Website or enhance the experience for Users. While most of the time this information is depersonalized, if this information relates to an identifiable individual, Workleap will treat this information as Personal Information. Workleap may also, without limitations, collect and use the following type of information when Users visit and/or interact with Workleap on the website:

c. Choice with Cookies

Users can block the use of cookies via the Website’s cookie banner, or via their browser’s settings. The “Help” feature on most browsers will tell Users how to prevent their browser from accepting new cookies, how to have the browser notify the Users when they receive a new cookie, or how to disable cookies altogether. If Users choose to withhold consent, or subsequently block cookies, they may not be able to access all or part of the content of the website. Additionally, Users can disable or delete similar data used by browser add-ons, by changing the add-on’s settings or visiting the website of its manufacturer.

d. Privacy Policies of other Websites

This Policy only addresses the use and disclosure of Personal Information by Workleap. Other websites that may be accessible through the Website have their own privacy policies and data collection, use and disclosure practices.

e. Personal Information from Other Sources

Workleap may obtain from third parties additional Personal Information about a Website User if such User gave permission to those third parties to share their information.

6. Use of Personal Information

When providing the Services, Workleap only processes personal information in accordance with the Terms and applicable laws. Workleap generally uses Personal Information from or about its Customers or which is received from Customers and belongs to their own customers or end users in furtherance of the following purposes:

When possible, Workleap will use Personal Information in an aggregated and/or anonymized format.

Unless required or authorized by law, when providing products and services, Workleap will not use Personal Information for any other or new purpose without obtaining its Customers’ consent.

Pursuant to privacy laws applicable in the European Economic Area and in the United Kingdom, Workleap collects and processes Personal Information about individuals under a variety of legal bases, depending on the reason for such collection or processing. Workleap shall only collect, process or use Personal Information where:

8. Disclosure of Personal Information and Usage Data

Workleap will not sell, rent or trade personal information to any third party. Workleap does not share Personal Information with third-party tools, except with permission from Customers or Users. However, Workleap may share personal information when authorized and/or required by law or as follows:

9. Security of Personal Information

Workleap will store and process Personal Information in a manner consistent with industry security standards. Workleap has implemented technical, organizational and administrative systems, policies, and procedures to help ensure the security, integrity and confidentiality of Personal Information and to mitigate the risk of unauthorized access to or use of Personal Information, including (i) appropriate administrative, technical and physical safeguards and other security measures designed to ensure the security and confidentiality of Personal Information it manages; (ii) a security design intended to prevent any breach of its own information systems, computer networks or data files by unauthorized users, viruses or malicious computer programs; (iii) appropriate internal practices including, but not limited to, encryption of data in transit or at rest; using appropriate firewall and antivirus software; maintaining these countermeasures, operating systems and other applications with appropriate reasonable up-to-date virus definitions and security patches so as to avoid any adverse impact to Personal Information that it manages; appropriate logging and alerts to monitor access controls and to assure data integrity and confidentiality; permitting only authorized users access to systems and applications; and (iv) all persons with authorized access to Personal Information must have a genuine business need-to-know prior to access (“Security Program”). 

10. Data Retention

Workleap will retain Personal Information as necessary for the purposes described in this Policy, unless a longer retention period is required by law or justified by a legitimate business interest of Workleap, subject to applicable laws. Personal Information related to a User’s ShareGate Product and/or ShareGate account is retained so long as the account is active, in accordance with Customer’s instructions. Some Personal Information about a User’s account may be retained after the account is deactivated in order for other Users to make full use of the Services. Notwithstanding the foregoing, upon termination of the Terms, Workleap shall retain Personal Information stored in the ShareGate Products and/or ShareGate until Customer instructs Workleap to delete the Personal Information or until Customer’s access to the Services is terminated in accordance with the Terms, whichever occurs first.

Upon expiry of the retention period, Personal Information is either deleted or permanently de-identified. Notwithstanding the applicable retention period, where Personal Information is kept in a backup, it will be stored in accordance with this Policy until it can be deleted, and it will not be used for any purpose other than as a backup copy.

11. Training and Supervision

Workleap maintains adequate training programs to ensure that its employees and any others acting on its behalf are aware of and adhere to its Security Program. Workleap shall exercise necessary and appropriate supervision over its relevant employees to maintain appropriate confidentiality and security of the Personal Information it manages. 

12. Data Incidents Involving Customer’s Personal Information

Workleap shall promptly notify Customer of a data breach, of a loss of data or of a failure of Workleap’s Security Program: 

While the initial notice may be in a summary form, a comprehensive written notice shall be given to Customer within the legally required timeframe, where applicable. The notice shall summarize in reasonable detail the nature and scope of the Data Incident (including each data element type) and the corrective action taken or to be taken by Workleap. Workleap shall promptly take all necessary and advisable corrective actions, and shall cooperate with Customer in all reasonable efforts to mitigate the adverse effects of Data Incidents and to prevent their recurrence.  

To the extent that Workleap’s processing of Personal Information is subject to the General Data Protection Regulation (Regulation (EU) 2016/679) or to the Data Protection Act 2018 and the GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018, Workleap relies on the legal bases described under section 6 hereof to process Personal Information. Subject to applicable laws, Users also have the right to: (i) access and rectification or erasure of Personal Information, to the extent that Workleap may need to retain certain Personal Information, including for record keeping purposes or to comply with legal obligations; (ii) restrict or object to Workleap’s use of Personal Information (though, in some cases, this may mean no longer using ShareGate or the Website) where Workleap is relying on a legitimate interest (or those of a third party) and there is something about User’s particular situation which impacts on User’s fundamental rights and freedoms; (iii) lodge a complaint with their local data protection authority (contact details for data protection authorities in the European Economic Area are available here); and (iv) data portability. Users will not have to pay a fee to exercise such rights, however, Workleap may charge a reasonable fee or refuse to comply if the request is unfounded, repetitive or excessive.

14. How to Contact Us

Any questions, complaints or requests regarding this Policy or Workleap’s handling of Personal Information can be addressed to Workleap’s customer service at: 

Workleap Platform Inc. 
Attention: Data Protection Officer 

1751, rue Richardson, Suite 1.050 
Montréal (Québec) H3K 1G6 
email: support@sharegate.com  

A User who seeks to exercise his/her data protection rights referred to in Section 12, in respect of Personal Information stored or processed by Workleap on behalf of a Customer (typically the User’s employer), must direct his/her query to such Customer, as being the data controller. If Workleap receives such User’s request to exercise his/her data protection rights referred to in Section 12 (including for access to or correction of Personal Information), Workleap shall redirect the User to Customer and, upon request from Customer, shall assist Customer in responding to such request, if applicable.

Our Data Protection Officer will attempt to respond to your request within the legally applicable timeframe, and in any case no later than 30 days after receipt of such request. We will advise you in writing of our response to your request. Should we refuse to grant your request, we will inform you of the legal reason of our refusal, and we will apprise you of remedies available to you and of the time limit for exercising them.

Should you be unsatisfied with the outcome of your request, you may lodge a complaint with Workleap’s supervisory authority, the Commission d’accès à l’information

15. Change of Privacy Policy

Workleap will review and update its policies and procedures as required to keep current with rules and regulations, new technologies, standards and customer concerns. This Policy may therefore change from time to time.  If Workleap makes changes that materially alter Users privacy rights, Workleap may provide additional notice, such as via email or through the Services or the website. If Users disagree with the terms of this Policy, their only remedy is to discontinue use of the websites and the Services.