Privacy Policy
Effective as of: July 1, 2024
Last updated: July 9, 2024
- Introduction
- How we collect Personal Information
- Types of Personal Information we collect
- Purposes for which we collect Personal Information
- Persons who will have access to Personal Information
- Security measures in place to protect Personal Information
- Retention and deletion of Personal Information
- Rights relating to Personal Information
- Contact us
1. Introduction
Cardium (“we”, “us”, “our” or the “Company”) take privacy and the protection of personal information very seriously and are committed to conducting our business in full compliance with applicable laws relating to privacy and the protection of personal information (collectively “Privacy Laws”). This Privacy Policy (the “Policy”) describes our practices in connection with the collection, use, communication, retention, destruction, and any other form of processing of the personal information that we, our affiliates or our service providers may collect when we conduct our business activities. For the purposes of this Policy, the expression “Personal Information” refers to the definition of personal information as contemplated in applicable Privacy Laws, but generally means any information which relates to a natural person and allows that person to be identified, whether directly or indirectly. This includes, for example, names, phone numbers, and e-mail addresses. We may update this Policy from time to time to ensure continued compliance with applicable Privacy Laws and otherwise when reasonably necessary. We recommend that you review it frequently. We will communicate changes to this Policy on our website or through similar means for a reasonable time before and after any changes take effect. Where required by applicable Privacy Laws, we may ask you to confirm your consent to the processing of your Personal Information per the terms set out in our updated Policy. Otherwise, your continued access to or use of our website or of our services will be deemed to constitute your acceptance of these changes.2. How we collect Personal Information
2.1 We may collect Personal Information directly from you when you voluntarily choose to communicate personal information to us via the use of our website or in any subsequent dealings that we engage in with you. 2.2 We may also receive your Personal Information from third parties in certain situations, including:- (a) Third-party customers to whom we provide order fulfilment services;
- (b) Third party service providers who provide us with payment processing, credit check and registration services; and
- (c) When you leave a review on a third party website regarding your experience with the Company.
3. Types of Personal Information we collect
3.1 As required and as permitted by applicable Privacy Laws, we may collect from you the following types of Personal Information:- (a) Identifiers, such as your name, date of birth, social insurance number (SIN), health card number, driver’s license number, passport number, residential address, e-mail address, phone number, gender, marital status and nationality;
- (b) Technical information, such as your IP address, cookies, mobile device identifiers, social media user IDs, profile picture, date of last connection, type of web browser, operating system, device used, and web history, voiceprint biometrics, usage data, including interaction with services, preferences and feedback); and
- (c) Financial information, such as bank statements, personal banking information, salary, payment information, credit information, credit card or bank account information, and purchase or transaction history, credit score, credit history.
4. Purposes for which we collect Personal Information
4.1 We may collect, use, communicate and process Personal Information for the following purposes:- (a) To operate and maintain our website, and to offer the services and products you request and order from us;
- (b) To provide information about changes to a product or service (e.g. to inform you that a product or service is no longer available);
- (c) To allow for onboarding and account management.
- (d) To assess creditworthiness and to manage contracts and agreements;
- (e) To respond to questions, claims or queries regarding our website, products or services;
- (f) To monitor compliance with our terms and conditions or this Policy;
- (g) To help us improve our website, services and products, to better understand our customers and markets, and to effect and facilitate sales;
- (h) With your consent, or as otherwise permitted by applicable laws, to contact you (electronically, or otherwise) to provide marketing and other information about products or services that may be of interest to you. Each such communication will contain instructions allowing you to unsubscribe” and stop receiving further communications of this nature.
- (i) With your consent, or as otherwise permitted by applicable laws, to offer customized content or targeted advertising on our website, on third party websites, via e-mail, or any other means;
- (j) To protect the Company, yourself and others from fraud, errors or breaches of security;
- (k) To protect or assert legal rights of the Company, or to collect debts owed to the Company;
- (l) In connection with a commercial transaction involving the Company (e.g. merger, acquisition, asset sale, financing, restructuring); and
- (m) Generally to comply with applicable legal and regulatory requirements.
- (n) We may also, if and to the extent permitted by applicable Privacy Laws, use your Personal information without your consent for purposes that are similar to and consistent with those listed above.
5. Persons who will have access to Personal Information
5.1 Within the Company, your Personal Information will only be accessible to those persons who reasonably need to access it for the performance of their duties. 5.2 In order to achieve the purposes described in section 4 of this Policy, we may need to share your Personal Information, as described in section 3 of this Policy with some of our subsidiaries and affiliates that are also subject to this Privacy Policy. 5.3 In addition, we may also retain third party companies to provide certain services to us in order to conduct our business activities. Categories of third party service providers to whom we may need to communicate Personal Information include:- (a) Information technology service providers, including, without limitation, cloud computing service providers;
- (b) Information security experts;
- (c) Legal, financial or other professional advisors;
- (d) Vendors or service providers providing advertising or marketing services;
- (e) Regulatory or government authorities; and
- (f) Other vendors or service providers providing services necessary for our business activities.
6. Security measures in place to protect Personal Information
6.1 We will take reasonable steps to protect any Personal Information we hold from loss, misuse, as well as unauthorized access, disclosure, alteration, or destruction. We use general administrative, technical, and physical safeguards in line with general security standards and industry best practices to protect the Personal Information we collect and handle as part of our business activities. Please note however that no transmission of information via the Internet can be 100% secure. If you use a computer or device that can be accessed by others, other people may be able to access unencrypted Personal Information. please exercise caution when using such computers or devices. Please take all reasonable precautions to protect your Personal Information when using the Internet, including using strong passwords, modifying them regularly, using a secure web browser, and not sharing your access credentials. 6.2 We have set up a secure e-mail address which has been designed with enhanced security features and with respect to which we have adopted restricted internal access controls. When sending us Personal Information or sensitive information, we encourage you to send it through to the following address: securdoc@cardium.ca.7. Retention and deletion of Personal Information
7.1 We will only retain and hold your Personal Information for the duration reasonably necessary to fulfil the purposes listed in this Policy and to comply with applicable laws, including applicable Privacy Laws. As a general rule, we will delete (or, to the extent permitted by applicable Privacy Laws, anonymize) your Personal Information no later than three years after your last interaction with us, unless otherwise required or permitted by applicable Privacy Laws. Notwithstanding the above, we will retain any Personal Information used to render a decision concerning you for a period of at least one year after such decision was rendered. 7.2 All Personal Information we hold will be securely destroyed or anonymized in accordance with applicable legal requirements once the retention period set out above expires.8. Rights relating to Personal Information
8.1 You have certain rights in relation to your Personal Information, including:- (a) Access. You have the right to access and receive a copy of your Personal Information that we hold. Upon written request and confirmation of your identity, we will provide you with your Personal Information that we hold. We will also inform you of the manner in which your Personal Information is being used and a description of the persons to whom that information has been communicated. To the extent permitted by applicable Privacy Laws, reasonable fees may be charged for the production of copies of your Personal Information;
- (b) Rectification. You have the right to request that we update, complete, or correct inaccuracies in your Personal Information that we hold, if you demonstrate the inaccuracy or incompleteness of your Personal Information that we hold. If necessary, we will send the corrected Personal Information to third parties to whom the information has been communicated. If a request regarding the accuracy of your Personal Information that we hold is not resolved to your satisfaction, we will annotate same with a note that a correction was requested but not made.
- (c) Withdraw consent. You have the right withdraw your consent to our use, communication, or further processing of your Personal Information at any time after you have consented. Please note that this may impact our ability to continue to provide certain products, services or functionalities to you. Withdrawing your consent does not affect the lawfulness of any use or communication of your Personal Information by us up to that point, and does not oblige us to delete your Personal Information if we are otherwise allowed to retain it under applicable Privacy Laws.
- (d) Portability. You have the right to obtain a machine-readable copy of your Personal Information that we hold or to have us transfer it to another third party of your choice.
- (e) De-indexation. You have the right to request, in certain circumstances, that we cease disseminating your Personal Information or to de-index any hyperlink that allows access to that Personal Information by technological means, if such dissemination contravenes applicable laws or a court order.