CD&I Associates, under its responsibility in the Processing of Personal Data and in compliance with applicable rules, adopts by this document its Policy Processing of Personal data (hereinafter the “Policy”).
The Policy applies to all personal information of all third parties CD&I Associates. interacts, including, but not limited to customers, employees, suppliers or any other person who, for some reason, provides information to CD&I Associates.
This Policy will be available to interested parties on CD&I Associates’ website https://www.cdiassoci.com Also, any updates thereof will be reported and loaded to public in general by publication in the mentioned website.
In accordance with applicable law on the matter the following definitions apply and will be implemented in the processing of personal data.
a) Authorization: Prior, express and written permission from Data Owner for the processing of personal data.
b) Privacy Notice: physical or electronic document generated by the Controller, which is available to each Data Owner with the information regarding the existence of personal data processing policy applicable to that information, how to access it and the characteristics of the policy that is intended to give personal data.
c) Database: Structure set of personal data subject of the Policy.
d) Personal Data: All and any information that allows or may be associated with one or more natural persons, determined or determinable. Data can be public, semi-private or private.
e) Private Data: All and any information that by nature is confidential or sensitive, relevant for the Data Owner.
f) Public Data: The information classified as such under the law or the Constitution. It is considered as public information, among others, data contained in public documents, final court judgments not subject to legal reserve and those regarding to civil status of persons.
g) Semiprivate Data: Defined as the data that has no sensitive, reserved or public nature and whose knowledge or disclosure may interest not only to its owner but also a certain group of persons or society in general, such as financial and credit information or commercial activity.
h) Sensitive Data: All data related to Data Owner intimacy such as those which reveal racial or ethnic origin, political ideas, religious or philosophical beliefs, trade union, social or human rights organizations memberships, or promotes interests of any political party or to guarantee the rights of opposition political parties, as well as data related health to sexual life, biometrics such as fingerprints, photographs, iris, voice recognition, facial or hand palm.
I) Data Processor: natural or legal person, public or private, which by itself or in association with others performs the processing of personal data on behalf of the Controller.
j) Controller: natural or legal person, public or private, which by itself or in association with others decides the use on the database and / or processing of the data.
k) Data Owner: Natural person whose personal data are processed according to this Policy.
l) Processing: Any operation or set of operations on Personal Data, such as collection, storage, use, movement or deletion of those data.
3.PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
– “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
– “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
– “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
Additionally, when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, PayPal, online formularies, email address, and phone number. We refer to this information as “Order Information.”
1.HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Order Information that we collect generally to fulfill any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
Communicate with you; Screen our orders for potential risk or fraud; and When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
Information about customers, suppliers, and employees, current or past, is obtained and preserved to facilitate, promote, allow or maintain labor, civil and commercial relations. The purposes of the databases will depend on the person who provides that personal data and in accordance with that, he/she will be expressly informed at the time of requesting for authorization.
2.SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Shopify to power our online store–you can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy. We also use Google Analytics to help us understand how our customers use the Site–you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
3.DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
4.DATA OWNERS RIGHTS
Any procedure that involves the processing by any company area or division personnel of personal data from customers, employees, suppliers and generally any third party with which CD&I Associates. holds commercial and labor relations, should consider the rights hold by the Data Owner, which are listed below:
a) Right to know, update, consultor rectify the Personal Data at any time, before CD&I Associates, with respect to any information considered partial, inaccurate, incomplete, split and / or misleading.
b) Right to request at any time a proof of the authorization granted to CD&I Associates.
c) Right to be informed by CD&I Associates., prior Data Owner request, the use that has given to such information.
d) Right to revoke the authorization and / or request removal of any information when it is considering that CD&I Associates. has not respected the constitutional rights and guarantees of Data Owner.
e) Right to access for free to the Personal Data voluntarily choses to be shared with CD&I Associates., for which the Controller is responsible for preserving and keeping safely and reliably authorizations for each Data Owner duly granted.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
When you place an order through the Site, we will maintain your Order Information for our records unless and until you ask us to delete this information.
7.CONTROLLER OF PERSONAL DATA PROCESSING
The Controller of personal data is CD&I Associates., with business address 6-1500 Upper Middle Road West Suite #137 Oakville ON CA L6M 0C2 – Web: www.cdiassoci.com –
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at email@example.com or by mail using the details provided above
8.PRINCIPLES APPLICABLE TO PERSONAL DATA PROCESSING
CD&I Associates. will apply in a comprehensive manner, the following guiding principles in the collection, handling, use, processing, storage and exchange of personal data:
a) Data Processing Rule of Law: CD&I Associates. will comply to applicable and enforceable and standards and laws governing the processing of personal data and other related basic rights.
b) Principle of purpose: Processing Data will obey a legitimate purpose in accordance with the Political Constitution and laws, which will be reported to the Data Owner.
c) Principle of Freedom: The Personal Data Processing will be only exercised with prior, express and informed consent of the Data Owner. Personal data will not be obtained or disclosed without prior authorization or in the absence of legal or judicial mandate relieve consent.
d) Principle of accuracy or quality of Data: The information subject to the processing of personal data must be truthful, complete, accurate, current, verifiable and understandable. Processing of partial, incomplete, split or misleading data is prohibited.
e) Principle of transparency: In the Processing of Personal Data, the Controller will ensure the right of the Data Owner to obtain from CD&I Associates., at any time and without limitation, information about the existence of data concerning them.
f) Principle of restricted access and movement: The Processing of Personal Data is subject to limits arising from the nature of the personal data and to current and enforceable rules and laws governing the processing of personal data and other related basic rights. In this sense, personal data, except public information may not be available on the Internet or other mass media unless access is technically controllable to provide a limited knowledge communication only to Data Owner or third parties authorized under the law.
g) Security principle: The information subject to processing by CD&I Associates. will be handled with existing technical, human and administrative measures necessary to provide security to records, avoiding adulteration, loss, consultation, use, or unauthorized or fraudulent access.
h) Principle of Confidentiality: All persons involved in the administration, management and updating or those who have access to information that kept in databases and do not have the nature of public, are obliged to ensure the confidentiality of information, even after the end of their relationship with some of the tasks which includes the processing of information, only being able to perform supply or communication of personal data when this is in the development of activities authorized in force and applicable rules governing the processing of personal data and other related fundamental rights.
All persons who currently work or those to be hired subsequently for this purpose, in the administration and management of databases, must sign an amendment to their employment contract or provision of services to ensure the compliance of that obligation.
9.DATA OWNER’S APPROVAL
Without prejudice to the exemptions provided in force and applicable rules and laws in Processing Data a prior express and informed approval by the Data Owner is required, which must be obtained by any means that may be subject to consultation and subsequent verification, as a physical or electronic document, a data message or any technical or technological mechanism to express or obtain consent by that mean.
The Privacy Notice is the physical or electronic document or any other known or unknown format, by which the Data Owner becomes aware of information regarding the existence of processing of personal data policy applicable to that information, how to access it and the characteristics of the policy that is intended to give personal data.
The Privacy Notice at least shall include the following information:
a) The identity data, address and contact details of the Controller.
b) The type of processing which data will be submitted and the purpose of that information.
c)The general mechanisms provided by the Controller to guarantee the Data Owner knows Processing
of Personal Data Policy and the substantial changes that may occur on it from time to time.
11.EVENTS WHEN NO PRIOR APPROVAL IS REQUIRED
No prior approval of Data Owner will be required when:
a) The information is required by a public or administrative entity in the exercise of their legal functions or by court order.
b) In case of public data nature.
c) Cases involving of medical or health emergencies.
d) Information whose processing has been authorized by law for historical, statistical or scientific purposes.
e) In case of data related to the Civil Registry of Persons.
12.PROCESSING OF SENSITIVE DATA
CD&I Associates may process the data classified as sensitive when:
a) The Data Owner has given its prior consent to such processing, except in cases when authorization is not required by law.
b) Processing of Data is necessary to protect the interest of the Data Owner and this is physically or legally incapacitated. At these events, the legal representatives must give their authorization.
c) The processing is carried out during legitimate activities with appropriate guarantees by a foundation, NGO, association or any other non-profit organization whose purpose is political, philosophical, religious or trade union, provided that is related exclusively to its members or to persons who have regular contact because of their purpose. In these events, the data cannot be provided to third parties without the authorization of the owner.
d) Data Processing relates to information necessary for the establishment, exercise or defense of a right in judicial proceedings.
e) Processing has a historical, statistical or scientific purpose. In this event, the Controller shall take all measures leading to the delete of identity of the Data Owners.
13.MINORS ‘PERSONAL DATA
In the Processing of Personal Data kept in the CD&I Associates’ Databases related to children and adolescents, the rights of minors will be ensured.
In any case, all use of data minors registered in the company’s databases or, eventually requested, must be expressly authorized by the legal representative of the child or adolescent previous exercise the minor’s right to be heard, opinion which will be assessed in terms of maturity, autonomy and ability to understand the matter.
Furthermore, CD&I Associates shall provide minors’ legal representatives the possibility of exercising their rights of access, cancellation, rectification and opposition of their protected data.
14.PROCEDURES FOR THE EXERCISE OF PERSONAL DATA OWNERS RIGHTS.
Data Owners may exercise their right to know, update, rectify and delete the personal data they have provided to CD&I Associates SA, by sending a communication, at any time and free of charge to the following email: firstname.lastname@example.org.
The rights of the Data Owners established in the Law may be exercised by:
a) The Data Owner must prove his/her identity by the means provided the Controller.
b) By their successors, who must prove such condition.
c) By the representative and / or duly authorized attorney of the Data Owner, prior proof of the representation or power of attorney.
The requests submitted by Data Owner should contain as minimum:
a) Full name of Data Owner.
b) Contact information for notices.
c) Documents proving duly representation or power to act, if necessary.
d) Clear and precise description of the personal data for which the Data Owner seeks to exercise any of his/her rights.
These rights can be exercised, among others, against partial, inaccurate, incomplete, split data, or those whose processing is prohibited or not authorized by the Owner.
Data Owners, their successors or representatives may consult the personal information kept in any database of CD&I Associates., providing the company all information contained in the individual record or that is linked to the identification of Data Owner. The consultation shall be made in writing, by the means indicated in this policy, if it is made by the Data Owner or his/her representative.
16. DATA RECTIFICATION OR UPDATE
When Data Owners, their successors or representatives consider that the information contained in a database of CD&I Associates. should be subject to correction or update, they will be entitled to file a complaint against Associates., which will be processed under the following rules:
The claim shall be made addressed to CD&I Associates., by the means set forth in Section 13th above, with the following information:
a) Full name of Data Owner.
b) Contact information for notices.
c) Documents proving duly representation or power to act, if necessary.
d) Description of the facts giving rise to the claim.
e) Clear and precise description of the personal data for which the Data Owner seeks rectification or update.
f) The documents considered as evidence.