Privacy Policy

Introduction

In this policy, “Goodbay” refers to Goodbay Technologies, Inc. which shall mean subsidiaries, parent companies, joint ventures and other corporate entities under common ownership. We may also refer to Goodbay as “we” or “us”. We have prepared this Privacy Policy to help you understand how we collect, store, use, and manage the information, including personal information, that you provide or we collect about you when you use Goodbay’s services.

Goodbay is in the business of providing solutions that enable our Customers to meet their business goals. We offer business process and customer support outsourcing solutions, along with consulting services. We commit to putting Customers first is to ensure that Customer Personal Information that our Customers entrust to us, including sensitive personal information, is safeguarded, and that the privacy of our Customers’ End Users is respected.

Goodbay’s privacy practices are developed in accordance with applicable legislation relating to privacy and information security, which may include, but is not limited to the EU General Data Protection Regulation (Regulation (EU) 2016/679), as nationally implemented, supplemented, amended and replaced from time to time (“GDPR”), the Personal Information Protection and Electronic Documents Act (“PIPEDA”), the Children’s Online Privacy Protection Act of 1998 (“COPPA“) the Video Privacy Protection Act of 1988, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA“), the Fair Credit Reporting Act (“FCRA“), the Cable Television Protection and Competition Act of 1992, and a variety of provincial and state privacy laws, all together the “Applicable Privacy Laws”.

Goodbay is committed to ensuring that our privacy practices comply with the Applicable Privacy Laws as well as with our contractual commitments. Our commitment to our Customers is that we will work with them to protect privacy in all our service offerings.

Scope, Application and Definition

Scope and Application:

This Privacy Policy applies to Customer Personal Information that is in Goodbay’s possession for the purposes of providing services to the Customer. It includes Customer Personal Information that is in the custody of service providers who have been contracted to provide services on Goodbay’s behalf.
The application of this Privacy Policy is subject to the requirements of provisions of applicable regulations, legislation, agreements or the ruling of any court or other lawful authority
All Goodbay employees and agents with access to Customer Personal Information are required to comply with this Privacy Policy.

Definitions:

For the purpose of this Privacy Policy, the following terms shall have the following definitions.

Customer is defined as customer or potential customer of Goodbay who is a business, enterprise, or other organization.

Customer Personal Information has the definition given to it in the “What Personal Information Do We Collect?” section below.

Personal Information is defined as any information relating to an identified or identifiable natural person.

End User is defined as Customers’ products or services, or clients, or customers of Customers.

FAQ’s

Personal Information We Collect

For us to provide services to Customers, we collect and process the following Personal Information (“Customer Personal Information”):

  1. End User Information
    This is Personal Information that relates to End Users and that is entrusted to Goodbay by Customers for Goodbay to provide services to Customers which may be used by or otherwise affect the End Users.
    Such Personal Information consists of amongst others:
    Names; telephone numbers; email addresses; mailing addresses; information for account management (such as usernames and passwords); IP addresses; behavioral information (such as preferences, habits, interactions, feedback, needs and problems); financial information (such as credit card numbers, bank account names and details and account histories); and special categories of data (such as personal health data).
  2. Customer Contact Information
    This is Personal Information that we gather from Customer representatives at various stages of our relationship with Customers, such as when Customers contact us to learn information about our services, and when we continue to work with Customers to provide custom-made solutions to their requirements.
    Such Personal Information consists of, among others:
    Names; telephone numbers; email addresses; mailing addresses; information for account managment (such as usernames and passwords); IP addresses; and financial information (such as credit card information, payment information; including bank account names and details).

How We Use Customer Personal Information

We use Customer Personal Information for the following purposes:

  1. To communicate with Customers throughout their relationship with Goodbay;
  2. To understand End User and Customer needs and preferences;
  3.  To provide services that are tailored to Customers’ and End Users’ requirements;
  4. To ensure that our services continue to be responsive to Customers’ and End Users’ requirements, including by providing technical support and training, and improve processes;
  5. To promote or sell products or services to Customers and End Users, in accordance with any applicable marketing or telemarketing legislation;
  6. To bill Customers and process Customer payments;
  7. To investigate and resolve incidents and Customer or End User complaints;
  8. To further our business goals, such as to perform audits, data analysis, fraud monitoring, and prevention, to improve or modify our services, to identify trends, to determine the effectiveness of our promotional campaigns and to operate and expand our business activities;
  9. To meet any regulatory or legal requirements.

We May Disclose Customer Personal Information

  1. Third Party Service Providers
    We may disclose Customer Personal Information to certain service providers that we use to provide us with services, such as information technology services, payment processing services, SAAS-based applications, consulting, auditing and related services.
    Where we enter into a relationship with any service provider or subcontractor, we will have contracts in place with such service provider or subcontractor, in order to ensure that Customer Personal Information is protected in accordance with Applicable Privacy Laws.
  2. Group Companies
    We may disclose some Customer Personal Information between our group companies; including companies in other countries, inside or outside the United States, in order to ensure that we are dedicating the appropriate group resources to Customer requirements, as well as for certain of our business purposes, such as for accounting, regulatory compliance and internal record keeping.
  3. Monitoring of security compliance – We monitor the security implementation of partners and group companies to ensure that they maintain the same level of security compliance. This is supported by internal and external reporting.

Legal Obligations

There may be certain legal reasons for disclosing Customer Personal Information:

  1. To protect our operations and rights;
  2. To enforce our terms and conditions and contracts with Customers;
  3. To protect the safety and rights of our Customers and End Users;
  4. To comply with enforcement actions by regulators, court orders or any other legal proceedings;
  5. To seek any remedies available to us or limit damages that we may suffer;
  6. To respond to requests from governmental and public authorities, including public and governmental authorities outside of Customers’ countries of establishment;
  7. To comply with any other relevant applicable laws from time to time, including applicable laws outside of Customers’ countries of establishment, inside or outside of the United States.

Accountability Principles

  1. Executive Responsibility
    Protecting privacy is an integral part of our services and all members of Goodbay’s executive team have a responsibility to oversee and enable compliance with Goodbay’s privacy policies and procedures within their own areas of responsibility.
  2. Employee Accountability
    All members of the Goodbay team undergo annual privacy training to ensure their compliance with applicable laws and our policies, including this Privacy Policy; all employees play a role in maintaining Customer trust and we undertake ongoing privacy awareness activities to create a culture of privacy at Goodbay.
  3. Commitment to Accountability
    Goodbay is responsible to our Customers for Customer Personal Information in Goodbay’s custody. Goodbay acts as a Data Processor (as such term is defined in the GDPR) for its Customers, which means that it processes Customer Personal Information on behalf of its Customers in order to provide services to those Customers.
  4. Goodbay’s Privacy Contact
    Goodbay has appointed Data Protection contacts to manage data privacy compliance in its United States and India based operations. They may be contacted at: info@goodbaytech.com

Cookies and Consent

Cookies

Goodbay uses cookies to understand how a Customer interacts with our websites, communications, services and selected third party websites, with the aim of refining the user experience. We use cookies in a limited manner and only for purposes consistent with this Privacy Policy.

Consent

Goodbay does not have a direct relationship with all of the End Users or all relevant employees, workers or representatives of its Customers, Goodbay requires that every Customer obtain any necessary consents or other authorizations required under Applicable Privacy Laws, so that Goodbay may collect, use and disclose Customer Personal Information for the purposes set out in this Privacy Policy on behalf of the Customer.

Limitation of Processing of Customer Information

Goodbay receives Customer Personal Information from its Customers and End Users and collects Customer Personal Information from other individuals or entities on behalf of its customers.

Goodbay requires its Customers to share Customer and End User Personal Information with Goodbay only to the extent that said information is lawfully gathered as necessary and sufficient for the purposes identified in this privacy policy and any contractual agreement. We limit the collection of Customer and End User Personal Information to that which is necessary to fulfil the purposes identified her in and in accordance with the contractual agreement with the Customer.

Goodbay does not use Customer Personal Information for purposes other than set out in this Privacy Policy and in accordance with the contractual agreement with the Customer, except otherwise required or permitted by applicable law.

Accuracy; Retention; Safeguards

Accuracy

Goodbay does not verify the accuracy of Customer Personal Information when it is received from a Customer.

Goodbay relies on its Customers to ensure the accuracy of the Customer and End User Personal Information that has been supplied to Goodbay in order for Goodbay to provide services for its Customers.

Goodbay will take appropriate steps to maintain the integrity of the Customer Personal Information and will ensure that appropriate safeguards are in place to protect any Customer Personal Information in its custody.

Retention

Goodbay has a policy respecting records retention and an associated retention schedule and will keep Customer Personal Information only as long as it remains necessary or relevant for the purposes of providing services to Customers and in accordance with the terms and conditions of the contractual agreement with the Customer.

Safeguards

Goodbay maintains an information security governance program to protect Customer Personal Information.

Goodbay, in compliance with its security policy, employs security measures appropriate to the sensitivity of the information in an effort to protect Customer Personal Information against such risks as loss or unauthorized access, disclosure, theft, copying, use, destruction or modification.

Goodbay’s security measures include but are not limited to the following:

  1. Using appropriate administrative, physical and technical security controls designed to prevent and detect unauthorized access to Customer Personal Information;
  2. Limiting access to Customer Personal Information to a need-to-know basis and applying the principles permission level access control;
  3. Requiring secure disposal of any media containing Customer Personal Information;
  4. Identifying and assessing reasonably foreseeable risks to the integrity, confidentiality or availability of Customer Personal Information that we hold and taking reasonable steps to mitigate those risks through the implementation of safeguards;
  5. Testing of our overall security program.

Goodbay employment agreements include contractual provisions for the safeguarding and proper usage of confidential information (including Customer Personal Information) accessible to our employees in the course of their employment. Goodbay takes appropriate disciplinary measures where necessary to enforce this Privacy Policy.

Openness; Incident Management: Individual Access

Openness Concerning Policies and Practices

Goodbay strives to make information about its policies and practices accessible and easy to understand; this Privacy Policy is available on our privacy page.

Incident Management

Goodbay has developed a comprehensive incident readiness and response plan designed to identify the cause, extent, and nature of an incident involving Customer Personal Information and to allow timely reporting to the Customer in accordance with Applicable Privacy Laws and our contractual terms.

Goodbay will provide reasonable assistance to our Customers to investigate and assist in the reporting of the incident to regulatory authorities or other required parties to prevent or minimize any loss or harm arising from such incident.

Individual Access

Unless we specifically contract to do so as part of the provision of services to a Customer, Goodbay will not generally respond directly to access requests or inquiries of End Users. We will instead make reasonable efforts to direct inquiries and access requests made by End Users to the appropriate Customer.

Customers should advise End Users to consult Customers’ own privacy policies to familiarize themselves with their rights under Applicable Privacy Laws.

Contacting Us

For the purposes of the GDPR, Goodbay shall be the data processor in respect of Customer Personal Information and the relevant Customer shall be the data controller.

Goodbay maintains procedures for responding to all questions or complaints about Goodbay’s handling of Personal Information. These can be forwarded on a confidential basis to our Privacy Office at info@goodbaytech.com.
Goodbay will investigate all complaints concerning compliance with this Privacy Policy. If a complaint is found to be valid, Goodbay will take necessary measures to resolve the complaint including, if appropriate, amending its policies and procedures.