Privacy Statement As of Jan 1, 2023
This Privacy Statement describes how FosterHR collects, uses, shares or otherwise processes information relating to individuals (“Personal Data”) and the rights associated with that processing.
A reference to “FosterHr,” “we,” “us” or the “Company” is a reference to Business Drives, Inc. and its relevant affiliates involved in the collection, use, sharing, or other processing of Personal Data.
1) Responsible Business Drives Entity
Business Drives, Inc. and/or its affiliated entities are responsible for the processing of your Personal Data as described in this Privacy Statement, unless specified otherwise, and act as the controller of such Personal Data.
This Privacy Statement does not apply to the extent we process Personal Data in the role of a processor or service provider on behalf of our customers, including where we offer to our customers various products and services through which our customers (or their affiliates): (i) create their own websites and applications running on our platforms; (ii) sell or offer their own products and services; (iii) send electronic communications to others; or (iv) otherwise collect, use, share or process Personal Data via our products and services.
For detailed privacy information related to the Company customer or a customer affiliate who uses the Company products and services as the controller, please contact our customer directly. We are not responsible for the privacy or data security practices of our customers, which may differ from those explained in this Privacy Statement. For more information, please also see Section 10.3 below.
2) Processing activities covered
This Privacy Statement applies to the processing of Personal Data collected by us when you:
Visit our websites that display or link to this Privacy Statement;
Visit our branded social media pages;
Visit our offices;
Receive communications from us or otherwise communicate with us, including but not limited to emails, phone calls, texts or faxes;
Use our products and services where we act as a controller of your Personal Data;
Register for, attend or take part in our events, webinars, programs, trainings, certifications or contests;
Act as or work for a service provider or supplier to the Company, to the extent the Company acts as a controller with respect to your Personal Data;
Are employed by a customer of our products and services where your information has been shared with us in our capacity as a controller (for example, during the contracting process);
Participate in a Company community, such as that focused on open source development; or
Participate in surveys, research or other similar data collection facilitated by us.
Our websites and services may contain links to other websites, applications, platforms and services maintained by third parties. The information practices of these third parties, including the social media platforms that host our branded social media pages, are governed by their privacy statements, which you should review to better understand their privacy practices.
In some circumstances, we also collect, or our partners provide us with, publicly available information which may contain Personal Data that you have published or that has been made available online. The way in which our partners collect this is detailed in their own privacy policies, available on their websites.
3) What Personal Data do we collect?
3.1 Personal Data we collect directly from you
The Personal Data we collect directly from you may include identifiers, professional or employment-related information, financial account information, commercial information, visual information, and internet activity information, among others. We may collect such information in the following scenarios:
Scenarios
If you express an interest in obtaining additional information about our services; request customer support (including accessing the Help & Training Portal); use our “Contact Us” or similar features; register to use our websites or to receive communications; sign up for an event, webinar or contest; participate in a program, training, certification or survey; use our products and services; download certain content; or are employed by a customer of our products and services where your information has been shared with us
If you make purchases via our websites or register for an event or webinar
when you attend an event
If you register with us for a variety of purposes, including joining a community that we host or participating in a program, training or certification
If you interact with our websites or emails
If you use and interact with our products and services
If you communicate with us via a phone call
If you visit our offices
If you voluntarily submit certain information to us, such as filling out a survey, responding to a questionnaire or participating in other forms of research
If you are a supplier or service provider to Salesforce (or work for a supplier or service provider)
Personal Data Categories
Contact information, such as your name, job title, company name, address, phone number, email address, username and password, other information you have voluntarily chosen to share
Contact information, financial and billing information, such as billing name and address, credit card number or bank account information
Attendee badge information which may include name, title, company name, address, country, phone number and email address, image and video
During the Covid-19 pandemic, this may also include health status, including your temperature, COVID-19-related symptoms, exposure to COVID-19 positive individuals, vaccination status, testing results, and recent travel history
Username, photo, video or other biographical information, such as your occupation, location, social media profiles or usernames, company name, areas of expertise and interests
Information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers), which may qualify as Personal Data (please see Section 4 below) using cookies, web beacons, or similar technologies
Information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data (including Usage Data) (please see Section 4 below)
Information such as your name, voice and any other Personal Data voluntarily share
Name, email address, phone number, company name, time and date of arrival, image or video
During the Covid-19 pandemic, this may also include health status, including your temperature, COVID-19-related symptoms, exposure to COVID-19 positive individuals, vaccination status, testing results, and recent travel history
Information you have provided as part of that request, which may include Personal Data and special categories of Personal Data, to the extent you voluntarily choose to provide it
Contact information, payment and billing information
If you provide us, our service providers or our affiliates with any Personal Data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Statement. If you believe that your Personal Data has been provided to us improperly, or want to exercise your rights relating to your Personal Data, please contact us by using the information in Section 13 below.
3.2 Personal Data we collect from other sources
We also collect information about you from other sources including partners from whom we collect or purchase Personal Data, or who provide us with publicly available information which may contain Personal Data. We may combine this information with Personal Data provided by you.
Provision of the services:
The Personal Data we collect to provide our products and services may include information you have made publicly available online (such as when using social media sites) or that is published by third parties and contains information about you (such as news articles). For a select number of services, we collect this Personal Data from partners who may receive this data when you visit or use their services or through the third parties they work with. We analyze this information to enable our customers to assess the success of their brands.
In addition, the Personal Data we collect to provide our products and services may include location information from third parties, which helps us offer features like identity management and multi-factor authentication.
Advertising: The Personal Data we collect from other sources for the purposes of tailored advertising includes identifiers, professional or employment-related information, education information, commercial information, visual information, internet activity information, and inferences about preferences and behaviors. We collect this from third party providers of business contact information, including mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), IP addresses, social media profiles, LinkedIn URLs and custom profiles for purposes of targeted advertising, delivering relevant email content, event promotion and profiling, determining eligibility and verifying contact information. This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you.
Additional sources: In addition to the aforementioned, we collect Personal Data from the following sources:
Another individual at your organization who may provide us with your personal information, which may include Personal Data and special categories of Personal Data, to the extent you consent to providing it and sharing it, for the purposes of obtaining services and assessing our goals related to encouraging diversity within our vendors; and
Platforms such as GitHub to manage code check-ins and pull requests. If you participate in an open source or community development project, we may associate your code repository username with your community account so we can inform you of program changes that are important to your participation or relate to additional security requirements.
4) What Device and Usage Data do we process?
4.1 Device and usage data
As is true of most websites, we gather certain device information when individual users visit our websites. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider, mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites. This information is used for the purposes set out in section 5 of this Privacy Statement below.
In addition, we gather certain information as part of your use of our products and services (“Usage Data”). This information may include: (i) identifiers, such as user ID, organization ID, username, email address and user type; (ii) commercial information; and (iii) internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, language, browser type, Internet service provider or mobile carrier, user interactions such as the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system type and version, system configuration information, date and time stamps associated with your usage and details of which of our products and product versions you are using. This information is used for the purposes set out in detail in section 5 of this Privacy Statement below. In addition, we may use aggregated Usage Data for other internal business purposes, such as to identify additional customer opportunities and to ensure that we are meeting the demands of our customers and their users. Please note that this Usage Data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.
4.2 Cookies, web beacons and other tracking technologies on our website and in email communications
We use technologies such as web beacons, pixels, tags, and JavaScript, alone or in conjunction with cookies, to gather information about the use of our websites and how people interact with our emails.
When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer browsing preferences, and improve and customize your browsing experience.
We use both session-based and persistent cookies on our websites. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off. To change your cookie settings and preferences for one of our websites, click the Cookie Preferences link in the footer of the page. You can also control the use of cookies on your device, but choosing to disable cookies on your device may limit your ability to use some features on our websites and services.
We also use web beacons and pixels on our websites and in emails. For example, we may place a pixel in a marketing email that notifies us when you click on a link in the email. We use these technologies to operate and improve our websites and marketing emails – please see more details in the “Advertising Cookies” row in the table below. For instructions on how to unsubscribe from our marketing emails, please see Section 10.4 below.
The following describes how we use different categories of cookies and similar technologies and your options for managing the data collection settings of these technologies:
Type & Description of Cookies
Required Cookies:
Required cookies are necessary for basic website functionality. Some examples include: session cookies needed to transmit the website, authentication cookies, and security cookies.
If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
Functional Cookies:
Functional cookies enhance functions, performance, and services on the website. Some examples include: cookies used to analyze site traffic, cookies used for market research, and cookies used to display advertising that is not directed to a particular individual.
Functional cookies may also be used to improve how our websites function and to help us provide you with more relevant communications, including marketing communications. These cookies collect information about how our websites are used, including which pages are viewed most often.
We may use our own technology or third-party technology to track and analyze usage information to provide enhanced interactions and more relevant communications, and to track the performance of our advertisements.
Salesforce may also use HTML5 local storage or Flash cookies for the above-mentioned purposes. These technologies differ from browser cookies in the amount and type of data they store, and how they store it.
Advertising Cookies:
Advertising cookies track activity across websites in order to understand a viewer’s interests and to direct marketing to them.
We sometimes use cookies delivered by us or by third parties to show you ads for our products that we think may interest you on devices you use and to track the performance of our advertisements. For example, these cookies collect information such as which browser you used when visiting our websites.
Salesforce also contracts with third-party advertising networks that collect IP addresses and other information from web beacons on our websites, from emails and on third-party websites. Advertising networks follow your online activities over time and across different websites or other online services by collecting certain data through automated means, including through the use of cookies. These technologies may recognize you across the different devices you use. When we work with third party advertising networks, we require them to restrict their data processing to only what is necessary to provide us with the advertising services we request.
Settings Management
Because required cookies are essential to operate the websites, there is no option to opt out of these cookies.
We need your prior consent to use functional cookies. To change your cookie settings and preferences, including those for functional cookies, click the Cookie Preferences link in the footer of the page.
To learn how to control functional cookies via your individual browser settings, click here.
To learn how to manage privacy and storage settings for Flash cookies, click here.
We need your prior consent to use of targeting and advertising cookies. To change your cookie settings and preferences, including those for targeting and advertising cookies, click the Cookie Preferences link in the footer of the page.
See Section 4.3, below, to learn more about these and other advertising networks and your ability to opt out of collection by certain third parties.
4.3 Notices on behavioral advertising and opt-out for website visitors
As described above, we or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”). To learn more about targeted advertising and advertising networks, please visit the opt-out pages of the Network Advertising Initiative, here, and the Digital Advertising Alliance, here. To opt-out of targeted advertising that is provided to us and to third parties by Salesforce Audience Studio, click here.
To manage the use of targeting and advertising cookies on this website, click the Cookie Preferences link in the footer of the page or consult your individual browser settings for cookies. To learn how to manage privacy and storage settings for Flash cookies, click here. Various browsers may also offer their own management tools for removing HTML5 local storage.
4.4 Opt-Out from the setting of cookies on your individual browser
In addition to using the user preference center, in many cases you may opt-out from the collection of non-essential device data on your web browser (see Section 4.1 above) by managing your cookies at the browser or device level. In addition, if you wish to opt-out of interest-based advertising, click here (or, if located in the European Union or United Kingdom, click here). To opt-out of targeted advertising that is provided to us and to third parties by Salesforce Audience Studio, click here. Please note, however, that by blocking or deleting cookies and similar technologies used on our websites, you may not be able to take full advantage of the websites.
While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard adopted by industry groups, technology companies, or regulators. Therefore, we do not currently commit to responding to browsers’ DNT signals with respect to our websites. Salesforce takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and the implementation of a standard.
4.5 Social Media Features
Our websites may use social media features, such as the “Tweet” button and other sharing widgets (“Social Media Features”). Social Media Features may allow you to post information about your activities on our website to outside platforms and social networks. Social Media Features may also allow you to like or highlight information we have posted on our website or our branded social media pages. Social Media Features are either hosted by each respective platform or hosted directly on our website. To the extent the Social Media Features are hosted by the platforms themselves, and you click through to these from our websites, the platform may receive information showing that you have visited our websites. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile.
Salesforce also allows you to log in to certain of our websites using sign-in services. These services authenticate your identity and provide you the option to share certain Personal Data from these services with us such as your name and email address to pre-populate our sign-up form.
Your interactions with Social Media Features are governed by the privacy policies of the companies providing them.
4.6 Telephony log information
If you use certain features of our services on a mobile device, we may also collect telephony log information (like phone numbers, time and date of calls, duration of calls, SMS routing information and types of calls), device event information (such as crashes, system activity, hardware settings, browser language), and location information (through IP address, GPS, and other sensors that may, for example, provide us with information on nearby devices, Wi-Fi access points and cell towers).
6) Who do we share personal data with?
We may share your Personal Data as follows:
Service providers: With our contracted service providers, who provide services such as IT and system administration and hosting, credit card processing, research and analytics, marketing, customer support and data enrichment for the purposes and pursuant to the legal bases described above in Section 5;
Salesforce affiliates: With affiliates within the Salesforce corporate group and companies that we acquire in the future after they are made part of the Salesforce corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for customer support, marketing, technical operations, event registration and account management purposes. A list of Salesforce’s affiliates can be found in the List of Subsidiaries section of Salesforce’s most recent Form 10-K, available under the SEC Filings tab by selecting the “Annual Filings” filter on the page located here;
Event sponsors: If you attend an event or webinar organized by us, or download or access an asset on our website, we may share your Personal Data with sponsors of the event. If required by applicable law, you may consent to such sharing via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your information will be subject to the sponsors’ privacy statements. If you do not wish for your information to be shared, you may choose to not opt-in via event/webinar registration or elect to not have your badge scanned, or you can opt-out in accordance with Section 10 below;
Partners: With specific partners that offer supplementary services to those provided by Salesforce, such as partners that offer sustainability resources, to the extent you consent to such sharing (where required by applicable law);
Customers with whom you are affiliated: If you use our services as an authorized user, we may share your Personal Data with your affiliated customer responsible for your access to the services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies;
Contest and promotion sponsors: With sponsors of contests or promotions for which you register in order to fulfill the contest or promotion;
Third party networks and websites: With third-party social media networks, advertising networks and websites, so that Salesforce can market and advertise on third party platforms and websites;
Third party AppExchange partners: Specifically in relation to the AppExchange website, if you choose to interact with or use third-party tools, we may share your Personal Data with our third party partners who may contact you regarding their products or services;
Professional advisers: In individual instances, we may share your Personal Data with professional advisers acting as service providers, processors, or joint controllers - including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services, and to the extent we are legally obliged to share or have a legitimate interest in sharing your Personal Data;
Third parties involved in a corporate transaction: If we are involved in a merger, reorganization, dissolution or other fundamental corporate change, or sell a website or business unit, or if all or a portion of our business, assets or stock are acquired by a third party. In accordance with applicable laws, we will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party; and
Third party accounts: In relation to Tableau, if you connect to your third party accounts through our products, we will use that information to authenticate you, enumerate the data sources available to you, download any data you request us to, and download and refresh authentication tokens or persist authentication information such as user names and passwords as necessary to continue to connect to these data.
We may also share aggregated usage data with Salesforce’s service providers for the purpose of helping Salesforce in such analysis and improvements. Additionally, Salesforce may share usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services.
Anyone using our communities, forums, blogs, or chat rooms on our websites may read any Personal Data or other information you choose to submit and post.
For more information on the recipients of your Personal Data, please contact us by using the information in Section 13 below.
7) International Transfer of Personal Data
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates and third-parties disclosed in Section 6, above, that are based in other countries.
Therefore, your Personal Data may be processed outside your country or jurisdiction, including in places that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulators or legislators. Where required by applicable law, we will only share, transfer or store your Personal Data outside of your jurisdiction with your prior consent.
8) Children
Our websites and services are not directed at children. We do not knowingly collect Personal Data from children under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions, unless (a) we have obtained consent from a parent or guardian, (b) such collection is subject to a separate agreement with us or (c) the visit by a child is unsolicited or incidental. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in Section 13 below and we will take steps to delete their Personal Data from our systems.
9) How long do we keep you Personal Data
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see Section 5 above) or as long as required to fulfill our legal obligations. We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.
For more information on data retention periods, please contact us by using the information in the Section 13 below.
10) Your rights to your Personal Data
10.1 Your rights
You may have certain rights relating to your Personal Data, subject to local data protection laws. Depending on the applicable laws these rights may include the right to:
Access your Personal Data held by us;
Know more about how we process your Personal Data;
Rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete;
Erase or delete your Personal Data;
Restrict our processing of your Personal Data;
Transfer your Personal Data to another controller, to the extent possible;
Object to any processing of your Personal Data;
Opt out of certain disclosures of your Personal Data to third parties;
Know what categories of Personal Data are shared for delivering advertisements on non-Salesforce websites, applications, and services and the categories of recipients of such Personal Data;
Opt out of the sharing of your Personal Data for delivering advertisements on non-Salesforce websites, applications, and services;
If you’re under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions, opt in to certain disclosures of your Personal Data to third parties;
Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"); and
Withdraw your consent at any time (to the extent we base processing on consent), without affecting the lawfulness of the processing based on such consent before its withdrawal.
Not be discriminated against for exercising your rights as described above.
Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection.
Please note that Automated Decision-Making currently does not take place on our websites or in our services.
10.2 How to exercise your rights
To exercise your rights, please contact us by using the information in Section 13 below. Your Personal Data may be processed in responding to these rights. We try to respond to all legitimate requests within one month unless otherwise required by law, and will contact you if we need additional information from you in order to honor your request or verify your identity. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. If you are an employee of a Salesforce customer, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.
Some registered users may update their user settings, profiles, organization settings and event registrations by logging into their accounts and editing their settings or profiles.
To update your billing information, discontinue your account or request return or deletion of your Personal Data and other information associated with your account, please contact us by using the information in Section 13 below.
10.3 Your rights relating to customer data
As described above, we may also process Personal Data submitted by or for a customer to our products and services. To this end, if not stated otherwise in this Privacy Statement or in a separate disclosure, we process such Personal Data as a processor on behalf of our customer (and its affiliates) who is the controller of the Personal Data (see Section 1 above). We are not responsible for and have no control over the privacy and data security practices of our customers, which may differ from those explained in this Privacy Statement. If your data has been submitted to us in our role as a processor by or on behalf of a Salesforce customer and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. Because we may only access a customer’s data upon their instructions, if you wish to make your request directly to us, please provide us the name of the Salesforce customer who submitted your data to us. We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
11) How do we secure your Personal Data
We take appropriate precautions including organizational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the Personal Data we process or use.
While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure. You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions. If you have any questions about the security of our websites, please contact us by using the information in Section 13 below.
12) Changes to the privacy statement
We will update this Privacy Statement from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we do, we will update the “effective date” at the top. If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a notice on our website or by contacting you directly, or where required under applicable law and feasible, seek your consent to these changes.
We encourage you to periodically review this Privacy Statement to stay informed about our collection, processing and sharing of your Personal Data.
13) Contacting Us
Business Drives has appointed a Data Protection Officer. To exercise your rights regarding your Personal Data, or if you have questions regarding this Privacy Statement or our privacy practices please, email us at privacy@businessdrives.com or datasubjectrequest@salesforce.com, Data Protection Officer (Business Drives Privacy Team)
55 Eglinton Ave E., Suite 602
Toronto, ON M4P 1G8, Canada
When you contact us, please indicate in which country and/or state you reside.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority. If you work or reside in a country that is a member of the European Union or that is in the EEA, you may find the contact details for your appropriate data protection authority on the following
website.
