DistillerSR Inc. Privacy Statement
Attention: We have updated our Privacy Statement to ensure legislative requirements are met. For details on the changes please see our announcement.
Version 6.0 | July 2023
This Privacy Statement lets you know how we collect, use, disclose, and protect the Personal Information you entrust to us.
When we refer to ‘Personal Information’ we mean information about an identifiable natural person. In other words, information about someone we can identify, directly or indirectly, using an identifier like a name, an identification number, location data, an online identifier, or someone we can identify using one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
This Privacy Statement does not apply to data you upload through our software like medical literature references, project workflow, research data, etc., from which you use our software to generate output data (“Customer Data”). Customer Data is subject to the agreement between you and DistillerSR Inc. when you purchase a subscription to use our software.
We do not knowingly collect, process, or retain any:
- special categories of personal information like personal information of children under the age of 16
- personal health information, personal financial information, or any other special category of information.
Our Services are not meant to capture any Sensitive Personal Information, or the information of children. If you’d like to learn more about what the European Union refers to as Sensitive Personal Information, you can click here: https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/sensitive-data/what-personal-data-considered-sensitive_en
What Personal Information Do We Collect?
When you purchase a subscription to use our software or opt-in to receive marketing or sales communications from us, we collect the following personal information about you, and/or your organization:
|Information Collected||Purpose||Legal Basis|
Such as your name, email
address, and business contact information
|This information is required to create an account and use the DistillerSR service. We may also use this information to notify you of any software releases or other information related to your use of our Services, such as revisions to this Privacy Statement or our Terms of Service.||Consent;
Such as your name and contact information, purchase history, method of payment and other
similar information required for auditing and tax compliance
|This information is required so that we may process and receive payment.||Consent;
We use Pendo to track your usage data, including your IP address, performance and use metrics on your use of our Services, such as project size, project complexity, system response times and other similar information
|This information helps us continually improve our software and your user experience. For example, if we see through usage data that users are struggling with a certain function, we will be able to improve the service or provide better training for our users||Our legitimate
|Information You Provide to us This includes any information we need to assist you through our subprocessor Zendesk, a calendar invite automatically set through our subprocessor Chili Piper, and any other Personal Information you submit to us in a form, email, phone call or live chat||You may provide this information to us, so we can assist in resolving any technical issues you have with the service, or connect you with an account executive to give you more information about DistillerSR. By providing this information to us, you have consented to our processing and use of it.||Contractual
Evidence of your status as a student, such as a proof of enrollment or student ID.
|Before opening a student account, we need you to verify that you are a student.||Consent; Our
students a more cost effective
This data includes your name, address, telephone number, date of birth, social insurance number, payroll information, benefit information, emergency contact information, resume, and/or reference details, as well as any other Personal Information we are required to process in order to interview, onboard and retain your talent.
|We collect this information so that we may review your resume, interview you, onboard you, retain your talent, and provide you with benefits. We may also require your Personal Information to assess whether you are eligible to work in Canada. If you are an employee or a prospective employee and you have any questions about your Personal Information, please contact us at [email protected]||Consent;
Compliance with our legal
|Audit Trail Data
This information includes what pages you visit on our site, what links you click on, and what changes you make to your studies (including reports generated)
|We require this information to maintain the audit trail and provide software functionality||Our legitimate
This includes your name, email address, phone number, summaries of any conversations we have had with you, your usage data, any information you have requested from us
|This information is required to provide you with anything you have requested from us, such as blog posts or white papers that you have requested. We may also send you promotional messages if you have opted-in to receive them||Our legitimate interests|
If you browse our data we may collect information about the pages you have visited and forms you have submitted to us
|This information is required to answer any inquiries you may have and help better segment our marketing efforts.||Our legitimate interests|
Use of Website, Cookies, and Tracking Technology
When you visit our website (https://www.distillersr.com), we collect Personal Information from you through various cookies.
You can set up your browser to disable cookies at any time, but doing so may limit the functionality of our Website. For instructions on how to disable cookies, please visit the links below:
- For functionality. These cookies and other technologies are essential in order to use the Services to provide the feature you have requested, such as remembering if you have logged in or your language or search parameters. We use these cookies to make your use of the Services more tailored.
- For performance and analytics. These cookies collect information on how you interact with our Services and help us improve how the Services operate. For example, we use Google Analytics cookies to help us understand how you browse our website. We use this information to identify areas for improvement such as navigation, user experience, and marketing campaigns.
- Targeting Cookies or Advertising Cookies. These cookies collect information about your browsing habits in order to make advertising relevant to you and your interests.
- Social media cookies. We use these cookies to track key metrics such as conversions when you engage with our content on the social media platform and later visit our site. This information may be also used for advertising activities.
Do Not Track
As there is not yet a common understanding of how to interpret Do Not Track (“DNT”) signals, DistillerSR does not currently respond to browser DNT signals.
Sale of Information
DistillerSR does not sell any personal information we collect.
Our website contains links to other websites. If you follow those links, like Twitter, LinkedIn, or other social media icons, you are accessing external websites operated by those entities. DistillerSR does not have any control over any information you provide to those third-party websites, and you are governed by those entities’ privacy policies, not this DistillerSR privacy statement.
Third Party Service Providers
From time to time we need to disclose your Personal Information to another company to provide you with our Services (“Third-Party Service Providers”). For example, Zendesk may process some Personal Information if you require any assistance in using our Services. Third-Party Service Providers may be used for the following functions: sending communications, processing payments, assessing compliance risks (such as our lawyers, accountants and auditors), analyzing data, providing marketing and sales assistance (including advertising and event management), conducting customer relationship management, and providing training. These Third-Party Service Providers have access to the minimum Personal Information needed to perform their functions, and may not use it for any other purposes. We ensure that international data transfers are compliant with applicable law.
Sales and Marketing
We like to send you information about our products and services that we think might interest you. We may send you this information if we have a business relationship with you, you have offered your contact information to us (i.e. business card), your contact information is publically available, or as permitted under applicable anti-spam legislation. Otherwise, we will always ask for your consent to receive sales and marketing information before sending you any communications.
You can always opt-out of our sales and marketing communications. If you wish to opt-out of receiving sales and marketing communications, please contact [email protected] or select the unsubscribe link in an email you receive.
We will provide you with our response to that request in a timely fashion, and can make appropriate modifications to our information, up to and including deletion.
As outlined above, to create and have access to a student account, DistillerSR requires Personal Information to verify student status.
If you are a post-secondary student and have submitted your Personal Information to DistillerSR to apply for a student account, you acknowledge that you have reached the age of majority in your jurisdiction and that you can give your informed and meaningful consent to our collection, use, retention, disclosure or processing of your Personal Information.
How Do We Store And Retain Data?
We retain information throughout the relationship between you and DistillerSR and as necessary for us to comply with our legal obligations. Once we no longer need the information for the purpose for which it was collected, we securely dispose of the Personal Information unless otherwise required by law or requested by you in writing under your rights (See: What Rights Do You Have?).
What Rights Do You Have?
You have the right to withdraw your consent for us to collect or process your Personal Information. We will endeavor to comply with the request and adjust our practices regarding your Personal Information within a reasonable time. If you do not want us to continue contacting you, we will add your contact information to a ‘do not send’ list to comply with your no-contact request. If you request to be placed on a ‘do not send’ list, your name and limited contact information will be kept on that list.
Depending on your jurisdictions, such as the European Union, you may have certain rights, such as:
- Right to be Informed: You have the right to be informed about the collection and use of your Personal Information.
- Right to Access: You have the right to view and request copies of your Personal Information.
- Right to Rectification: You have the right to request inaccurate or outdated Personal Information be updated or corrected.
- Right to be Forgotten: You have the right to request that your Personal Information be deleted, subject to our legal obligations and restrictions.
- Right to Data Portability: You have the right to ask for your Personal Information to be transferred to a Controller.
- Right to Restrict Processing: You have the right to request the restriction or suppression of your Personal Information.
- Right to Withdraw Consent: You have the right to withdraw previously given consent to process your Personal Information.
- Right to Object: You have the right to object to the processing of your Personal Information.
- Right to Object to Automated Processing: You have the right to object to decisions being made using your Personal Information solely based on automated decision making or profiling.
To exercise any of these rights, please contact us at [email protected].
Your activities in the software are tracked only to ensure that the audit logging features of our software are complete. This is required for DistillerSR to maintain 21 CFR Part 11 regulatory compliance (Code of Federal Regulations), as our customers use that information to support regulatory submissions based on the output from our systems. The specific Personal Information tracked through software use is minimal and project-related only. We are unable to adjust the audit trail in any project, and therefore cannot honour deletion requests related to software use.
Protecting Personal Information
DistillerSR protects personal information using technical, physical, and administrative methods.
We ensure that all interactions between your computer and our servers for use of our software are encrypted, and we use a number of advanced security features built into our software and associated with our hosting infrastructure to ensure that your personal information remains protected at all times. The technical security features include:
- Intrusion detection software
- SSO/SAML authentication
- Multi-factor authentication
- Data encryption in transit and at rest
- Secure password protection
- Checksums/hash totals
We implement physical security measures at our facility in Ottawa, Ontario, Canada, such as key-card access to our offices and monitored alarms. The DistillerSR facility hosts no onsite servers nor centralized data storage containing Personal Information. Any Personal Information is kept under lock and key, and only accessed by trained employees with proper clearance on a need-to-know and limited basis. We limit the creation of printed materials to what is necessary to fulfill our functions to reduce the risk of a security breach, and we ensure that when storing or transporting information appropriate measures are taken such as using sealed envelopes, containers, locks, or equivalent devices.
Access to the backend of the software is restricted to only specific members of Senior Management and certain employees. All our employees and short-term contractors who have access to personal information have completed national level police checks prior to their engagement at DistillerSR. As part of our administrative measures, our Information Security Officer conducts periodic audits and risk assessments to ensure that we maintain up-to-date and appropriate security practices.
The security provisions of Amazon Web Services (AWS) are described in security and compliance whitepapers published by AWS; they can be found by visiting https://aws.amazon.com/whitepapers/#security.
Contact us at [email protected] for more information on our security practices or user access management policies.
You acknowledge that no security system is impenetrable. By sharing personal information with us, the Personal Information may be at risk should an external party breach our systems. We will comply with our legal obligations to notify you where we are required to do so.
Changes To Our Privacy Statement
We keep our Privacy Statement and privacy practices under regular review and will change this Privacy Statement from time to time. If we make any significant changes, we will notify you of the changes by posting them on our website or sending you an email, and we will change the last updated date at the bottom of this Privacy Statement.
If you have questions or concerns regarding data protection and privacy at DistillerSR, we encourage you to contact our Privacy Officer, Legal Contracts Manager, or General Counsel at:
505 March Road, Suite 450, Ottawa, Ontario, Canada K2K 3A4
T: 1.844.622.8727 (toll free)
E: [email protected]
We have engaged a representative in the European Union, European Economic Area, and UK. Please review contact information and instructions for contacting them directly here: https://www.distillersr.com/distillersr/data-protection-representative
Should you wish to report a complaint, or if you feel that DistillerSR has not addressed your concerns in a satisfactory manner, you can contact the appropriate governmental authority in your jurisdiction. This would be a data protection authority, information commissioner’s office, or other supervisory authority.