Privacy Policy

Estimated read time 9 min read

We at HeadCanna (hereinafter “we”, “us” and “our” for the purposes of this Privacy Policy) know you care about your privacy, and so do we. We have developed this Privacy Policy to describe the types of Personal Information we may collect, how we may use and share that information, our lawful basis for processing it, what rights you have in relation to your Personal Information and how we protect it.

Our Services

In addition to, and included in, the HeadCanna, HeadCanna provides security and identity product offerings (which includes the Badge and Communicator applications), branded together as HeadCanna (“HeadCanna”) as part of a service that is hosted by HeadCanna or a third-party service provider on behalf of HeadCanna (a “Cloud Implementation”).

We may collect or receive Personal Information about you in various ways, depending on which of our applications and websites you use and how you interact with us, please see below for more information.

How We Collect Information

Information you provide to us

You may choose to submit Personal Information and other information to us by purchasing or interacting with the HeadCanna. Examples of this include, when you create and manage a user account via our website, join or connect with a network, request technical support services, request information or support from us, communicate with us by email, telephone, or online chat, upload information through the HeadCanna, subscribe to newsletters or other subscription services, register for training, educational programs, webinars or conferences, purchase products and services, submit job applications, request marketing to be sent to you, visit one of our sites, or participate in surveys.

Information that we collect

When you access or use HeadCanna, we may also collect certain information about your device and your use of the HeadCanna. Such information may include:

  • information, including version information, about the web browser or application you are using;
  • if you are using a mobile device, the model of the device and its operating system;
  • crash data;
  • a unique identifier we assign to you;
  • your IP address;
  • information about your usage of the HeadCanna, including what functions or pages you use, the frequency of your use, links that you click on, and how often you log in;
  • cookies (please see our Cookies Policy here).


You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookies Policy.

Information We Collect From Other Sources

We may also collect these categories of information from sources other than directly from you. In particular, we collect this information from publicly available sources (such as your employer’s website or professional social networks such as LinkedIn), and may obtain Personal Information from third party data. Other users of the HeadCanna may provide information about you when they submit content through the HeadCanna. For example, you may be mentioned in a technical support case opened by someone else. Similarly, an administrator may provide your Personal Information such as when they designate you as the billing or technical contact on your company’s account. We may also receive information from analytics providers.

Please note that we may also have access to information about you that our customers may upload to our cloud services.

Location Information

To provide certain of the HeadCanna, we may request your permission to access location information from your device. Some functions of the HeadCanna may not work if you choose not to allow access to this location information. If you initially consent to sharing your location information through one of our applications or websites, you can subsequently stop the collection of this information by changing the settings of your device or by uninstalling the applications. Where you have not enabled location services for the applications or websites, we may derive general usage information (such as time zone) from your use of the applications or websites, including from your Bluetooth signal (where this is switched on when using Identity.

We will only process your Personal Information if we have a lawful basis for doing so. Lawful bases for processing include, depending on the applicable law, consent, contractual necessity, and our “legitimate interests” or the legitimate interest of others, as further described below.

Legitimate Interests

In addition to the uses set out above, we may also process the Personal Information we collect for our legitimate business interests when that is an available legal basis under applicable law. “Legitimate Interests” means the interests of our company in conducting and managing our business to enable us to give you the best service and products and the most secure experience. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. Our legitimate interests can also apply to processing that is in your interests as well. For example, we may process your information to ensure our websites and systems are secure.

When we process your personal information for our legitimate interests, we consider 3 questions: is there a legitimate interest behind the use of your Personal Information? Is our use necessary for that purpose and do your rights override our legitimate interest? We always keep your rights in high regard and we take steps to ensure your Personal Information is not used in ways other than those you would expect. We will not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by applicable data protection law).

How We Use the Information We Collect

We may use the information we collect from you to:

  • bill/invoice you;
  • complete corporate transactions
  • manage any accounts that you may have with us;
  • validate your identity;
  • send personalized marketing messages via email, post and telephone to you. Where required by applicable law, we will send these messages with your consent, and you have the right to opt out of receiving marketing by contacting us;
  • serve relevant advertising on our site and third-party sites related to our products and services which are personalized to your interests;
  • provide you with notice of product releases, special events, trainings, promotions or other matters relevant to you;
  • respond to your inquiries;
  • improve the services you receive from us.

We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Transfers of Personal Information Abroad

We take appropriate steps to protect your Personal Information regardless of where it is stored, taking into consideration the requirements of the data protection laws which we consider are applicable to how we process your Personal Information.

There may also be some instances in which we rely upon one or more permitted exceptions under the relevant data protection law from taking this step for particular situations. For example, where we have asked for your explicit consent to do, or to perform a contract with you, or take steps prior to doing so, to conclude or perform a contract with another party concluded in your interest, for important reasons of public interest, or where it is done in the context of legal claims.

How We Protect Personal Information

We maintain appropriate administrative, technical and physical safeguards designed to protect the Personal Information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We have put in place procedures to deal with any suspected breach of Personal Information and will notify you and any applicable regulator of a breach where we are legally required to do so.

How Long We Keep Personal Information

We also ensure that, in compliance with applicable law, we do not retain Personal Information longer than necessary. We will keep Personal Information about you for as long as we have a relationship with you, for example as long as you wish to keep receiving marketing messages from us, or as long as you are a customer (and for a reasonable period thereafter). When determining how long to retain Personal Information after we no longer have a relationship with you, we take into account how long our customers usually want to continue hearing from us, our legal obligations and the expectations of regulators, as well as the length of time information is needed for internal audit purposes and to exercise or defend our legal rights.

Your Rights

Depending on your jurisdiction, you may be entitled to certain rights, which can include:

  • Where our use of your Personal Information requires consent, you may withdraw this consent at any time;
  • You may update, correct or amend the Personal Information we hold about you if it is wrong;
  • You may ask us to change, restrict or stop the way in which we communicate with you or process Personal Information about you;

-You may ask us to delete your Personal Information;

  • You have rights in relation to automated decision making, including profiling which has a legal effect, or which causes a significant effect;
  • You may ask us to move, copy or transfer your Personal Information;
  • You may object to our processing of your Personal Information;

How to Contact Us

If you have any comments or inquiries about this Privacy Policy, if you would like to update information we have about you or to exercise your rights, you may contact us by submitting a Data Privacy Inquiry, sending an email to [email protected]

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority in the country in which you live via their website.

Changes to this Policy

We may change this Policy from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. We will update the date at the top of the Privacy Policy accordingly. We encourage you to check this Policy for changes when you revisit the HeadCanna website.