Last updated: March 14, 2025
Overview & Scope
StereoLOGIC Inc. (“StereoLOGIC,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information. This Privacy Statement (also referred to as our ‘Privacy Policy’ or ‘Privacy Notice’) applies to our websites, communications, and business operations, and—where stated—our processor activities when we handle Customer Data under contract with a business customer (the “Controller” or “Customer”).
If a separate agreement (for example, a Customer Services Agreement or Data Processing Addendum, “DPA”) between StereoLOGIC and a Customer conflicts with this Privacy Statement, the DPA governs for the Customer relationship.
Roles & Definitions
- “Controller/Business” means the organization that determines the purposes and means of processing personal information (our Customer).
- “Processor/Service Provider” means StereoLOGIC, when we process personal information solely on documented instructions from the Controller.
- “Personal Information” (or “personal data”) means information that identifies, relates to, describes, or could reasonably be linked with an identified or identifiable individual.
- “Customer Data” means personal information we receive from or on behalf of a Customer for processing under our contract as a Processor.
Personal Information We Handle
Direct Interactions (StereoLOGIC as Controller)
We may collect personal information when you browse our website, fill out a “contact us” form, subscribe to communications, interact with us at events, or otherwise communicate with us in accordance with legal and regulatory requirements. Categories may include name, business contact details, company/role, communication content, device and usage data (e.g., cookies/telemetry consistent with your settings), and preferences.
Customer Data (StereoLOGIC as Processor)
Customers may transfer to us personal information about their end users, employees, or other individuals for processing in connection with the services we provide. The Customer, as Controller, decides which categories of personal information are submitted, the purposes of processing, and applicable retention rules. Examples may include identifiers, contact data, job/role metadata, and process artifacts relevant to the Customer’s use of our services.
How We Use Personal Information
Direct Interactions (StereoLOGIC as Controller)
We use information to operate our website, respond to inquiries, provide requested materials, improve and secure our services, conduct analytics consistent with your cookie choices, and send you communications where permitted (you can opt out at any time).
Customer Data (StereoLOGIC as Processor)
We process Customer Data solely: (i) to provide the services; (ii) to maintain and secure the services; (iii) to comply with the Controller’s documented instructions and our contract; and (iv) as otherwise required by applicable law. We do not sell or use Customer Data for our own independent marketing purposes.
Data Subject Rights
Direct Interactions (StereoLOGIC as Controller)
We obtain and document explicit consent from individuals prior to collecting, using, transferring, retaining, or disclosing sensitive personal information through appropriate data access authorization forms or electronic consent mechanisms. Your consent and preferences are captured at or before data collection and stored in electronic and/or written form, and implemented promptly.
You have the following choices regarding your personal information:
- Provide or withhold consent for the collection, use, and disclosure of your personal information
- Limit the types of personal information you provide to us
- Opt out of marketing communications
- Request access, correction, or deletion of your personal information
Individuals, customers, and designated account holders can update their personal information to ensure it is accurate and complete through our customer web portal (when logged into your account) or by contacting us using the methods provided in this privacy policy at privacy@stereologic.com.
We collect only the personal information necessary to deliver our Service to you. If you choose not to provide required personal information or withdraw your consent, you may not be able to access certain features of our Service, create an account, or receive customer support. We will clearly communicate any such consequences before collecting your information.
If we intend to use previously collected information for a new purpose not previously disclosed, we will document the change, notify you of the new purpose, and obtain your updated consent or withdrawal of consent as required. Your information will only be used as newly authorized by you.
By using our Service, you acknowledge that you have read and understood this Privacy Policy and the choices available to you regarding your personal information.
We maintain a documented process for receiving, authenticating, and responding to data subject access requests in accordance with contractual and regulatory obligations. This includes:
- Verifying the identity of the requester through appropriate authentication methods
- Determining the legitimacy and scope of each request
- Fulfilling or denying requests within agreed service timeframes (typically within 30 days)
- Logging all requests and actions taken for audit and accountability purposes
We have established formal processes to capture, log, verify, and respond to all privacy rights requests in accordance with applicable laws and regulations. All requests are logged within our designated tracking system for historical and audit purposes. We will respond within a reasonable timeframe and provide confirmation of actions taken.
Upon confirmation of a deletion request or when personal information is no longer required for the purposes outlined in this policy, we ensure secure disposal of your information through anonymization, secure erasure, and/or destruction methods as documented in our data retention and disposal policies. We will also communicate such deletions to relevant third parties who have received your data as outlined in this policy.
We will provide notice at the time of or prior to collecting personal information directly from you. If we intend to use your personal data for a new purpose not previously disclosed in this Privacy Policy. In that case, we will notify you of this new use and obtain your consent where required by applicable law.
Customer Data (StereoLOGIC as Processor)
For personal information processed as a Processor on behalf of a Customer, **StereoLOGIC does not independently adjudicate end‑user rights requests.** End users should direct requests (e.g., access, deletion, correction, portability, objection) to the relevant Customer (the Controller). Upon a Customer’s documented instruction, we will assist the Customer in responding to verified requests within timeframes required by law and our DPA.
If we receive a misdirected rights request relating to Customer Data, we will log it and forward it to the appropriate Customer without undue delay and will not act upon it except as instructed by the Customer or required by law.
Under our Customer Agreements, we will forward any misdirected data-subject request we receive to the appropriate customer within two (2) business days, and we will assist the customer in responding to such requests within ten (10) business days.
Subprocessors
We may share personal information with service providers and subprocessors that support our website, operations, security, and delivery of services (e.g., hosting, infrastructure, analytics, email, customer support). We require such parties by contract to protect personal information and to use it only to provide services to us.
Cloud infrastructure subprocessor: Microsoft Corporation (Microsoft Azure).
For Customer Data, our list of approved subprocessors is available to Customers on request or as specified in the DPA. We do not sell personal information.
We will provide customers at least 30 days’ notice prior to engaging a new subprocessor or replacing an existing one. A list of our current subprocessors and their roles is available upon request.
Disclosures
Business Transactions
If the Company is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
Law Enforcement
All personal information disclosed for legal purposes is logged, tracked, and maintained in our designated tracking system for historical and audit purposes. After proper verification of legal requests, we provide the requested information in a timely manner in either a portable electronic format or by mail, in accordance with applicable law.
Other Legal Requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Company
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of Users of the Service or the public
- Protect against legal liability
International Transfers
We may transfer personal information to jurisdictions that may have different data protection laws. Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses) and supplementary measures for such transfers.
For Customer Data, transfer mechanisms and data residency options are governed by the DPA with the Customer.
Primary hosting region for Customer Data is set by the applicable Customer Agreement; data residency is driven by that agreement.
Security
We use technical, organizational, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, and disclosure. Our security program includes access controls, encryption in transit and at rest where appropriate, vulnerability and patch management, logging and monitoring, and personnel security measures.
Retention & Deletion
For Direct Interactions, we retain personal information as long as needed to fulfill the purposes described or as required by law. When we correct or erase your personal information at your request or as required by law, we will communicate such corrections or erasures to all authorized users and relevant third parties to whom your personal information has been shared or transferred within a reasonable timeframe, ensuring proper updates across all recipients. This includes service providers, business partners, and affiliates who have received your data.
For Customer Data, we retain and delete information according to the Controller’s instructions and the DPA, including secure deletion upon termination or at the Controller’s documented request, subject to legal retention obligations.
Cookies & Similar Technologies (Website)
We use cookies or similar technologies to deliver and measure site functionality and to understand engagement, consistent with your preferences. You can manage your cookie settings in your browser and, where provided, our consent tools.
Do Not Track
We do not track users over time and across third‑party sites and therefore do not respond to browser‑initiated Do Not Track signals.
Children’s Privacy
Our services are not directed to children under 18, and we do not knowingly collect personal information from children without appropriate authorization.
Changes to this Statement
We may update this Privacy Statement from time to time to reflect changes in technology, law, or our practices. We will post the updated statement with a new effective date.
We review and update our Privacy Policy and personal information collection and usage procedures as necessary to ensure alignment with applicable laws, regulations, and relevant standards. We maintain comprehensive documentation on the nature, extent, and purpose of personal information collected, processed, stored, and disclosed to third parties, which is reviewed at least annually to ensure accuracy and completeness.
All changes to this Privacy Policy are logged, time-stamped, and attributed to the reviewer who approved the changes. We retain prior versions of this Privacy Policy in accordance with our internal document retention requirements to maintain historical records of our privacy communications.
Personal information collected is used only in alignment with and limited to the purposes identified in this privacy notice.
Policy Distribution and Access
This Privacy Policy is provided to customers, employees, and applicable third parties prior to or at the time of collecting personal information. The current version of this Privacy Policy is available on our website and will be provided upon request.
Information Collection Governance
Our management and legal counsel review and approve all methods and sources of personal information collection, whether collected directly from you or obtained from third parties, to ensure information is obtained fairly, lawfully, and from reliable sources.
We collect personal information directly from you when you use our Service and may obtain information from reliable third-party sources such as business partners or service providers. All third-party sources are vetted and approved through our internal governance process to ensure they obtain information lawfully and maintain appropriate data protection standards.
How to Contact Us
For questions about this Privacy Statement, our privacy practices for Direct Interactions, or to request a copy of this Privacy Policy or previous versions for legitimate purposes, please contact us by:
- By email: privacy@stereologic.com
- By mail: StereoLOGIC Inc., 161 Bay St, Suite 2700, Toronto, ON, M5J 2S1, Canada
For Customer Data handled as a Processor, end users should contact the relevant Customer (Controller). Customers may contact their StereoLOGIC account representative or privacy mailboxes above for any privacy or security matters, including data subject request assistance and subprocessors.
Supplemental Jurisdiction-Specific Notices
Where required by applicable privacy laws (e.g., GDPR, UK GDPR, PIPEDA, CCPA/CPRA), we provide additional disclosures in Customer contracts or supplemental notices. These include details about legal bases for processing, consumer rights, and transfer mechanisms.
Note: This document harmonizes our existing website/privacy practices with our role as a Processor for Customer Data. Customer contracts and the DPA prevail in the event of a conflict.