Privacy policy

Designing Privacy : website Privacy Notice

Introduction

This Policy (website Privacy Notice) sets out how we, at Designing Privacy (“we, “us”, “ours”),  collect and use personal information, and your choices and rights regarding our use of your personal information.

This Policy describes our practices when using your information when you: 

1. visit our website www.designingprivacy.ca or social media sites (Twitter (X), Instagram and Facebook)
2. comment or make an inquiry on our web or social media sites;
3. express an interest in or have signed up for our course or products including newsletters, webinars, blogs and e-books;
4. register for, and attend a virtual or in-person event or webinar
5. purchase admission to an event or a course or other products offered on our website www.designingprivacy.ca; or
6. enter a contest or participate in a survey we offer via our web or social media sites

You will be shown an additional confidentiality notice before participating in a survey or diagnostic. Please note that in cases where the terms of any such contest or survey, the confidentiality notice conflicts with any terms in this Policy, the terms of that notice will take precedence over the terms in this Policy. We will not use information we collect via our survey or diagnostic tools to contact you for marketing purposes.

This Policy will apply whether you have provided the information directly to us or we have obtained it from a different source, such as a third party.

1. INFORMATION THAT WE COLLECT ABOUT YOU

1.1 Data we collect and use

Information we collect directly from you or from the following sources: Social media sites and other external internet sites, such as LinkedIn; and such as when you provide contact details, payment card information, answer online questionnaires, or feedback forms; Any inquiry you submit through our website www.deisgningprivacy.ca Any email you submit through the LinkedIn email address listed as contact LinkedIn inquiry through their messaging tool
Categories of information we collect about you include:	Personal information such as name, contact details, and company information; Communications with you; Information you provide when posting content on social media sites.
We use this information for certain activities, including:	Facilitating our  business through communications with you, for example, to communicate about details of our webinars; For internal analysis and research to help us improve our existing products and services, and create new products and services; To send our newsletter, if you subscribed to it; Administering our website, investigating any complaints and providing customer service; Monitoring social media content to manage relations with our clients and promote our business and brand.
We use this information because:	It is necessary to comply with applicable laws or regulations; We have a legitimate business interest to: Manage and promote our business and brand; Provide and improve our services; Operate our business; and We have your consent (where required under applicable law) to use your information for marketing. Where we rely on your consent, you have the right to withdraw consent by contacting us.
Information we collect about the use of our website and apps from users.
Categories of information we collect about you include:	Information captured in our web logs such as device information (e.g. device brand and model, screen dimensions), unique identification numbers (e.g. IP address and device ID), and browser information (e.g URL, browser type, pages visited, date/time of access), geo-location and other device-specific information, Internet connection information; Advertising information (such as size/type of ad, ad impressions, location/format of ad, data about interactions with ad); At this time we do not use cookies on our website
We use this information for certain activities, including:	Personalizing the experience of our website; Administering our website; Performing statistical and trend analysis to improve the user experience and performance of our website; Detecting and preventing fraudulent and/or unlawful use of our website(s), products and services, including user-provided review content; Investigating any complaints.
We use this information because:	It is necessary to comply with applicable laws or regulations; We have a legitimate business interest to: Monitor, investigate and report any attempts to breach the security of our websites; Improve the performance and user experience of our websites; Customize the client experience.
Information we collect from participants of a survey or diagnostic.
Categories of information we collect about you include:	Personal information such as name and title, contact details, and company name; and Responses to survey or diagnostic questions.
We use this information for certain activities, including:	Validating and analyzing survey and diagnostics; Providing our services; and Developing new products and services.
We use this information because:	We have a legitimate business interest to: Better understand our existing and prospective clients; and Validate and update our products and services.

1.2 Special categories of information

Certain types of personal information are more sensitive than others. This includes information about health, disability, race, ethnicity, criminal offences (or alleged offences), political opinions, biometric information or religion. It is voluntary for you to disclose this information, but where we collect and receive these types of information about you, we have identified the type of special information, how we will use it and why we will use it.

Information we collect when you attend one of our virtual or in-person conferences
Categories of information we collect about you include:	Dietary requirements that may imply specific religious beliefs or medical conditions. Any physical or mental disability or impairment you may disclose to us to ask for special accommodations.
We use this information for certain activities, including:	Providing hospitality that is suitable for attendees of our conferences.
We use this information because:	You have consented by providing us with the information. Where we rely on your consent, you have the right to withdraw your consent by contacting us.
Special category information that you choose to provide voluntarily as part of a survey
Categories of information we collect about you include:	Certain surveys may be configured to collection optional demographics such as race, ethnicity or disability status.
We use this information for certain activities, including:	Validating and analyzing surveys; Providing our services; and Developing new products and services.
We use this information because:	You have consented by providing us with the information. Where we rely on your consent, you have the right to withdraw your consent by contacting us.

1.3 Further information

Where we collect and use information for our legitimate interests as mentioned above, a legitimate interest will only apply when we consider that your interests or rights requiring protection of your personal information do not override our legitimate interests. For more information regarding our legitimate interests as applied to your personal information, please contact us.

Our websites and online services are for individuals who are at least 18 years old. Our online services are not designed to be used by individuals under the age of 18.

In certain circumstances, if you do not provide personal information which is required, we will not be able to perform our contractual obligations or provide you with products and services. When this is the case, we will make it clear. 

Recorded Communications with us

We may ask to record calls for postponed viewing purposes. All recordings will be treated as confidential. If you do not want us to record your call, you will be given a chance to opt out. If your call is already in progress, you may ask us to turn off the recording at the start of the call. 

Payment Card Information

Where you choose to pay for any of our products or services using your payment card, we will collect your personal data connected to your payment card. We use this personal data in order to process your payment and to prevent fraudulent transactions. We do this on the basis of your consent to process this information and we use a third-party reputable processor which is offered through our website platform.

2. WHEN WE DISCLOSE YOUR PERSONAL INFORMATION

We may disclose your personal information to third parties as follows:

• When we have your consent or authorization to do so;
• When you engage directly with us at an in-person or virtual event, expressly showing an interest to interact with us; 
• To third parties who work on our behalf to service or maintain business contact databases and other IT systems, e.g., suppliers of the IT systems which we use to process personal information, or who provide other technical services, such as printing;
• To third parties providing services to us or on our behalf who have a need to access your information, e.g., our professional advisors (e.g. auditors and lawyers) or venues for our online or in-person events; 
• To comply with applicable laws, protect rights, safety and property, and respond to lawful requests from public authorities (e.g., disclosing data in appropriate situations for national security or law enforcement purposes);
• Subject to applicable law, in the event that we merge or we are sold, or in the event of a transfer of some or all of our assets (including in bankruptcy), or in the event of another corporate change, in connection with such a transaction, or for pre-transaction review in relation to such transactions.

Your personal information may be shared if we anonymize and/or aggregate it, as in these circumstances the information will cease to be personal information.

Utilization Information

We do not share utilization information

3. YOUR DATA – KNOW YOUR RIGHTS

In certain circumstances, you have certain rights regarding your personal information. A summary of each right and how you can exercise it is set out below. To opt out of receiving commercial communications, please send an email to contact us. To exercise any of your other rights (such as the right to access or deletion of your information), please complete the form on our website: https://designingprivacy.ca/pages/contact

Such requests should include information to allow us to verify your identity (e.g., your name, address, email address or other information reasonably required). 

Where we receive your request to exercise one of these rights, we will respond without undue delay and within the time required by applicable law. This may be extended in certain circumstances, e.g., where requests are complex or numerous.

We will provide the information free of charge, except where requests are manifestly unfounded or excessive, e.g. because of their repetitive character. In these circumstances we may charge a reasonable fee or may refuse to act on the request. We will advise you of any fees prior to proceeding with a request. We may ask for additional information to verify your identity before carrying out a request.

Right	How you can exercise the right
Right to access and/or correct your personal information	You have the right to access personal information we hold about you and to be provided with a copy of the information (in most circumstances). You also have the right to correct any information we may hold about you that is inaccurate.
Right to restrict use of your personal information	You have the right to ask us to restrict processing of your personal information where one of the following applies: The processing is unlawful but you want us to restrict use of the data instead of deleting it; Where you contest the accuracy of your personal information, the restriction will apply until we have verified the accuracy or corrected your personal information; We no longer require the personal information for the purposes of processing, but are required to keep it in connection with a legal claim; You have exercised your right to object to the processing. The restriction will apply until we have taken steps to verify whether we have compelling legitimate grounds to continue processing.
Right to request deletion of your personal information	You have the right to ask us to delete your personal information in certain circumstances. If you want to opt-out from receiving marketing communications, the best way to do so is to allow us to retain your information with a “do not contact” tag so we know not to contact you in the future.  There are also certain exceptions where we may refuse a request for erasure, for example, where the personal information is required to comply with a legal obligation or for the establishment, exercise or defense of legal claims.
Right to object to processing of your personal information	You may object to our use of your personal information for marketing purposes. You may also object to processing of your personal information in cases where we have used legitimate interests as the basis for processing. In such cases, we will stop processing your personal information until we verify that we have compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms in asking us to stop processing the data, or in limited cases where we need to continue processing the data for the establishment, exercise, or defense of legal claims.
Right to data portability	In most cases, you have the right to receive all personal information you have provided to us in a structured, commonly used, and machine-readable format and to transmit this data to another data controller, where technically feasible.
Right to lodge a complaint with a supervisory authority	If you object to our processing of your personal information, you have the right to complain to the Privacy Regulators in the province or country where you reside, where you work, or where the alleged infringement of data protection laws has taken place. We agree that any disputes regarding our privacy policies and related actions regarding personal information from data subjects in the EU can be heard by a DPA and we will be subject to the determination of those bodies. Please contact us to be directed to the relevant DPA.

4. INTERNATIONAL TRANSFERS

We are not a global company and we will not knowingly transfer your personal information to a third-party outside Canada. Should we engage with a third-party that transfers your information outside of Canada, we will update this Privacy Policy and take reasonable steps to ensure that personal information is protected and any such transfers comply with applicable law.

5. RETENTION PERIODS

We will retain your personal information for as long as required to perform the purposes for which the data was collected, depending on the legal basis for which that data was obtained and/or whether additional legal/regulatory obligations require us to retain it.  

In general terms, this will mean that your personal information will be kept for the duration of our relationship with you and:

• the period required by tax and company laws and regulations; and
• as long as it is necessary for you to be able to bring a claim against us and for us to be able to defend ourselves against any legal claims. This will generally be the length of the relationship plus the length of any applicable statutory limitation period under local laws. 

6. CHOICES ABOUT YOUR INFORMATION

We believe it is important to give you choices about the use of your information. We will use your information as described in this Policy (or any other conference- or service-specific Privacy Policy). If we want to use your information for a purpose not described in this Policy, we will first get your consent to do so.

Marketing Communications

We will respect your wishes not to receive marketing communications. You can change your marketing preferences by contacting us at the address here. If you gave us your email address to receive marketing communications, you can opt out at any time by using the unsubscribe links or instructions included at the bottom of our emails. Please note that we will continue to send you service-related communications regardless of any opt-out request. We will not sell or share your information with third parties (other than our subsidiaries or affiliates) for their own promotional or marketing purposes unless you give us consent to do so and where permitted by applicable law.

7. SECURITY

We have implemented administrative, technical, and physical security measures to help prevent unauthorized access. Despite these measures, no data transmission over the Internet can be entirely secure, and we cannot guarantee or warrant the security of any information you transmit via our websites or apps. 

We make reasonable efforts to restrict the amount of personal information necessary for us to provide you with our services as well as  access to your information on a strict need to know basis, in order to operate, develop, improve, or deliver our programs, products, and services.

8. MISCELLANEOUS

8.1 Links

We may provide links to other websites or resources that are not part of the products, programs, or services run by Designing Privacy. We do not control these websites or their privacy practices, and any information you provide to these sites is subject to the Privacy Policies of those sites and not this Policy.

8.2 Changes to this Policy

From time to time, we may change and/or update this Policy. If this Policy changes in any way, we will post an updated version on this website. We recommend you regularly review this website to ensure that you are always aware of our information practices and any changes to such. Any changes to this Policy will go into effect on posting to this page.

For any additional inquiries, please don’t hesitate to contact us and we will respond within 48 hrs.

Effective date: November 28, 2023