LAST UPDATED: JAN 1, 2021
While you use our website (www.sodalessolutions.com) or products, we are processing your Personal Information. You, therefore, have the right to know what we do with it and the choices you have over your Personal Information. Based in Ontario, Canada, out privacy practices comply with Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Health Information Protection Act (PHIPA) – in addition, our practices also comply with other provincial, national and international standards and follow the ten internationally recognized privacy principles.
- What Personal Information we are collecting;
- How and when we ask for your consent to collect, use and disclose your Personal Information;
- The purposes for which we collect and use your Personal Information;
- The organizations with whom we may disclose your Personal Information and the purpose of such disclosure;
- How long we retain your Personal Information;
- How we secure your Personal Information;
- Who to contact and how to request access, correction or erasure of your Personal Information;
- We only collect, use and disclose your Personal Information for purposes that a reasonable person would consider appropriate;
- We only collect, use and disclose the data that is strictly necessary for the services being provided;
- Your data is collected, used and disclosed in a transparent, confidential and secure manner.
1. What Personal Information do we collect and in what circumstances do we collect it?
Personal Information means:
- Any type of information that allow us to identify you, either directly (e.g., name, image, home phone number) or in combination with other information (e.g., license plate number, IP address);
- This does not include:
- anonymous or aggregate information that cannot be tracked back to you personally
- Business contact information; that is, any information that enables you to be contacted in your place of business (for example your name, business telephone number, business address, business email or business fax number)
We collect your Personal Information under the following circumstances:
- You provide it to us directly;
- We collect it from external sources, or
- We collect it by using automated means.
1.1. The Personal Information you provide us directly
In short: During the various interactions we have with you, you may be required to provide us with Personal Information. For example, we collect Personal Information when you connect with us for services. The Personal Information we collect may vary whether you are a customer or a simple user of our website.
In detail: The Personal Information you provide to us directly includes:
- Profile information, such as names, first names;
- Demographic information, such as postal address, province, country of residence; e-mail address, telephone number;
- Transaction information, such as information on billing, invoices, payment details, information necessary for the delivery or porting of an ordered product;
- User content information, such as Username and encrypted password used to identify you on our sites or applications;
- Engagement information, such as information on products and services that you purchase, information relating to your purchase history or your commercial relationship with us.
1.2. The Personal Information we collect automatically when you use our services
In short: During each of your visits to our sites and mobile applications, we collect information about your connection and your browsing activity.
In detail: Different technologies can be used to collect this data, for example through cookies. Cookies are small text files that are placed on your computer or mobile applications by websites that you visit. When we talk about “cookies” we are also talking about technologies similar to cookies, such as scripts, pixels, fingerprinting and redirects. Scripts (sometimes called tags) are programs that run in your browser or mobile application and perform various actions, such as sending information to our servers.
Cookies can be implemented by us and also by third-party organizations that are service providers or business partners. Cookies allow us to collect Personal Information on you, and to transmit technical information about the devices you use, the clicks you make, and the content you view.
1.3. Data relating to children
In short: We recognize children’s privacy should be treated differently and we value the involvement of parents and/or guardians in the protection of children’s Personal Information and privacy rights online. As such, our website/mobile applications are not intended for children under the age of 16, and we do not target our services to them.
2. For what purposes do we collect, use or disclose your Personal Information?
In short: We collect Personal Information for specific purposes, and we limit the collection, use and disclosure of your Personal Information to what is necessary. Unless required by law or for exceptions set out in applicable legislation, we will not use or disclose for any new (not previously-identified) purpose without your consent.
In detail: We collect, use or disclose your Personal Information for the following purposes:
- to verify your identity,
- to provide you with our products and services,
- to establish a relationship with you,
- to meet our legal obligations,
- to ensure a high standard of service to our members and prospective customers;
- to understand the product and service needs of our members and prospective customers;
In addition, we are implementing cookies for the following purposes:
- Some cookies are necessary for our site to function. Without them, your user experience would be degraded. For example, we use them to remember your choice of language, to adapt our content to your device, and for ensuring the security of our authentication mechanisms.
- We use other cookies to measure our audience engagement (“web analytics”), which includes establishing statistics of volumes and visits, for targeted advertisement on our site, for personalizing your activity on our website, and for allowing you to share your Personal Information on social media platforms.
3. How do we obtain your consent?
In short: We will obtain your consent, whether express or implied, to collect, use or disclose Personal Information. There are also some situations where we are authorized by law to do so without your consent. In determining the appropriate form of consent, we will take into account the sensitivity of the Personal Information and your reasonable expectations.
3.1. When do we collect your express consent?
Express consent occurs when you provide us Personal Information voluntarily after we have presented you with the purpose of the collection of our information. It can be given in writing or verbally.
When we rely on your express consent, you will always be prompted to take a clear affirmative action so that we can ensure that you agree with the collection of your Personal Information.
Before obtaining your consent, we will systematically inform you of the purposes of the collection, use and disclosure.
3.2. When do we collect your implied consent?
Implied consent occurs when you voluntarily provide us Personal Information for a reasonable purpose that you consider appropriate (for example, when you provide us with your home address so that we may deliver products for you, or when you provide us with your email address so that we may send you a verification code).
Your consent may also be implied if we give you notice and a reasonable opportunity to opt-out, and that you do not opt-out (for example, if you call us on the phone, we may inform you that your conversation may be recorded for improving our customer management services. If you do not opt-out, this will be considered as implied consent).
3.3. The limited situations where we do not collect your consent.
There are limited situations as permitted under legislation where we will not collect your consent, including the following:
- When the collection, use or disclosure of Personal Information is permitted or required by law;
- In an emergency that threatens your life, health, or personal security;
- When your Personal Information is available from a public source (e.g., a telephone directory);
- When we require legal advice from a lawyer;
- For the purposes of collecting a debt;
- To protect ourselves from fraud;
- When the disclosure is carried out in the context of a business transaction, prospective party, for the purpose of deciding whether to proceed with a business transaction or not;
- To investigate an anticipated breach of an agreement or a contravention of the law.
Subject to certain exceptions (e.g., the Personal Information is necessary to provide the service or product, or the withdrawal of consent would impede the performance of a legal obligation), you can withdraw your consent to use your Personal Information.
If you withdraw your consent it may restrict our ability to provide a particular service or product. If this is the case, we will inform you beforehand of the implications of withdrawing your consent.
If you no longer wish to receive marketing or commercial communications from us, you may withdraw your consent at any time; all you need to do is to send us an email at email@example.com or click on the “unsubscribe link” at the bottom of our email to you.
At any time, you can also refuse or choose to delete any cookies already on your computer or disable certain types of cookies. However, please note that your experience on our website may be impacted. To delete cookies or initiate “Do Not Track” signals on your browser, you can refer to your internet browser’s “Help” guide in the browser menu to walk through the specific requirements.
4. To whom do we disclose your Personal Information?
4.1. Disclosure to employees within our organization
In short: Disclosure happens if we make Personal Information available within or outside of our organization. We commit to disclose your Personal Information to a limited number of individuals within our organization.
In detail: The following individuals within our organization may have access to some of your data: Employees of subscription services, key relations clients, administrative, accounting and management control, IT and marketing & sales. Access to your data is based on individual and limited access permissions. Staff who can access Personal Information are subject to an obligation of confidentiality and are specifically trained in privacy regulations.
4.2. Disclosure of your Personal Information to external organizations
In short: In certain circumstances, we may disclose your Personal Information to external organizations or public authorities. We do not and will not sell any Personal Information to third parties for marketing or any other parties for commercial purpose.
In detail: The following entities may have access to your Personal Information
- Service providers that collect, use or disclose your Personal Information on our behalf
These service providers (such as SAP) have access to your Personal Information for uses consistent with the reasons for which we collected it initially. Your information will be treated with the same level of privacy and security as we are committed to providing and will not be used for other purposes than that which we authorize.
- Police authorities, judicial or administrative authorities
We may disclose your Personal Information when we are required or authorized by law to cooperate with local, national or international law enforcement or other authorities for the reporting of and/or investigation of improper or unlawful activities, or if we need to comply with court orders.
6. Do we transfer your Personal Information outside Canada?
In short: Our business partners as well as third party service providers that process or store your Personal Information on our behalf may be located outside of Canada.
In detail: Unless there is a legal or regulatory requirement to store, access and/or use Personal Information in Canada, we may use third party platforms located outside of Canada to process and/or store Personal Information for us. Please note that Personal Information in the custody of these third-party platforms may be subject to access by the law enforcement authorities of those jurisdictions in which the third parties are located.
7. How do we safeguard your Personal Information?
In short: Your Personal Information is important to us, and we take all reasonable precautions with regards to the risks created by the processing that we carry out to preserve the security of your Personal Information and to prevent their alteration and damage, or any access by non-authorized third parties.
In detail: As we are responsible for your Personal Information, we implement appropriate technical and organizational measures in accordance with applicable legal provisions to protect your Personal Information against alteration, accidental or unlawful loss, use, disclosure or unauthorized access. Safeguards include physical, organizational and technical measures including, but not limited, to:
- The creation of a unit dedicated to the security of information systems;
- Raising awareness of the confidentiality requirements of our employees who have access to your Personal Information;
- Securing access to our premises and to our IT platforms;
- The implementation of a general IT security policy for the company;
- Firewalls, anti-virus, strong passwords and software solutions for technical security
8. How do we ensure that the Personal Information we hold on you is accurate?
In short: We will ensure that the Personal Information we hold on you is as complete and up to date as is necessary for the purposes for which it is to be used. You may request that we correct any errors or omissions by writing to firstname.lastname@example.org.
In detail: We have established internal procedures to preserve the accuracy of the Personal Information that we receive. If you believe that the Personal Information we collect, use and disclose is not accurate, you can send us a request to correct Personal Information. This request must be made in writing and to email@example.com. You should provide sufficient detail to identify the Personal Information and the correction being sought.
We will update Personal Information as and when necessary to fulfill the identified purposes, or upon your notification.
We will note in your file any unresolved differences as to accuracy or completeness. Where appropriate, we will transmit to third parties having access to the Personal Information in question, any amended information or request for amendment.
9. How can you request access to your Personal Information?
In short: You have the right to access to your Personal Information. Your request for access must be made in writing at the following address firstname.lastname@example.org.
In detail: You have the right to access to your Personal Information, to information about the ways in which your Personal Information is or has been used, and to the names of the individuals and organizations to which your Personal Information has been disclosed. If your Personal Information is stored in electronic form, you will have the option to receive a copy of the information in electronic or paper form.
Your request for access must be made in writing. You may be required to prove your identity before we give you access to your Personal Information.
We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request.
A minimal fee may be charged for providing access to Personal Information. Where a fee may apply, we will inform you of the cost and request further direction from you on whether or not we should proceed with the request.
10. How can you request that we erase your Personal Information?
In short: You may ask us to erase Personal Information we have on you, or choose to close your account.
In detail: At any time and without penalty, you can close your account or ask us to remove pieces of information by sending an e-mail to email@example.com.
If you wish to have any of your information removed from our databases, or if you no longer want us to send any further communications to you, you can send an e-mail to firstname.lastname@example.org. Where your information is stored with our third parties, we will proceed as necessary to remove your information as requested.
Kindly note that we may be required by law to maintain some of your Personal Information.
11. How do we remain accountable and how can you challenge our compliance?
In short: Our Privacy Officer is responsible for the creation, oversight and implementation of our privacy management program and procedures to protect your Personal Information. We have established procedures for addressing and responding to all inquiries and complaints you may have regarding our handling of your Personal Information. You may contact us at email@example.com.
In detail: We will investigate all complaints concerning compliance with this Policy in a timely manner. If a complaint is found to be justified, we shall take appropriate measures within 72 hours of the receipt of the inquiry to resolve the complaint including, if necessary, amending policies and procedures.
If we are unable to resolve the concern, you may write to:
Information and Privacy Commissioner of Ontario
2 Bloor Street East
Suite 1400 Toronto, ON M4W 1A8
12. What happens if we make changes to this Policy?
If you have any questions or concerns about this Policy, please feel free to contact us at firstname.lastname@example.org.