TYPES OF PERSONAL INFORMATION COLLECTED
Drafting Note: you will need to tailor the list in this section by adding or removing information types in accordance with the data collection practice of your organization. Consider the types of Personal Information you collect about your users, whether as a core element of your website or incidentally. Keep in mind throughout this document, you should tailor your policies and procedures to attempt to minimize the personal information that you must collect and retain, and only to do so for legitimate purposes of your business.
The Personal Information the Company collects about You will depend on the manner in which You access or use the Website or any content on or through the Website and may include:
▪ Your name, age, or contact information, such as Your mailing address, telephone number, or email address, or other similar information associated with You;
▪ Your location, time-zone setting, network information, device type, browser type and
version, browser plug-in types and version, operating system and platform, language,
standard web log data, and IP address used to connect Your computer to the Internet
or other similar identifier, or the equipment You use to access or use the Website and
▪ Data on the pages, services, or content You access or use on or through the
Website, including the amount of time You spend on certain pages, products or services You viewed or searched for, clickstreams to, through, and from the Website, page response times, downloads and download errors, page interactions, or methods used to browse away from the Website;
▪ Billing or account information, if applicable; and
▪ Any other Personal Information that You choose to submit to us.
The Website and any content provided on or through the Website is not directed to any person who is not the legal age of majority under applicable law. The Company will not knowingly collect Personal Information from any person who is not the legal age of majority under applicable law.
METHODS FOR COLLECTING PERSONAL INFORMATION
Drafting Note: you will need to tailor the list in each subsection (marked by an italic header) of this section by adding or removing collection methods in accordance with the data collection practice of your organization. Consider the ways that you interact with your users through your website and whether you collect data about them at any of these touchpoints. Create a list of third parties that may access user data through your website and consider adding that list to the “Third-Party Features” subsection. Be aware that simply listing a third-party service may not be enough to ensure compliance with privacy laws and regulations.
Information Provided to the Company by You
Personal Information the Company collects from You on or through the Website and as a result of Your access to or use of the Website or any content on or through the Website may include Personal Information You provide the Company directly, for example by:
▪ submitting, posting, publishing, displaying, or otherwise transmitting user generated
▪ filling in forms, making search queries, or corresponding with the Company on or through the Website, or otherwise communicating with the Company by any means including by phone, email, or other electronic messaging; or
▪ if applicable or available through or on the Website: creating or registering for an account; subscribing, purchasing, or requesting information on a service or product; entering a contest or promotion; or otherwise engaging with the Company through inter-
action points that might exist from time-to-time between You and the Company.
Information Collected by the Company Through Technological Means
▪ the device or equipment You use, including information about Your computer or mobile device, internet connection, IP address, operating system, and browser type; or
▪ Your browsing activities and patterns, including information about Your visits to the Website such as traffic data, location data, logs, and other similar communication data.
This information helps the Company improve the Website and the content available on or through the Website and otherwise improve the services of the Company by:
▪ helping the Company understand audience sizes and usage patterns on the Website;
▪ allowing the Company to tailor the Website to Your preferences and interests; and recognizing You when You visit the Website multiple times.
The technologies used by the Company to automatically collect the information described above may include cookies, which are small files placed on the hard drive of
Your computer. You can turn off cookies using Your internet browser but doing so may limit or remove certain parts of the Website, certain content on the Website, or the functionality of the Website.
USING AND DISCLOSING PERSONAL INFORMATION
Drafting Note: you will need to tailor the list of uses in accordance with the data use practices of your organization. Consider the ways that you intend to use the Personal Information you collect and the ways you may want to use such information moving forward. Also consider whether you allow any third parties to use the Personal Information you collect and create a list of any such parties that may access user data through your website. Consider adding that list to the “Third-Party Transfers” subsection along with links to the relevant parties’ privacy policies. Be aware that simply listing a third-party service may not be enough to ensure com-pliance with privacy laws and regulations. Finally, consider how your company intends to handle voluntary disclosures of Personal Information that may be relevant to an investigation
or other similar event.
Use of Personal Information by the Company
The Company collects Personal Information to provide You with a secure, smooth, efficient, and customized experience through or on the Website or any content on the Website. The Company may use Your Personal Information to:
▪ provide You with content, services, or products on or though the Website;
▪ customize, measure, and improve the Website or content provided on or through the
Website, or otherwise analyze or manage the Company’s business operations or Website performance;
▪ prevent prohibited or illegal activities, loss, or fraud, enforce the Company’s Terms of
Use, or otherwise protect the security or integrity of the Website or the Company’s business;
▪ deliver targeted marketing, service update notices, or promotional offers based on Your communication preferences;
▪ send You things in the mail or through other channels, such as products or services that You have requested; register You for, or authenticate You when You sign into, an account or online services or when You purchase a product or service, or to provide You with notices about such accounts, subscriptions, or purchases;
▪ otherwise fulfill the purposes for which You have provided Personal Information or that
were described when such Personal Information was collected; or
▪ carry out other purposes that are disclosed to You and to which You consent, or which
are otherwise permitted or required by law.
The Company may combine all the Personal Information the Company collects, including Yours, in order to analyze and understand aggregate trends.
The Company may transfer Your Personal Information to third parties that assist the Company with the use of Personal Information described in “Use of Personal Information by the Company”, above. Such third parties may combine Personal Information provided by the Company with other information that they have independently collected from or about You. Some third parties may be located outside of Canada and may accordingly be subject to laws that are different from those in Canada.
The Company requires that all third parties that received any Personal Information from the Company use the same standards as the Company in using, maintaining, disclosing, and protecting such Personal Information.
The Company may share or sell aggregated, non-personally-identifiable information to third parties. For clarity, the Company does not sell Personal Information. The Company may also share aggregated, non-personally-identifiable information publicly to show trends about the general use of the Website, or any content, services, or products provided on or through the Website.
Other Disclosures of Personal Information
The Company may transfer information about You, including Personal Information, in connection with a merger or sale (including any transfers made as part of an insolvency of bankruptcy proceedings) involving all or part of the Company’s business or as part of a corporate reorganization or stock sale or other changes in corporate control.
ACCESS AND CORRECTION
Drafting Note: you must provide users with access to the Personal Information you hold about them, an understanding of how it was collected, used and disclosed, and the ability to correct information. You should respond to requests as soon as possible, and no later 30 days after receiving them.
The Company will provide You with access to Your Personal Information in accordance with applicable privacy legislation, and may decline to provide You access to Your
Personal Information on the basis that such Personal Information is:
▪ protected by solicitor-client privilege; or
▪ part of a legal proceeding, government or regulatory investigation or process, or oth-
erwise part of a formal dispute resolution process.
Where the Company is unable to provide You with access to Your Personal Information, reasons will be provided subject to any legal or regulatory restriction.
Drafting Note: you will need to tailor this section to accurately reflect your company’s data maintenance and protection policies and practices, ensuring that such policies and practices are sufficient to safeguard the Personal Information you collect and store. You should have policies to address breaches, staff training, and a data retention timetable if possible. You will also need to input the location where Personal Information is stored.
The security of Your Personal Information is important to the Company. The Company protects Your Personal Information by maintaining physical, organizational, and technological safeguards against unauthorized access, unauthorized disclosure, theft, or misuse appropriate to the sensitivity of such Personal Information. Personal Information collected by the Company may only be accessed by persons within the Company who require access to provide You with access to, use of, or content, services, or products provided on or through the Website. The Personal Information the Company collects is maintained at somishop.ca.
Although the Company takes measures to protect against data breaches and unauthorized access to Your Personal Information, no company can completely mitigate the risks of such breaches or unauthorized access and no website is fully secure. The Company cannot guarantee that hacking, data loss, breaches, or other unsanctioned access of the Company’s security systems will never occur. Accordingly, You should not submit or otherwise provide Personal Information to the Company by any means if You consider that Personal Information to be sensitive.
Except as otherwise permitted or required by applicable law or regulation, the Company retains Personal Information only for as long as necessary for the purposes for which such Personal Information was collected. The Company reserves the right to use anon
ymous and de-identified information, including anonymized or otherwise de-identified Personal Information, for any legitimate business purpose without further notice to You and without Your Consent.
CONTACT INFORMATION AND CHALLENGING COMPLIANCE
Drafting Note: you will need to align this section with your company’s privacy practices and add the appropriate contact information of the person appointed with authority to address any challenges and other privacy issues and practices.