Revised February 272020

Welcome to the website of Mesh Diversity Inc. (“Mesh”, we”, us”, and our”). We have prepared this privacy policy (“Privacy Policy”) to explain how we collect, use, protect and disclose your information when you use the Mesh website, or any other sites on which this Privacy Policy appears (“Sites”), and our services including any software, mobile applications, products, or other services offered by Mesh from time to time (collectively, Services”). It also describes the choices available to you regarding the use of, your access to, and how to update and correct your Personal Data. You” refers to you as a user of the Sites or Services, and Customer” refers to the entity or person who has opened an account with Mesh, subscribed to the Services you are using, and designated you as a licensed user.

By using our Services, you are agreeing to the terms of this Privacy Policy and the Mesh Terms of Service. We recommend that you read this Privacy Policy in full to ensure that you are fully informed. 

1. Who We Are

Mesh empowers human resource professionals with the strategic support, tools, metrics and data needed to drive the success of their diversity and inclusion programs. Mesh’s Diversity Intelligence™ platform allows our Customers to identify, measure and manage the behavioural markers that nurture and drive inclusive potential, and also ensure that hiring campaigns deliver candidates with behavioural markers that are a fit for the organization. We are headquartered in New Brunswick, Canada. Our contact information is at the end of this Privacy Policy. (For more information, please see Us” on our website.)

2. Our Legal Basis for Collecting Personal Data

Our legal basis for collecting and using your Personal Data will be based on the necessity of performance of a contract we have with you and/​or our Customer. We will collect Personal Data from you only where we have your consent to do so and where we need the Personal Data to complete the Services we have been contracted to provide. In the event you subscribe to a newsletter, participate in our blog or sign-up for information on our product and services, the legal basis for collecting and using your Personal Data is based on your consent.

3. Information We Collect

Information You Provide to Us

Generally, you control the type and amount of information you provide us when you sign up for, or use the Site or Services. Non-personal data (“NPD”) is information that is in no way personally identifiable. Personal data is information that is collected that personally identifies you (“Personal Data”) and would include:

  • Your name, email address and the company you work for;
  • Information about other individuals when you add users of the Services to your account and the capacity in which they may use the Services; 
  • Messages you send to us by email, social media, mail or other means;
  • Any personal information that you input into your account; and
  • Any other personal information you may provide to us voluntarily through your use of our Sites and Services.

When we communicate with you on our Site and Services, we will use the email address you provide when you registered as a User. You may change your contact preferences at any time through your on-line account.

Social Media

Any public posts, such as blog articles, comments, questions and testimonials, that are placed on the Sites may be read, collected, and used by others who access them. Our website may also offer the ability for users to communicate with each other through online community discussion boards or other mechanisms (“Community Forums”). If you chose to submit any public posts or participate in Community Forums you should use care when exposing any Personal Data as such information is not protected by our Privacy Policy and may be exposed worldwide by the internet. We cannot prevent the use or misuse by others and we cannot be liable for any information included in these postings. To request removal of your Personal Data from our blog or community forums, please contact us. In some cases, we may not be able to remove your Personal Data. If any posting on our Sites contains information of third parties, you must make sure you have permission to include that information in your posting. While we are not legally liable for information that may be posted by our users, we will remove any postings about which we are notified, if such postings violate the privacy right of others.

Information We Collect Automatically

We automatically collect information (“Usage Data”) regarding the actions you take on the Sites and Services. In some countries, including countries in the European Economic Area (“EEA”), this information may be considered Personal Data under applicable data protection laws. Usage Data helps us understand trends in our users’ needs so that we can better consider new features or otherwise improve our Services. We may share Usage Data about our users with our third-party service providers for various purposes, including to help us better understand our customers’ needs and improve our Services.

When you use the Sites or Services, some examples of the Usage Data we collect could include:

  • The type of web browser you use;
  • Your operating system;
  • Your web request;
  • Your Internet Service Provider;
  • Your IP address;
  • Referring/​exit pages and URLs;
  • The pages you view and how you interact with links on the Services;
  • The time and duration of your visits to the Sites or use of the Services; and
  • Other such information relating to your devices, and your activity on our Sites and Services.

We store such Usage Data itself and/​or such information may be included in databases owned and maintained by Mesh’s service providers. We use such information and pool it with other information to track, for example, the total number of visitors to our Sites or users of our Services, and/​or the number of visitors to each page of our Sites. We use this information to help us understand how people use the Sites and Services, and to enhance the Sites and Services.

4. Tracking Technologies

We use cookies (a small text file placed on your computer to identify your computer and browser) and web beacons (a file placed on a website that monitors usage). Some of these cookies are essential to permit our website to operate and others enable us to track users to enhance the experience on our Sites. Examples of how cookies and web beacons are used include pre-populating your username for easier login or to allow user-specific messaging.

Most web browsers are initially set up to accept cookies. You can remove persistent cookies and change your privacy preferences by following directions provided in your Internet browser’s help” directory. However, certain features of the Sites or Services may not work if you delete or disable cookies. 

Service providers that we may use from time to time may also use their own cookies and web beacons in connection with the services they perform on our behalf, as further explained below. We and our service providers use similar technologies to analyze trends, administer the Sites, track users’ movements around the Sites, and to gather demographic information about our whole user base. Users can control the use of cookies at the individual browser level.

5. How We Use Your Information

We will use your Personal Data for the following purposes:

  • Business Relationship: We will use your Personal Data to manage our business relationship with you and our Customer.
  • Providing and Monitoring the Services: We will use your Personal Data to provide you with access to and support for your use of the Services and to monitor your use of the Services.
  • Requests: If you contact us by email or otherwise, we will use the Personal Data you provide to answer your question or resolve problems.
  • Other Products, Services and Events: Mesh may use your Personal Data to contact you in the future about products, services and events that may be of interest to you. You can opt-out of such contact from Mesh using the unsubscribe link in email communications or contact us directly.
  • Customer Data is data and information, including Personal Data, owned by our Customer and provided or created by the Customer’s licensed users when using the Services. Mesh only uses Customer Data according to instructions from our Customer.
  • Service Improvement: Mesh may use your Personal Data and other information collected through our Sites to help us improve the content and functionality of the Sites. Mesh may also use aggregated anonymous data about Customer’s use of the Services that is not identifiable with respect to Customer to better understand our users and to analyze, improve, support and operate the Services.
  • Surveys: From time to time, we may offer our users the opportunity to participate in special surveys. If you choose to participate, you may be required to provide certain Personal Data.

Mesh will never sell Personal or Customer Data. For data aggregation purposes we may use your NPD but any such data aggregation would not include any of your Personal Data.

6. Who We Share Your Personal Data With

As the circumstances warrant, we will disclose your Personal Data to the following categories of recipients:

  • To our Customer who has subscribed to the Services you are using and has authorized you as a licensed user of the Customer’s account;
  • To third party service providers who provide data processing services to us or otherwise process Personal Data for purposes that are described in this Privacy Policy or as notified to you when we collect your Personal Data;
  • To any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • In response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Mesh will cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Data and any other content and information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate in order to respond to or comply with legal requests (including court orders and subpoenas) (i) to protect the safety, property or rights of Mesh or of any third party; (ii) to prevent or stop any illegal, unethical, or legally actionable activity, or (iii) to comply with the law;
  • To an actual or potential buyer in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we require the buyer to use your Personal Data only for the purposes disclosed in this Privacy Policy; or any updates to the Privacy Policy as instituted by the buyer.
  • To any other person with your consent to the disclosure.

7. Security

We recognize our legal obligations to protect the Personal Data we have gathered about individuals. We have therefore implemented appropriate technical and organizational measures to secure against unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction of Personal Data. These arrangements include industry-standard security measures including physical security measures, network security measures, and organizational measures such as non-disclosure agreements and need-to-know access. Unfortunately, because of the inherent nature of the Internet, we cannot guarantee against the possible loss or misuse of your Personal Data. We strongly urge you to protect any passwords you have to our Site and Services and not to share them with anyone. You should log out of our Site when you finish using it particularly if you are using a computer in a public place.

8. Data Retention

We will retain your information for as long as your account is active or where we have an ongoing business need to do so (for example, to comply with applicable legal, tax, or accounting requirements). We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymize it; or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible. As noted above, we may retain your NPD for an indefinite period and use it for data aggregation and statistical analysis purposes.

9. Third Party Links

Our Sites and Services may contain links or integrate with other websites and online services or allow others to send you such links. Mesh is not responsible or liable for any damage or loss related to your use of any third-party website or online service. You should always read the terms and conditions and Privacy Policy of a third-party website or online service before using it, whether directly or in connection with your use of the Sites or Services. Third parties may collect, but we do not authorize them to collect, personally identifiable information about your online activities over time and across different websites when you use the Sites or Services.

10. Third Party Service Providers

We use third-party service providers to provide some services that are necessary or ancillary to our delivering the Sites and the Services, and some of these services may include processing Personal Data. These service providers are located in Canada and the USA. In order to provide security and confidentiality or your Personal Data, Mesh has undertaken contractual and other measures to ensure our service providers provide adequate protection for Personal Data and that all processing is done with an appropriate level of confidentiality and security.

11. Additional Notice to Residents of the European Economic Area

Your Rights:

If you access our Site and Services from the EEA you may have certain rights with respect to your Personal Data under the General Data Protection Regulation (“GDPR”) including: the right to be informed about the collection and use of the Personal Data you provide; the right to access your Personal Data; the right to correct or delete your Personal Data; the right to restrict or limit the processing of your Personal Data; the right to get your personal data and use it for your own purposes (the right of data portability); and rights in relation to automated decision-making and profiling. You also have the right to file a complaint with supervisory authorities if your Personal Data has not been processed in compliance with GDPR. For more information visit https://​ico​.org​.uk/​f​o​r​-​o​r​g​a​n​i​s​a​t​i​o​n​s​/​g​u​i​d​e​-​t​o​-​t​h​e​-​g​e​n​e​r​a​l​-​d​a​t​a​-​p​r​o​t​e​c​t​i​o​n​-​r​e​g​u​l​a​t​i​o​n​-gdpr). If you want to exercise any of the above rights, or if you have any questions on how and why we process your data, please reach out to us using the contact information below. We will respond within 10 business days of receipt of your request.

Data Transfers to Mesh Offices

The Personal Data that we collect from you may be transferred to Mesh’s offices in Canada for the purposes of support, finance, analytics, sales and account management. Service providers located in Canada are governed by the Personal Data Protection and Electronic Documents ACT (“PIPEDA”). Transfers of personal data to Canada are legally authorized by a finding of the EU Commission that Canada has an adequate level of data protection (pursuant to Article 45 of the GDPR). 

Transfers to Other Countries

We use third party service providers to provide services that are necessary to delivering our Services, and some of these services may include processing Personal Data. Our service providers are located in Canada and the US. The US has not been found to have an adequate level of data protection under article 45 of the GDPR. In some cases, our US service providers have certified their compliance under the Privacy Shield Framework that requires US suppliers to provide adequate protection for your Personal Data. Our company relies on derogations for specific situations in Article 49 of the GDPR. For EEA customers and users, Personal Data may be transferred outside the EEA to countries absent of an adequacy decision with your explicit consent. By using our Site or Services, you agree and consent to the transfer of your Personal Data to the US or other countries where we may have service providers or Mesh offices located. We will use your Personal Data to provide the Services you request from us and perform our contract obligations with you and our Customer in a manner that does not outweigh your freedoms and rights. Wherever we transfer, process or store your Personal Data, we will take reasonable steps to protect it. We will use the information we collect from you in accordance with our Privacy Policy. 

12. Privacy Policy Changes

We may change this privacy policy at any time, and from time to time, to reflect changes to our privacy practices or for legal, operational or regulatory reasons. All revisions to this policy will be posted on our website. The most recent version of the privacy policy is reflected by the version date located at the top of this Privacy Policy. We encourage you to review this privacy policy often to stay informed of changes that may affect you. By continuing to use our Services after revisions are posted, you are agreeing to the revised policy.

13. How to Contact Us

If you have any questions or concerns about our policy or use of your Personal Data, please contact us by email at support@​meshdiversity.​com or by using the contact details below:

Mesh Diversity Inc.
Attention: CEO
105 Barrington Crescent
Moncton NB E1G 4V4