Updated: January 2019

PRIVACY POLICY

Heyday Technologies Inc. (“Heyday”, “we”, “us” or “our”) is committed to protecting your privacy and safeguarding your personal information. The purpose of this Privacy Policy is to inform you about our privacy practices, including how we collect, use and disclose your personal information.

“Personal information” means information about an identifiable individual, subject to more particular definitions under applicable law. This Privacy Policy relates to all of our activities, including our website at <https://www.heyday.ai/> (the “Website”), our Heyday App (the “App”) or our conversational AI platform (the “Chatbot”), unless we have provided you with a separate privacy policy for a particular product, service or activity. The Website, the App and the Chatbot are collectively referred to as the “Services”.

Please review this Privacy Policy carefully. By submitting your personal information to us (whether via our Website, App or Chatbot, via our social media accounts, by email, in person or over the phone), or by registering for or using any of the Services, you consent to our collecting, using and disclosing your personal information as set out in this Privacy Policy, as revised from time to time.

This Privacy Policy is incorporated into, and is subject to, our other applicable terms & conditions. Capitalized terms used but not defined in this Privacy Policy have the meaning given to them in these documents.

WHAT’S IN THIS PRIVACY POLICY?

 

  • Your Consent to Collection, Use and Disclosure
  • Personal Information We Collect
  • How We Use Your Personal Information
  • How We Share Your Personal Information
  • Opting Out of Communications
  • Retention of Personal Information
  • Information Security
  • Rights Regarding Your Personal Information
  • International Transfer and Storage of Information
  • Third Party Websites and Services
  • Children’s Information
  • Privacy Policy Updates
  • Contact Us

Your Consent to Collection, Use and Disclosure

We collect, use and disclose your personal information with your consent or as permitted or required by law. For example, where we are not relying on your consent, under the General Data Protection Regulation (“GDPR”), the legal basis for our processing of personal information may be that the processing is necessary for providing our Services and that the processing is carried out in our legitimate interests, which are further explained below. How we obtain your consent (i.e. the form we use) will depend on the circumstances, as well as the sensitivity of the information collected. Subject to applicable laws, your consent may be express or implied, depending on the circumstances and the sensitivity of the personal information in question. If you choose to provide personal information to us, we assume that you consent to the collection, use and disclosure of your personal information as outlined in this Privacy Policy.

Typically, we will seek your consent at the time your personal information is collected. Where we want to use your personal information for a purpose not previously identified to you at the time of collection, we will seek your consent prior to our use of such information for this new purpose.

You may withdraw your consent to our collection, use or disclosure of your personal information at any time by contacting us using the contact information in the “Contact Us” section below.  However, before we implement the withdrawal of consent, we may require appropriate proof of your identity. In some cases, withdrawal of your consent may mean that we will no longer be able to provide certain products or services.

If you provide personal information about another individual to us, it is your responsibility to obtain the consent of that individual to enable us to collect, use and disclose his or her information as described in this Privacy Policy.

Personal Information We Collect

The information we collect is generally in one or more of the following categories.

  • Website. When you access or use our Website, we may collect your e-mail address and other information that you submit when you sign-up to receive updates about the Services and other communications from us.
  • App. When you use or access our App, and depending on your device, we may request certain permissions that allow it to access your device data. By default, you must grant these permissions before the respective information can be accessed. Once the permission has been given, you can revoke it at any time and it is your responsibility to monitor/adjust them in accordance with your preferences. In order to revoke these permissions, you may refer to the device settings. The exact procedure for controlling app permissions may be dependent on your device and software. Please note that the revoking of such permissions might impact the proper functioning of the App. If you grant the storage permission, the App requests access to your device’s storage so that it can access the images and video taken from within the App and delete them once uploaded to the Heyday server. There is also an option to upload images from your device instead of having to take the picture from within the App itself. This permission gives us the ability to access those images – we do not access any other data saved on your device. Like all other permissions the App requests, access to your device’s storage is not permitted once you have signed out of the app.
  • Chatbot. Any end-user using our Chatbot provides public information to that Chatbot which could include name, contact information, profile photo or location data. Any other information gathered directly from the Chatbot must be explicitly asked of them either by requiring them to write text or click a button in the Chatbot.
  • Information Automatically Collected. We may employ browser cookies or similar technologies to identify the computer, mobile device, and record your preferences and other data. We use browser cookies or similar technologies to evaluate how our Services, devices or applications are used and to provide continuous improvement to our products, Services and applications, to make recommendations, and to complete transactions you request. Cookies may be stored locally on mobile devices or on computer servers operated or controlled by third party vendors of Heyday. In addition, when you visit our Website or use our App, our systems automatically collect your IP address, the type of browser, your device data and similar types of information. We may employ third-parties to place advertisements about our products, Services and applications on other websites. The use of cookies or other similar technologies by such third parties is governed by their privacy policies. You may limit the automatic collection of certain information by our Website or App by disabling the cookies using your browser options. Please be aware that disabling cookies may prevent you from using specific features on our Website or App, such as maintaining an online account.
  • Information From Other Sources. We may obtain information, including personal information, from third parties and sources other than the Services, such as our partners or advertisers. If we combine or associate information from other sources with personal information that we collect through the Services, we will treat the combined information as personal information in accordance with this Privacy Policy.

We will not request any sensitive personal information such as your health information, race, religion, or sexual orientation. Please do not send us such sensitive personal information on or through the Services, by email, or through any other means.

How We Use Your Personal Information

We may use your personal information and other information for the following purposes. In each case, we identify the grounds that we rely on to use your personal information:

  • to provide you with the Services and to support your use of the Services. Applicable legal grounds: contract performance, legitimate interests (to enable us to perform our obligations and provide our Services), consent;
  • to contact you relating to the Services. Applicable legal grounds: legitimate interests (to allow us to provide the content and Services to users), consent, contract performance;
  • to monitor and improve the Services, and to develop new products and services. Applicable legal grounds: legitimate interests (to allow us to improve our Services), consent;
  • to conduct research and analysis related to our business and the Services. Applicable legal grounds: legitimate interests (to allow us to improve our Services), consent;
  • to respond to inquiries and other requests. Applicable legal grounds: legitimate interests (to enable us to answer to your questions), contract performance, consent;
  • to collect opinions and comments in regard to the Services. Applicable legal grounds: legitimate interests (to allow us to improve our Services);
  • to provide you with information that we think may interest you, including in regards to the Services. Applicable legal grounds: legitimate interests (to allow us to improve our Services); and
  • to investigate legal claims. Applicable legal grounds: legal obligations, legal claims, legitimate interests (e.g. to cooperate with law enforcement and regulatory authorities, to ensure acceptable risk profile and to assist with the prevention of crime and fraud).

We may use your personal information for other purposes for which we have obtained your consent, and for such other purposes as may be permitted or required by applicable law.

We do not use the information we collect to provide advertising of third party products and services or targeted advertising of Heyday products and services across third party websites or service offerings.

How We May Share Your Personal Information

Although we try to avoid sharing your personal information with third parties where possible, we have set out below the instances in which such sharing may occur.

We rely on third party service providers to perform a variety of services on our behalf, such hosting, data storage and processing service providers, and analytics service providers, including:

  • Hubspot. We use hubspot to send marketing emails and to track marketing leads. Here is their statement on GDPR compliance.
  • Facebook. We use the Facebook API to build Facebook Messenger experiences. Facebook has access to all information that comes through their bots. Here is their statement on Facebook Messenger and GDPR.
  • Amazon AWS. We use Amazon AWS for hosting. Here is their information on GDPR compliance.
  • Google Firebase. We use Firebase, a framework maintained by the Google subsidiary Firebase, through which we track and administer real-time functions via the App. Here is their information on GDPR compliance.

If we provide your information to service providers, we take reasonable measures to ensure that the rules set forth in this Privacy Policy are complied with and these third parties provide sufficient guarantees to implement appropriate security measures. We also require that they only use your personal information for the limited purposes for which it is provided.  When our service providers no longer need your personal information for those limited purposes, we require that they dispose of the personal information. In some circumstances, we may permit our service providers to retain aggregated, anonymized or statistical information that does not identify you. We do not authorize the service providers to disclose your personal information for unauthorized purposes. If you would like more information about our service providers, please contact us using the contact information in the “Contact Us” section below.

Additionally, we may use and disclose your information when we believe such use or disclosure is permitted, necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce the terms of the agreements for our products and services; (e) to protect our operations or those of any of our affiliates or subsidiaries; (f) to protect our rights, privacy, safety or property, and/or those of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain. In addition, we may transfer your personal information and other information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, brands, affiliates, subsidiaries or other assets.

If we otherwise intend to disclose your personal information to a third party, we will identify that third party and the purpose for the disclosure, and obtain your consent.

Opting Out of Communications

If you no longer want to receive marketing-related emails from us, you may opt-out of receiving marketing-related emails by clicking the “unsubscribe” link at the bottom of any email you receive from us. You may also opt-out by contacting us directly using the contact information in the “Contact Us” section below.

We will endeavour to respond to your opt-out request promptly, but we ask that you please allow us a reasonable time to process your request. Please note that if you opt-out from receiving marketing-related emails, we may still need to send you communications about your use of our products or services, or other matters.

Retention of Personal Information

We will use, disclose or retain your personal information only for as long as necessary to fulfill the purposes for which that personal information was collected and as permitted or required by law. If you would like further information regarding the periods for which your personal information will be retained, please contact us as set forth in the “Contact Us” section below.

Information Security

We have implemented physical, organizational, contractual and technological security measures with a view to protecting your personal information and other information from loss or theft, unauthorized access, disclosure, copying, use or modification. We have taken steps to ensure that the only personnel who are granted access to your personal information are those with a business ‘need-to-know’ or whose duties reasonably require such information.

Despite the measure outlined above, no method of information transmission or information storage is 100% secure or error-free, so we unfortunately cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any information that you provided to us has been compromised), please contact us immediately using the contact information in the “Contact Us” section below. If we learn of a security breach involving your personal information, we will inform you and the relevant authorities of the occurrence of the breach as required under applicable law.

Rights Regarding Your Personal Information

You may make a written request to review any personal information about you that we have collected, used or disclosed, and we will provide you with any such personal information to the extent required by law. You may also challenge the accuracy or completeness of your personal information in our records. If you successfully demonstrate that your personal information in our records is inaccurate or incomplete, we will amend the personal information as required.

Under the GDPR, you may be entitled to additional rights, including: (i) the right to withdraw consent to processing where consent is the basis of processing; (ii) the right to access your personal information and certain other supplementary information, under certain conditions; (iii) the right to object to unlawful data processing, under certain conditions; (iv) the right to erasure of personal information about you, under certain conditions; (v) the right to demand that we restrict processing of your personal information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, or believe your personal information is inaccurate; (vi) the right to data portability of personal information that you provided us in a structured, commonly used, and machine-readable format, under certain conditions; (vii) the right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions; and (viii) the right to lodge a complaint with data protection authorities. If you want to learn more about your rights under the GDPR, you can visit the European Commission’s page on Data Protection at: <http://ec.europa.eu/justice/data-protection/index_en.htm>.

We may require that you provide appropriate identification to fulfill your request. Any such identifying information will be used only for this purpose.

International Transfer and Storage of Information

Your personal information may be stored and processed in any country (including the United States) where we have facilities or in which we engage third party service providers. As a result, your personal information may be transferred to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of your country, it is subject to the laws of the country in which it is located, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. However, our practices regarding your personal information will at all times continue to be governed by this Privacy Policy and, if applicable, we will comply with GDPR requirements providing adequate protection for the transfer of personal information from the EU/EEA to a third country.

Third Party Websites and Services

This Privacy Policy applies only to our products and services. This Privacy Policy does not extend to any websites or products or services provided by third parties. We do not assume responsibility for the privacy practices of such third parties, and we encourage you to review all third party privacy policies prior to using third party websites or products or services.

Children’s Information

We do not knowingly collect personal information from children under the age of 16. If you are under the age of 16, you should not provide us with your personal information. If you are a parent or guardian and discover that your child under the age of 16 has provided personal information, then you may alert us as set forth in the “Contact Us” section below and request that we delete that child’s personal information from our systems.

Privacy Policy Updates

This Privacy Policy is current as of the “updated” date which appears at the top of this page. We may modify this Privacy Policy from time to time. When changes are made to this Privacy Policy they will become immediately effective when published in a revised Privacy Policy posted on our Website unless otherwise noted. We may also communicate the changes through our services or by other means. By submitting your personal information to us, by registering for or using any of the services we offer, by using our Website, or by voluntarily interacting with us after we publish or communicate a notice about the changes to this Privacy Policy, you consent to our collecting, using and disclosing your personal information as set out in the revised Privacy Policy.

Contact Us

All comments, questions, concerns, requests or complaints regarding your personal information or our privacy practices (including with respect to any service providers outside of your country of residence) should be sent to our Privacy Officer as follows:

 

By mail: Attention: Privacy Officer
917, Mont-Royal Ave E, Montreal, Quebec, H2J 1X3
By e-mail: privacy@heyday.ai