Latest Update: March 2022
The use of Pillar’s research software by researchers to store and organize research data (“Research Software”);
Creation of an account with Pillar Science and creating a researcher profile within the Research Software (“Researcher Profile”);
Visits to our website at https://pillar.science/ and our application at https://app.pillar.science/ (“Website”);
Any applications made to join our team;
Your interactions with us on social media;
The communications you may have with us from time to time.
(together, the “Services”).
Under the European General Data Protection Regulation, and under the United Kingdom’s General Data Protection Regulation (“GDPR”), Pillar is a processor for the personal data regarding stored by research organizations (our “Clients”) in our Research Software and personal data collected to open a Researcher Profile, and a controller for personal data processed when you navigate our Website, apply for jobs, or that is processed when you communicate with us or use our social media channels.
Our Clients are the controllers for the personal data we process on their behalf through our Research Software and for information collected to open a researcher profile. We do not choose or control what personal data they input into it, and any requests concerning any personal data which could be in our Research Software or that is collected for Researcher Profiles should be directed to our Clients directly. If we cannot respond to your request, we will direct it to our Clients so they can respond to you.
1. What do we mean by personal data ?
Our Clients are responsible for all of their processing of personal data we process on their behalf through Pillar’s Research Software. We do not choose the personal data they store, and do not access it, except through automated scans to make the documents searchable and to respond to support requests. If you have questions about how they process your personal data, please consult their privacy policies directly.
What types of personal data do we collect and why?
We collect personal data to offer our Services, to process job applications, and to perform analytics to measure how our Services are doing. Below is a table containing the categories of personal data that we collect, along with the purpose for processing.
Depending on the jurisdiction we are in, we use different legal bases to process your personal data. In Canada, we rely on your consent. If you are in the European Union, we rely on different legal bases to justify our processing of your personal data, such as consent, the performance of a contract and our legitimate interests. These legal bases may not be valid under all jurisdictions and are indicative. Each time consent is the legal basis, you can withdraw your consent at any time.
Who do you share my personal data with?
We do share your personal data with third parties for a number of reasons including to (1) to provide you with the Services (2) to analyze the performance of the Services, (3) to send emails and communicate with you, and (4) as required by the law. We can also share your personal data in the context of a merger and acquisition, as part of bankruptcy procedures or for other corporate requirements.
We are not data brokers, and we do not sell your personal data to third parties.
In the table below, we provide more information on the third parties we share your personal data with, and provide their privacy policies by hyperlinks.
In the case of a merger or acquisition, sale of assets, corporate reorganization, bankruptcy filing, insolvency procedures or similar circumstances, your personal data would be considered our assets and property. In these circumstances, ownership of the personal data we collected may be transferred or we may have to share some of your personal data to conclude, negotiate or discuss with third parties.
Where do you store my personal data ?
We use AWS to host research data in the country chosen by our Clients. However, our service providers may process your personal data internationally, including in the United States, depending on where they are located. While such information is outside of your country, it is subject to the laws of the country in which it is located, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country.
If you are in the European Union, we are required to ensure that appropriate safeguards are in place prior for transferring your personal data out of the European Union. We do so through standard contractual clauses or through other safeguards when they are available. We are located in Canada, which is a country that is deemed adequate for processing Personal Data protected by the GDPR and UK GDPR without the need for additional transfer safeguards.
How long do you retain my personal data?
We retain research data and Researcher Profile information for as long as our Clients keep this data in the Research Software. Any other data that we may collect for our own purposes, such as electronic data collected through cookies, or information your communications with us is retained for as long as necessary to provide you with the Services, to perform our marketing campaigns effectively or as required by applicable laws, whichever is longer. We use both persistent and session Cookies. Session cookies are deleted once you close your browser, whereas persistent cookies remain active on your device for some time. For instance, Google Analytics cookies remain installed on your device for 2 years. This allows Google Analytics to track you for analytic purposes, as well as for marketing purposes, and to provide us with aggregated data on your behaviour.
How do you keep my personal data secure?
We use technical and organizational measures to keep your personal data safe, including using servers that are ISO/IEC 27001:2013 certified to host our Services. We offer our Clients the option to use double authentication to access their accounts. However, securing your personal data takes teamwork. You also need to do your part, such as by keeping your credentials to access the Research Software confidential and using secure networks.
What are my rights regarding my personal data ?
The law provides you with some rights over your personal data. Your rights vary depending on the laws that apply to your situation, and the specific circumstances of the request. To exercise your rights, please contact our Clients who are the controllers.
In the European Union and in the United Kingdom, you may also benefit from these additional rights:
The right to revoke your consent when our processing is based on consent;
The right to object to the processing of your personal data;
The right to restrict the processing of your personal data;
The right to data portability, which means that your personal data is provided to you or a third party in normal format to allow you to re-use them, including with another provider;
The right to have automated decisions being reviewed by a human in some cases, and some rights over profiling.
If you would like to learn more about these rights, please click here for a more detailed explanation. All of these rights are subject to limitations within the law, so if we cannot comply, we will respond to you and let you know why. Whenever your personal data are processed based on your explicit consent, you can withdraw this consent at any time.
If you want to exercise one of these rights and the situation allows for such exercise, you can contact us at firstname.lastname@example.org. You can also call us at +1-514-984-8446.
We will try to help you with your request free of charge. However, we may request that you pay a reasonable fee if you request a transcript, or a reproduction or for us to send a copy of your personal data, if the law allows us to do so. If we need to charge a fee to process your application, we will contact you before addressing your request.
For security reasons and to avoid any fraudulent request, we may ask for a proof of identity to process the request. We will not use your proof of identity for any other purposes.
We will respond to your request within thirty (30) days, unless agreed otherwise. If your request is denied, we will notify you in writing, and provide you with motives and information on how to contest our decision.
If you have any issue with how we process your personal data, or how we responded to your request, please let us know. We will do our best to improve our processes to make certain that it does not happen again. We will also provide you with additional information about our practices if you would like us to do so. However, most laws provide you with the right to make complaints or reports to local authorities.
If you are in the European Union, and you are not satisfied with how we processed your personal data or responded to your request. You can contact your local data protection authority. The list of data protection authorities can be found here.
If you are located in Canada, the Office of the Privacy Commissioner of Canada (“OPC”) drafted this FAQ to help you access your personal data when it is held by a business. You can also contact the OPC’s Information Center:
9:00 am to 4:00 pm EST
Office of the Privacy Commissioner
30 Victoria Street
You can also use this online form.
You can lodge a complaint to the Office of the Privacy Commissioner of Canada using this online form, or to your local privacy regulators, or if you are in the European Union, with your local data protection authority.