Privacy Policy

Meta
1

Last Updated: June 1, 2022
Effective Date: July 1, 2022

Xero Software (Canada) Ltd. (“TaxCycle”/“we”/“us”/“our”) is committed to protecting your privacy. We make the websites www.taxcycle.com, www.taxfolder.com and www.protaxcommunity.com and any subdomains of the foregoing (the “Website”) as well as professional tax preparation software and related cloud services for accountants and bookkeepers for users in North America (the “Services”). As you use our Services, we want you to be clear how we are using information and the ways in which we protect your privacy.

This Privacy Policy explains:

  • What information we collect and why we collect it.
  • How we use that information and when we disclose it.
  • How to access and update your personal information.

Your privacy matters to us so please take the time to familiarize yourself with our policies, and if you have any questions please contact us at privacy@taxcycle.com.

This Privacy Policy is provided in a layered format so you can click through to the specific areas set out below.

1. IMPORTANT INFORMATION AND WHO WE ARE

Purpose of this Privacy Policy

This Privacy Policy aims to give you information on how TaxCycle collects and processes your personal information through your use of the Website and the Services, including any information you may provide when you sign up for a demo of our Services, when you create an account and a profile with us, when you purchase or use our Services, when you search our Website, when you subscribe to our email alerts, when you contact our customer service, when you participate in surveys, public forums, chats, or when you respond to one of our requests for suggestions and other content.

Please note that the Website and the Services are intended for business use and not for use by minors. We do not knowingly collect personal information from children. If you are a minor in your jurisdiction, please do not: use or provide any information on this Website or on or through any of its features; use any of the interactive or public comment features of this Website; or provide any information about yourself to us, including your name, address, telephone number or email address. If we learn we have collected or received personal information from a minor, we will delete that information.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal information about you so that you are fully aware of how and why we are using your information. This Privacy Policy supplements the other notices and is not intended to override them.

Third-Party Links

This Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit.

2. THE INFORMATION WE COLLECT

Personal data or personal information has the specific meaning given by the applicable legislation. Generally, it means any information relating to an identifiable person who can be directly or indirectly identified. It does not include data which is not related to an identifiable person (anonymized data).

We may collect, use, store and transfer different kinds of personal information which we have grouped together as follows:

  • Identity Data includes first name, last name, username or similar identifier.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and/or Services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your device’s unique ID number, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating systems and platform and other technology on the devices you use to access this Website and Services.
  • Profile Data includes your username and password, purchases or orders made by you, your location, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our Website, app(s) and Services, such as the buttons, controls, products and ads you click on, pages of our application or Website that you visit, the time spent on those pages, your search queries, the dates and times of your visits, but also about the webpage you were visiting before you came to our Website or app(s), and the webpage or app(s) you go to next.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Client Data includes any personal information regarding your clients that may be included in any information that you submit through the Services.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from personal information but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data or Client Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this Privacy Policy.

We may in certain instances receive tax return files from you that contain additional kinds of personal information about your clients. These files are sent to us with your permission where you subscribe to use cloud-hosted, web-based products offered by TaxCycle. We access and use such files in providing services to you, including to assist in diagnosing software issues.

If you fail to provide personal information

Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our Services). In this case, we may have to cancel a Service you have with us, but we will notify you if this is the case at the time.

3. HOW PERSONAL INFORMATION IS COLLECTED

We use different methods to collect data from and about you, including through:

  • Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
    • sign up for a demo of our software or Services;
    • create an account and profile with us;
    • purchase one of our Services;
    • subscribe to our email alerts;
    • complete one of our online forms to receive our reports and case studies;
    • download our software;
    • access one of our help topics or videos;
    • contact our customer service;
    • agree to share your screen with our customer service agents;
    • provide web or in-product logs to our customer service agents;
    • participate in our online or in-person training;
    • post to our online community;
    • participate in our opinion surveys;
    • enter in any contests we may offer;
    • request marketing to be sent to you or
    • give us feedback.
  • Automated technologies or interactions. As you interact with our Site, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data and Usage Data about you if you visit other websites employing our cookies. Please see our Cookie Policy for further details.
  • Third parties or publicly available sources. We may receive personal information about you from various third parties and public sources as set out below:
    • Technical Data from the following types of sub-processors:
      1. analytics providers, such as Google Analytics;
      2. search information providers, such as Google.
    • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
  • Your Client Data is only collected by us when you submit information on your clients (if applicable) to us through the Services (including through any file storage service on your local device or through a cloud-based storage provider), when you send a client file to us for review by email or another feedback mechanism, or when you grant us permission to collect information directly from the Canada Revenue Agency. This information may include information such as Social Insurance Numbers, birth dates, tax returns, financial information, tax return information, fund names and other similar information. We use this information solely for the purpose of providing you with the Services. We do not collect your Client Data from any other source. You control what Client Data we collect and may change your preferences at any time.

4. HOW WE USE PERSONAL INFORMATION

We will only use personal information in accordance with the terms of this Privacy Policy and applicable law. Most commonly, we use personal data to perform the contract we are about to enter into or have entered into with you, to respond to your requests, to comply with legal or regulatory obligations or requests and to manage our business.

Marketing

We strive to provide you with choices regarding certain personal information uses, particularly around marketing and advertising. You may elect to opt out of receiving any further marketing or advertising emails from us through the mechanism provided in those emails.

You can ask us to stop sending you marketing messages at any time by contacting us. Where you opt out of receiving these marketing messages, this will not generally apply to communications required to provide the Services or the use of personal information provided to us as a result of a service purchase, service experience or other transactions.

Automatic Tracking

Automatic tracking takes place through the use of our services and access to the Website. This tracking includes tracking of machine IDs, license codes and tokens to verify users’ rights to access and use the services. Cookies are used by us to track content usage and traffic on the Website. A cookie is a feature of your web browser that consists of a text file that is placed on your hard disk by a web server. The Website and our services use cookies to compile aggregate statistics about usage of this Website, such as how many users visit the Website, how long users spend viewing the Website, and what pages are viewed most often and for users of our services, for verification, authentication and to manage sign-in to our Website. This information is also used to improve the content of the Website. You can set your browser to notify you when you are sent a cookie. This gives you the chance to decide whether to accept it. If you disable cookies, you will not be able to log in to access the services provided to registered users through our Website.

Your IP address is reported by your web browser whenever you visit a page on the Website. This information is recorded together with your registration information on our databases.

5. DISCLOSURES OF YOUR PERSONAL INFORMATION

We may have to share your personal information with the following parties set out below for the purposes described in section 4, above.

  • Third Party categories as set out below:
    • Service providers who provide IT and system administration services.
    • Consultants in the field of software, systems and security
    • Social networking sites to which you have linked your account.
    • Professional advisers including lawyers, bankers, auditors and insurers based in Canada who provide consultancy, banking, legal, insurance and accounting services.
    • Regulators and other government authorities who require reporting of processing activities in certain circumstances.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this Privacy Policy.

We require all third parties to respect the privacy and security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

6. DATA RESIDENCY

Our main repository for and storage of customer data (including personal information) is on servers located in the Canadian region provided by third-party cloud-hosted services such as Microsoft Azure and Amazon Web Services. However, data may be transferred between locations and jurisdictions as part of service provision and third-party service providers described in this privacy policy, which provide services to us under contract, are based in other countries or may host data worldwide and accordingly your personal information may be available to governments worldwide under a lawful order, irrespective of the safeguards we have put in place for the protection of your personal information.

7. DATA SECURITY

We use commercially reasonable efforts to store and maintain your Personal Information in a secure environment. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you. You are also responsible for helping to protect the security of your Personal Information. For instance, never give out your password, and remember to log out of your account and close your browser window when you have finished using the Website, so that other people using the same computer will not have access to your Personal Information.

8. DATA RETENTION

We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of performing a contract with you and for satisfying any legal, audit, accounting, or reporting requirements or obligations which apply to us.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

9. ACCESS AND ACCURACY

You have the right to access the Personal Information we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information although in certain limited circumstances, we may not be able to make all relevant information available to you such as where that information also pertains to another user. We will endeavour to deal with all requests for access and modifications in a timely manner.

We will make every reasonable effort to keep your Personal Information accurate and up to date. As appropriate, this amended Personal Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Personal Information about you enables us to give you the best possible service.

10. AMENDMENT OF THIS POLICY

We reserve the right to change this Privacy Policy at any time. If we decide to change this Privacy Policy in the future, we will post an appropriate notice on the Website’s home page. Any non-material change (such as clarifications) to this Privacy Policy will become effective on the date the change is posted and any material changes will become effective 30 days from their posting on the Website. Unless stated otherwise, our current Privacy Policy applies to all Personal Information that we have about you and your account. The date on which the latest update was made is indicated at the top of this document. We recommend that you print a copy of this Privacy Policy for your reference and revisit this policy from time to time to ensure you are aware of any changes. Your continued use of the Website and Services signifies your acceptance of any changes.

11. CONTACT US

You can help by keeping us informed of any changes, such as a change of address or telephone number. If you would like to access your information, if you have any questions, comments or suggestions, or if you find any errors in our information about you, please contact us by one of the methods set out below:

Contact Details

Our full details are

TaxCycle from Xero

Email address: privacy@taxcycle.com

Postal address: TaxCycle from Xero, 800 – 1333 8 ST SW, Calgary, AB, T2R 1M6

Telephone number: 1-888-841-3040

If you have a complaint concerning our compliance with applicable privacy laws, we will investigate your complaint and if it is justified, we will take appropriate measures. You may also have the right to make a complaint at any time to your local supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the regulator so please contact us at privacy@taxcycle.com in the first instance.