Updated: January 2019
- Your Consent to Collection, Use and Disclosure
- Personal Information We Collect
- How We Use Your Personal Information
- How We Share Your Personal Information
- Opting Out of Communications
- Retention of Personal Information
- Information Security
- Rights Regarding Your Personal Information
- International Transfer and Storage of Information
- Third Party Websites and Services
- Children’s Information
- Contact Us
Your Consent to Collection, Use and Disclosure
Typically, we will seek your consent at the time your personal information is collected. Where we want to use your personal information for a purpose not previously identified to you at the time of collection, we will seek your consent prior to our use of such information for this new purpose.
You may withdraw your consent to our collection, use or disclosure of your personal information at any time by contacting us using the contact information in the “Contact Us” section below. However, before we implement the withdrawal of consent, we may require appropriate proof of your identity. In some cases, withdrawal of your consent may mean that we will no longer be able to provide certain products or services.
Personal Information We Collect
The information we collect is generally in one or more of the following categories.
- Website. When you access or use our Website, we may collect your e-mail address and other information that you submit when you sign-up to receive updates about the Services and other communications from us.
- App. When you use or access our App, and depending on your device, we may request certain permissions that allow it to access your device data. By default, you must grant these permissions before the respective information can be accessed. Once the permission has been given, you can revoke it at any time and it is your responsibility to monitor/adjust them in accordance with your preferences. In order to revoke these permissions, you may refer to the device settings. The exact procedure for controlling app permissions may be dependent on your device and software. Please note that the revoking of such permissions might impact the proper functioning of the App. If you grant the storage permission, the App requests access to your device’s storage so that it can access the images and video taken from within the App and delete them once uploaded to the Heyday server. There is also an option to upload images from your device instead of having to take the picture from within the App itself. This permission gives us the ability to access those images – we do not access any other data saved on your device. Like all other permissions the App requests, access to your device’s storage is not permitted once you have signed out of the app.
- Chatbot. Any end-user using our Chatbot provides public information to that Chatbot which could include name, contact information, profile photo or location data. Any other information gathered directly from the Chatbot must be explicitly asked of them either by requiring them to write text or click a button in the Chatbot.
We will not request any sensitive personal information such as your health information, race, religion, or sexual orientation. Please do not send us such sensitive personal information on or through the Services, by email, or through any other means.
How We Use Your Personal Information
We may use your personal information and other information for the following purposes. In each case, we identify the grounds that we rely on to use your personal information:
- to provide you with the Services and to support your use of the Services. Applicable legal grounds: contract performance, legitimate interests (to enable us to perform our obligations and provide our Services), consent;
- to contact you relating to the Services. Applicable legal grounds: legitimate interests (to allow us to provide the content and Services to users), consent, contract performance;
- to monitor and improve the Services, and to develop new products and services. Applicable legal grounds: legitimate interests (to allow us to improve our Services), consent;
- to conduct research and analysis related to our business and the Services. Applicable legal grounds: legitimate interests (to allow us to improve our Services), consent;
- to respond to inquiries and other requests. Applicable legal grounds: legitimate interests (to enable us to answer to your questions), contract performance, consent;
- to collect opinions and comments in regard to the Services. Applicable legal grounds: legitimate interests (to allow us to improve our Services);
- to provide you with information that we think may interest you, including in regards to the Services. Applicable legal grounds: legitimate interests (to allow us to improve our Services); and
- to investigate legal claims. Applicable legal grounds: legal obligations, legal claims, legitimate interests (e.g. to cooperate with law enforcement and regulatory authorities, to ensure acceptable risk profile and to assist with the prevention of crime and fraud).
We may use your personal information for other purposes for which we have obtained your consent, and for such other purposes as may be permitted or required by applicable law.
We do not use the information we collect to provide advertising of third party products and services or targeted advertising of Heyday products and services across third party websites or service offerings.
How We May Share Your Personal Information
Although we try to avoid sharing your personal information with third parties where possible, we have set out below the instances in which such sharing may occur.
We rely on third party service providers to perform a variety of services on our behalf, such hosting, data storage and processing service providers, and analytics service providers, including:
- Hubspot. We use hubspot to send marketing emails and to track marketing leads. Here is their statement on GDPR compliance.
- Facebook. We use the Facebook API to build Facebook Messenger experiences. Facebook has access to all information that comes through their bots. Here is their statement on Facebook Messenger and GDPR.
- Amazon AWS. We use Amazon AWS for hosting. Here is their information on GDPR compliance.
- Google Firebase. We use Firebase, a framework maintained by the Google subsidiary Firebase, through which we track and administer real-time functions via the App. Here is their information on GDPR compliance.
Additionally, we may use and disclose your information when we believe such use or disclosure is permitted, necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce the terms of the agreements for our products and services; (e) to protect our operations or those of any of our affiliates or subsidiaries; (f) to protect our rights, privacy, safety or property, and/or those of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain. In addition, we may transfer your personal information and other information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries or other assets.
If we otherwise intend to disclose your personal information to a third party, we will identify that third party and the purpose for the disclosure, and obtain your consent.
Opting Out of Communications
If you no longer want to receive marketing-related emails from us, you may opt-out of receiving marketing-related emails by clicking the “unsubscribe” link at the bottom of any email you receive from us. You may also opt-out by contacting us directly using the contact information in the “Contact Us” section below.
We will endeavour to respond to your opt-out request promptly, but we ask that you please allow us a reasonable time to process your request. Please note that if you opt-out from receiving marketing-related emails, we may still need to send you communications about your use of our products or services, or other matters.
Retention of Personal Information
We will use, disclose or retain your personal information only for as long as necessary to fulfill the purposes for which that personal information was collected and as permitted or required by law. If you would like further information regarding the periods for which your personal information will be retained, please contact us as set forth in the “Contact Us” section below.
We have implemented physical, organizational, contractual and technological security measures with a view to protecting your personal information and other information from loss or theft, unauthorized access, disclosure, copying, use or modification. We have taken steps to ensure that the only personnel who are granted access to your personal information are those with a business ‘need-to-know’ or whose duties reasonably require such information.
Despite the measure outlined above, no method of information transmission or information storage is 100% secure or error-free, so we unfortunately cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any information that you provided to us has been compromised), please contact us immediately using the contact information in the “Contact Us” section below. If we learn of a security breach involving your personal information, we will inform you and the relevant authorities of the occurrence of the breach as required under applicable law.
Rights Regarding Your Personal Information
You may make a written request to review any personal information about you that we have collected, used or disclosed, and we will provide you with any such personal information to the extent required by law. You may also challenge the accuracy or completeness of your personal information in our records. If you successfully demonstrate that your personal information in our records is inaccurate or incomplete, we will amend the personal information as required.
Under the GDPR, you may be entitled to additional rights, including: (i) the right to withdraw consent to processing where consent is the basis of processing; (ii) the right to access your personal information and certain other supplementary information, under certain conditions; (iii) the right to object to unlawful data processing, under certain conditions; (iv) the right to erasure of personal information about you, under certain conditions; (v) the right to demand that we restrict processing of your personal information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, or believe your personal information is inaccurate; (vi) the right to data portability of personal information that you provided us in a structured, commonly used, and machine-readable format, under certain conditions; (vii) the right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions; and (viii) the right to lodge a complaint with data protection authorities. If you want to learn more about your rights under the GDPR, you can visit the European Commission’s page on Data Protection at: <http://ec.europa.eu/justice/data-protection/index_en.htm>.
We may require that you provide appropriate identification to fulfill your request. Any such identifying information will be used only for this purpose.
International Transfer and Storage of Information
Third Party Websites and Services
We do not knowingly collect personal information from children under the age of 16. If you are under the age of 16, you should not provide us with your personal information. If you are a parent or guardian and discover that your child under the age of 16 has provided personal information, then you may alert us as set forth in the “Contact Us” section below and request that we delete that child’s personal information from our systems.
All comments, questions, concerns, requests or complaints regarding your personal information or our privacy practices (including with respect to any service providers outside of your country of residence) should be sent to our Privacy Officer as follows:
|By mail:||Attention: Privacy Officer
917, Mont-Royal Ave E, Montreal, Quebec, H2J 1X3