Last updated: September 20, 2023
1. PRELIMINARY REMARKS
If you have any questions or comments regarding this Policy, please do not hesitate to contact our Privacy Officer:
5301 Saint-Laurent Boulevard, Montreal
Telephone: 514 850-1587
2. MEANING OF PERSONAL INFORMATION
Under the terms of this Policy, the term “Personal Information” means any information relating to an identified or identifiable natural person. An identifiable person is one who can be directly or indirectly identified by referring to specific elements linked to their physical, physiological, genetic, psychological, economic, cultural or social identity.
The Company undertakes to comply, through the implementation of this Policy, with the provisions of the Act respecting the protection of personal information in the private sector (Québec), the Act respecting the protection of personal information and documents (Canada) and Regulation (EU) 2016/679 (General Data Protection Regulation) relating to the collection, holding, use, disclosure, protection and any other processing of your Personal Information.
By accepting this Policy, you expressly accept the processing practices (collection, use, communication, etc.) mentioned therein based on your specific choices regarding the protection of your Personal Information, subject to the specific consents that you may do not want to give to us or that you would have withdrawn in accordance with this Policy. Furthermore, by accepting this Policy, you expressly declare:
We do not wish to process the Personal Information of minors unless we have previously received parental consent. If we become aware that we are processing the Personal Information of a minor without having obtained such consent, we will take the necessary steps to erase that Personal Information as soon as possible. We will process your Personal Information only on the contractual basis of providing you the Service and in accordance with this Policy.
Before communicating to the Company any Personal Information of a third party, you acknowledge that you have obtained the consent of the person concerned by this Personal Information to make this communication. By providing Personal Information to the Company, you agree that we may collect or use such Personal Information in accordance with this Policy and in accordance with the privacy preferences you have indicated to us, if any, and such as authorized or required by law. Subject to legal and contractual requirements, you may refuse or withdraw your consent for certain purposes at any time by contacting us. If you refuse or withdraw your consent, we may be unable to provide or continue to provide you with certain services or information that may be useful to you. Except as otherwise expressly permitted by law, the Company will not use or communicate your Personal Information with anyone except as provided in this Policy.
5. COLLECTION OF PERSONAL INFORMATION
In certain circumstances, the Company may ask you to provide certain Personal Information, whether, for example, when registering for one of the Services, entering a contest or when you post comments on the Services. The Company also collects Personal Information through cookies and other similar technologies. You are at all times free to agree or not to provide any Personal Information. In the event of refusal, you will nevertheless have access to most of the Services. However, you will not be able to access sections that require you to provide such Personal Information. The Company limits the collection of Personal Information to that necessary for the purposes set out in this Policy.
5.1 Types of Personal Information
We process the following Personal Information: your name, gender, email address, residence address, date of birth, telephone numbers, language preference, your previous purchases (list of products purchased, order date, billing and delivery address ), the data necessary for payment processing, including credit card numbers, excluding their CVV. We also process data relating to your image captured by our surveillance cameras located in the public areas of our establishments. We may also process the following Personal Information in certain circumstances: your geolocation data, your social media account identifiers, your profile photos and other information that you make public via your social media accounts.
In addition, we process certain cookies and other similar technologies. Please refer to the BROWSING INFORMATION, COOKIES AND SOCIAL MEDIA WIDGETS section of this Policy to learn more about how we process Personal Information that may result from it. We record log files on the servers of certain Services that include certain information such as your IP address, the unique identifier of your device, the date and time of your use of the Services, cookies that identify your browser and the language thereof, as well as the various requests to the servers and their responses. These files may constitute personal information about you. Finally, we collect information about the devices with which you access the Services, such as device model, operating system version, memory and unique device identifiers, advertising cookies, browser type , language, time zone, information about your mobile and wireless network connections (your mobile phone number, your service provider and signal strength). This information may constitute Personal Information about you. Here are the purposes and legal bases which authorize the Company to process your Personal Information.
5.2 Purposes and legal bases of collection
The Personal Information you provide will be used primarily for the following purposes, in addition to the purposes expressly designated:
If you have expressly consented to receive advertising information from us or have purchased one of our products or services, we will also process your email address to send you such information about us or the Services. The legal basis for this processing is your consent. You can withdraw your consent at any time by changing your preferences in your account or by contacting the Director of Data Protection or by clicking on the withdrawal of consent link at the bottom of our advertising emails. In the event that we do not obtain your explicit consent to send you these advertising emails, we will not send you such emails beyond a period of two years following your last purchase. The content of some of the advertising emails you may receive from us is determined automatically by a computer algorithm that uses your Internet Protocol (IP) address and cookies that are associated with your Internet profile. The legal basis for this processing is our legitimate interest in reducing the number of advertising emails we send to you by automatically choosing content more suited to your profile instead of forwarding all of our advertising emails to all our users who have consented to receiving emails advertising from us. Upon request, we will inform you of the reasons, as well as the main factors and parameters, leading to this advertising choice. We also process your date of birth in order to offer you gifts on your birthday, such as discounts on our products and services. The legal basis for this processing is our legitimate interest in providing you with a customer experience that meets your expectations. We process your language preference in order to communicate with you in the language you use. The legal basis for this processing is our legitimate interest in providing you with the best possible customer service in the language of your choice, subject to the availability of our staff who are able to communicate with you in that language.
We or our service providers process data necessary for payment processing, including credit card numbers, excluding CVV, to complete your transactions. The legal basis for this processing is our legitimate interests in ensuring that any payments you make to us are carried out correctly. Certain cookies and other similar technologies may constitute Personal Information about you. We process such cookies and other similar technologies, such as Google Analytics, to track activities on the Services and retain certain information to improve the Services and the overall experience when using the Services. If you have consented to the collection of information through cookies and other similar technologies, we will process these cookies and other similar technologies, with the help of third-party analytics services, for the purposes associated with each type of cookie mentioned in the BROWSING INFORMATION, COOKIES AND SOCIAL MEDIA WIDGETS section of this Policy. The legal basis for this processing is your consent. You can withdraw your consent at any time by changing your preferences in your account or by contacting the Data Protection Officer. The content of advertisements you may receive from us or third parties (for example by visiting third party websites) is determined automatically by a computer algorithm using your IP address and these cookies. The legal basis for this processing is our legitimate interest in reducing the number of advertisements to which you will be subjected and to increase their relevance by automatically choosing content more suited to your profile instead of submitting all of our advertisements to all of our users who have consented to the use of advertising cookies.
Please also be assured that we do not associate any cookie identifiers or similar technologies with information relating to your racial or ethnic origin, your political opinions, your religious or philosophical beliefs or your trade union membership, your health, your sex life or your sexual orientation or your genetic or biometric data which could allow you to be uniquely identified. We process log files relating to your use of the Services in order to understand the source of an error in the event of an error or bug in the Services and in order to establish connection statistics to the Services. The legal basis for this processing is our legitimate interest in minimizing the number of interruptions and failures of the Online Services during your use of them. Finally, we process information from the devices with which you access the Services to ensure consistency of the Services across all of your devices supporting the Services. The legal basis for this processing is our legitimate interest in ensuring that the Services can be accessed consistently across as many devices as possible. We remind you that it is not secure to transmit your data necessary for payment, including your credit card numbers, by email, SMS or social media. To protect this data, please only transmit it to us in person, through our transactional portal on our website, by telephone or by fax.
6. SENSITIVE PERSONAL INFORMATION
7. TRANSFER AND SHARING OF PERSONAL INFORMATION WITH THIRD PARTIES
- a) Payments for your online purchases made via the bkind.com online store. The information transmitted is that which is essential to the processing of your payment. Your credit card number is only used for transactions you make on the bkind.com store. It is not accessible to the Company or to anyone at the time of the transaction, except for the online payment service Shopify Shop Pay, Google Pay, Apple Pay or Paypal. All Personal Information transmitted at the time of your order, including your credit card number, in addition to remaining strictly confidential, is encrypted so that it cannot be intercepted. A small locked padlock appearing at the bottom of the browser window as well as the URL address starting with "https://" rather than "http://" tells you that the page on which you are carrying out your transactions is protected by the protocol SSL (Secure Sockets Layer).
Here is the list of the Company's partners and suppliers to whom we may transmit your Personal Information:
- Google: Visit and purchase statistics
- Meta: Visit and purchase statistics
- Shopify: Visit statistics, personal information, purchases
- Klaviyo: Personal information, purchases
- Google Ad: Visit statistics
- PayPal: Personal information, purchases, payment data
- Growave: Personal information, purchases
8. BROWSING INFORMATION, COOKIES, AND SOCIAL MEDIA WIDGETS
9. PROCESSING OF YOUR PERSONAL INFORMATION IN CANADA
10. RETENTION AND PROTECTION OF PERSONAL INFORMATION
- a) As long as you keep your user account, we will retain the Personal Information requested from you when opening it;
- b) We erase all information collected using cookies or similar technologies within a maximum of 13 months;
- c) We erase all log files within a maximum of 12 months;
- d) We erase all information from your devices that we collect within a maximum of 12 months;
- e) We erase all other types of Personal Information within a maximum of 12 months.
In addition, the Company may, as needed, retain Personal Information related to a given user account or former customer even after the given user account has been closed or the transaction initiated through the Services has been completed, in order to (i) fulfill any legal obligations that may be imposed by law or otherwise, (ii) resolve any disputes, (iii) prevent any fraud or abuse, or (iv) enforce this Policy or the general terms and conditions. Despite the above, we retain your personal information in our systems for the duration of the deletion cycle of our systems. This Policy applies to the Personal Information of our former users and customers, and we take the same care and precautions for them as for our current users and customers.
11. YOUR RIGHTS
At any time, you may request that the Company provide you with a list of the Personal Information it holds about you and, if applicable, inform you if your Personal Information has been disclosed to third parties (your "Record"). Access to your Record is free. However, reasonable fees may be required if you request the transcription, reproduction, or physical transmission of your Record. We will inform you in advance, if applicable, if fees may apply to your request. Without limiting the generality of the foregoing, you have the right to receive the Personal Information about you that you have provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this Personal Information to another data controller without us obstructing it, when i) the processing is based on your consent or on a contract concluded between you and us, and ii) the processing is carried out by automated means. Furthermore, where technically feasible, you may obtain that this Personal Information is transmitted directly by us to your new data controller.
The Personal Information you provide to the Company should be as complete, accurate, and up-to-date as possible. You may request at any time that your Record be updated to correct any errors or complete any Personal Information contained therein. In addition, you may request that any Personal Information that has become obsolete or irrelevant for the purposes described in this Policy be deleted from your Record. Most of your Personal Information can be accessed and corrected by logging into your account and accessing your profile. Otherwise, we invite you to contact the Director of Data Protection, whose contact information is at the end of this Policy, to make the request. Without limiting the generality of the foregoing, you have the right at any time, except in certain circumstances provided by law, to request the erasure of your Personal Information if: i) it is no longer necessary for the purposes for which it was collected or otherwise processed; ii) we have obtained your consent to the processing of this Personal Information and there is no other legal basis for the processing; iii) you object to the processing and there are no overriding legitimate grounds for the processing, iv) this Personal Information has been unlawfully processed; or v) it must be erased to comply with a legal obligation provided by an applicable law. Despite the above, we retain your personal information in our systems for the duration of the deletion cycle of our systems.
You have the right at all times, in certain circumstances provided by applicable legislation, to request from the Director of Data Protection, whose contact information is at the end of this Policy, that the Company limit certain processing of your Personal Information or that you object to such processing.
By publishing this Policy, the Company makes precise information about its policies and practices regarding the management of Personal Information available to anyone. If you have any questions regarding this Policy, please do not hesitate to contact the Director of Data Protection, who is responsible for the Policy within the Company and can be reached at the address mentioned at the end of this Policy, so that we can respond to the extent possible. We reserve the right to ask you for certain information to identify you. In case of non-compliance with the principles set out in this Policy, you can file a complaint with the Company by contacting the Director of Data Protection. Depending on your jurisdiction (e.g. Canada), you may also file a complaint with a supervisory authority.
12. LINKS TO THIRD-PARTY SITES
You may find hyperlinks on the Services leading to websites that are not under the control or responsibility of the Company. The Company has no means to control these websites and is not responsible for the availability, reliability, or legality of such websites, nor does it guarantee them. The Company does not endorse or approve of them. You access third-party websites entirely at your own risk. The Company reserves the right to insert advertising messages throughout the Services, messages that may lead to links to other websites. At no time does the Company endorse, endorse, or assume responsibility for the ideas, opinions, products, services, or more generally the content conveyed in the advertising messages and on the third-party websites to which they provide access.
13. UPDATES TO THE POLICY
We continuously adjust our practices regarding the respect of Personal Information to ensure they always comply with the principles of the Private Sector Personal Information Protection Act (Quebec), the Personal Information Protection and Electronic Documents Act (Canada), and Regulation (EU) 2016/679 (General Data Protection Regulation). When the Company, at its sole discretion, makes changes to this Policy, we will modify the "Last Update" date as found above. Although it is not our intention to frequently or substantially modify this Policy, it may happen that we do so to better serve you in the future or in view of the evolution of our service offering, technology, or the law. We invite you to review the content regularly to be informed of any changes to the Policy. If the changes prove to be substantial, at least 30 days before they take effect, we will send you a notification to the email address you provided to us or by any other means so that you can review the modifications before continuing to use the Service for which your consent to these changes is required. If you disapprove of one or more changes, you must cease using this Service that requires your consent. If you have any questions or concerns about the protection of your Personal Information or wish to exercise any of your rights in this regard, please contact the Director of Data Protection:
5301 Saint-Laurent Boulevard, Montreal
Telephone: 514 850-1587