Privacy Policy
EFFECTIVE DATE: 2021-09-01
LAST UPDATED ON: 2021-09-01
Introduction
The official and binding version of the privacy policy is the English version, any versions in other languages are translated for reference only.
While you use our platform and access our website, we are processing your personal information. You have the right to know what we do with it and the choices you have over your personal information. This Privacy Policy (or "Policy") is addressed to all individuals whose personal information we are processing. Our privacy practices are based on the Personal Information Protection and Electronic Documents Act (“PIPEDA), Canada Anti-Spam Legislation ("CASL"), and ten internationally recognized privacy principles. In this Privacy Policy, when we say “we”, “us” and “our”, we are referring to Jumping Elephants, an organization based in Ontario, Canada. When we say “you”, or “individual(s)”, we are referring to:
- the person accessing our website (“User”); or
- the person participating in our research (“Participant”).
When we say “processing”, we are referring to the collection, use or disclosure of your personal information.
For the purposes of PIPEDA, personal information means information about an identifiable individual. It does not apply to business contact information such as an employee’s name, title, business address, telephone number or email addresses that is collected, used or disclosed solely for the purpose of communicating with that person in relation to their employment or profession. If you have any questions or concerns about this Policy, please feel free to contact Alasdair Stuart-Bell at alasdair@jumpingelephants.ca
In this Privacy Policy, we will tell you:
- What personal information we are collecting and in what circumstances we collect it;
- The purposes for which we collect and use your personal information;
- The organizations with whom we may disclose your personal information and the purpose of such disclosure;
- How long we will retain your personal information;
- How we safeguard your personal information;
- What are your rights and how you can exercise them;
- How we deal with children’s privacy; and
- What happens if we make any change to this Privacy Policy.
1. What personal information do we collect and in what circumstances do we collect it?
We collect your personal information under the following circumstances:
- You provide it to us directly;
- We collect it from external sources, or
- We collect it by using automated means.
1.1. The personal information you provide us directly
In short: During the various interactions we have with you, you may be required to provide us with personal information. For example, we collect personal information when you fill a form on our website, create an account, subscribe to our newsletter, or apply to a job. The personal information we collect may vary whether you are a Participant or a User of our website.
In detail: The personal information you provide to us directly are the following:
- Identifiers and profile information, i.e., real name, alias, online identifier, IP address, email address, date of birth;
- Demographic information, i.e., postal address, province, country of residence, telephone number;
- Sensitive information, i.e., religion, medical condition, biometric information (physiological, behavioral, biological characteristics, voiceprints), union membership, data relating to health or sexual orientation;
- Lifestyle and economic information, i.e., information relating to your personal property, professional life, approximate income, family, economic and financial circumstances, employment-related information (current or past job history);
- Engagement information, such as information on products and services that you purchase, or the promotional offers that you participate in; your relationship with us;
- User Content, such as content of communications, suggestions, questions, comments, feedback, and other information you send to us, that you provide to us when you contact us, or that you post on our website (including information in alerts, folders, notes, and shares of content).
1.2. Personal information we collect from external
In short: In certain circumstances, we collect information about you from our trusted partners.
In detail: We may collect information about you from our trusted partners that are our clients, such as the Government of Canada departments who hire us to help make their websites and
- to send marketing, advertising and promotional offers relating to our products and services by post, e-mail, mobile notifications, on social networks or any other medium;
- to share and exchange your personal information with our partners so that they may contact you with offers they think might be of interest to you;
- to send marketing, advertising and promotional messages relating to the products and services of our partners by postal mail, e-mails, mobile notifications, on social networks or any other medium; and
- to set up contests or other promotional or event operations with commercial partners.
2. How do we obtain your consent?
In short: We will obtain your consent, whether express or implied, to collect, use or disclose personal information. There are also some situations where we are authorized by law to do so without your consent. In determining the appropriate form of consent, we will take into account the sensitivity.
In detail:
When do we collect your express consent?
Express consent occurs when you provide us personal information voluntarily after we have presented you with the purpose of the collection of our information. It can be given in writing or verbally. When we rely on your express consent, you will always be prompted to take a clear affirmative action so that we can ensure that you agree with the collection of your personal information. This action may, for example, take the form of a checkbox. Before obtaining your consent, we will systematically inform you of the purposes of the collection, use and disclosure. In accordance with CASL, we will ask for your express consent to send you direct marketing communications.
When do we collect your implied consent?
Implied consent occurs when you voluntarily provide us personal information for a reasonable purpose that you consider appropriate. For example, we collect your implied consent when you fill in a form to participate in our research studies, after you have signed up to our website.
The limited situations where we do not collect your consent
There are limited situations as permitted under legislation where we will not collect your consent, including the following:
- When the collection, use or disclosure of personal information is permitted or required by law;
- In an emergency that threatens your life, health, or personal security;
- When your personal information is available from a public source (e.g., a telephone directory);
- When we require legal advice from a lawyer;
- For the purposes of collecting a debt;
- To protect ourselves from fraud;
- When the disclosure is carried out in the context of a business transaction, prospective party, for the purpose of deciding whether to proceed with a business transaction or not;
- To investigate an anticipated breach of an agreement or a contravention of the law.
3. To whom do we disclose your personal information?
Disclosure happens if we make personal information available within or outside of our organization.
3.1. Disclosure of personal information within our organization
In short: We commit to disclose your personal information to a limited number of individuals within our organization.
In detail: The following categories of individuals within our organization may have access to some of your data: key relations clients, administrative, accounting and management control, and IT. Access to your data is based on individual and limited access permissions. Staff who can access personal information are subject to an obligation of confidentiality and are specifically trained in privacy regulations.
3.2. Disclosure of your personal information outside of our organization
In short: In certain circumstances, we disclose your personal information to external organizations (e.g., our service providers, or social media platforms, our business partners…) or public authorities. We do not and will not sell any personal information to third parties for marketing or any other parties for commercial purposes.
In detail: The following entities have access to your personal information:
Our service providers
Our service providers have access to your personal information for operating certain functions of our platform, in particular for analytical purposes. Your information will be treated with the same level of privacy and security as we are committed to providing and will not be used for other purposes than that which we authorize.
Our partners
Our partners may receive personal information when you are invited to use their website as part as our research. If you decide to visit the website of our partners, you allow them to access some of your information, in particular by logging into their sites or applications, their privacy policies will be applicable to you. We have no control over the collection, use and disclosure of your information when carried out by our partners on their own website.
Public authorities, judicial or administrative authorities
We may disclose your personal information when we are required or authorized by law to cooperate with local, national or international law enforcement or other authorities for the reporting of and/or investigation of improper or unlawful activities, or if we need to comply with court orders.
4. How long do we keep your personal information?
In short: We will not retain your personal information indefinitely. Our retention periods vary depending on whether we have an ongoing contractual relationship with you (you are an active Participant), whether we had a contractual relationship with you in the past (you are an inactive Participant) or whether you are a User of our website.
In detail: When retention of your personal information is no longer justified by legal, commercial or customer account management requirements, or if you have made use of a right of erasure, we will securely delete your personal information. We will retain your personal information for long as it is necessary to meet our legal obligations according to the main retention periods of applicable laws that we are subject to. Your personal information will be deleted as soon as the purpose for which they were collected is achieved.
5. Do we transfer your Personal Information outside Canada?
In short: Our partners as well as third party service providers that process or store your Personal Information on our behalf may be located outside of Canada.
In detail: Unless there is a legal or regulatory requirement to store, access and/or use Personal Information in Canada, we may use third party platforms located outside of Canada to process and/or store Personal Information for us. Please note that Personal Information in the custody of these third-party platforms may be subject to access by the law enforcement authorities of those jurisdictions in which the third parties are located.
6. How do we safeguard your personal information?
In short: Your personal information is important to us, and we take all useful precautions, with regards to the risks created by the processing that we carry out, to preserve the security of your personal information and, to prevent their alteration and damage, or any access by non-authorized third parties. These safeguards include physical, organizational and technical measures.
In detail: As we are responsible for your personal information, we implement appropriate technical and organizational measures in accordance with applicable legal provisions, to protect your personal information against alteration, accidental or unlawful loss, use, disclosure or unauthorized access. Safeguards include physical, organizational and technical measures including but not limited to
- The creation of a unit dedicated to the security of information systems;
- Raising awareness of the confidentiality requirements of our employees who have access to your personal information;
- Securing access to our premises and to our IT platforms;
- The implementation of a general IT security policy for the company;
- Firewalls, anti-virus, strong passwords and software solutions for technical security
7. How about children's privacy?
In short: We do not provide services directly to children and proactively collect their personal information.
In detail: We do not knowingly collect personally identifiable information from anyone under the age of 13. If we ever decide otherwise, we will update this Privacy Policy to adapt it specifically to children and put into place an age verification process. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
8. How do we ensure that the personal information we hold on you is accurate?
In short: We will ensure that the personal information we hold on you is, complete, and up-to-date as is necessary for the purposes for which it is to be used. You may request that we correct any errors or omissions by writing to uxm@jumpingelephants.ca or by logging into your user account.
In detail: We have established internal procedures to preserve the accuracy of the personal information that we receive. If you believe that the personal information we collect, use and disclose is not accurate, you can send us a request to correct personal information. This request must be made in writing and to uxm@jumpingelephants.ca. You should provide sufficient detail to identify the personal information and the correction being sought. We will update personal information as and when necessary to fulfill the identified purposes, or upon your notification. We will note in your file any unresolved differences as to accuracy or completeness. Where appropriate, we will transmit to third parties having access to the personal information in question, any amended information or request for amendment.
9. How can you request access to your personal information?
In short: You have the right to access to your personal information. Your request for access must be made in writing at the following address uxm@jumpingelephants.ca.
In detail: You have the right to access to your personal information, to information about the ways in which your personal information is or has been used, and to the names of the individuals and organizations to which your personal information has been disclosed. If your personal information is stored in electronic form, you will have the option to receive a copy of the information in electronic or paper form. Your request for access must be made in writing. You may be required to prove your identity before we give you access to your personal information. We will make the requested information available within 30 business days or provide written notice of an extension where additional time is required to fulfill the request. A minimal fee may be charged for providing access to personal information. Where a fee may apply, we will inform you of the cost and request further direction from you on whether or not we should proceed with the request. If we are authorized or required by PIPEDA to refuse access or to give you access to a limited amount of personal information (for example if the personal information is protected by solicitor-client privilege, or if it would reveal confidential commercial information), we will inform you in writing, stating the reasons for our refusal and outlining further steps that are available to you.
10. How can you request that we erase your personal information?
In short: You may ask us to erase personal information we have on you at any time and without penalty, you can close your account or ask us to remove pieces of information by sending an e-mail to uxm@jumpingelephants.ca.
In detail: If you wish to have any of your information removed from our databases, or if you no longer want us to send any further communications to you, you can send an e-mail to uxm@jumpingelephants.ca. Where your information is stored with our third parties, we will proceed as necessary to remove your information as requested. If you decide you no longer want us to send you further communications, we may still contact you for administrative purposes (for example, to notify you of a change to our website, change to this Privacy Policy).
11. How do we remain accountable and how can you challenge our compliance?
In short: We have established procedures for addressing and responding to all inquiries and complaints you may have regarding our handling of your personal information. You may contact us at uxm@jumpingelephants.ca.
In detail: We will investigate all complaints concerning compliance with this Policy in a timely manner. If a complaint is found to be justified, we shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. If we are unable to resolve the concern, you may write to:
Office of the Privacy Commissioner of Canada30, Victoria Street
Gatineau, Quebec
K1A 1H3
12. What happens if we make changes to this Policy?
In short: We may update this Policy to reflect changes to our information practices but we will not reduce your rights under this Privacy Policy without your express consent.
In detail: We will post any changes to this page and, if the changes are significant, we will provide a more prominent notice. We encourage you to periodically review our Privacy Policy for the latest information on our privacy practices and to contact us if you have any questions or concerns. If you have any questions or concerns about this Policy, please feel free to contact us at uxm@jumpingelephants.ca.