Effective Date January 1, 2020
1. Accountability and Openness/Compliance
StickySolutions is responsible for personal data under our control. We have established policies and procedures to effectively safeguard any confidential personal data that we collect and to deal with complaints and inquiries. We are committed to maintaining the accuracy, confidentiality, and security of your personal data, and we will ensure that you have access to information regarding the policies and procedures that we use to manage your personal data. StickySolutions has designated a Privacy Officer/Data Protection Officer (“Privacy Officer”) who is accountable for our compliance with this Policy and for ensuring that information about our policies and practices relating to the management of personal data is easily accessible. All questions or concerns regarding this Policy and our compliance with it should be directed to the Privacy Officer in writing and sent by email to: mailto:email@example.com Every complaint or challenge regarding our compliance with this Policy will be investigated, and where a deficiency is found to exist, we will take appropriate measures to address it. This may include amending our policies and procedures as necessary. We will also cooperate with regulatory authorities to resolve any complaints that cannot be resolved between us and an individual user.
By using the Services, you signify your agreement to the terms and conditions of this Policy and to our collection, use and disclosure of your personal data as set out herein. You may change or withdraw your consent to the collection, use or disclosure of your personal data at any time by contacting the Privacy Officer in writing at the address listed above (see: Accountability and Openness/ Compliance). In some circumstances, a change or withdrawal of consent may affect your ability to use the Services.
3. Collection and Retention of Information
We collect personal data only to the extent that it is necessary for the purposes set out below (see: Purpose – Why We Collect, Use and Disclose Information). Subject to any legal or accounting requirements, we will retain personal data only as long as necessary to fulfill the purposes for which it was collected. Personal data that is no longer required will be destroyed, erased or made anonymous, although copies of deleted information may continue to exist on backup media.
Information that we may collect includes: User Submitted Information We collect certain personal data at the time users register to create an account or update their account details including a user’s name, e-mail address, and other contact information. We also collect personal data that users submit through their use of the Services, including when they submit contact and other information they have collected from their email subscribers and when they create and send email campaigns.
Usage Data We collect certain non-identifying information about the usage of the Services, including information about how users are using the Services and the characteristics of those users. This information is anonymized and is not used by us to identify you as an individual.
Account Deletion Requests At any time you can request to have your account data deleted by contacting us. Upon receiving the request we will send you an email to confirm this request. After successful confirmation, your account will be marked for deletion in 30 days. During this 30 day period, you may request to have your account reactivated by contacting us. After 30 days your account is permanently deleted and can not be reactivated. For more information about account deletion processes, please see the section called Data Retention Policy below. Account Inactivity To protect your privacy and your data, if your account is not active for a period of 1 year, it will automatically be permanently deleted. 30 days prior to this deletion, an email notification will be sent to the account email address with information about the deletion and instructions on how to keep the account active if desired. For more information about account deletion processes, please see the section called Data Retention Policy below.
Data Retention Policy An account can be permanently deleted by either a deletion request or from account inactivity. We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These may include retention periods: -needed to maintain adequate and accurate business and financial records -for resolving, preserving, enforcing or defending our contractual/legal rights -mandated by law, contract or similar obligations applicable to our business operations -to protect recipients from spam or malicious emails
Technical and Device Information We collect certain non-identifying information related to a user’s access to the Services, including the Internet Protocol (IP) address of the user’s computer, the date and time the user accessed the Services and the operating system that the user is using. We make no attempt to link this information with the identity of individuals visiting our website without express permission. We may, however, review server logs and anonymous traffic for system administration and security purposes, for example, to detect intrusions into our network, for planning and improving web services, and to monitor and compile statistics about website usage. The possibility, therefore, exists that server log data, which contains users’ IP addresses, could in instances of criminal malfeasance be used to trace and identify individuals. In such instances, we may share raw data logs with the appropriate authorities for the purpose of investigating security breaches.
When visitors come to your site, third parties (such as AdRoll) may place cookies on their browsers for targeted advertising purposes. You can opt out of this targeted marketing by going to www.aboutads.info or networkadvertising.org/choices. Most web browsers automatically accept cookies, but if you do not wish to have cookies on your system, you should adjust your browser settings to decline them or to alert you when cookies are being sent. If you decline cookies, you will still be able to use the Services, but your ability to access certain features and functions may be affected.
Microsoft Internet Explorer: http://www.microsoft.com/info/cookies.htm Google Chrome: https://support.google.com/accounts/answer/61416 Mozilla Firefox: http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html Apple Safari: Blocks cookies by default and accepts cookies only from your current domain. To change, click Safari, Preferences, Security, and choose your preference. StickySolutions uses a few advertising networks and they offer you a way to opt out of targeted advertising. For more information please see our Website Cookies information.
A “web beacon” is an invisible electronic image that is used to track certain information. We use web beacons on our websites, in emails, we send to you and in emails, you send through the Services. The information gathered from the web beacons, such as who opened emails or clicked on links in the emails or on our websites, allows us to measure the success of email campaigns and to improve the Services.
4. Purpose – Why We Collect, Use and Disclose Information
We will identify the purposes for which we collect personal data before or when we request the information. We will not collect personal data which is not necessary and, except as specified below, will not use or disclose personal data for any purpose other than the purpose(s) for which it was collected without first obtaining your consent. The information that we collect is used and disclosed only for business purposes. This includes:
to enable you to access and use the Services; to process, track and communicate with you about the usage of the Services; to establish, maintain and manage business relations with you so that we may provide you with the information, products or services that you request; internal business purposes, such as administering or improving the Services; to perform internal market research and conduct polls and surveys; to obtain feedback regarding the Services and our ability to address a user’s needs; to provide users with information and promotional materials regarding StickySolutions and StickySolutions’ products and services; to protect us against error, fraud, theft or damage to our goods, our business or our property; to comply with any legal, accounting and regulatory requirements, including reporting requirements, applicable laws, and any search warrants, subpoenas or court orders; and any other reasonable purpose for which you provide consent. We may collect, use or disclose your personal data without your knowledge or consent where we are permitted or required to do so by applicable law, government request or court order, or based on our good faith belief that it is necessary to do so in order to comply with such law, request or court order, or to protect our assets, the users of our website, or the public.
5. Disclosure to Third Parties
We may disclose your personal data in response to requests from government agencies, law enforcement authorities, and regulators, or to satisfy legal or regulatory requirements. We may also disclose your personal data when we buy a business or sell all or part of our business. You further acknowledge and agree that, in the course of providing the Services to you, we may delegate our authority to collect, access, use, and disseminate your information to third party subcontractors. Third party subcontractors may include web hosts, payment processors, delivery and logistics providers, social network integrators, and membership vendors. If we transfer any personal data to a third party subcontractor, we will provide the subcontractors only with the information needed to perform the subcontracted service, and will use appropriate contractual or other means to provide a comparable level of protection while the information is being used by them.
6. Safeguards – How Information is Protected
We maintain reasonable security safeguards to protect personal data in our possession or under our control from loss or theft, and from unauthorized access, disclosure, copying, use or modification, regardless of the format in which the information is held. The safeguards applied will depend on the sensitivity of the personal data, with the highest level of protection given to the most sensitive personal data. We use user IDs, passwords and encryption technology, and restrict the employees and contractors who have access to personal data to those having a “need to know” and who are bound by confidentiality obligations in order to ensure that information is handled and stored in a confidential and secure manner. When destroying personal data, we delete electronically stored personal data and shred any tangible materials containing personal data. While we will endeavor to destroy all copies of personal data, you acknowledge that deleted information may continue to exist on backup media but will not be used unless permitted by law.
We will continually review and update our security policies and controls as technology evolves. However, no security technology can be guaranteed to be failsafe. Using the Internet or other public means of communication to collect and process personal data may involve the transmission of data on an international basis and across networks not owned and/or operated by us. Therefore, by using the Services and/or communicating electronically with us, you acknowledge and agree to our processing of personal data in this way and agree that we are not responsible for any personal data which is lost, or which is altered, intercepted or stored by a third party without authorization. For more information please see our Security information.
7. Accuracy / Access
StickySolutions has a responsibility to ensure that all personal data contained in our records or which is disclosed to third parties for the purposes described above is accurate, complete and up-to-date. You may make a request in writing for access to your personal data. We will inform you of your personal data held by us, and provide an account of the use that has been made of the information, as well as identify any third parties to whom the information has been disclosed. You may have reasonable access to your personal data, and if you demonstrate the inaccuracy or incompleteness of personal data, the information will be amended as appropriate. You should advise us immediately if you discover inaccuracies in our data, if your personal data changes, or if you wish to have your information removed from our files. All notices and requests should be in writing and sent to the Privacy Officer at the address listed above (see: Accountability and Openness/Compliance).
8. International Transfer and Storage of Information
You acknowledge and agree that your personal data may be transmitted, transferred, processed, and/or stored outside of Canada, including in the United States and in the EU, and therefore may be available to governmental authorities under lawful orders and laws applicable in such jurisdictions. We will use reasonable means to ensure that your information is protected, but cannot guarantee that the laws of any foreign jurisdiction will accord the same degree of protection as the laws of Canada. If your use of our Services requires StickySolutions to process personal data falling under the scope of the GDPR, StickySolutions’ GDPR Data Processing Addendum is available upon request.
9. Third Party Content and Links to other Websites
The Services may contain optional links to third party Internet websites and services. You acknowledge that these third parties may collect data from users or their computers. The accessing and use of third party websites or services is at your own risk, and we cannot assume responsibility for the privacy practices, policies or actions of the third parties who operate those websites or services. This Policy applies only to the StickySolutions Services, and we encourage you to review the privacy policies of any third parties when using their websites or services.
Minors (persons under the age of majority as defined in your jurisdiction) are not eligible to use the Services unsupervised, and we request that minors do not submit any personal data to us. If you are under the age of majority in your jurisdiction, you may only use the Services in conjunction with and under the supervision of an adult. StickySolutions does not knowingly collect personal data from minors.
11. Notice of Breach
In the event of a security breach causing unauthorized intrusion of our Services that materially affects you or your contacts, StickySolutions will notify you as soon as possible and later provide a report of the action we took in response to this intrusion. We have an internal protocol document in our policies and procedures that are followed in the event of a possible breach. Our system administrators and Privacy Officer/DPO are involved immediately in this protocol.
12. California-Resident Specific Rights
To the extent you are a ‘consumer’ as defined under the California Consumer Privacy Act of 2018 (“CCPA”) and StickySolutions is a ‘business’ as defined under CCPA, the following applies to you: Subject to the provisions of the CCPA, you have the right to request in the manner provided herein, for the following:
a. Right to request for information about the:
– Categories of Personal Data StickySolutions has collected about you.
– Specific pieces of Personal Data StickySolutions has collected about you.
– Categories of sources from which the Personal Data is collected.
– Business or commercial purpose for collecting Personal Data.
– Categories of third parties with whom the business shares Personal Data.
b. Right to request for deletion of any Personal Data collected about you by StickySolutions.
If you seek to exercise the foregoing rights to access or delete Personal Data which constitutes ‘personal information’ as defined in CCPA, please contact us at firstname.lastname@example.org. We respond to all requests we receive from you wishing to exercise your data protection rights within a reasonable timeframe in accordance with applicable data protection laws. By writing to us, you agree to receive communication from us seeking information from you in order to verify you to be the consumer from whom we have collected the Personal Data from and such other information as reasonably required to enable us to honor your request.
The list of categories of Personal Data collected and disclosed about consumers are enlisted under the heading ‘3. Collection and Retention of Information’ and the list of categories of third parties to whom the Personal Data was or may be made disclosed are enlisted under the heading ‘5. Disclosure to Third Parties’. Separately, StickySolutions does not sell your Personal Data.
13. Other Data Rights
StickySolutions takes reasonable steps to ensure the data we collect is accurate, complete and up to date and is reliable for its intended use. You can manage most of your data through the Services, however, you can always contact us directly through our support channel if you have any questions about your data. If you would like to contact us directly about deleting, updating or accessing your personal data you can email us directly at email@example.com. We will honor your request in accordance with applicable laws.
If you are using our Services to process personal data from certain territories such as the European Union, you may have broader data protection rights identified below:
The right to be informed: (see: Collection and Retention of Information) The right of access/rectification: (see: Collection and Retention of Information for details on what data we collect and how we use it). You can access and update your StickySolutions account and profile information at any time via our Services. Your contacts may contact you or us directly to request information we hold about them. You always have access to your contact’s detailed information that can be updated or corrected upon request from your contacts. Contacts can contact StickySolutions directly to request their information to be updated or corrected.