Privacy Policy

PRIVACY POLICY

Latest update: September 2023

At Pillar Science (“Pillar,” “we,” “us,” or “our”), we want you to understand what information we collect, and how we use and share it. That is why we encourage you to read our Privacy Policy before using our Services.

What is the Privacy Policy and what does it cover?

This Privacy Policy applies to our website at https://pillar.science/ and our application at https://app.pillar.science/ (“Website”), your use of Pillar’s software designed to store and organize research data and promote university-industry partnerships (“Software”), including when you create a user profile (“User Profile”), any applications you made to join our team, and any interactions with us by any means (together, “Services”).

Under applicable laws, we act as a data processor for the information stored by research organizations and academic institutions (our “Clients”) in our Software or made available in a User Profile. As such, we do not choose or control what information they input into it, and any requests concerning any information which could be in our Software or via User Profiles should be directed to our Clients directly. We act as a data controller for information processed in any other context.

If you click through to links to third parties’ websites, applications from our Services, this Privacy Policy does not apply to such external services. It is always a good idea to read their privacy policies to understand what they do with your information.

What information do we collect and why?

We collect your information in a number of ways and for a number of different purposes, depending on their different categories. Please see the table below for more details.

Depending on the jurisdiction you are in, we may use different legal bases to process your information. In Canada, we rely on your consent. If you are in the European Union, we rely on different legal bases to justify our processing of your information, such as consent, the performance of a contract and our legitimate interests. These legal bases may not be valid under all jurisdictions and are indicative. Each time consent is the legal basis, you can withdraw your consent at any time.

Category	Description	Means & Purposes of Collection
Technical Data	We collect information from and about the different devices you use and how you use them: IP address; device type; operating system and Internet browser type; screen resolution; operating system name and version; time session; pages visited; links clicked; language preferences; User actions (terms searched, options selected, files downloaded if any, notes inputted if any, etc.) pages that led or referred you to the Services.	We collect this information automatically to provide our Services, understand the usage of our Services (such as whether there are bugs), and improve our Services. This information does not allow us to determine your identity, and is generally provided as aggregated data or by reference to an anonymous identifier (except for bug reports filed by users). We assign numbers to users of the Software to collect statistical data about how users use the platform. See our Cookie Policy for more information on our use of cookies. We collect technical data based on our legitimate interest to make our Services functional and secure.
Software Database	Our Clients load research data in our Software. This data can include many kinds of information about research participants such as: audio clips, pictures; health data such as data about a diagnosis or treatment plan; any other relevant data, such as data about lifestyle.	Our Software allows our Clients to store research data. Our Clients and their researchers choose what information they input into the Software, and the datasets may include many different types of information. We are a data processor for this category of information, and process it based on the legal basis determined by our Clients, such as consent from the research participants.
User Profile Information	Public Profile, including: full name; email; photo; job position; work experience; publications; social media channels; research area. Private Profile (only available to the Client), including: gender; race; citizenship; visa type.	We collect the public profile information to allow you to create your public user profile. This profile is not visible to the general public, only to other users. Some Clients request additional information about users, such as information about citizenship and visa status. This data is available in a private user profile that can only be viewed by our Clients. Our Clients are responsible for obtaining appropriate consent or relying on another legal basis to process information.
Login Credentials	Subject to our Clients’ login processes (which may require 2FA or SSO), in order to sign into our Software, you need to provide: an email; and a password.	We require an email and password for you to login into the Services. We collect login credentials based on consent.
Job Applications	If you apply for one of our open job postings, we may collect: name; mailing address; contact information; resume; letter of intent; professional experience; background or credit check information (as permissible by law).	From time to time, we open job postings that may interest you. We collect this information to evaluate your candidacy and whether your experience is appropriate for the job posted. We collect job application data based on legitimate interest.
Communication Data	We collect information when you fill out forms to communicate with us. For example, we ask that enterprises that want a demo of our services for business fill out a demo form providing: e-mail; phone number; message content.	If you communicate with us by email, on social media, or by any other means, we collect the information that you share with us, such as your email address and the content of your communication. If you communicate with us using social media, we will have access to your publicly available information. We collect communication data based on consent.

Category

Description

Means & Purposes of Collection

Technical Data

We collect information from and about the different devices you use and how you use them:

IP address;
device type;
operating system and Internet browser type;
screen resolution;
operating system name and version;
time session;
pages visited;
links clicked;
language preferences;
User actions (terms searched, options selected, files downloaded if any, notes inputted if any, etc.)
pages that led or referred you to the Services.

We collect this information automatically to provide our Services, understand the usage of our Services (such as whether there are bugs), and improve our Services.

This information does not allow us to determine your identity, and is generally provided as aggregated data or by reference to an anonymous identifier (except for bug reports filed by users).

We assign numbers to users of the Software to collect statistical data about how users use the platform.

See our Cookie Policy for more information on our use of cookies.

We collect technical data based on our legitimate interest to make our Services functional and secure.

Software Database

Our Clients load research data in our Software. This data can include many kinds of information about research participants such as:

audio clips, pictures;
health data such as data about a diagnosis or treatment plan;
any other relevant data, such as data about lifestyle.

Our Software allows our Clients to store research data. Our Clients and their researchers choose what information they input into the Software, and the datasets may include many different types of information.

We are a data processor for this category of information, and process it based on the legal basis determined by our Clients, such as consent from the research participants.

User Profile Information

Public Profile, including:

full name;
email;
photo;
job position;
work experience;
publications;
social media channels;
research area.

Private Profile (only available to the Client), including:

gender;
race;
citizenship;
visa type.

We collect the public profile information to allow you to create your public user profile. This profile is not visible to the general public, only to other users.

Some Clients request additional information about users, such as information about citizenship and visa status. This data is available in a private user profile that can only be viewed by our Clients.

Our Clients are responsible for obtaining appropriate consent or relying on another legal basis to process information.

Subject to our Clients’ login processes (which may require 2FA or SSO), in order to sign into our Software, you need to provide:

an email; and
a password.

We require an email and password for you to login into the Services.

We collect login credentials based on consent.

Job Applications

If you apply for one of our open job postings, we may collect:

name;
mailing address;
contact information;
resume;
letter of intent;
professional experience;
background or credit check information (as permissible by law).

From time to time, we open job postings that may interest you. We collect this information to evaluate your candidacy and whether your experience is appropriate for the job posted.

We collect job application data based on legitimate interest.

Communication Data

We collect information when you fill out forms to communicate with us.

For example, we ask that enterprises that want a demo of our services for business fill out a demo form providing:

e-mail;
phone number;
message content.

If you communicate with us by email, on social media, or by any other means, we collect the information that you share with us, such as your email address and the content of your communication. If you communicate with us using social media, we will have access to your publicly available information.

We collect communication data based on consent.

We also use your information to provide and personalize our Services, including with the help of automated systems and inferences that we make directly or using third–party services (such as Algolia’s products), so that our Services can be more relevant and useful to you and others.

Please note that we may also collect and use your information for any other purpose permitted or required by law.

We take steps to ensure that only those employees who need access to your information to perform their duties have access to it.

How do we share your information?

We share your information with third parties where necessary to fulfill the purposes identified above, including as set forth in the table below:

Category	Explanations
IT Service Providers	We use IT service providers to offer you the Services, such as to host the Services. For example, we use: AWS and Digital Ocean for cloud web hosting solutions. Auth0 for login purposes.
Marketing and Sales Service Providers	We use communication partners to send you emails, to manage our live chats, and to send other communications. For example, we use: Pipedrive and Lemlist to send marketing emails to potential leads. Zendesk for the ticketing system.
Analytics Partners	We use analytics partners to (1) analyze our advertising campaigns’ performance, (2) manage our leads and users, or (3) provide you with marketing content, such as newsletters. For example, we use: Sentry to track and resolve bugs. Amplitude to improve the Software. Cube Dev to generate reports.
Law Enforcement and other authorities	We may receive requests by authorities to access your information. We will validate that the request is licit before responding. When possible, we will advise you. We will only share what is strictly required.
Commercial Transactions	We may share your information with an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

How do we transfer your information?

We use third–party service providers to host research data in the country/territory chosen by our Clients. However, our service providers may process your information internationally, including in the United States, depending on where they are located. While such information is outside of your country/territory of residence, it is subject to the laws of the country/territory in which it is located, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country/territory, pursuant to the laws of such country/territory.

However, our practices regarding your information will at all times continue to be governed by this Privacy Policy, and, if applicable, we comply with, where applicable, the applicable legal requirements to provide adequate protection for the transfer of information to third countries. For example, if you are in the European Union, we are required to ensure that appropriate safeguards are in place prior to transferring your information out of the European Union, and we do so through standard contractual clauses or through other safeguards when they are available.

If you would like more information about how we transfer your information, please contact us as set forth in the section below “How to contact us?”

How do we secure and keep your information?

We use technical and organizational measures to keep your information safe, including using servers that are ISO/IEC 27001:2013 certified to host our Services. We offer our Clients the option to use double authentication to access their accounts. However, securing your information takes teamwork. You also need to do your part, such as by keeping your credentials to access the Software confidential and using secure networks.

We retain research data and User Profile information for as long as our Clients keep this data in the Software. Any other data that we may collect for our own purposes, such as electronic data collected through cookies, or information your communications with us is retained for as long as necessary to provide you with the Services, to perform our marketing campaigns effectively or as required by applicable laws, whichever is longer.

What are your rights regarding your information?

Under certain circumstances and subject to applicable data protection laws, supported by a written request and proof of identification, you may consult the personal information that we have collected, used or shared, and/or ask that it be corrected, and/or withdraw your consent to our disclosure or use of personal information collected.

As required or permitted by law, you may be entitled to additional rights, including: (i) the right to control the dissemination of your personal information; (ii) the right to receive computerized personal information collected from you in a structured, commonly used and technological format and to have this information transferred directly to another organization; (iii) the right to be informed of and submit observations regarding automated decision-making; and (iv) the right to request information about data processing. In the European Union and in the United Kingdom, you may also benefit from these additional rights: (i) the right to revoke your consent when our processing is based on consent; (ii) the right to object to the processing of your personal information; (iii) the right to restrict the processing of your personal information; (iv) the right to data portability, which means that your personal information is provided to you or a third party in normal format to allow you to re-use them, including with another provider; and (iv) the right to have automated decisions being reviewed by a human in some cases, and some rights over profiling.

Finally, you also have a right to lodge a complaint with a competent data protection authority, in particular in the country/territory where you normally reside, where we are based or where an alleged infringement of data protection law has taken place, such as the Office of the Privacy Commissioner of Canada or the Commission d’accès à l’information du Québec.

To exercise any of these rights, please contact us as set forth in the section below “How to contact us?”

How to contact us?

If you have any questions, requests or complaints regarding your information or this Privacy Policy, please contact our Privacy Officer at privacy@pillar.science or call us at +1 514 984 8446.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
Matomo Analytics ID	1 year 27 days	Used to store a few details about the user such as the unique visitor ID
Matomo Analytics Session	30 minutes	Short lived cookies used to temporarily store data for the visit