DOWN ASSOCIATION OF CANADA
ASSOCIATION CANADIENNE DU DUVET
(v. 18-1, August 2018)
Down Association of Canada/Association Canadienne du Duvet (“DAC”) owns and operates the Website on which this Policy appears or from which it is linked (”DAC’s Website”). This Policy also applies to DAC’s mobile applications and its online products and services, if any. References herein to “DAC’s Website” automatically include all such applications, products and services.
If you have any questions, concerns, or complaints about this Policy, or how DAC or its service providers are managing your personal information, you can communicate those to DAC’s Privacy Officer at: firstname.lastname@example.org
Scope of Policy
This Policy deals exclusively with personal information and privacy. Personal information refers to any information that relates to an identified or identifiable natural person, and includes, without limitation:
(a) identification numbers, passwords, and communication codes;
(b) electronic and physical addresses and telecommunication information; and
(c) biometric, physical, physiological, mental, economic, cultural, and social identifiers.
(a) explains how we collect, use, disclose, store and otherwise process personal information through DAC’s Website, mobile applications, and its online products and services;
(b) explains how you can control the collection, correction and/or deletion of your personal information;
(c) sets out your consent to DAC’s activities that are described or referenced herein; and
(d) identifies our and your respective rights and obligations in relation to information collection and usage of your personal information.
Consent and Agreement
By providing, disclosing, or making available your personal information to DAC, or authorizing others to do so, in the ways described in this Policy:
(a) you represent and warrant that you are authorized to provide and make available that information to us;
(b) you accept and agree to be bound by this Policy as it may be modified or supplemented from time to time; and
(c) you consent to DAC using and processing all personal information that you directly or indirectly provide, disclose, or make available to us in the manner set out in this Policy.
If you do not agree and consent to our Policy or practices, you should not register, subscribe, create an account, or otherwise interact with DAC’s Website, with our products or services, or with DAC’s mobile-device applications. In particular, you should not directly or indirectly provide, disclose, or make available any of your personal information to us, and you will not authorize anyone else to do so.
You may revoke your consent at any time, in which case DAC will stop using and processing your personal information.
We will not use or share your personal information with anyone except as described in this Policy.
You Are Not Required to Provide Personal information
You are not required to provide any personal information to us, but if you do not provide any personal information to us, you may not be able to use certain features of DAC’s Website. You can use DAC’s Website without consenting to cookies that are not strictly necessary, but, as a consequence, your experience on DAC’s Website will be less tailored to you and certain features of DAC’s Website may not be fully functional.
Confidential Information Excluded
This Policy does not protect information that is merely confidential or secret (“Confidential Information”) except to the extent that it may also be personal information, in which case it will only be protected to the extent that this Policy protects all personal information. We will not treat any information you provide to us as confidential or secret unless we expressly agree to do so in a written contract before we receive delivery of or access to the information.
We accept no responsibility or liability for any Confidential Information that you may directly or indirectly provide or make available to us in any other context, and you waive and release all claims relating to such Confidential Information. If you wish to preserve the confidentiality of your Confidential Information, you must not provide, disclose, or make it available to us without first securing our express written agreement.
This Policy is derived from the Model Code for the Protection of Personal Information of the Canada Standards Association (Can/DAC-Q830-96) and is intended to comply with the General Data Protection Regulation
(“GDPR”) of the European Parliament and Council. The GDPR mandates that DAC protect the personal information and privacy of EU “data subjects”. If there is any conflict between any provision of this Policy and the GDPR in relation to EU “data subjects”, then, the GDPR principles shall govern to the extent of the conflict. References to “personal information” in this Policy include “personal data” as used in the GDPR.
Collection and Use
If you request information, products, or services through DAC’s Website, or you are providing services or products to DAC, you may be asked to provide personal information. DAC may collect personal information about you in connection with our services and activities.
When working with DAC or using DAC’s Website, you may be prompted to register for an account, and in doing so, DAC may ask you for personal information such as your name, contact details (including mailing address, email address, username and password, or credit card information). In addition, you may be providing or making available personal information when:
(a) communicating with DAC via phone calls, chats, emails, web forms, social media, and any other methods of communication;
(b) subscribing for DAC’s marketing material;
(c) applying for employment; or
(d) providing products or services to DAC.
We collect personal information to enhance our ability to provide you with information, products and services, or to personalize your experience. In some cases, we may share your information with third-party service providers. We may also use your personal information to support our business functions, such as fraud prevention, marketing, research, analysis, and legal functions.
For greater certainty, we may use your personal information for any or all of the following purposes:
(a) providing you with information, products, services and programs that we believe respond to your interests and needs; (b) answering your questions and addressing your concerns;
(c) investigating and responding to suspected breaches of contract or violations of DAC policies or procedures;
(d) investigating and responding to suspected contraventions of law;
(e) contacting you in the unlikely event of a data security breach or a legal proceeding;
(f) contacting you if we believe doing so is in your best interest; and
(g) meeting legal and regulatory requirements or industry best practices.
When you visit or interact with DAC’s Website, we may collect Technical Data that is generated automatically by the interaction of your web browser and DAC’s Website. “Technical Data” is information that does not, by itself, identify a specific individual but which could be used indirectly to do so. For greater certainty, Technical Data may include, without limitation:
(a) your Internet Protocol (“IP”) address;
(b) the website from which your interaction may originate or from which it is referred or linked;
(c) the amount of time you spend visiting DAC’s Website;
(d) the pages of DAC’s Website that you visit and how you interact with those pages;
(e) whether you link to DAC’s Website through a search engine, and, if so, which search engine you used;
(f) the keywords, browser type, and browser language you used to find DAC’s Website; and
(g) the date and time of your activities at DAC’s Website.
Our computing resources and analytic services (described below) automatically record and analyse Technical Data. DAC may also retain the services of third-party service providers, whose services may include analysing, monitoring and facilitating visitor interactions on DAC’s Website.
Gathering your Technical Data helps us to track visits to DAC’s Website, to understand and evaluate the visitor’s experience, to improve the content and layout of DAC’s Website, to customize the web experience at DAC’s Website, to ensure that DAC’s Website and other services work correctly, and to support our customer analytic efforts.
DAC will only attempt to link the logs to identifiable individuals if that is necessary for investigating a data security breach, a breach of contract, a violation of DAC’s policies and procedures, or a contravention of laws.
Disclosure to Others
Subject to the exceptions identified below:
(a) the personal information you provide through our site is not disclosed to third parties without your consent;
(b) we do not sell, rent, or trade your personal information to other organizations or companies without your explicit consent; and
(c) when your personal information is shared with others, it is only in ways that we first explain to you.
Regardless of the foregoing, DAC may share your personal information with others to the extent that it considers to be reasonably necessary to:
engage or deliver to you the services of trusted service providers;
comply with law or legal process, including a demand, order, or formal request made by a law enforcement official, a government institution, or a judicial or regulatory authority;
investigate a suspected breach of contract, breach of DAC’s policies or procedures, or violation of law;
respond to and manage an apparent data security breach or to satisfy obligations relating to a legal or administrative proceeding.
Depending on the nature of those events and applicable law, DEC reserves the right to make such disclosures without first notifying you.
DAC may transfer personal information from its home country (Canada) to other countries, as DAC considers to be reasonably necessary or helpful to process data, manage its computing resources, and administer its operations.
To protect your personal information, we will only transfer personal information to countries who provide an “adequate” level of legal protection for personal information.
If your personal information is transferred to countries without ‘adequate’ protection (as determined by the European Parliament), we will employ additional safeguards to help ensure that your data is protected.
Any personal information collected about EU “data subjects” via DAC’s Website is processed in Canada, the United States of America, or the European Union by DAC or by a third party acting on our behalf.
When you provide personal information to DAC, you consent to the processing of your information in Canada, the United States of America or the European Union. To the extent that DAC’s Websites or processing services are hosted in the United States of America, those companies are Privacy Shield certified.
Security of all information is of the utmost importance for DAC. DAC uses technical and physical safeguards to protect the security of your personal information from unauthorized disclosure. We use current best-practice encryption algorithms to keep all information secure. We also endeavor to ensure that only necessary people and third parties have access to personal information.
Nevertheless, such security measures cannot prevent all loss, misuse or alteration of personal information and we are not responsible for any related damages or liabilities to the fullest extent permitted by law. You waive and release all claims relating to a data breach.
In the case of a data breach, we will make reasonable efforts to notify you promptly of any loss, misuse or alteration of personal information that may affect you as may be required by law. We will notify relevant regulatory bodies within 72 hours of a breach.
We also require our third party service providers to agree to hold and use all personal information that we share with them only as reasonably required to perform their obligations under the applicable contracts between them and DAC. These third party service providers are expected to maintain privacy and security protections that are consistent with DAC’s privacy and information security policies. More information on our security measures can be found by contacting our Privacy Officer.
Retention and Storage
DAC retains your personal information for business purposes, for as long as DAC considers to be reasonably necessary for its normal operations or to comply with its legal obligations, resolve disputes, and enforce its agreements and policies.
We may also retain cached or archived copies of your personal information for a reasonable period of time. At any point in time, you can withdraw consent and we will immediately stop processing your personal information.
Rights Mandated by GDPR for EU “Data Subjects”
The following rights apply to EU “data subjects”. To exercise these rights, EU “data subjects” should contact DAC’s Privacy Officer via the communication channels set out at the beginning of this Policy.
Right of Access - You have the right to obtain from us confirmation as to whether your personal information is being processed, and, where that is the case, to request access to your personal information.
Your right of access includes, among other things, the purposes of the processing, the categories of personal information concerned, and the recipients or categories of recipients to whom the personal information have been or will be disclosed.
You have the right to obtain a copy of the personal information being processed. Subject to applicable law, we may charge a reasonable fee for copies, based on administrative costs.
Right of Rectification - You have the right to require us to rectify any inaccurate personal information concerning you. Depending on the purposes of the processing, you have the right to have incomplete personal information completed, including by means of providing a supplementary statement. In that case, please notify DAC’s Privacy Officer and we will update or correct your personal information.
Right of Erasure - You have the right to ask DAC to erase all of your personal information to the extent it is not required for legally required purposes.
Right to Restrict Processing - You have the right to request restriction of processing of your personal information, in which case, it would be marked and processed by us only for certain purposes.
Right of Data Portability - You have the right to receive your personal information which you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit the personal information to another entity without hindrance from us.
Right to Object - You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal information by us and we can be required to cease processing your personal information generally of for particular purposes.
If you have a right to object and you exercise that right, your personal information will no longer be processed for such purposes by us. Exercising this right will not incur any cost. Such a right to object may not exist, in particular, if the processing of your personal information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
Right to Submit Complaints - You have a right to lodge a complaint with a supervisory authority. These rights may be limited under applicable national data protection laws.
Changes to this Policy
Any changes to this Policy will be posted at the same location as this Policy. Where there is a significant change to this Policy, we may also elect to email our registered users with the details of the changes, and where required by law, we will obtain your consent to these changes.
Questions and Contact information
DAC takes full responsibility for the management and protection of the personal information it collects through DAC’s Website. By providing this Policy, DAC pledges its continued commitment to protecting the personal information you give us.
If you believe DAC is not abiding by this Policy or you have concerns about DAC’s online information handling practices please contact DAC’s Privacy Officer.