Protecting Data Subject privacy and maintaining the integrity of Personal Data means that: The Controller will keep Personal Data and the business between the Data Subject and the Controller in confidence; The Controller will not sell, rent or loan a Data Subject’s information to third parties; The Controller will respect a Data Subject’s privacy when the Controller may contact a Data Subject concerning various products and services which the Controller make available to a Data Subject from time to time; The Controller may have control over who obtains, uses and the circumstances to give out information about a Data Subject; A Data Subject will have access to the information that the Controller has about the Data Subject.
This Policy Privacy applies to the Controller’s products, services and websites, except where otherwise noted and does not concern any websites that a Data Subject may visit by external links.
Controllers and Processors of Personal Data
The Controller who determines the purposes and means of Personal Data collecting and processing is Trapeze Group with registered office in Ontario, Canada.
The processing operations of Personal Data, whether or not by automated means, are performed on behalf of the Controller by Trapeze Group.
Why the Controller may collect Personal Data
- Establish identity
- Perform necessary identity and security verifications
- Process transactions and conduct business
- Deliver products and services
- Provide customer support and services
- Provide ongoing service delivery
- Provide Data Subject with information
- Improve products, services and service delivery
- Better understand Data Subject’s needs, interests and suitability for various products and services
- Recommend specific products and services that may meet Data Subject’s needs
- Respond to issues, questions, and queries
- Protect Data Subject and himself against errors or fraud; and
- Co-operate with law enforcement and legal authorities, where required, to comply with applicable laws and with court orders.
Controller will collect, use and may disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances; and endeavours to collect as little information as possible as may be necessary under the circumstances.
Data Subject takes note that aggregated statistics and information, where the identity of a specific individual cannot be identified, is not Personal Data. Controller reserves the right to use aggregated information in any manner it determines, in its discretion, to be appropriate. Use of such aggregated information may include, but not be limited to, the preparation of aggregated user statistics and information summaries to improve efficiencies, more effectively describe Controller’s product and service offerings, and assist in the marketing of Controller’s products and services.
Aggregated statistics and information will not contain Personal Data.
The type of Personal Data the Controller may collect
Controller collects various types of Personal Data. During the course of using Controller’s Web Site or doing business or interacting with Controller, or receiving products and services from or through Controller, Data Subject may depending on the nature of the circumstances be asked to provide Controller with:
- Geographic (physical) addresses
- Demographic information
- E-mail addresses
- Phone numbers or other contact information
- Names (first, and last or whatever the family identifying name is)
- Shipping information
- Billing information
- Transaction history
- Web site usage preferences
- Feedback regarding business, services, web site and public relations
- Source IP addresses
- Times and dates of access to Web site servers
- Personal preferences
- Product and service preferences
- Browsers types and configurations and Miscellaneous administrative and computer traffic information
Certain forms of information, such as government issued or private sector issued licenses, permits, certificates, cards, in the nature of driver’s licenses, social insurance/security number, passports, insurance cards, voucher numbers, and the like, although convenient for identification, is voluntary.
It is a Data Subject’s decision whether he/she wants to provide this, or other suitable identification, subject to any legal requirements.
How does the Controller collect Personal Data?
- Using the Controller’s Web Site
- Using the Controller’s services
- In the course of communications with the Controller (face-to-face, by e-mail, by phone, mail or otherwise) in the course of feedback to the Controller regarding the Controller’s business, services, website and publications
- When registering with the Controller for services or, where relevant, accounts, or, where relevant, for the download of the Controller’s software
- Customer, membership, recipient, or service lists that have been lawfully acquired from third parties
- Through the completion of manual or electronic forms
- Web beacons – Web beacons are small, graphic images that allows a website operator to collect certain information and monitor user activity on its website. A web beacon is a very small pixel which is invisible to the user. The Controller uses web beacons to collect information that is not of a personal nature
- Clickstreaming – Clickstreaming is a technology that allows a website operator to track the paths that surfers take as they access a website and look at the site’s pages, and as they use links to other sites. The Controller collects such information from visitors to the Controller’s Web Site; and
- Website traffic information, which is monitored and analyzed in order to determine which products, services or features may be of interest to visitors, so the Controller may improve website, products, services, features or other offerings of the Controller.
In addition, the Controller may review and analyze a Data Subject’s use of products and services, to help him serve the Data Subject better, and to bring other products and services to the Data Subject’s attention, which the Controller feel, will be of benefit to the Data Subject. The Controller also collect and analyze information from other sources for the same purposes.
How the Controller may disclose Personal Information
The Controller does not sell any Personal Data it collects to third parties. The Controller may share Personal Data with its affiliates, subsidiaries, employees, contractors and agents in the course of providing a Data Subject with Controller’s business services, support, or the fulfilment or delivery of products or services of the Controller.
The Controller may disclose Personal Data if is required to do so a court of competent jurisdiction, other legal or regulatory authority, or, if there is a good faith belief, and reliance on said belief that disclosure is necessary to: comply with any legal process served on the Controller; maintain, uphold or protect the Controller’ rights or property; protect and ensure the personal safety of the public or other Controller’s clients; or protect against criminal or quasi-criminal activities, or to detect, prevent, investigate allegations of, or address, misrepresentation or fraud.
The Controller reserves the right that in the event of a bankruptcy filing, mergers with third parties, acquisition by third parties, sale of assets (all or partial), or any other transfer of all or substantially all of the Controller’s relevant assets to a third party, that the Controller shall be entitled share (or sell as an ancillary aspect of the overarching business transaction) the Personal Data provided by the Data Subject to the third party.
Retention and Disposal
The Controller keeps information only for so long as it is needed for the efficient and effective delivery or fulfilment of the software, products, or services using or contemplating using by the Data Subject and for a reasonable time thereafter, or to meet any legal requirements. The Controller will either destroy or remove information when it is no longer needed.
Security and Storage
The Controller endeavours to maintain appropriate physical, procedural and technical security with respect to its and Processor’s offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of Personal Data. This also applies to the Controller’s disposal or destruction of Personal Data.
The Controller keeps the Personal Data collected from about Data Subject strictly confidential. Only authorized personnel have access to this Personal Data. Personnel of the Controller and Processor who have access to Personal Data receive training regarding privacy protection.
The Controller’s security specialists build security by design by default into our computer systems. The aim is to protect information at all times, when it is stored in data files or handled by the Controller’s employees. The Controller’s systems are also designed to protect information when it is transmitted, for example, between our data processing facilities and corporate offices. Personal Information may be stored or processed in any jurisdiction in which we or our affiliates, suppliers, subsidiaries or agents maintain facilities. By supplying the Controller with Personal Data, you consent to any transfer of this information to other jurisdictions (including countries which have not been assessed for adequacy of privacy laws).
The Controller does, and shall continue to use, industry-standard technology to maintain the security of Personal Data, and for Controller’s connections to the internet; however, the Controller cannot and does not guarantee the privacy, security, authenticity or non-corruption of any information transmitted through the internet or any for information stored in any third-party system connected to the internet.
The Controller shall not be responsible for any claims, damages, costs or losses whatsoever arising out of or in any way related to third-party connections to or use of the Internet.
The Controller shall not be responsible for events beyond our direct control, and therefore will not be liable for any direct, indirect, incidental, consequential or punitive damages relating to the uses or releases of Personal Data.
Data Subjects’ Rights
Data Subjects are entitled at any time to obtain confirmation of the existence of Personal Data and to be informed of their contents and origin, to verify their accuracy, or else request that such data be supplemented, updated or rectified.
Data Subjects have the right to request erasure, anonymization or blocking of any data that is processed in breach of the law as well as to object in all cases, on legitimate grounds, to processing of the data.
The Controller is committed to protecting the safety of children. The Controller will not knowingly request or use Personal Data from children under the age of eighteen without parental consent. If the Controller receives actual knowledge, does not knowingly or intentionally collect any Personal Data from children under the age of eighteen, the Controller will take steps to have such Personal Data eliminated. The Controller’s Web Site is not to be used by anyone under the age of eighteen. Persons under the age of eighteen are not authorized to use the Controller Web Site and are directed to immediately discontinue use of the Controller’s Web Site.
In most cases a Data Subject will be asked to specifically express their consent of collecting and processing of Personal Data by the Controller in accordance with this Policy Privacy. Data Subjects will not be obliged to provide such consent.
If a Data Subject does not consent, the Data Subject must to immediately discontinue use of the Controller’s Web Site and to refrain from further use.
Governing Law and Venue
Where the processing of Personal Data is performed in the context of the activities of the Controller and/or Processor established in European Union. This processing may be subject to EU Regulation 2016/679 and other applicable privacy laws on the protection of natural person with regard the processing of personal data and the free movement of such data, and to the relevant EU member country national law before the competent local court.
The Controller’s website is hosted and administered in Ontario, Canada.
The Controller will disclose Personal Data without the Data Subjects permission when required by law, or in good faith belief that such action is necessary to investigate or protect against harmful activities to the Controller’s company, associates, or property (including this website), or to others.
Constellation Software Inc. – Tax Strategy
This document sets out the tax strategy for the UK subsidiaries of Constellation Software Inc. (“CSI” or the “Company”) (the UK subsidiaries are hereafter referred to as the “UK Group”) and in making this available, fulfils the responsibilities of Schedule 19 FA2016.
The tax strategy is guided by the Company’s priority to create and maintain shareholder value, whilst balancing its commitment to compliance with laws and regulations. The Company does not seek to take an aggressive approach to tax.
CSI acquires, manages and builds vertical market software businesses that provide mission-critical software solutions.
The Company has multiple operating groups, focussing on different sectors/markets and operates in a highly decentralised manner. In most cases, the different operating groups act autonomously with individual finance teams holding operational responsibility for tax management. As well as this operational management, wider tax governance and oversight of the tax strategy is provided by the CSI head office tax team (“CSI Tax Team”). To successfully combine these areas, the Company strongly encourages a culture of consultation.
The tax strategy of the Company is regularly reviewed and updated. Commitment is given to keeping abreast of new developments and changes in the law across the wide range of taxes to which the group is exposed; namely corporate income taxes, employment taxes, indirect taxes such as duties and VAT, and withholding taxes.
How the UK group manages its tax risk
The UK Group’s approach to UK tax risk management is based on the principles of reasonable care and a conservative risk.
The UK Group actively monitors the controls and processes in place. A tax audit register is populated and regularly reviewed by the CSI Tax Team. Quarterly updates on ongoing tax audits are presented to the CSI audit committee, alongside a review of current global tax issues and risks facing the Company. As the UK Group continues to grow, tax governance maintains a high priority on the CSI Audit Committee’s agenda.
The Company employs specific personnel with a responsibility for ensuring tax compliance across the group. The CSI Tax Team are responsible for keeping abreast of legislative changes and their potential impact on the group. As part of the culture of consultation, bi-weekly tax team calls are held to monitor any tax risks arising, and internal memos are prepared and used as a basis for educating the wider tax and finance teams across the global group.
This consultative approach ensures that the UK group operates with a consistent tax strategy, despite its decentralised operating structure. Significant decisions with a material tax consequence are approved by the CSI Tax Team, ensuring appropriate oversight is maintained.
The UK group’s attitude to tax planning
The UK Group adheres to relevant tax laws, whilst seeking to operate in the most efficient manner by making use of exemptions and incentives put in place by relevant tax authorities and OECD principles. Where applicable, clearances are sought prior to engaging in any planning activities to ensure the group is compliant. Regular communication is upheld with the UK Group’s tax advisors’ both on a local level and a global group level. This ensures the finance teams are kept up to date on developments and changes. Most significant tax sensitive matters are discussed with tax advisors and advice sought where required.
Senior employees’ joint ownership in the company via share purchase plans means that all senior employees are aligned in terms of the priority to maintain shareholder value via avoidance of fines and penalties.
The UK Group and its tax risks
Oversight is provided by the CSI Tax Team, ensuring the tax strategy is implemented consistently across the Company. Consultation and approval by the board of the UK Group (“UK Board”) for all acquisitions and significant tax planning offers a robust monitoring of its implementation.
The UK Group does not adopt any tax planning arrangements which result in tax avoidance. The UK Group always looks to submit all UK tax returns on a timely basis, pay the appropriate tax when it is due and ensure appropriate documentation underlying the tax transactions is in place.
The UK Group’s relationship with HMRC
The UK Group respects the position of the tax authorities in the collection of tax revenue and will seek to engage and collaborate with the HMRC to ensure it pays the correct amount of tax.
The UK Group operates a policy of full disclosure in its dealings with HMRC. As part of this, the UK Group operates in an open, honest and transparent manner. Whilst the UK Group does not have a dedicated customer relationship manager at HMRC with whom they can engage, as far as possible proactive dialogue is sought. In particular, where possible advanced clearances are obtained in order to avoid unnecessary dispute, minimise tax risk and drive commercial efficiency.
As the UK Group grows, consideration is given to new tax risks arising and appropriate controls to mitigate these risks, which are discussed frequently with the UK Board as well as the relevant operating group managers.