Crypto.com Canada Privacy Notice
Highlights
(i) We are processing the following categories of Personal Information:
- Identity Data
- Biometric Data
- Social Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Investment Data
- Technical Data
- Profile Data
- Usage Data
- Marketing and Communications Data
- Video and Voice Recordings
For detailed information on the specific pieces of Personal Information behind each category, please read carefully the table under Section 2 below.
(ii) The purposes for processing the Personal Information indicated above are determined by the ways you engage with us:
1. To register you as a new customer
7. To manage, process, collect and transfer payments, fees and charges
13. To deliver relevant website content and advertisements to you and measurement
2. To carry out and comply with anti-money laundering requirements
8. To collect and recover payments owed to us
14. To use data analytics to improve our website, products/services
3. To process and deliver our Services
9. To obey applicable legislation and handle complaints
15. To make suggestions and recommendations to you
4. To prevent abuse of our Services and promotions
10. To enable you to partake in a prize draw, competition or complete a survey
16. To use the services of social media platforms or advertising platforms
5. To manage our relationship with you (e.g. leaving a review, taking a survey and so forth)
11. To gather market data for studying customers' behavior
17. To use the services of financial institutions, crime and fraud prevention companies
6. To keep our records updated
12. To administer and protect our business
18. To record voice calls for compliance and quality assurance
For detailed information on the purposes and the categories of Personal Information, please read carefully the table under Section 6 below.
(iii) We may share your Personal Information with the following parties:
- companies and organizations that assist us in processing, verifying or refunding transactions/orders you make during your engagement with us;
- identity verification agencies to undertake required verification checks;
- fraud or crime prevention agencies to help fight against crimes including fraud, money- laundering and terrorist financing;
- anyone to whom we lawfully transfer or may transfer our rights and duties under the relevant terms and conditions;
- any third party because of any restructure, sale or acquisition of our group or any affiliates, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us; and
- regulatory and law enforcement authorities, whether they are outside or inside of Canada, where the law allows or requires us to do so.
For detailed information on the purposes and the categories of Personal Information, please read carefully the table under Section 8 below.
(iv) risks of harm and other consequences.
(iv) risks of harm and other consequences.
In connection with the processing of Personal Information, there are potential risks of harm that include unauthorized access or misuse of financial information, identity theft, and potential financial loss due to security breaches. Additionally, individuals may experience reputational damage or discrimination if sensitive data is exposed. While we implement stringent security measures to protect personal data, these risks are inherent to any data processing activities.
Furthermore, some Personal Information we collect may be transferred outside of your province or country and processed in other countries. Such Personal Information may therefore be subject to courts, law enforcement and national security entities in such foreign countries.
Last Update: 19 Sep 2024
Effective Date: 26 May 2021
1. Introduction
This Privacy Notice (“Privacy Notice”) describes how Foris DAX, Inc., Foris, Inc., and their affiliates providing services to them with respect to their services to you (together, the “Company,” “we,” “us,” “our”), and other third parties engaged to perform services for us with respect to the services we provide to you handle your Personal Information when communicating with us or accessing or using any of our websites, platforms products, services, or applications (together, the “Services”). This Privacy Notice also describes your privacy rights and how you can exercise these rights with us. It is important that you read this Privacy Notice together with any other privacy notice, fair processing notice, or other notice that we may provide when we are collecting or processing Personal Information about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements but is not intended to override those other notices, if any.
This Privacy Notice applies to your Personal Information in our possession or under our control, including Personal Information in the possession of organizations which have engaged us to provide the services to you or the Personal Information in the possession of organizations which we have engaged to collect, use, disclose or process Personal Information for the purposes stipulated herein. The purpose of this Privacy Notice is to inform you about the types of Personal Information we collect, use, process, or disclose.
We ensure that all affiliates and other third parties that are engaged to perform services on our behalf, or at your request, that are provided with Personal Information observe and comply with the intent of this Privacy Notice and our privacy practices as well as the applicable laws including the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and its regulations, and other applicable provincial privacy legislation and regulations.
We ensure that all affiliates and other third parties that are engaged to perform services on our behalf, or at your request, that are provided with Personal Information observe and comply with the intent of this Privacy Notice and our privacy practices as well as the applicable laws including the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and its regulations, and other applicable provincial privacy legislation and regulations.
Because our Services are provided through digital means, our websites and mobile applications may from time to time include links to other third-party websites, plug-ins, and applications ("Third-Party Sites"). These links are meant for your convenience only. Links to Third-Party Sites do not constitute sponsorship, endorsement or approval of such Third-Party Sites. Clicking on those links or enabling those connections may allow third parties to collect or disclose data about you. Please be aware that we do not control these Third-Party Sites and are not responsible for their privacy statements and practices. Any interaction with Third-Party Sites is between you and that Third-Party Site. We encourage you to read and be aware of the privacy notice of each and every Third-Party Site you visit or use.
From time to time, we may make changes to this Privacy Notice. The Privacy Notice is effective as of the “last update” which appears at the top of this page. We will treat Personal Information in a manner consistent with the Privacy Notice under which it was collected and our current privacy practices, unless we have your consent to treat it differently. This Privacy Notice applies to any Personal Information we collect or receive about you, from any source.
2. Definition of Personal Information
“Personal Information” is any factual or subjective information about you as an identifiable individual. Personal information does not include de-identified information where your identity cannot be ascertained from the data.
We may also collect, use, store, and transfer different kinds of Personal Information about you from our own analysis of your use of the Services or from third parties who provide information about you to us.
Depending on the nature of your interaction with us, the following table summarizes the major categories of Personal Information that we may collect or process. Note that the table is not intended to be a precise or comprehensive list of every data point we collect or use, but rather a reasonably complete representation of this information to aid you in understanding our data practices.
Category of Personal Information
Examples of specific pieces of Personal Information
Identity Data
- first name,
- maiden name,
- last name,
- username or similar identifier,
- title,
- employment status,
- date of birth and gender,
- national identity card, passport, driving licence or other form of an identification document.
Biometric Data
- Biometric information, including a visual image of your face and the mathematical templates derived from such images
Social Identity Data
- group/company data,
- information on referrals related to you,
- political background,
- close connections,
- behavioural data,
- risk assessment,
- compliance assessment.
Contact Data
- residence details,
- billing address,
- delivery address,
- home address,
- work address,
- email address and telephone numbers,
- proof of address documentation.
Financial Data
- bank account,
- payment card details,
- virtual currency accounts,
- stored value accounts,
- amounts associated with accounts,
- external account details,
- annual income range,
- source of funds and related documentation.
Transactional Data
- details about payments to and from you,
- other details of any transactions you enter into using the Services, Site or App.
Investment Data
- information about your:
- investment objectives (e.g. expected annual transaction volume range),
- investment experience,
- prior investments.
Technical Data
- internet connectivity data,
- internet protocol (IP) address,
- operator and carrier data,
- login data,
- browser type and version,
- device type, category and model,
- time zone setting and location data,
- language preference,
- application version and SDK version,
- browser plug-in types and versions,
- operating system and platform,
- diagnostics data such as crash logs and any other data we collect for the purposes of measuring technical diagnostics, and
- other information stored on or available regarding the devices you allow us access to when you visit the Site, or use the Services or the App.
Profile Data
- username and password,
- identification number as our user,
- information on whether you have Crypto.com App account and the email associated with your accounts,
- requests by you for products or services,
- your interests, preferences and feedback,
- other information generated by you when you communicate with us, for example when you address a request to our customer support.
Usage Data
- information about how you use the Site, the Services, mobile applications and other offerings made available by us, including:
- device download time,
- install time,
- interaction type and time,
- event time, name and source.
Marketing and Communications Data
- your preferences in receiving marketing from us or third parties,
- your communication preferences,
- your survey responses
Video and Voice Recordings
- video recordings
- voice recording of customer service calls and associated transcripts
We also collect, use, and share information that has been anonymized or de-identified, including statistical or demographic data, for any purpose (“Aggregate Consumer Information”). Aggregate Consumer Information may be derived from your Personal Information but is not treated as Personal Information because it does not reveal your identity in a reasonable manner. Please note that business contact information – including an employee’s name, title, business address, telephone number facsimile number or email addresses – which we collect, use, process or disclose solely for the purpose of communicating with a person in relation to their employment, business or profession does not qualify as Personal Information under the PIPEDA.
If you refuse to provide certain data when requested, we may not be able to fulfill our obligations to you or offer Services to you. We may also have to cancel or stop providing Services we provide to you that rely on your provision of that information.
3. Data Protection Officer
A Data Protection Officer (“DPO”) is responsible for overseeing questions in relation to this Privacy Notice. If you have any comments, questions, concerns, or complaints regarding your Personal Information or our privacy practices, please feel free to send in details of the same to the Data Protection Officer’s team as follows:
By written notice:
Data Protection Officer
Mr. K. Cvetkov
Data Protection Officer
Mr. K. Cvetkov
We take all comments, questions, concerns, and complaints very seriously and will respond as soon as reasonably practicable upon receiving the same.
4. Client Consent
We generally obtain your consent prior to collecting, and in any case, prior to using or disclosing your Personal Information for any purpose. The form of consent that we seek, including whether it is express or implied, will largely depend on the sensitivity of the Personal Information and the reasonable expectations you might have in the circumstances. Please note that if you wish to indicate preferences regarding your consent, you may do that via contacting [email protected] or by following a dedicated URL as provided in a relevant communication.
Where we need to collect Personal Information by law, or under the terms of a contract we have with you, and you refuse to provide that information when requested or you withdraw already provided consent, we may not be able to perform the contract we have or are trying to enter with you – for example, to provide you Services. In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
5. Collection of Information
We collect information from you when you access or use the Services, or when you interact with our website or mobile applications, including without limitation during your account registration process, when you make deposits, withdrawals, transfers, or trades on your account, when you access or use the Services, sign up to receive email updates, fill out any forms, complete surveys, interact with customer service, or when you otherwise communicate with us.
In addition to the above, if you are using the Services on behalf of a corporation or other legal entity, we will collect all the information you provide to us.
We generally do not collect or process your Personal Information unless:
a) it is provided to us voluntarily by you or by organizations which have engaged us to provide the services to you or via a third party who has been duly authorized by you to disclose your Personal Information to us (your “authorized representative”) after you (or your authorized representative) or the organization which have engaged us to provide the services to you:
i. have been notified of the purposes for which the Personal Information is collected or processed, and
ii. have provided written consent to the collection, processing and usage of your Personal Information for those purposes, or
b) collection, processing and use of Personal Information without consent is permitted or required by PIPEDA, other applicable provincial privacy legislation and regulations or other laws.
a) it is provided to us voluntarily by you or by organizations which have engaged us to provide the services to you or via a third party who has been duly authorized by you to disclose your Personal Information to us (your “authorized representative”) after you (or your authorized representative) or the organization which have engaged us to provide the services to you:
i. have been notified of the purposes for which the Personal Information is collected or processed, and
ii. have provided written consent to the collection, processing and usage of your Personal Information for those purposes, or
b) collection, processing and use of Personal Information without consent is permitted or required by PIPEDA, other applicable provincial privacy legislation and regulations or other laws.
We use different methods to collect information from and about you:
A. Direct interactions
You may give us your Personal Information by filling in forms, providing your biometric information via the Services, by email, or otherwise. This includes Personal Information you provide when you:
- apply or register for our products or the Services;
- create an account;
- subscribe to our Services or other publications;
- make use of any of our Services;
- request or indicate that marketing materials may be sent to you;
- enter a competition, promotion, or survey; or
- give us feedback or communicate with us.
B. Automated technologies or interactions
As you interact with us via our websites or mobile application, we will automatically collect certain Personal Information about your equipment, browsing actions, transactions, feedback, responses, and patterns of use. We collect this Personal Information by using cookies, server logs, and other similar technologies. We may also receive Personal Information about you if you visit other websites employing our cookies. On our main website you will be informed about how we use cookies and the control that you can exercise through the Cookie Settings.
C. Third parties or publicly available sources
We may also obtain information about you from third parties who provide identity verification and anti-fraud services, or who verify that you are not limited in your ability to use the Services by any applicable laws.
6. Use and Handling of Information
We identify the purposes for which we use your Personal Information at the time we collect such information from you and obtain your consent, in any case, prior to such use. Generally, we may collect, process and/or use your Personal Information for any or all of the following purposes (the “Purposes”):
Purpose and/or activity
Categories of Personal Information
To register you as a new customer
- Identity Data
- Biometric Data (to confirm identity)
- Social Identity Data
- Contact Data
- Financial Data
To carry out and comply with anti-money laundering requirements
- Identity Data
- Biometric Data
- Social Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Technical Data
- Investment Data
- Profile Data
To process and deliver our Services and any App features to you, including to execute, manage and process any instructions or orders you make
- Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Technical Data
To prevent abuse of our Services and promotions
- Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Technical Data
- Marketing and Communications Data
To manage our relationship with you which will include asking you to leave a review, take a survey or keeping you informed of our company's business and product development
- Identity Data
- Contact Data
- Profile Data
- Transactional Data
- Marketing and Communications Data
To keep our records updated and to study how customers use our products/services
- Identity Data
- Contact Data
- Profile Data
- Transactional Data
- Marketing and Communications Data
To manage, process, collect and transfer payments, fees and charges
- Identity Data
- Contact Data
- Financial Data
- Transactional Data
To collect and recover payments owed to us
- Identity Data
- Contact Data
- Financial Data
- Transactional Data
To obey applicable legislation and handle complaints, including:
- manage risk and crime prevention involving performance of anti-money laundering, counter terrorism, sanction screening, fraud and other background checks
- detect, investigate, report and prevent financial crime in a broad sense and
- ensure your account's security, in order to honor requests regarding information and/or changes to your account
- Identity Data
- Biometric Data
- Social Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Investment Data
- Technical Data
- Profile Data
- Usage Data
To enable you to partake in a prize draw, competition or complete a survey
- Identity Data
- Contact Data
- Profile Data
- Usage Data
- Marketing and Communications Data
To gather market data for studying customers' behavior including their preference, interest and how they use our products/services, determining our marketing campaigns and growing our business
- Identity Data
- Contact Data
- Profile Data
- Usage Data
- Marketing and Communications Data
To administer and protect our business, our Site, App(s) and social media channels including bans, troubleshooting, data analysis, testing, system maintenance, support, reporting, hosting of data
- Identity Data
- Contact Data
- Financial Data
- Technical Data
- Transactional Data
- Investment Data
- Usage Data
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
- Identity Data
- Contact Data
- Profile Data
- Usage Data
- Technical Data
- Marketing and Communications Data
To use data analytics to improve our website, products/services, marketing, customer/user relationships and experiences
- Technical Data
- Usage Data
To make suggestions and recommendations to you about goods or services that may be of interest to you
- Identity Data
- Contact Data
- Technical Data
- Usage Data
- Profile Data
- Investment Data
- Marketing and Communications Data
To use the services of social media platforms or advertising platforms some of which will use the personal data they receive for their own purposes, including marketing purposes
- Technical Data
- Usage Data
To use the services of financial institutions, crime and fraud prevention companies, risk measuring companies, which will use the personal data they receive for their own purposes in their capacity of independent controllers
- Identity Data
- Social Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Investment Data
- Technical Data
- Usage Data
To record voice calls for compliance, quality assurance and training purposes
- Identity Data
- Social Identity Data
- Contact Data
- Financial Data
- Transactional Data
- Video and Voice Recordings
Roles and Responsibilities in the Lifecycle of Personal Information
We have established clear roles and responsibilities for our personnel throughout the entire lifecycle of Personal Information, from collection to secure destruction. These roles are designed to ensure compliance with applicable privacy laws, including the Quebec privacy framework:
- Data Collection: Our front-line teams, such as customer service and onboarding personnel, are responsible for collecting your Personal Information in accordance with the purposes stated in this policy. They ensure that only the necessary information is collected, and that all consents are properly obtained.
- Data Usage: Teams within the organization use the data as per their job requirements, such as for processing transactions, fulfilling service requests, or conducting analysis. Marketing teams will only use information for communications if you have provided explicit consent.
- Data Security: Our Security team oversees the protection of your Personal Information. They implement technical and organizational safeguards, including encryption, access controls, and regular audits, to protect the data from unauthorized access, loss, or breach.
- Data Retention and Destruction: Our compliance, legal and privacy teams are responsible for ensuring that Personal Information is retained in line with regulatory and contractual obligations, and securely destroyed when no longer needed. They monitor our data retention schedules and oversee secure deletion or anonymization processes.
Through this structured approach, we ensure that your Personal Information is handled with the utmost care and in full compliance with applicable privacy regulations.
7. Cookies
We use cookies on our website to optimize your experience when browsing our website or using our online Services. Your browser may have settings to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services or our website may become inaccessible or function improperly. Our website may from time to time use cookies to analyze website traffic and help us provide a better website visitor experience. On our main website, we explain how we use cookies and the control that you can exercise through the Cookie Settings.
8. Disclosure of Information
We identify to whom, and for what purposes, we disclose your Personal Information, at the time we collect such information from you and obtain your consent to such disclosure.
We may disclose your Personal Information and other information we collect with our affiliates and unaffiliated third parties as follows or as otherwise described herein or to you:
a. where such disclosure is required for performing obligations in the course of or in connection with the provision of the Services requested by you;
b. to organizations which have engaged us to perform any of the functions or Purposes above for and on their behalf pursuant to your request; or
c. to our employees, officers, third-party service providers, agents, subcontractors, and other associated organizations, our group companies and affiliates in so far as reasonably necessary for the purposes set out herein including to complete tasks, provide the Services to you on our behalf, and otherwise fulfill our obligations.
a. where such disclosure is required for performing obligations in the course of or in connection with the provision of the Services requested by you;
b. to organizations which have engaged us to perform any of the functions or Purposes above for and on their behalf pursuant to your request; or
c. to our employees, officers, third-party service providers, agents, subcontractors, and other associated organizations, our group companies and affiliates in so far as reasonably necessary for the purposes set out herein including to complete tasks, provide the Services to you on our behalf, and otherwise fulfill our obligations.
If we do disclose, we will require such employees, officers, third-party service providers, agents, subcontractors, and other associated organizations, our affiliates to respect the security of your Personal Information and to treat it in accordance with the applicable law.
Type of third parties
Types of information shared
Purpose for sharing
Identity verification providers, Know-Your-Customer (KYC) service providers
Identity Data, Biometric Data, Contact Data
To verify your identity
Fraud detection services, anti-money laundering (AML) monitoring services, regulatory compliance services
Financial Data, Transactional Data, Social Identity Data
To detect and prevent fraud, money laundering, terrorist financing, and other financial crimes and illicit activities
Companies that assist us in providing any of the Services that you have requested and in processing, verifying or refunding transactions/orders you make
Contact Data, Financial Data
To facilitate the provision of services and relevant business operations to support our delivery of the Services and related aspects to you
IT consultants, cybersecurity firms, software development companies, analytics providers
Technical Data, Usage Data
To improve our information, technology, and security systems including websites and mobile applications
Customer support platforms, call center service providers, communication service providers
Profile Data, Contact Data, Video and Voice Recordings
To provide customer service
Marketing agencies, social media platforms, content management platforms
Social Identity Data, Marketing and Communications Data
To promote our products or Services if you submit a product review or post content on public areas of our product, Services, or social media accounts
Legal advisors, corporate restructuring service providers, financial institutions
Identity Data, Financial Data
To transfer our rights and duties under the relevant terms and conditions governing the use of any Services (to the extent allowed)
Legal counsel, regulatory authorities, law enforcement agencies, compliance monitoring services
Identity Data, Financial Data, Transactional Data, any other category of data to the extent required by law
To comply, in our sole discretion, with a legal request or to protect or enforce our rights, including to comply with an applicable law or regulation, or in response to a request for information if we believe disclosure is in accordance with any applicable law, regulation, or legal process, to protect against or prevent actual or potential fraud, unauthorized transactions, claims, or other liability, and to protect the rights, property, and safety of us or others
Mergers and acquisitions advisors, auditors, potential buyers, legal and financial advisors
Financial Data, Transactional Data
To evaluate, effectuate, or otherwise transfer your Personal Information as part of a proposed or actual sale, merger, restructuring, transfer, or exchange of all or a portion of our assets to another company
Categories of Individuals with Access to Personal Information
Within our organization, access to your Personal Information is restricted to those employees or service providers who require such information to fulfill their job responsibilities and assist in delivering our services. This includes, but is not limited to:
- Customer service representatives who manage account inquiries and provide support
- Information security personnel responsible for maintaining and securing our systems
- Compliance and legal teams who ensure adherence to regulatory obligations
- Marketing personnel who process consented information for communications
- Payments teams handling transactions and payment processing
All individuals with access to Personal Information are bound by confidentiality obligations and are trained on the importance of protecting your privacy. We ensure that only the necessary personnel have access to your data in accordance with their role and function.
Transfer of Personal Information Outside of Canada and Quebec
Your Personal Information may be transferred to and processed in countries outside of Canada. Accordingly, such Personal Information may be accessible (by lawful order) to courts, law enforcement or national security entities in such foreign countries.
When we transfer your Personal Information to service providers or affiliates located outside of Canada, we ensure that appropriate safeguards, such as contractual obligations, are in place to protect your information in accordance with applicable privacy laws. These transfers are necessary for the purposes outlined in this Privacy Notice, including providing our services.
If you are located in Alberta, and have any questions about the processing or storage of your Personal Information by our affiliates or service providers outside of Canada, or if you would like to receive further written information about our service providers or affiliates outside of Canada, please contact our DPO at [email protected].
For residents of Quebec, in compliance with the Act respecting the protection of personal information in the private sector (Quebec's privacy law), please be informed that your Personal Information is transferred outside Quebec to the USA, Europe and Singapore, any risks associated with the transfer of your Personal Information is covered through compliance with the applicable state laws and through contractual measures.
9. Storage and Retention of Information
We may keep a record of your Personal Information, correspondence, or comments, in a file specific to you. We will utilize, disclose, or retain your Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected or as otherwise permitted or required by law. We have implemented a retention schedule to establish the retention period for certain types of information. Once this period has passed, we destroy your Personal Information permanently and securely.
a. Safeguarding your Personal Information
While no online or electronic system is guaranteed to be secure, we take reasonable measures designed to protect the information we collect from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. In particular, we implement reasonable security practices and procedures designed to protect the confidentiality and security of this information in accordance with, and prohibit disclosure other than as permitted by this Privacy Notice. We also use reasonable measures designed to limit access to your Personal Information to those employees, agents, contractors, and other third parties who have a business reason to know such information. Such access and disclosure are subject to a duty of confidentiality.
We have put in place reasonable security procedures to deal with any suspected Personal Information breach and will notify you and any relevant regulator of any known breach in accordance with applicable law.
If you want to know more about our security practice, please visit the following link: https://crypto.com/en/security.html
10. Requesting Information about and Accuracy of Information
a. Process for Requesting Information
You may make a written request to access certain details of Personal Information that we have collected, utilized, or disclosed about you in accordance with the provisions of PIPEDA or other applicable provincial privacy legislation and regulations as the case may be. We will make such Personal Information available to you in a form that is generally understandable and will explain any abbreviations or codes. Please note that applicable law may require or permit us to refrain from providing you with information that we hold about you with or without notice.
If you would like to make a written request to access such Personal Information, please email us at: [email protected].
b. Verifying your Request
To protect your Personal Information and to prevent any unauthorized disclosure of your Personal Information, we may request that you provide sufficient identification prior to providing the access to the existence, use or disclosure of your Personal Information. Any such identifying information will be used only for this purpose, unless previously provided for another Purpose.
c. Responding Time
We will attempt to respond to each of your written requests not later than thirty (30) days after receipt of such requests (or such other period that may be required by law). We will advise you in writing if we cannot meet your requests within this time limit. While we strive to respond to written requests within the timeframe permitted, you have the right to make a complaint to the federal Privacy Commissioner under applicable law.
We understand that there are times where we may be requested to speed up our response and in the event we receive such request from you, please be informed that we may contact you to find out further details pertaining to your request.
d. Cost for Requesting Information
We will not charge any costs for you to access your Personal Information in our records or to access our privacy practices without first providing you with an estimate of the approximate costs, if any.
e. Changes to Personal Information
It is important that the Personal Information we hold about you is accurate, complete, and up to date as possible. Please keep us informed if your Personal Information changes during your relationship with us. If you believe that any information, we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us.
f. Preferences Regarding Your Consent for Processing of Personal Information
Please note that if you wish to indicate preferences regarding your consent, you may do that via contacting [email protected] or by following a dedicated URL as provided in a relevant communication.
g. Requesting Data Portability
Depending on where you are located, you may have the right to request your Personal Information in a structured, commonly used, and machine-readable format. Where technically feasible, you may also request that we transmit this information directly to another organization.
To request data portability, please contact our DPO at [email protected] with a written request. We will process your request in accordance with the applicable legal requirements and respond within the designated timeframe.
h. Submitting Complaints
If you have any concerns about how we handle your Personal Information or believe that your privacy rights have been violated, you may submit a complaint to our DPO. Please send a detailed written complaint to [email protected], and we will investigate the matter in accordance with applicable privacy laws. We will respond to your complaint within the timeframes required by law and work with you to resolve the issue promptly and fairly.
11. Canadian Anti-Spam Legislation
Canada’s anti-spam legislation (“CASL”) regulates all forms of commercial electronic messages (“CEMs”) (e.g., including but not limited to emails, texts or social networks) sent to an electronic address. A CEM is an electronic message that, based upon its content, its hyperlinks, or its contact information, has as its purpose, or one of its purposes, encouraging participation by the recipient in a commercial activity. CASL applies to any message sent from, or accessed by, a computer (or similar electronic device) in Canada. In general, CASL requires businesses to have valid consent before sending a CEM (the “Consent Requirement”). The Consent Requirement can be satisfied by express or implied consent (where permitted by CASL). Implied consent is a defined term within CASL, and exists only within the narrow circumstances prescribed. One such circumstance is where an “existing business relationship” exists between the CEM sender and the recipient. Implied consent arising from an existing business relationship expires two (2) years after the business transaction underlying the relationship concluded. Implied consent can also arise in circumstances which include someone providing a person with their business card, or publicly publishing their contact details, without any notice that they do not want to receive CEMs at the address(es) provided, but only if the resulting CEM is relevant to their role.
Subject to any requirements or restrictions pursuant to CASL and any applicable regulatory guidance, express consent can be obtained via oral confirmation (over the telephone) or in writing (for example, online via a website, or by regular mail). The CEM must contain the sender’s full legal name and contact information (address and telephone number, email or website). The CEM must contain a no-cost mechanism that allows the recipient to unsubscribe from receiving future CEMs. A request to unsubscribe must be honored within ten (10) business days of receipt.
To comply with CASL, we will maintain detailed records of all express and implied consents. These records will be updated regularly to delete those who unsubscribe and those for whom implied consent has expired. We will request consent via various means, including via email or electronic acceptance of the relevant terms to the Services, and rely on implied consent arising from our existing business relationship.