Terms and Privacy Policy
For Businesses Using Our Service
Last Updated: 2022-09-15
Our responsibilities under PIPEDA
We acknowledge that you, the user and your clients deserve the right to privacy and reasonable use of your data. We take these rights seriously and want to ensure you that we comply with all jurisdictionally applicable legislation pertaining to data management and will continually work to ensure that we operate in full compliance with any forthcoming regulations. We manage your privacy and collect the smallest amount of your data and your clients data feasible for our operations. We manage that data according to 10 principles established in the Personal Information Protection and Electronic Documents Act (referred to as PIPEDA going forward).
- Accountability
We promise to comply with all of the 10 principles established in PIPEDA including this principle. As the data arising from our operations is managed by a third party, we have allowed for our supplier to take over some data management operations from us. Our suppliers are fully PIPEDA-compliant and have established a Chief Information Security Officer (CISO) to be responsible for our organization’s data.
The CISO and our agreement with our supplier and any other related third parties include conditions to protect all personal information that we use in our operations and that we may export to third parties or our supplier for processing. Our supplier has developed and implemented policies designed to specifically protect your personal information.
2. Identifying Purposes
We promise to both tell you what personal information we have collected from you and tell you why we are collecting that data. We currently are collecting basic personal information from you about your clients so our suppliers can notify clients when they have parcels to collect from our lockers. This includes names, contact information and whether a package was collected as well as any metadata that comes from these data points. We are currently only collecting personal data deemed necessary by our supplier’s Chief Information Security Officer (CISO). We only collect data that is vital for our operations and that can be used for the purposes of serving you and your clients or other related parties.
We are currently disclosing this need for personal information to you prior to you using our services and we welcome your feedback on this Privacy Policy. We promise to continue to be transparent in how your data is used, collected and to notify you if the circumstances under which we use your data change. We take your right to know seriously and will continue to keep you updated with regard to any changes in our data use and collection practices as well as changes in applicable legislation.
3. Consent
We align with the Canadian federal government’s requirements that we obtain meaningful consent from you before we begin our operations. As this is the case, we make you reading this policy a requirement before you can sign an agreement with us to use our services. We want to be very clear with you about what you are consenting to. Consent is ongoing and must be explicit. We want to ensure that you are explicit about what you are consenting to.
By agreeing to this Privacy Policy and our Agreement, you are consenting to multiple things. You consent to the collection of your business’ data, specifically that name of your business and contact information so we can contact you if we need to. You consent to provide us with your customer's data, specifically the contact information of your customers so we can contact them to allow them to use our service. You consent to us allowing our supplier to manage all of this data for us as they have strong, existing infrastructure for secure management. You consent to this data being potentially stored on cloud software to improve cybersecurity and decrease risk. Finally, you consent to us exporting data from our suppliers. We collect this data to analyze performance, make insights for how to better serve you and provide data-driven insights in the delivery of our services.
We acknowledge that we may in the future expand our data collection to better serve you and your clients. The above consent only applies to the uses of data we have planned to allow our organization to operate. We promise to give you and your clients a choice before they allow for any additional data collection or use.
4. Limiting Collection
We promise that we will only collect data that we need to operate our organization and serve you. At this point in time, we will only be collecting data for the purposes stated in Section 3. We will always be explicit about why we are collecting data and will give you and your customers every opportunity to decline to consent if you are uncomfortable with how we use or collect your data. We need your trust to operate, and we take that seriously.
We will also only collect data through methods that are allowed by the jurisdictionally appropriate bodies. We will NEVER mislead or deceive you about how or why we are collecting data.
5. Limiting Use, Disclosure and Retention
We will only disclose or use personal information for the reasons we collected it in the first place. We will retain that information for a period of time necessary to operate and will ensure that the data is securely destroyed when the data has outlived its useful period. We have engaged our supplier specifically to keep track of what data we have, where it is stored and how it is managed are we follow industry best practices for the limited data that we use internally.
We will obtain consent for every use and every collection of data and will only use data in a way that you, the average organization, can understand.
6. Accuracy
We promise to maintain stringent internal policies to protect the accuracy of the data we collect and to only make decisions about disclosure and use based on the data we have being correct. We will only disclose data to individuals and third parties when we are confident the data is accurate
7. Safeguards
We promise to protect the data we collect from you and your clients per industry best standards. We selected our supplier specifically because our supplier provides industry-standard data protection safeguards. Through our partnership with our supplier, we will protect all data we collect against loss, theft, unauthorized access, disclosure, copying, use or modification. We will continue to act toe ensure we protect your data to the best of our ability.
8. Openness
We use this policy to make sure that you understand the decisions you are making for your data and the data of your clients. We want to ensure that you understand how we manage data, what you are consenting to and how data management works in our organization. We do not expect you to consent to policies you do not understand. We use this Privacy Policy as our leading policy to manage data. Our suppliers additionally have privacy and data protection policies for all of their uses of data. Please review this Privacy Policy and our supplier’s policies before providing consent.
If any component of this policy is unclear, please contact our senior management team here
9. Individual Access
We promise to make your data accessible to you if you should request it. We need you to ensure that we have collected accurate and complete data and for you to tell us if we have incorrect data.
We will always advise you about the data we have collected about you or your clients. We will explain: the source of the data, what we are using the data for, how we protect it and who has seen the data. We will allow you to access your data at a minimal or no cost, depending on our supplier’s data management policies. You have the right to amend or correct data where the data is incorrect or incomplete (and we strongly encourage you to do so). We will collect data on any disputes and will help you to prepare for disputes if you have them.
10. Challenging Compliance
If we make errors in managing the data of you or your clients, we want to make it right. We will provide recourse in the event that there is an issue.
We have developed a simple procedure for managing complaints and investigating issues. We take this seriously and will make the procedure publicly available. We will always investigate your complaints and continuously improve how we manage data.
11. Communications
We operate by communicating directly with your clients as well as you. We always comply with all jurisdictionally appropriate legislation preventing spam communications. We will only send messages to you or your clients with express written, verbal or electronic consent.
We will never alter data to circumvent anti-spam law, install software without your consent or mislead you in any way.
We require you to disclose this to your clients as a condition of you signing the Agreement. This is both organizational policy and a condition of cooperation.
12. Pricing
Pricing is based on collaborative pricing that is agreed upon between you, the customer, and shopLOCALpickup at the initialization of your account. Pricing may be reviewed on a regular basis and you will have an opportunity to decline services should you disagree with new pricing offers.
13. Updates to our Terms and Privacy Notice
Our business continues to evolve, and our Privacy Notice and the Agreement will change also. We may e-mail periodic reminders of our notices and conditions, but you should check our Web site frequently to see recent changes. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of customer information collected in the past without the consent of affected customers.