PRIVACY POLICY

Last updated: September 20, 2023


1. PRELIMINARY REMARKS

At BKIND Enterprise inc. (the “Company” or “we”), protecting your personal information is our top priority. This is why we have developed this Privacy Policy (the “Policy”) to inform you about how we collect, use, communicate, and protect your personal information (as defined below) as part of your use of the website, social media and physical store and online store operated by or on behalf of the Company (collectively referred to as the “Services”).

If you have any questions or comments regarding this Policy, please do not hesitate to contact our Privacy Officer:

Marilyne Bouchard
5301 Saint-Laurent Boulevard, Montreal
Quebec, Canada
H2T 1S5
Telephone: 514 850-1587
Email: hello@bkind.ca


2. MEANING OF PERSONAL INFORMATION

Under the terms of this Policy, the term “Personal Information” means any information relating to an identified or identifiable natural person. An identifiable person is one who can be directly or indirectly identified by referring to specific elements linked to their physical, physiological, genetic, psychological, economic, cultural or social identity.


3. COMPLIANCE

The Company undertakes to comply, through the implementation of this Policy, with the provisions of the Act respecting the protection of personal information in the private sector (Québec), the Act respecting the protection of personal information and documents (Canada) and Regulation (EU) 2016/679 (General Data Protection Regulation) relating to the collection, holding, use, disclosure, protection and any other processing of your Personal Information.

4. CONSENT

By accepting this Policy, you expressly accept the processing practices (collection, use, communication, etc.) mentioned therein based on your specific choices regarding the protection of your Personal Information, subject to the specific consents that you may do not want to give to us or that you would have withdrawn in accordance with this Policy. Furthermore, by accepting this Policy, you expressly declare:

(a) that you are at least 14 years old if you reside in Canada and that you are of legal age to consent to the processing of your Personal Information in the territory in which you reside (16 years old for the European Economic Area and the United Kingdom). United); Or
(b) that you are the parent or legal guardian of a minor child and that you have expressly consented to the processing of that minor's Personal Information as described in this Policy.


We do not wish to process the Personal Information of minors unless we have previously received parental consent. If we become aware that we are processing the Personal Information of a minor without having obtained such consent, we will take the necessary steps to erase that Personal Information as soon as possible. We will process your Personal Information only on the contractual basis of providing you the Service and in accordance with this Policy.

Before communicating to the Company any Personal Information of a third party, you acknowledge that you have obtained the consent of the person concerned by this Personal Information to make this communication. By providing Personal Information to the Company, you agree that we may collect or use such Personal Information in accordance with this Policy and in accordance with the privacy preferences you have indicated to us, if any, and such as authorized or required by law. Subject to legal and contractual requirements, you may refuse or withdraw your consent for certain purposes at any time by contacting us. If you refuse or withdraw your consent, we may be unable to provide or continue to provide you with certain services or information that may be useful to you. Except as otherwise expressly permitted by law, the Company will not use or communicate your Personal Information with anyone except as provided in this Policy.


5. COLLECTION OF PERSONAL INFORMATION

In certain circumstances, the Company may ask you to provide certain Personal Information, whether, for example, when registering for one of the Services, entering a contest or when you post comments on the Services. The Company also collects Personal Information through cookies and other similar technologies. You are at all times free to agree or not to provide any Personal Information. In the event of refusal, you will nevertheless have access to most of the Services. However, you will not be able to access sections that require you to provide such Personal Information. The Company limits the collection of Personal Information to that necessary for the purposes set out in this Policy.

5.1 Types of Personal Information

We process the following Personal Information: your name, gender, email address, residence address, date of birth, telephone numbers, language preference, your previous purchases (list of products purchased, order date, billing and delivery address ), the data necessary for payment processing, including credit card numbers, excluding their CVV. We also process data relating to your image captured by our surveillance cameras located in the public areas of our establishments. We may also process the following Personal Information in certain circumstances: your geolocation data, your social media account identifiers, your profile photos and other information that you make public via your social media accounts.

In addition, we process certain cookies and other similar technologies. Please refer to the BROWSING INFORMATION, COOKIES AND SOCIAL MEDIA WIDGETS section of this Policy to learn more about how we process Personal Information that may result from it. We record log files on the servers of certain Services that include certain information such as your IP address, the unique identifier of your device, the date and time of your use of the Services, cookies that identify your browser and the language thereof, as well as the various requests to the servers and their responses. These files may constitute personal information about you. Finally, we collect information about the devices with which you access the Services, such as device model, operating system version, memory and unique device identifiers, advertising cookies, browser type , language, time zone, information about your mobile and wireless network connections (your mobile phone number, your service provider and signal strength). This information may constitute Personal Information about you. Here are the purposes and legal bases which authorize the Company to process your Personal Information.

5.2 Purposes and legal bases of collection

The Personal Information you provide will be used primarily for the following purposes, in addition to the purposes expressly designated:

a) Help the Company ensure the relevance of the Services by adapting the content to your personal needs;
b) Help the Company evaluate and improve the Services;
c) Optimize your customer experience when using the Services; d) Complete a transaction initiated via the Services;
e) Provide after-sales service following a transaction completed via the Services;
f) Allow your registration to the Services and your subsequent identification;
g) Allow you to identify user content that you post on the Services;
h) Inform you of any fact or event likely to be of interest to you;
i) Allow us to target your tastes and interests in order to offer you advertisements likely to be of interest to you;
j) Subscribe, upon request, to our mailing list and to our various competitions and promotions;
k) Allow you to take full advantage of the features and services offered on the Services;
l) Allow you to receive notifications, updates, alerts or other forms of communications from us relating to the Services.
The legal bases for processing your Personal Information are identified below. We process your name, gender, email address, residence address, date of birth and telephone numbers to recognize you when you use our customer service. The legal basis for this processing is our legitimate interest in providing you with the best possible customer service while protecting your Personal Information. We also process your email address and telephone numbers to send you important messages about the Services, such as messages relating to the security of the Services and updating this Policy. The legal basis for this collection is our legitimate interest in providing you with important security or other important information relating to the Services or changes to this Policy. We will process your telephone number as part of resetting your password in the event that you may have forgotten your password.

If you have expressly consented to receive advertising information from us or have purchased one of our products or services, we will also process your email address to send you such information about us or the Services. The legal basis for this processing is your consent. You can withdraw your consent at any time by changing your preferences in your account or by contacting the Director of Data Protection or by clicking on the withdrawal of consent link at the bottom of our advertising emails. In the event that we do not obtain your explicit consent to send you these advertising emails, we will not send you such emails beyond a period of two years following your last purchase. The content of some of the advertising emails you may receive from us is determined automatically by a computer algorithm that uses your Internet Protocol (IP) address and cookies that are associated with your Internet profile. The legal basis for this processing is our legitimate interest in reducing the number of advertising emails we send to you by automatically choosing content more suited to your profile instead of forwarding all of our advertising emails to all our users who have consented to receiving emails advertising from us. Upon request, we will inform you of the reasons, as well as the main factors and parameters, leading to this advertising choice. We also process your date of birth in order to offer you gifts on your birthday, such as discounts on our products and services. The legal basis for this processing is our legitimate interest in providing you with a customer experience that meets your expectations. We process your language preference in order to communicate with you in the language you use. The legal basis for this processing is our legitimate interest in providing you with the best possible customer service in the language of your choice, subject to the availability of our staff who are able to communicate with you in that language.

We or our service providers process data necessary for payment processing, including credit card numbers, excluding CVV, to complete your transactions. The legal basis for this processing is our legitimate interests in ensuring that any payments you make to us are carried out correctly. Certain cookies and other similar technologies may constitute Personal Information about you. We process such cookies and other similar technologies, such as Google Analytics, to track activities on the Services and retain certain information to improve the Services and the overall experience when using the Services. If you have consented to the collection of information through cookies and other similar technologies, we will process these cookies and other similar technologies, with the help of third-party analytics services, for the purposes associated with each type of cookie mentioned in the BROWSING INFORMATION, COOKIES AND SOCIAL MEDIA WIDGETS section of this Policy. The legal basis for this processing is your consent. You can withdraw your consent at any time by changing your preferences in your account or by contacting the Data Protection Officer. The content of advertisements you may receive from us or third parties (for example by visiting third party websites) is determined automatically by a computer algorithm using your IP address and these cookies. The legal basis for this processing is our legitimate interest in reducing the number of advertisements to which you will be subjected and to increase their relevance by automatically choosing content more suited to your profile instead of submitting all of our advertisements to all of our users who have consented to the use of advertising cookies.

Please also be assured that we do not associate any cookie identifiers or similar technologies with information relating to your racial or ethnic origin, your political opinions, your religious or philosophical beliefs or your trade union membership, your health, your sex life or your sexual orientation or your genetic or biometric data which could allow you to be uniquely identified. We process log files relating to your use of the Services in order to understand the source of an error in the event of an error or bug in the Services and in order to establish connection statistics to the Services. The legal basis for this processing is our legitimate interest in minimizing the number of interruptions and failures of the Online Services during your use of them. Finally, we process information from the devices with which you access the Services to ensure consistency of the Services across all of your devices supporting the Services. The legal basis for this processing is our legitimate interest in ensuring that the Services can be accessed consistently across as many devices as possible. We remind you that it is not secure to transmit your data necessary for payment, including your credit card numbers, by email, SMS or social media. To protect this data, please only transmit it to us in person, through our transactional portal on our website, by telephone or by fax.


6. SENSITIVE PERSONAL INFORMATION

Except when specifically and explicitly requested, we ask you not to transmit to us any Personal Information relating to your racial or ethnic origin, your political opinions, your religious or philosophical beliefs or your union membership, your health, your sex life or your sexual orientation. nor to your genetic or biometric data which could allow your unique identification nor relating to criminal or criminal convictions, nor to such Personal Information relating to a third party.

7. TRANSFER AND SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES
The Company does not sell your Personal Information to third parties and does not use or disclose your Personal Information for purposes other than those for which it was collected, unless the Company obtains your explicit consent, in an emergency (i.e. to protect a person's life, health or property) or as required by law. Except in cases provided for by law or those expressly provided for in this Policy, the Company will never disclose your Personal Information to a third party. The Company may share some of your Personal Information when necessary to provide you with the services to which you expect and are entitled. Although it cannot be held responsible, the Company undertakes to take the means reasonably necessary to ensure that Personal Information shared with third parties is stored in a manner consistent with this Policy.
7.1 Communications to Service Providers.
We may share your personal information with other companies that provide services on our behalf or on our behalf. In addition, we may disclose your Personal Information to an organization or individual whose services have been retained by the Company, including our auditors. We will only provide these companies with the information they need to provide the service and they are prohibited from using this information for any other purpose. The Company shares certain Personal Information with its service providers, particularly in the following cases:
  • a) Payments for your online purchases made via the bkind.com online store. The information transmitted is that which is essential to the processing of your payment. Your credit card number is only used for transactions you make on the bkind.com store. It is not accessible to the Company or to anyone at the time of the transaction, except for the online payment service Shopify Shop Pay, Google Pay, Apple Pay or Paypal. All Personal Information transmitted at the time of your order, including your credit card number, in addition to remaining strictly confidential, is encrypted so that it cannot be intercepted. A small locked padlock appearing at the bottom of the browser window as well as the URL address starting with "https://" rather than "http://" tells you that the page on which you are carrying out your transactions is protected by the protocol SSL (Secure Sockets Layer).
  • b) In the case of a user connecting to the Services through the Facebook Connect service (see section 8 below), certain information or personal information may be transmitted to Facebook Inc. ("Facebook") for, for example, monitor your behavior on the Services and thus offer you a more personalized user experience on Facebook. We encourage you to review Facebook’s privacy policy and terms of use before using the Facebook Connect service.

Here is the list of the Company's partners and suppliers to whom we may transmit your Personal Information:

  • Google: Visit and purchase statistics
  • Meta: Visit and purchase statistics
  • Shopify: Visit statistics, personal information, purchases
  • Klaviyo: Personal information, purchases
  • Google Ad: Visit statistics
  • PayPal: Personal information, purchases, payment data
  • Growave: Personal information, purchases
7.2 Communication in the context of transfers of activities.
Information about our users, including Personal Information, may be disclosed in connection with a bankruptcy, merger, sale, or transfer of Company assets, acquisition or acquisition. a similar transaction. In the event of such a transaction during which your Personal Information should be transferred to a third party, we will make reasonable efforts to notify you. For example, we will post notice of transfer of Personal Information on the Services and, if we have your email address, we will send notice of transfer of Personal Information to that address. In addition, we will require the third party receiving your Personal Information in such a context to agree to protect the confidentiality of your Personal Information in a manner consistent with this Policy and to comply with applicable laws regarding Personal Information. It must also undertake to process your Personal Information only in accordance with this Policy unless it notifies you in advance, and when required by law, by obtaining your prior consent.
7.3 Application of law and communication under law.
We may disclose your Personal Information if we believe in good faith that such action is required by a subpoena, warrant, or other judicial or administrative order issued in accordance with the law. We may also disclose Personal Information if we believe in good faith that such action is appropriate or necessary to avoid a violation of our terms or conditions of use, our user license agreements or any other agreement to which you are gone; to protect us against a claim; to protect our rights, property, safety or those of a partner, person or the public; to maintain and ensure the security and integrity of the Services or our infrastructure against improper or illegal use; to defend ourselves against third party claims or allegations; or to collaborate with government regulatory agencies having jurisdiction.
7.4 Other.
We may transmit your Personal Information to third parties if: i) we have obtained your consent to do so, ii) to our legal or other advisors, if they are subject to confidentiality obligations at least as strict as those provided for in this Policy and that they comply with applicable laws regarding Personal Information.

8. BROWSING INFORMATION, COOKIES, AND SOCIAL MEDIA WIDGETS
In order to ensure proper management of our Services and optimize navigation, our Services collect standard internet log file data, including your IP address, browser type and language, access frequency, and referral website addresses, using various types of cookies and conversion tags. Additionally, certain browsing behaviors may be recorded for analytical purposes. This browsing information is used, among other things, to measure user interest and usage of specific parts of the Services, as well as the effectiveness of certain promotional programs administered by or on behalf of the Company.
8.1 Cookies
Cookies, also known as text files, contain small amounts of information downloaded to your device when you visit a website. Cookies are then sent back to the original website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user's device. Cookies serve several different functions, such as allowing you to navigate between pages efficiently, saving your preferences, and improving the overall user experience. They can also ensure that the ads you see online are more relevant to you and your interests. Our server installs a permanent cookie on your devices during your first visit and, depending on the applications used, other permanent or temporary cookies may be used to technically manage certain choices you make. Rest assured that no personally identifiable information is stored in cookies.
8.2 Opting Out of Allowing Cookies
You can adjust your browser to notify you when you receive a cookie, allowing you to decide whether or not to accept it. We will inform you in advance, if applicable, that when choosing your preferences, we will use a cookie to remember your preferences.
8.3 Analytical Tools
We use analytical tools and other third-party technologies, such as Google Analytics and Facebook Analytics, to collect non-personal information in the form of various usage and user measures when you use the Services. These tools and technologies collect and analyze certain types of information, including cookies, IP addresses, device and software identifiers, referral and exit URLs, online behavior and usage data, feature usage and statistics, usage and purchase histories, MAC address, unique mobile device identifier, and similar information.
8.4 Internet Protocol Address
The Internet Protocol (IP) address is associated with your device's internet connection by your Internet Service Provider. The Company may use this IP address to, among other things, diagnose problems with its web servers, manage the Services, and compile statistics.
8.5 Facebook and Social Media
Furthermore, our Services include certain functions related to social media, such as the Facebook Like button. These functions may collect your IP address, record the pages you visit on our site, and leave a cookie to allow the function to work properly. Social media functions and widgets are either hosted by a third party or directly on our site. Your interactions with these functions are governed by the privacy policy of the company providing them.
Our Services may host blogs, forums, and other social media applications or services that allow interaction between us, you, and other users of our Services. Any information you disclose using these applications, including personal information, may be viewed, collected, and used by other users. We have little or no control over these applications, therefore, we are not responsible for the use, misuse, or unauthorized appropriation by another user of any information you disclose on these applications. By accepting this Policy, you consent to granting us a global, perpetual license to reproduce, broadcast, modify, adapt, translate, and otherwise use the information you disclose on these blogs and forums. You acknowledge that your comments, suggestions, ideas, or proposals related to the Services, their features, or the business activities in which the Company engages, that you submit to us (the "Suggestions"), are not confidential and may be disclosed, used, adapted, or applied by the Company without any obligation for remuneration or any other form of compensation.

Registration and login to the Services may, in some cases, be done via the Facebook Connect service offered by Facebook. The use of Facebook Connect is subject to Facebook's privacy policy and terms of use. When you use Facebook Connect, your Facebook profile, public data, and, if applicable, other information that you have expressly agreed to share with the Company, available on Facebook, are transferred from Facebook to the Company for the purpose of registering you for the Services and providing you with full access to its features. By logging in via Facebook Connect, you authorize the transfer of the above-mentioned data from your Facebook profile to the Company. If you refuse this data transfer, please create an account on the Services without using the Facebook Connect service.


9. PROCESSING OF YOUR PERSONAL INFORMATION IN CANADA
We process your Personal Information in Quebec, but some of our service providers process your Personal Information outside of Quebec and Canada. Therefore, your Personal Information may be processed and stored on servers located outside of your country, province, state, or other governmental jurisdiction where the laws regarding the protection of Personal Information may differ. We ensure that your Personal Information is processed securely in accordance with this Policy, and that no transfer of your Personal Information will be made to an organization or country unless appropriate or adapted safeguards, including security measures for your Personal Information, have been implemented. For any transfer of your Personal Information to a jurisdiction other than Quebec and Canada, we take all necessary measures to ensure that your Personal Information is processed in accordance with this Policy and applicable laws regarding the protection of Personal Information, such as standard contractual clauses. These standard contractual clauses or other appropriate or adapted safeguards for this transfer outside of Canada can be obtained upon request to the Director of Data Protection.

10. RETENTION AND PROTECTION OF PERSONAL INFORMATION
10.1 Retention
The Company is committed to retaining your Personal Information only for the duration necessary to fulfill the purposes identified in this Policy. Specifically:
  • a) As long as you keep your user account, we will retain the Personal Information requested from you when opening it;
  • b) We erase all information collected using cookies or similar technologies within a maximum of 13 months;
  • c) We erase all log files within a maximum of 12 months;
  • d) We erase all information from your devices that we collect within a maximum of 12 months;
  • e) We erase all other types of Personal Information within a maximum of 12 months.

In addition, the Company may, as needed, retain Personal Information related to a given user account or former customer even after the given user account has been closed or the transaction initiated through the Services has been completed, in order to (i) fulfill any legal obligations that may be imposed by law or otherwise, (ii) resolve any disputes, (iii) prevent any fraud or abuse, or (iv) enforce this Policy or the general terms and conditions. Despite the above, we retain your personal information in our systems for the duration of the deletion cycle of our systems. This Policy applies to the Personal Information of our former users and customers, and we take the same care and precautions for them as for our current users and customers.

10.2 Protection
In order to prevent loss and theft, as well as unauthorized access, disclosure, or use of your Personal Information, we have implemented physical, electronic, and operational protection and security measures in accordance with industry standards and practices. In addition, we encrypt Personal Information and restrict access to your Personal Information to employees who need it to perform their function. Despite the above, data, including emails and internet communications, network communications, telephone communications, or any other electronic means may be intercepted unlawfully by unauthorized third parties. The Company cannot guarantee absolute effectiveness and/or security of the Services. Through indirect and unlawful means, among other things, a hacker may succeed in penetrating the servers of the Services. Therefore, it is important to keep in mind, before using the features offered by the Services, that it is always possible that a malicious individual may access the servers of the Services and use the information you have disclosed on or via them for their own purposes. In the event of a security breach, we may attempt to send you a notice by email to allow you to take the necessary protective measures.

11. YOUR RIGHTS
11.1 Access to Your Personal Information and Portability

At any time, you may request that the Company provide you with a list of the Personal Information it holds about you and, if applicable, inform you if your Personal Information has been disclosed to third parties (your "Record"). Access to your Record is free. However, reasonable fees may be required if you request the transcription, reproduction, or physical transmission of your Record. We will inform you in advance, if applicable, if fees may apply to your request. Without limiting the generality of the foregoing, you have the right to receive the Personal Information about you that you have provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this Personal Information to another data controller without us obstructing it, when i) the processing is based on your consent or on a contract concluded between you and us, and ii) the processing is carried out by automated means. Furthermore, where technically feasible, you may obtain that this Personal Information is transmitted directly by us to your new data controller.

11.2 Accuracy of Your Personal Information

The Personal Information you provide to the Company should be as complete, accurate, and up-to-date as possible. You may request at any time that your Record be updated to correct any errors or complete any Personal Information contained therein. In addition, you may request that any Personal Information that has become obsolete or irrelevant for the purposes described in this Policy be deleted from your Record. Most of your Personal Information can be accessed and corrected by logging into your account and accessing your profile. Otherwise, we invite you to contact the Director of Data Protection, whose contact information is at the end of this Policy, to make the request. Without limiting the generality of the foregoing, you have the right at any time, except in certain circumstances provided by law, to request the erasure of your Personal Information if: i) it is no longer necessary for the purposes for which it was collected or otherwise processed; ii) we have obtained your consent to the processing of this Personal Information and there is no other legal basis for the processing; iii) you object to the processing and there are no overriding legitimate grounds for the processing, iv) this Personal Information has been unlawfully processed; or v) it must be erased to comply with a legal obligation provided by an applicable law. Despite the above, we retain your personal information in our systems for the duration of the deletion cycle of our systems.

11.3 Restriction of Processing or the Right to Object to Processing

You have the right at all times, in certain circumstances provided by applicable legislation, to request from the Director of Data Protection, whose contact information is at the end of this Policy, that the Company limit certain processing of your Personal Information or that you object to such processing.

11.4 Notices, Complaints, and Communications

By publishing this Policy, the Company makes precise information about its policies and practices regarding the management of Personal Information available to anyone. If you have any questions regarding this Policy, please do not hesitate to contact the Director of Data Protection, who is responsible for the Policy within the Company and can be reached at the address mentioned at the end of this Policy, so that we can respond to the extent possible. We reserve the right to ask you for certain information to identify you. In case of non-compliance with the principles set out in this Policy, you can file a complaint with the Company by contacting the Director of Data Protection. Depending on your jurisdiction (e.g. Canada), you may also file a complaint with a supervisory authority.


12. LINKS TO THIRD-PARTY SITES

You may find hyperlinks on the Services leading to websites that are not under the control or responsibility of the Company. The Company has no means to control these websites and is not responsible for the availability, reliability, or legality of such websites, nor does it guarantee them. The Company does not endorse or approve of them. You access third-party websites entirely at your own risk. The Company reserves the right to insert advertising messages throughout the Services, messages that may lead to links to other websites. At no time does the Company endorse, endorse, or assume responsibility for the ideas, opinions, products, services, or more generally the content conveyed in the advertising messages and on the third-party websites to which they provide access.


13. UPDATES TO THE POLICY

We continuously adjust our practices regarding the respect of Personal Information to ensure they always comply with the principles of the Private Sector Personal Information Protection Act (Quebec), the Personal Information Protection and Electronic Documents Act (Canada), and Regulation (EU) 2016/679 (General Data Protection Regulation). When the Company, at its sole discretion, makes changes to this Policy, we will modify the "Last Update" date as found above. Although it is not our intention to frequently or substantially modify this Policy, it may happen that we do so to better serve you in the future or in view of the evolution of our service offering, technology, or the law. We invite you to review the content regularly to be informed of any changes to the Policy. If the changes prove to be substantial, at least 30 days before they take effect, we will send you a notification to the email address you provided to us or by any other means so that you can review the modifications before continuing to use the Service for which your consent to these changes is required. If you disapprove of one or more changes, you must cease using this Service that requires your consent. If you have any questions or concerns about the protection of your Personal Information or wish to exercise any of your rights in this regard, please contact the Director of Data Protection:

Marilyne Bouchard
5301 Saint-Laurent Boulevard, Montreal
Quebec, Canada
H2T 1S5
Telephone: 514 850-1587
Email: hello@bkind.ca