Skip Navigation

Privacy policy

Field Effect Software Inc. and its subsidiaries[hover]Where Field Effect is the data controller, the entity that controls your personal information may differ depending on where you reside. The following entity is the data controller:
1. If you reside in the United Kingdom or the European Union, Field Effect Security Inc.
2. If you reside in the United States, Field Effect Security Ltd.
3. If you reside in Australia, Field Effect Security Pty Ltd.
4. If you reside in Canada or anywhere else not stated, Field Effect Software Inc.
(collectively "Field Effect", “we”, “our” and “us”) believe customer security and privacy are paramount and we are committed to protecting your privacy and maintaining the security of your personal information.

This privacy policy describes how we collect, use, process and share your personal information when you use any of our products and services and when you visit and interact with our website.

What is Personal Information

Personal information, also called personal data, and referred to in this policy as “personal information,” is generally considered to include any information related to an identifiable individual. The precise definition may vary depending on your jurisdiction. The types of personal information that we may process depends on the business context and the purposes for which the information was collected.

Collection of Personal Information

Direct Collection

We may collect personal information directly from you when you interact with our websites (which may include requesting a demo or information or applying for an open employment position), the Field Effect portal, through electronic communications or when you interact with us in person. For example, you may provide Field Effect with contact information, job title, work or employment history, payment information, physical address, telephone number, email address and other personal information directly when you:

  • set up an account with us
  • provide information to us in connection with a purchase of our products and services
  • post comments, participate in forums or blogs
  • contact us by email, text, chat or phone or through the client portal for customer support or other matters
  • partner with us as a reseller of our services.

Only the personal information necessary to achieve the stated purpose of the collection will be collected. 

Indirect Collection

We may also collect personal information about you indirectly from:

  1. Third parties
  2. Our customers when they use our service
  3. Automatically collected information (cookies and other similar technologies)
1. Third Parties

If permitted by applicable laws, we may obtain information about you from third parties, such as our business or marketing partners, social media, event organizers, commercial lead providers, and other data providers and/or publicly available sources. Personal information we obtain from these sources may include your contact information, job title, information concerning your business, or other information pertaining to the nature of your request.

Field Effect treats personal information collected from third parties in accordance with this privacy policy together with any further restrictions imposed on us by a third party. You should note, however, that unless the third party is a service provider of Field Effect, the third party’s own use of your personal information will be managed by your agreement with the third party.

If you choose to provide Field Effect with the personal information of another individual (such as name, email, and phone number), you are representing through that action that you have the third party's consent to do so.

2. Our customers when they use our services

We may obtain personal information from our customers and users of our services and products, including by accessing data within environments hosted by various third parties, such as our customers’ cloud service providers. We obtain such personal information for the purposes of providing products and services to our customers, including for purposes of authenticating users, monitoring and investigating security incidents and events, obtaining information, reports and metrics relating to the operation of software and hardware solutions within our customers’ environment, making recommendations, and supporting our business operations.

The information we may collect in the course of offering products and services to our customers, and depending on which products and services you use, includes contact and job title information of users and others in the customer or partner organization as well as passwords and IP addresses; log data from various sources such as data centres, applications, cloud and on premise infrastructure and remote endpoints; event data obtained from inspection of network traffic and devices; any other information provided by customers while using the services, such as event logs, and network data including metadata, operating systems and versions, users and groups from directories, network vulnerability data and customer-authored training courses.

Our customers/users are responsible to ensure that they have a legal basis or express or implicit consent, as required, to provide us with access to such personal information, and to ensure the quality, integrity, reliability, and appropriateness of data submitted to us, and must comply with terms contained in the applicable customer agreement.

3. Automatically Collected Information

As many organizations do, Field Effect uses cookies to improve website performance and enhance your experience with personalized content and services. What is a cookie? A cookie is a small file of letters and numbers that we put on your computer, but only if you agree. Cookies allow us to distinguish you from other users of our website which helps to provide you with a good experience when you browse our website and also allows us to make website improvements.

When you visit our website, Field Effect collects information automatically using cookies and tracking pixels. We use cookies to:

  • analyze trends and monitor how visitors move around the website
  • identify and authenticate visitors across different pages within our website
  • retrieve your previously stored data, for example, information that you previously submitted to the website using a form
  • provide visitors with relevant and applicable advertising and content applicable to their likely interests.

Field Effect may also work with third parties that collect data about your use of our website for non-advertising purposes and with third parties that serve ads on behalf of us. For example, Field Effect uses Google Analytics to improve the performance of the website and for analytics and marketing purposes. You can find more information about how Google Analytics collects and uses data by visiting this page: https://policies.google.com/technologies/partner-sites

We also work with Microsoft Clarity to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products and services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of our products and services, and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

If you prefer not to accept cookies, most internet browsers will allow you to change the setting of cookies by adjusting settings on your browser; however, you should note that disabling cookies may negatively affect the functionality of this and other websites you visit. You can ask third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking the relevant boxes to adjust your marketing preferences.

Use of Your Personal Information

Field Effect may use and process your personal information to provide, improve and customize our products and services that we offer, to develop new products or services, to send communications to you and to comply with legal requirements. We will only process your personal information when we need to do so for a reason related to your business with us (referred to in privacy laws as “legitimate business purposes” or “legitimate interests”) and when we have a lawful basis for doing so, which includes:

  • your consent (whether express or implied), where consent is required as the lawful basis for the collection, use and disclosure of personal information. By providing your information and/or using our services with knowledge of how we will collect, use and disclose your information, you consent to the collection, use and disclosure of your information as described in this policy.
  • providing services under a contractual obligation to you or your company, including products and services delivery
  • creating and managing your accounts, access to our client portal and authenticating your identity when you log into your account on the portal or when you request information that is specific to you
  • sending order forms and/or invoices
  • providing you with great customer support and responding to your inquiries
  • as permitted by applicable laws, sending communications to you including commercial electronic messages and promotional communications (which you may opt out of)
  • when you visit our website, collecting information relating to your access and use of our website and to improve the operation of our website and the effectiveness of our marketing campaigns
  • sending notices to you on upgrades, updates and improvements and advising on our services
  • protecting and ensuring the security of our systems, business, assets and customers
  • developing our services, including by obtaining information on security threats and threat actors
  • complying with legal and regulatory requirements and legal processes, for example, responding to lawful requests from public and governmental authorities and court orders
  • Otherwise as required or permitted by applicable laws.

Sharing Your Personal Information

Field Effect may share your personal information as we have set out in this privacy policy with our subsidiaries, partners and with third party service providers/contractors in order to carry out our business activities such as:

  • sending marketing and other communications related to the services we provide you
  • billing and payment processing
  • customer relations management
  • IT and cloud infrastructure and data storage
  • Employment application related services
  • Security and compliance services
  • Services and product improvement initiatives.

Our subsidiaries and third party service providers are only provided with information they need to perform their designated functions and service providers are not authorized to use or disclose information for their own marketing or other purposes. Our subsidiaries and service providers may be located in the U.S., Canada or other foreign jurisdictions.

In accordance with applicable laws, we may also share your information in connection with, or during negotiations of, a corporate transaction such as a merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business.

We may disclose your information in response to a request for information by a legal authority or government agency in compliance with, or as required by, applicable laws, regulation or legal processes, or if required to protect and defend the rights, property and safety of our business and customers, in accordance with applicable laws.

We may share your information with third parties with your consent, whether express or implied as required by applicable law. In most cases, the consent will have been given to us in order to complete a business transaction or provide you with services you requested, or if we otherwise notify you and you consent to the sharing of your personal information. We may disclose your information for other legitimate purposes permitted or required by applicable law. We do not sell, lease or trade the personal information we collect from you.

Security of Your Personal Information

We take security very seriously and that includes the security of your personal information. We have put in place and maintain reasonable and appropriate technical, physical and administrative safeguards to protect your personal information from unauthorized disclosure or access, alteration and destruction. When we share your personal information with third parties, we make sure those third parties have controls to protect the privacy of your personal information, including the security and deletion of such information when it is no longer required. Field Effect requires third party service providers to take commercially reasonable steps to protect your personal information, to use it only for the required purpose and to comply with applicable laws and regulations.

While we maintain comprehensive security practices, no transmission of information over the Internet or method of electronic storage can be absolutely guaranteed. You also have a part to play in maintaining the security of your personal information by using best practices in the access and sharing of your information.

Retention and Disposal of Personal Information

Field Effect retains your personal information as needed to fulfil the purposes for which it was collected, and if permitted, it may be retained for a reasonable period thereafter to comply with legal obligations and stated contractual and operational requirements. When your information is no longer required, we will take steps to have the information deleted, destroyed, aggregated or made anonymous, as required under applicable laws.

Your Rights and Choices

Your Rights

Depending on your jurisdiction, the laws applicable to privacy and personal information may give you certain rights that you may exercise and choices you may make with respect to your personal information including rights of access and rectification. If you require clarification of this privacy policy or if you have a complaint, you have the right to raise that to us. If you think that your questions or complaints are not being satisfactorily resolved, depending on where you live, you may also have rights to contact the local data protection supervisory authority to make a complaint against us.

Please be advised that in the delivery of our services, Field Effect acts as data processor/service provider to process our customers’ data (including personal information held by our customers) on behalf of our customers under the terms of services agreement. Any such customer data is under the control of our customer and is not under Field Effect’s control. Accordingly, if you make an inquiry regarding your personal information in circumstances where we are acting as processor (such as a request for access, withdrawal of consent, data deletion, or all such other related inquiries), we will direct such request to our customer and will assist our customer in its response to your request as per our customer’s instructions and in accordance with the terms of our agreement with them.

If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) govern the collection, use and disclosure of your personal information that you provide and we collect from you. If you live in Quebec, Alberta or British Columbia, the provincial privacy legislation for your respective province will also apply to the collection, use and disclosure of your personal information that you provide and we collect from you. If you are a resident of the United Kingdom or the European Economic Area, the UK General Data Protection Regulation (UK GDPR) or the EU General Data Protection Regulation (EU GDPR) applies, and Field Effect is the data controller of your personal information, except in situations where our products and services have been deployed with your business or organization, in which case Field Effect would act as the data processor.

Subject to exceptions prescribed under the law, we may only collect your personal information with your consent (whether express or implied as required by applicable law) and only what is necessary for the purpose for which it is being collected. You have the right to expect that your personal information is accurate and complete. You may ask to view your personal information and ask us to make corrections and clarifications to it, and may withdraw your consent to collection, use and disclosure of your personal information subject to legal and contractual restrictions and reasonable notice. You may exercise these rights by contacting us at the contact information provided below. You can find out more about protecting your privacy in Canada by visiting: https://www.priv.gc.ca/en/about-the-opc/publications/guide_ind/.

Your Choices

You may refuse to provide your personal information or to limit the personal information you choose to provide by contacting us at the contact information provided below. Should you choose to limit your personal information provided to us, we may be unable to complete a transaction or provide services that you have requested if we do not have the necessary information to do so. Your choices do not apply to service notifications or other required communications that are considered part of products and services you have agreed to receive from us. You will continue to receive these communications unless you cancel or stop access in accordance with the contractual terms and conditions that apply to our| provision of those products and services to you.

Transfer, Processing and Storage of Personal Information

Field Effect is a Canadian company, located in Ontario, with global business operations and is committed to safeguarding and ensuring the lawful processing of your personal information regardless of your location. All of Field Effect’s operations and onward transfers are subject to this privacy policy.

As part of performing the services we are providing you and supporting the functioning of our products and services, your personal information may be collected, used, processed, transferred or stored by our subsidiaries globally or by Field Effect service providers in other jurisdictions which may be outside of the region in which you are located. By using our websites, products and services or by providing any personal information to us, where applicable law permits and unless specified otherwise in a separate notice, you acknowledge and consent to the transfer to, processing, and storage of your personal information in a location outside of your jurisdiction of residence which may have different data protection standards from those in your jurisdiction. In such cases, personal information may be subject to the local laws of the jurisdictions within which it is collected, used, disclosed and/or stored, and may be accessed by governmental and law enforcement authorities in those jurisdictions.

Field Effect is compliant with PIPEDA and relies on the recognition by the UK and the EU of the adequacy of PIPEDA as a lawful basis for the transfer of personal data, which governs how we collect, use and disclose personal information. The adequacy decision is an acknowledgement that PIPEDA provides an adequate level of personal information protection to our customers. For UK and EU customers, we may transfer your personal data outside of the UK and EU within the Field Effect group of companies and to our service providers located outside the UK and EU. When we do transfer your personal data outside of the UK or EU, we ensure a similar degree of protection is afforded to it by ensuring that we only transfer your data to countries deemed to provide an adequate level of protection for personal data and, when we use certain service providers, we ensure we have appropriate contractual obligations in place with the service providers.

Updates to this Privacy Policy

The current version of this privacy policy will apply each time you utilize our website, our products or services. Field Effect reserves the right to update this privacy policy from time to time. If we modify our privacy policy and make changes, we will revise the “Last Updated” date stated at the end of this document and make note of any material revisions. If we make material changes to our privacy policy, we may also notify you by other means, such as by posting a notice on the portal or by sending you an email notification. By continuing to use our products and services after such changes are in effect, you accept and agree to the changes.

If there is a difference in translated, non-English versions of this privacy policy that we may make available, the Canadian-English version takes precedence.

Contact Us

Should you have questions or comments related to this privacy policy or with respect to the collection and use of your personal information, please contact us by email at or by mail to the following address:

Chief Privacy Officer
Field Effect Software Inc.
207-825 Exhibition Way
Ottawa, ON Canada K1S 5J3

Email: privacy@fieldeffect.com

Last Updated: September 22, 2023

©2023 Field Effect Software Inc. and its subsidiaries. All rights reserved.