Privacy Policy

Latest Update: March 2022

At Pillar Science (referred to as “Pillar”, “we”, or “us”), we understand that you want transparency about how we process your personal data. This Privacy Policy contains information about your privacy and your rights. We encourage you to take the time to read it before you use Pillar.

This Privacy Policy applies to:

The use of Pillar’s research software by researchers to store and organize research data (“Research Software”);
Creation of an account with Pillar Science and creating a researcher profile within the Research Software (“Researcher Profile”);
Visits to our website at https://pillar.science/ and our application at https://app.pillar.science/ (“Website”);
Any applications made to join our team;
Your interactions with us on social media;
The communications you may have with us from time to time.

(together, the “Services”).

Under the European General Data Protection Regulation, and under the United Kingdom’s General Data Protection Regulation (“GDPR”), Pillar is a processor for the personal data regarding stored by research organizations (our “Clients”) in our Research Software and personal data collected to open a Researcher Profile, and a controller for personal data processed when you navigate our Website, apply for jobs, or that is processed when you communicate with us or use our social media channels.

Our Clients are the controllers for the personal data we process on their behalf through our Research Software and for information collected to open a researcher profile. We do not choose or control what personal data they input into it, and any requests concerning any personal data which could be in our Research Software or that is collected for Researcher Profiles should be directed to our Clients directly. If we cannot respond to your request, we will direct it to our Clients so they can respond to you.

If you have any concerns or inquiries regarding the processing of your personal data, do not hesitate to reach out to us! The person responsible for this privacy policy is Karim Bouayad-Gervais, President. You can e-mail us at privacy@pillar.science or call us at +1 514 984 8446.

1. What do we mean by personal data ?

This Privacy Policy applies to personal data. We consider that “personal data” means any information which allows us to identify you directly or indirectly, including “cookies” and other electronic data. Some data may not be personal on its own but may become personal data if associated with or if the sum of the data allows us to identify you.

This Privacy Policy is for transparency purposes and some of the data that we identify in this Privacy Policy as personal data may not be protected as personal data under applicable laws. For instance, business contact information is excluded under some privacy laws, but is considered personal data under the GDPR. For more information about how Pillar uses cookies, please consult our Cookie Policy.

When does this Privacy Policy not apply?

If you click through to links to third parties’ websites, applications from our Services, this Privacy Policy does not apply to the processing of personal data by such external services. It is always a good idea to read their privacy policies to understand what they do with your personal data!

Our Clients are responsible for all of their processing of personal data we process on their behalf through Pillar’s Research Software. We do not choose the personal data they store, and do not access it, except through automated scans to make the documents searchable and to respond to support requests. If you have questions about how they process your personal data, please consult their privacy policies directly.

What types of personal data do we collect and why?

We collect personal data to offer our Services, to process job applications, and to perform analytics to measure how our Services are doing. Below is a table containing the categories of personal data that we collect, along with the purpose for processing.

Depending on the jurisdiction we are in, we use different legal bases to process your personal data. In Canada, we rely on your consent. If you are in the European Union, we rely on different legal bases to justify our processing of your personal data, such as consent, the performance of a contract and our legitimate interests. These legal bases may not be valid under all jurisdictions and are indicative. Each time consent is the legal basis, you can withdraw your consent at any time.

Category

Description

Purposes and Legal Basis

Electronic Data

We collect:

IP address
device type
operating system and Internet browser type
screen resolution
operating system name and version

This information is collected automatically by our Website to function effectively, to fix bugs, or ensure the security of our Website.

We collect electronic data based on our legitimate interest to make our Services functional and secure.

We use cookies to collect electronic data. See our Cookie Policy for more information on our use of cookies.

Usage and Performance Data

We collect:

time spent on the Services
pages visited
links clicked
language preferences
pages that led or referred you to the Services

We collect this information to understand the usage of our Services, whether there are bugs, and generally, to improve our Services.

Usage data does not allow us to determine your identity, and is generally provided as aggregated data or by reference to an anonymous identifier.

We assign numbers to users of the Research Software to collect statistical data about how users use the platform.

We use cookies to collect personal data. See our Cookie Policy for more information on our use of cookies.

We collect usage and performance data based on your consent.

Research Software Database

Our Clients load research data in our Research Software. This data can include many kinds of personal data about research participants such as:

biometric data such as audio clips, pictures;
health data such as data about a diagnosis or treatment plan
any other relevant data, such as data about lifestyle.

Our Research Software allows our Clients to store research data. Our Clients and their researchers choose what information they input into the Research Software, and the datasets may include many different types of personal data.

We are a data processor for this category of personal data, and process it based on the legal basis determined by our Clients, such as consent from the research participants.

Communication Data

We collect:

forms for demos on our website (name, email, message)
publicly available information
email content

If you communicate with us by email, on social media, or by any other means, we collect the personal data that you share with us, such as your email address and the content of your communication. If you communicate with us using social media, we will have access to your publicly available information.

We collect communication data based on consent.

Researcher Profile Information

Public Profile:

full name
email
photo
job position
research area

Private Profile (only available to the Client)

gender
race
citizenship
visa type

We collect the public profile information to allow you create your public researcher profile. This profile is not visible to the general public, only to other researchers.

Some Clients request additional information about researchers, such as information about citizenship and visa status. This data is available in a private researcher profile that can only be viewed by our Clients.

Our Clients are responsible for obtaining appropriate consent or relying on another legal basis to process the personal data.

To sign into our Research Software, you need to provide :

an email and
a password

We require an email and password for you to login into the Services.

We collect this data based on consent.

Job applications

If you apply for one of our open job postings, we collect:

name
mailing address
contact information
resume
letter of intent
professional experience
Information collected during a criminal background check;
We may also conduct a credit check.

From time to time, we open job postings that may interest you. We collect this personal data to evaluate your candidacy and whether your experience is appropriate for the job posted.

We collect this data based on legitimate interest.

Communication

Data

We collect personal data when you fill out forms to communicate with us.

For example, we ask that enterprises that want a demo of our services for business fill out a demo form providing:

e-mail
phone number
Message content

If you communicate with us by email, on social media, or by any other means, such as by filling out a demo request form on our Website, we collect the personal data that you share with us, such as your email address and the content of your communication. If you communicate with us using social media, we will have access to your publicly available information.

We collect this data based on consent.

Social Media Data

Publicly available information

If you follow us or interact with us on social media, notably our Facebook, Twitter or LinkedIn, we may process your personal data for marketing or advertising purposes, subject to applicable laws, including those on consent.

We collect this data based on our legitimate interests as part of our direct marketing strategy.

We collect this data based on consent.

We invite you to read our Cookie Policy to learn more about how we use cookies on our different Services.

Who do you share my personal data with?

We do share your personal data with third parties for a number of reasons including to (1) to provide you with the Services (2) to analyze the performance of the Services, (3) to send emails and communicate with you, and (4) as required by the law. We can also share your personal data in the context of a merger and acquisition, as part of bankruptcy procedures or for other corporate requirements.

We are not data brokers, and we do not sell your personal data to third parties.

In the table below, we provide more information on the third parties we share your personal data with, and provide their privacy policies by hyperlinks.

Category	Explanations
IT Service Providers	We use IT service providers to offer you the Services, such as to host the Services. For example, we use: AWS and Digital Ocean for cloud web hosting solutions. Auth0 for login purposes
Marketing and Sales Service Providers	We use communication partners to send you emails, to manage our live chats, and to send other communications. For example, we use: Pipedrive to send marketing emails to potential leads. Mailchimp to send for email notifications to users.
Analytics Partners	We use analytics partners to (1) analyze our advertising campaigns’ performance; (2) manage our leads and users, or (3) provide you with marketing content, such as newsletters. For example, we use: Sentry to track and resolve bugs Amplitude to improve the Software CubeJS to generate reports
Law Enforcement and other authorities	We may receive requests by authorities to access your personal data. We will validate that the request is licit before responding. When possible, we will advise you. We will only share what is strictly required.

In the case of a merger or acquisition, sale of assets, corporate reorganization, bankruptcy filing, insolvency procedures or similar circumstances, your personal data would be considered our assets and property. In these circumstances, ownership of the personal data we collected may be transferred or we may have to share some of your personal data to conclude, negotiate or discuss with third parties.

Where do you store my personal data ?

We use AWS to host research data in the country chosen by our Clients. However, our service providers may process your personal data internationally, including in the United States, depending on where they are located. While such information is outside of your country, it is subject to the laws of the country in which it is located, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.

If you are in the European Union, we are required to ensure that appropriate safeguards are in place prior for transferring your personal data out of the European Union. We do so through standard contractual clauses or through other safeguards when they are available. We are located in Canada, which is a country that is deemed adequate for processing Personal Data protected by the GDPR and UK GDPR without the need for additional transfer safeguards.

How long do you retain my personal data?

We retain research data and Researcher Profile information for as long as our Clients keep this data in the Research Software. Any other data that we may collect for our own purposes, such as electronic data collected through cookies, or information your communications with us is retained for as long as necessary to provide you with the Services, to perform our marketing campaigns effectively or as required by applicable laws, whichever is longer. We use both persistent and session Cookies. Session cookies are deleted once you close your browser, whereas persistent cookies remain active on your device for some time. For instance, Google Analytics cookies remain installed on your device for 2 years. This allows Google Analytics to track you for analytic purposes, as well as for marketing purposes, and to provide us with aggregated data on your behaviour.

How do you keep my personal data secure?

We use technical and organizational measures to keep your personal data safe, including using servers that are ISO/IEC 27001:2013 certified to host our Services. We offer our Clients the option to use double authentication to access their accounts. However, securing your personal data takes teamwork. You also need to do your part, such as by keeping your credentials to access the Research Software confidential and using secure networks.

What are my rights regarding my personal data ?

The law provides you with some rights over your personal data. Your rights vary depending on the laws that apply to your situation, and the specific circumstances of the request. To exercise your rights, please contact our Clients who are the controllers.

In most locations, you have the right to correct, amend or delete your personal data where it is inaccurate or has been processed in violation of this Privacy Policy.

In the European Union and in the United Kingdom, you may also benefit from these additional rights:

The right to revoke your consent when our processing is based on consent;
The right to object to the processing of your personal data;
The right to restrict the processing of your personal data;
The right to data portability, which means that your personal data is provided to you or a third party in normal format to allow you to re-use them, including with another provider;
The right to have automated decisions being reviewed by a human in some cases, and some rights over profiling.

If you would like to learn more about these rights, please click here for a more detailed explanation. All of these rights are subject to limitations within the law, so if we cannot comply, we will respond to you and let you know why. Whenever your personal data are processed based on your explicit consent, you can withdraw this consent at any time.

If you want to exercise one of these rights and the situation allows for such exercise, you can contact us at privacy@pillar.science. You can also call us at +1-514-984-8446.

We will try to help you with your request free of charge. However, we may request that you pay a reasonable fee if you request a transcript, or a reproduction or for us to send a copy of your personal data, if the law allows us to do so. If we need to charge a fee to process your application, we will contact you before addressing your request.

For security reasons and to avoid any fraudulent request, we may ask for a proof of identity to process the request. We will not use your proof of identity for any other purposes.

We will respond to your request within thirty (30) days, unless agreed otherwise. If your request is denied, we will notify you in writing, and provide you with motives and information on how to contest our decision.

If you have any issue with how we process your personal data, or how we responded to your request, please let us know. We will do our best to improve our processes to make certain that it does not happen again. We will also provide you with additional information about our practices if you would like us to do so. However, most laws provide you with the right to make complaints or reports to local authorities.

If you are in the European Union, and you are not satisfied with how we processed your personal data or responded to your request. You can contact your local data protection authority. The list of data protection authorities can be found here.

If you are located in Canada, the Office of the Privacy Commissioner of Canada (“OPC”) drafted this FAQ to help you access your personal data when it is held by a business. You can also contact the OPC’s Information Center:

Telephone
9:00 am to 4:00 pm EST
Toll-free: 1-800-282-1376

Mailing address

Office of the Privacy Commissioner

30 Victoria Street

Gatineau, Québec

K1A 1H3

You can also use this online form.

You can lodge a complaint to the Office of the Privacy Commissioner of Canada using this online form, or to your local privacy regulators, or if you are in the European Union, with your local data protection authority.

Changes to this Privacy Policy

We may change this Privacy Policy from time to time, including as required to comply with applicable laws or to better describe our current processing of personal data. If you are a user of the Research Software, we will notify you of any material or adverse changes to this Privacy Policy. Please see the latest update date at the top of this Privacy Policy.

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
Matomo Analytics ID	1 year 27 days	Used to store a few details about the user such as the unique visitor ID
Matomo Analytics Session	30 minutes	Short lived cookies used to temporarily store data for the visit