Privacy Policy

Effective as of: July 1, 2024 Last updated: July 9, 2024
  1. Introduction
  2. How we collect Personal Information
  3. Types of Personal Information we collect
  4. Purposes for which we collect Personal Information
  5. Persons who will have access to Personal Information
  6. Security measures in place to protect Personal Information
  7. Retention and deletion of Personal Information
  8. Rights relating to Personal Information
  9. Contact us
 

1. Introduction

Cardium (“we”, “us”, “our” or the “Company”) take privacy and the protection of personal information very ‎seriously and are committed to conducting our business in full compliance with applicable laws relating to privacy and the protection of personal information (collectively “Privacy Laws”). This Privacy Policy (the “Policy”) ‎describes our practices in connection with the collection, use, communication, retention, destruction, and any other form of processing of the personal information that we, our affiliates or our service providers may collect ‎when we conduct our business activities. For the purposes of this Policy, the expression “Personal Information” refers to the definition of personal information as contemplated in applicable Privacy Laws, but generally means any information which relates to a natural person and allows that person to be identified, whether directly or indirectly. This includes, for example, names, phone numbers, and e-mail addresses. ‎ We may update this Policy from time to time to ensure continued compliance with ‎applicable Privacy Laws and otherwise when reasonably necessary. We ‎recommend that you review it frequently. We will communicate changes to this Policy on ‎our website or through similar means for a reasonable time before and after any changes take ‎effect. Where required by applicable Privacy Laws, we may ask you to confirm your consent to the ‎processing of your Personal Information per the terms set out in our updated Policy. Otherwise, your continued access to or use of our website or of our services will be deemed to constitute your acceptance of these changes.‎

2. How we collect Personal Information

2.1 We may collect Personal Information directly from you when you voluntarily choose to communicate personal information to us via the use of our website or in any subsequent dealings that we engage in with you. 2.2 We may also receive your Personal Information from third parties in certain situations, including:
  • (a) Third-party customers to whom we provide order fulfilment services;
  • (b) Third party service providers who provide us with payment processing, credit check and registration services; and
  • (c) When you leave a review on a third party website regarding your experience with the Company.
2.3 To the extent permitted by applicable Privacy Laws and, where applicable, with your express consent, we may also collect some Personal Information when you visit our website or use our mobile application using cookies or other similar technologies. Please refer to our Privacy Policy, available at cardium.ca for more information on how we use such technologies. 2.4 We will obtain your consent to collect, use, communicate, or otherwise process your Personal Information whenever required by applicable Privacy Laws, except where we are authorized or required by law to do so without consent. Your consent can be express or implied, and may be provided verbally, in writing, in-person, electronically, or otherwise. You are not obliged to consent to the collection, use or communication of your Personal Information, however please note that we may be unable to provide you with some of our products or services, or access to certain functionalities on our website. You have the right to withdraw your consent to further use, communication or processing of your Personal Information, as further explained below in the “Rights relating to Personal Information” section of this Policy.‎  

3. Types of Personal Information we collect

3.1 As required and as permitted by applicable Privacy Laws, we may collect from you the following types of Personal Information:
  • (a) Identifiers, such as your name, date of birth, social insurance number (SIN), health card number, driver’s license number, passport number, residential address, e-mail address, phone number, gender, marital status and nationality;
  • (b) Technical information, such as your IP address, cookies, mobile device identifiers, social media user IDs, profile picture, date of last connection, type of web browser, operating system, device used, and web history, voiceprint biometrics, usage data, including interaction with services, preferences and feedback); and
  • (c) Financial information, such as bank statements, personal banking information, salary, payment information, credit information, credit card or bank account information, and purchase or transaction history, credit score, credit history.

4. Purposes for which we collect Personal Information

4.1 We may collect, use, communicate and process Personal Information for the following purposes:‎
  • (a) To operate and maintain our website, and to offer the services and products you request and order from us;
  • (b) To provide information about changes to a product or service (e.g. to inform you that a product or service is no longer available);‎
  • (c) To allow for onboarding and account management.
  • (d) To assess creditworthiness and to manage contracts and agreements;
  • (e) To respond to questions, claims or queries regarding our website, products or services;
  • (f) To monitor compliance with our terms and conditions or this Policy;
  • (g) To help us improve our website, services and products, to ‎better understand our customers and markets, and to ‎effect and facilitate sales;
  • (h) With your consent, or as otherwise permitted by applicable laws, to contact you (electronically, or otherwise) to provide marketing and other information about products or services that may be of interest to you. Each such communication will contain instructions allowing you to unsubscribe” and stop receiving further communications of this nature.‎
  • (i) With your consent, or as otherwise permitted by applicable laws, to offer customized content or targeted advertising on our website, on third party websites, via e-mail, or any other means;
  • (j) To protect the Company, yourself and others from fraud, errors or breaches of security;
  • (k) To protect or assert legal rights of the Company, or to collect debts owed to the Company;
  • (l) In connection with a commercial transaction involving the Company (e.g. merger, acquisition, asset sale, financing, restructuring); and
  • (m) Generally to comply with applicable legal and ‎regulatory requirements.‎
  • (n) We may also, if and to the extent permitted by applicable Privacy Laws, use your Personal information without your consent for purposes that are similar to and consistent with those listed above.

5. Persons who will have access to Personal Information

5.1 ‎Within the Company, your Personal Information will only be accessible to those persons who reasonably need to access it for the performance of their duties. 5.2 In order to achieve the purposes described in section 4 of this Policy, we may need to share ‎your Personal Information, as described in section 3 of this Policy with some of our subsidiaries and affiliates that are also subject to this Privacy Policy. 5.3 In addition, we may also retain third party companies to provide certain services to us in order to conduct our business activities. Categories of third party service providers to whom we may need to communicate Personal Information include:
  • (a) Information technology service providers, including, without limitation, cloud computing service providers;
  • (b) Information security experts;
  • (c) Legal, financial or other professional advisors;
  • (d) Vendors or service providers providing advertising or marketing services;
  • (e) Regulatory or government authorities; and
  • (f) Other vendors or service providers providing services necessary for our business activities.
When we retain third parties ‎to perform such services for us, we will share with them only that Personal Information which is necessary to allow them to perform their services for us. We will further require them to handle and protect your Personal Information in ‎accordance with this Policy, Company standards for the protection of Personal Information, and applicable Privacy Laws. ‎ 5.4 We may also need to communicate your Personal Information to a third party in the context of a commercial transaction involving the Company (e.g. merger, ‎acquisition, asset sale, financing, restructuring)‎. 5.5 In order to achieve the purposes described in this Policy, we may need to communicate your Personal Information to jurisdictions outside of your province or country of residence, some of which may have different legal standards for privacy and the protection of Personal Information. We will ensure that any transfers of Personal Information outside of your province or country of residence will only be made in full compliance with applicable Privacy Laws (including, where required by applicable Privacy Laws, by performing any necessary data privacy impact assessments), and that your Personal Information will continue to receive an adequate level of protection in the jurisdiction to which it is transferred. In certain situations, governments, courts, law enforcement or regulatory agencies in those foreign jurisdictions may be able ‎to access or obtain communication of your Personal Information, as provided for under the laws applicable in such foreign jurisdictions. 5.6 Our website may contain links to websites or online services ‎operated by third parties. Our ‎products or services may also link to or make use of products, services or functionalities provided by third parties (e.g. a third party app). Once you leave our website, your interactions with such third parties will be governed by the terms of use and ‎privacy policies such third parties, for which we are not responsible and accept no liability. We encourage you to carefully read the terms of use and privacy ‎policies of any third party website and services that you visit or use.‎

6. Security measures in place to protect Personal Information

6.1 We will take reasonable steps to protect any Personal Information we hold from loss, misuse, as well as unauthorized access, disclosure, alteration, or destruction. We use general administrative, technical, and physical safeguards in line with general security standards and industry best practices to protect the Personal Information we collect and handle as part of our business activities. Please note however that no transmission of information via the Internet can be 100% secure. If you use a computer or device that can be accessed by others, other people may be able to access unencrypted Personal Information. please exercise caution when using such computers or devices. Please take all reasonable precautions to protect your Personal Information when using the Internet, including using strong passwords, modifying them regularly, using a secure web browser, and not sharing your access credentials. 6.2 We have set up a secure e-mail address which has been designed with enhanced security features and with respect to which we have adopted restricted internal access controls. When sending us Personal Information or sensitive information, we encourage you to send it through to the following address: securdoc@cardium.ca.

7. Retention and deletion of Personal Information

7.1 We will only retain and hold your Personal Information for the duration reasonably necessary to fulfil the purposes listed in this Policy and to comply with applicable laws, including applicable Privacy Laws. As a general rule, we will delete (or, to the extent permitted by applicable Privacy Laws, anonymize) your Personal Information no later than three years after your last interaction with us, unless otherwise required or permitted by applicable Privacy Laws. Notwithstanding the above, we will retain any Personal Information used to render a decision concerning you for a period of at least one year after such decision was rendered. 7.2 All Personal Information we hold will be securely destroyed or anonymized in ‎accordance with applicable legal requirements once the retention period set out above expires.‎

8. Rights relating to Personal Information

8.1 You have certain rights in relation to your Personal Information, including:‎
  • (a) Access. You have the right to access and receive a copy of your Personal ‎Information that we hold. Upon written request and confirmation of your identity, we will provide you with ‎your Personal ‎Information ‎that we hold. We will also inform you of the manner in which ‎your Personal Information is ‎being used and a description of ‎the persons to ‎whom that information has been ‎‎communicated. ‎To the extent permitted by applicable Privacy Laws, reasonable fees may be charged for the production of copies of your Personal Information;
  • (b) ‎Rectification. You have the right to request that we update, complete, or correct inaccuracies in your ‎Personal Information that we hold, if you demonstrate the inaccuracy or incompleteness of ‎your Personal Information that we hold. If ‎necessary, we will send the corrected Personal Information ‎to third parties to ‎whom ‎the information has been communicated. If a request regarding ‎the accuracy of your ‎Personal Information that we hold is not resolved to your satisfaction, ‎we will annotate ‎same with a note that a correction was ‎‎requested ‎but not made.‎
  • (c) Withdraw consent. You have the right withdraw your consent to our use, communication, or further processing of your ‎Personal Information at any time after you have consented. Please note that this may impact our ability to continue to ‎provide certain products, services or functionalities to you. Withdrawing your consent does not affect the lawfulness of any use ‎or communication of your Personal Information by us up to that point, and does not oblige us to delete your ‎Personal Information if we are otherwise allowed to retain it under applicable Privacy Laws.
If you are a resident of the province of Québec, you have the following rights, ‎in addition to those identified above:‎
  • (d) Portability. You have the right to obtain a machine-readable copy of your ‎Personal Information that we hold or to have us transfer it to another third party of your ‎choice.‎
  • (e) De-indexation. You have the right to request, in certain ‎circumstances, that we cease ‎disseminating your Personal Information or to ‎de-‎‎index any hyperlink that allows access ‎to that Personal Information by ‎technological means, if ‎‎such dissemination contravenes ‎applicable laws or a court order.‎
8.2 You may exercise any of the rights listed above by contacting our Privacy Officer at privacy@cardium.ca. 8.3 We will respond to your request within 30 days of receipt. To the extent permitted by applicable Privacy Laws, if further time is required, we will inform you of ‎this and the reason for the delay, and the timeframe for response. 8.4 You also have the right to file a complaint with ‎the local authority in charge of privacy and the protection of personal information in your jurisdiction of residence. You may raise a concern or file a formal complaint with the Federal Office of the Privacy Commissioner at ‎https://www.priv.gc.ca/en. If you are a resident of the province of British Columbia, you should contact the Office of the Information & Privacy Commissioner for British Columbia at https://www.oipc.bc.ca/. If you are a resident of the province of Alberta, you should contact the Office of the Information and Privacy Commissioner of Alberta at https://oipc.ab.ca/. If you are a resident of the province of Québec, you should contact the Quebec Commission d’accès à l’information at https://www.cai.gouv.qc.ca/.

9. Contact us

9.1 We have designated a Privacy Officer to act as the person responsible for the protection of Personal Information and compliance with Privacy Laws within the Company. If you have any questions, concerns, or complaints about this Policy or our practices concerning privacy and the protection of Personal Information, or require further information or assistance with same, you may contact our Privacy Officer at privacy@cardium.ca.