Terms & Conditions
When you use our Services, you provide us with things like your files, content, email messages, contacts and so on ("Your Stuff"). Your Stuff is yours. These Terms don't give us any rights to Your Stuff except for the limited rights that enable us to offer the Services. We need your permission to do things like hosting Your Stuff and backing it up to the AWS. Our Services also provide you with features like photo thumbnails, document previews, email-notifications, push notifications, easy sorting, editing, sharing and searching of files related to work order maintenance management. These and other features may require our systems to access, store and scan Your Stuff. You give us permission to do those things, this permission does not extend to third parties we work with other than Mandrill Email Services. New clients are automatically entered into our monthly newsletter. The newsletter provides important updates on your account including current/future software updates. If you no longer to want to receive our newsletter, simply Unsubscribe 24/7.
Sharing Your Stuff
Our Services let you share Your Stuff with others, so please think carefully about what you share and who you INVITE into your account as a new USER.
You're responsible for your conduct, Your Stuff and you must comply with our Acceptable Use Policy. Content in the Services may be protected by others' intellectual property rights. Please don't copy, upload, download or share content unless you have the right to do so.
We may review your conduct and content for compliance with these Terms and our Acceptable Use Policy. With that said, we have no obligation to do so. We aren't responsible for the content people post and share via Maxpanda CMMS. Please safeguard your password to the Services, make sure that others don't have access to it, and keep your account information current.
Limited Right to Use // This Web site is owned and operated by Maxpanda Software Inc. unless otherwise specified; all materials on this Web site are the property of Maxpanda Software Inc. and are protected by the copyright laws of Canada and, throughout the world by the applicable copyright laws. No materials published by Maxpanda on this Web site, in whole or in part, may be copied, reproduced, modified, republished, uploaded, posted, transmitted, or distributed in any form or by any means without prior written permission from Maxpanda Software Inc. The use of any such materials on any other Web site or networked computer environment or for any other purpose is strictly prohibited and such unauthorized use may violate copyright, trademark and other similar laws.
HIPAA Webpage: HIPAA References + HIPAA whitepaper: HIPAA Whitepaper. Our customers work with many types of data, but none more personal and private than health care data. That’s why, as part of our commitment to maintaining the privacy of your data, we’ve updated our policies, added security features, and enhanced our infrastructure to fully meet HIPAA requirements.
SOC 2: Maxpanda is compliant with SOC 2 Type II, an independent audit designed to ensure good policy and compliance in the five key areas of security, availability, processing integrity, confidentiality, and privacy. Our most recent annual SOC 2 Type II audit has been completed and continue each year.
Newletter // We automatically enter your email address into our newsletter mailing list. This list is not for marketing purposes but to keep each of our clients and nonclients up to date with all feature sets that are implemented into the software. These updates and features to the software are also posted on our blog under cmms version control.
Links to Other Sites // The linked sites are not under the control of MAXPANDA, and MAXPANDA is not responsible for the content of any linked site or any link contained in a linked site. MAXPANDA reserves the right to terminate any link at any time. MAXPANDA may provide links from this Web site to other sites as a convenience to you and in no way should this be interpreted as an endorsement of any company, content or products to which it links. If you decide to access any of the third party sites linked to this Web site, you do this entirely at your own risk.
Indemnity // You agree to indemnify, defend and hold MAXPANDA harmless from and against any and all third party claims, liabilities, damages, losses or expenses (including reasonable attorney's fees and costs) arising out of, based on or in connection with your access and/or use of this Web site.
Limitation of Liability // IN NO EVENT SHALL MAXPANDA OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES INCLUDING, WITHOUT LIMITATION, LOSS PROFITS OR REVENUES, COSTS OF REPLACEMENT GOODS, LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS WEB SITE OR ANY LINKED SITE, DAMAGES RESULTING FROM USE OF OR RELIANCE ON THE INFORMATION OR MATERIALS PRESENTED ON THIS WEB SITE, WHETHER BASED ON WARRANTY, CONTRACT, TORT OR ANY OTHER LEGAL THEORY EVEN IF MAXPANDA OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Disclaimer // MAXPANDA assumes no responsibility for accuracy, correctness, timeliness, or content of the materials provided on this Web site. You should not assume that the materials on this Web site are continuously updated or otherwise contain current information. MAXPANDA is not responsible for supplying content or materials from the Web site that have expired or have been removed IN REGARDS TO work orders & maintenance management. THE MATERIALS PROVIDED AT THIS WEB SITE ARE PROVIDED "AS IS" AND ANY WARRANTY (EXPRESS OR IMPLIED), CONDITION OR OTHER TERM OF ANY KIND, INCLUDING WITHOUT LIMITATION, ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OR TITLE IS HEREBY EXCLUDED.
1. Personal Information // You have complete control over your personal information. In general, you can visit our Web site without providing us with any personal information. However, there are instances where we must have your personal information in order for us to grant you an access to our protected and secured sites. This information may include registration data (your name, address, email address, phone number, title, etc.), information request data and response data ("User Information").
2. Use of User Information // We intend to use such information for purposes of supporting your relationship with Maxpanda CMMS by designing content that is suitable to your needs and alerting you to new product and service offerings as they become available. If you decide that we should not use your personal User Information to contact you, please let us know and we will not use that information for such purpose. However, please do not submit any User Information if you are less than 18 years of age.
3. Disclosure of User Information // Maxpanda CMMS does not sell, trade or transfer User Information to third parties.
4. Accuracy and Security // The accuracy and security of the User Information is important to Maxpanda CMMS. If you contact us to correct your User Information, we will attempt to correct such inaccuracies in a timely manner. Maxpanda CMMS is concerned with the security of your User Information and is committed to taking reasonable steps to protect it from unauthorized access and use of that personal information. To that end, we put in place the appropriate physical, electronic and managerial policies and procedures to secure your personal User Information. We also continue to implement procedures to maintain accurate, complete and current User Information.
5. Cookies // Maxpanda CMMS uses "cookies". A cookie is a small data file that a Web site can transfer to a visitor's hard drive to keep records of the visits to such site. A cookie cannot read data off of your hard drive or read cookie files created by other sites. Maxpanda stores such cookies in your browser to maintain your desired user experience and app settings so you don't have to. If you prefer not to accept a cookie, you can set your Web to warn you before accepting cookies or you can refuse all cookies by turning them off in your Web browser.
6. External Links // Maxpanda's Web site may provide links to other third party Web sites. Even if the third party is affiliated with Maxpanda CMMS through a business partnership or otherwise, Maxpanda CMMS is not responsible for the privacy policies or practices or the content of such external links. These links are provided to you for convenience purposes only and you access them at your own risk while using our Computerized Maintenance Software and Facilities Management Program.
7. Monthly Yearly Payments // Before you decide to signup to any plan you should have already reviewed the online tech docs and this page in great detail. Note: Maxpanda does not offer any refunds under any circumstance. Signing up to any plan you are entering a legal binding contract between you and Maxpanda CMMS. You may cancel your account at anytime without penalties and your data is held for 90 days in storage just in case you change your mind. Amazon Web Services will permanently delete all records on day 91 post cancellation.
8. Importing Data from other CMMS // Maxpanda includes built in Multi Data Import modules allowing new customers to import unlimited buildings, locations, users, parts and bins. Maxpanda also offers a Service to new customers interested in importing historical data from previous CMMS. Your data can also be exported in CSV format through the web browser.
9. Data Rentention // REMOVAL AND ARCHIVAL OF OLD DATA – Archiving all work orders from your database between 2004-2018. Maxpanda will retain current year + 2 past years [2021 + 2020 (01/01-12/31) + 2019 (01/01-12/31] of data per each corporate account with archives continuously performed at the end of each following year. Data older than 7 years will automatically be deleted without backups.
GoMAX app collects location data to enable the displaying of STAFF/VENDOR/ASSET work order location using user's mobile GPS and/or physical LOCATION ADDRESS if entered by the Company Admin. This feature is set to the OFF setting by default and may be turned on by the user within the mobile system menu. GPS/ADDRESS location services will collect data even when the app is closed in the background or not in use, until it is switched off by you. Location data collected is only utilized to display markers on live HERE map functionality. Location data is only visible to Company Admins and Editors within their own Maxpanda CMMS account. This data is not shared with any 3rd party or other application and is deemed private. Review GoMAX mobile location service in this short video.
Confidentiality is the protection of personal information. Confidentiality means keeping a client’s information between you and the client, and not telling others including co-workers, friends, family, etc.
Examples of maintaining confidentiality include:
- individual files are locked and secured
- support workers do not tell other people what is in a client’s file unless they have permission from the client
- information about clients is not told to people who do not need to know
- clients’ medical details are not discussed without their consent
- adult clients have the right to keep any information about themselves confidential, which includes that information being kept from family and friends
The types of information that is considered confidential can include:
- name, date of birth, age, sex and address
- current contact details
- bank details
- medical history or records
- personal care issues
- service records and file progress notes
- individual personal plans
- assessments or reports
- incoming or outgoing personal correspondence
Other information relating to ethic or racial origin, political opinions, religious or philosophical beliefs, health or sexual lifestyle should also be considered confidential. There is, however, no such thing as absolute confidentiality in the service industry. Workers are required to keep notes on all interactions with clients and often to keep statistics about who is seen and what issues are addressed. As a worker, there will be times when you could be faced with some personal difficulties regarding confidentiality. You need to give your client an assurance that what is said will be in confidence (that it will stay secret between you and the client) because, unless you are able to do that, the client is unlikely to be open with you. However, you also need to be aware of the limits to the confidentiality that you are offering. There are several instances where total confidentiality is either impossible, undesirable or illegal. These include: cases where the law requires disclosure of information which will be
Confidentiality also extends to things like:
- names and addresses of clients
- phone numbers and addresses of staff and volunteers
- details of funding agreements
- information about strategic planning
Importance of confidentiality
One of the most important elements of confidentiality is that it helps to build and develop trust. It potentially allows for the free flow of information between the client and worker and acknowledges that a client’s personal life belong to them. One of the major purposes for obtaining a client’s consent before speaking to a third party is to protect the confidentiality and privacy of the client. Informed consent (obtaining personal information with the formal permission of the client or a person who has the legal authority to provide permission on behalf of the client) is considered essential in maintaining the privacy of the client. It is important to keep your clients’ business as just that – their business. You should only discuss matters relating to your clients business with co-workers, and then only what needs to be discussed. Discussions should take place in the workplace and not be audible to other members of staff or the general public. You should never discuss clients business with family or friends. Respect for client confidentiality and staff personal information should be a high priority for all community services to comply with legislation that governs disclosure of information. In this regard all organisations need to have policies and procedures that provide guidelines for workers. Appropriate worker behaviour can also be incorporated in a code of conduct. To ensure confidentiality, workers should only access confidential information for work that is covered by their job description and the policies and procedures of the organisation. They should only disclose information to other parties where a client (or co-worker in relation to their personal information) has consented to the release of the information or where disclosure is required or mandated by legislation due to indications of risk of harm. Workers need to ensure that any information collected is securely stored and disposed of.
What is GDPR?
The General Data Protection Regulation (“GDPR”) is a new, EU-wide privacy and data protection law. It calls for more granular privacy guardrails in an organization’s systems, more nuanced data protection agreements, and more consumer-friendly and detailed disclosures about an organization’s privacy and data protection practices. The GDPR replaces the EU’s current data protection legal framework from 1995 (commonly known as the “Data Protection Directive”). The Data Protection Directive required transposition into EU Member national law, which led to a fragmented EU data protection law landscape. The GDPR is an EU regulation that has direct legal effect in all EU Member States, i.e., it does not need to be transposed into an EU Member States’ national law in order to become binding. This will enhance consistency and harmonious application of the law in the EU.
Personal data is any information relating to an identified or identifiable individual. This is a very broad concept because it includes any information that could be used on its own, or in combination with other pieces of information, to identify a person. Personal data is not just a person’s name or email address. It can also encompass information such as financial information or even, in some cases, an IP address. Moreover, certain categories of personal data are given a higher level of data protection because of their sensitive nature. These categories of data are information about an individual’s racial and ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, information about person’s sex life or sexual orientation, and criminal record information. Processing of personal data is the key activity that triggers obligations under the GDPR. Processing means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. In practical terms, this means any process that stores or consults personal data is considered processing.
Key concepts: data controllers and data processors
In EU data protection law, there are two types of entities that can process personal data — the data controller and the data processor. The data controller (“controller”) is the entity which, alone or jointly with others, determines the purposes and means of the processing of personal data. The data processor (“processor”) is the entity which processes personal data on behalf of the controller. It is important to determine whether the entity processing personal data for each data processing activity is a controller or a processor. This mapping exercise enables an organization to understand what rights and obligations attach to each of its data processing operations. Stripe has certain data processing activities for which it acts as a data controller, and others for which it acts as a data processor. A good illustration of this dual role is when Stripe processes credit card transactions. Facilitating a transaction requires the processing of personal data, such as the cardholder’s name, credit card number, the credit card expiry date, and CVC code. The cardholder’s data is sent from the Stripe user to Stripe via the Stripe API (or by some other integration method, such as Stripe Elements). Stripe then uses the data to complete the transaction within the systems of the credit card networks, which is a function that Stripe performs as a data processor. However, Stripe also uses the data to comply with its regulatory obligations (such as Know Your Customer (“KYC”) and Anti Money Laundering (“AML”), and in this role Stripe is a data controller.
Legal basis for processing personal data in the GDPR
The next consideration is to determine whether or not a particular processing activity is GDPR-compliant. Under the GDPR, every data processing activity, performed as a controller or processor, needs to rely on a legal basis. The GDPR recognizes a total of six legal bases for processing EU individuals’ personal data (in the GDPR, EU individuals are referred to as “data subjects”). Those six legal bases, in the order of Art. 6 (1) (a) to (f) GDPR, are:
The data subject has given consent to the processing of his or her personal data for one or more specific purposes; The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; The processing is necessary for the compliance with a legal obligation to which the controller is subject; The processing is necessary to protect a vital interest of the data subject; The data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority; or The processing is necessary for the legitimate interests pursued by the entity, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require personal data protection.
Individuals’ rights under the GDPR
Under the Data Protection Directive, individuals were guaranteed certain basic rights with regard to their personal data. Individuals’ rights continue to apply under the GDPR, subject to some clarifying amendments. The below chart compares individuals’ rights under the Data Protection Directive and the GDPR.
More generally, Stripe has international data transfer compliance measures in place governing all of Stripe’s global entities processing of the personal data of EU individuals. These measures are based on the EU Standard Contractual Clauses. As noted above, international data flows continue to be an area of potential future law reform. For this reason, we are following the legal developments around international data transfer compliance measures very closely, and take every measure available to us to ensure a compliant international transfer of EU data subjects’ personal data. This also means that we have built redundancies into our data transfer compliance program to the fullest extent possible and are looking to expand these with Stripe under the GDPR.