CF&R Services Inc. promotes responsible and transparent practices in Data Privacy. CF&R Services Inc. supports and promotes electronic commerce by protecting personal information that is collected, used or disclosed. Technology increasingly facilitates the circulation and exchange of information, and there are rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information. At no time shall this information be knowingly disclosed or shared with individuals who are not entitled to the data. All transfer of personal data between systems must be protected with the appropriate level of security as outlined by the client. CF&R Services Inc. follows the Personal Information Protection and Electronic Documents Act (PIPEDA) , Canada’s Anti-Spam Law (CASL) and EU General Data Protection Regulations (GDPR) as the guiding principles in our collection and maintenance of personal information in our databases.
2. Purpose of Collecting Personal Information
CF&R Services Inc. collects personal information for statistical purposes on behalf of clients. CF&R Services Inc. collects personal information for order fulfillment purposes. CF&R Services Inc. also receives personal information in the form of databases from clients. CF&R Services Inc. is expected to use these databases to perform services, such as direct mail, order fulfilment, send emails, etc. on behalf of the client.
4. Information Collection
Personal information may be collected through CF&R Services Inc. applications, and/or other forms. The Personal Information collected may include, but is not limited to:
- E-mail address
- First name and last name
- Address, City, Province/State, Postal Code/Zip Code, Country
- Cookies and Usage Data
5. Limiting Use, Disclosure and Retention
5.1. Use of Personal Information
CF&R Services Inc. uses the collected data for various purposes:
- for statistical purposes on behalf of clients.
- for order fulfillment purposes.
- to provide customer care and support.
- to perform services, such as direct mail, order fulfilment, send emails etc. on behalf of the client.
5.2. Transfer of Personal Information
5.3. Disclosure of Personal Information
Personal information will be disclosed to only those CF&R Employees that need to know the information for the purposes of their work. CF&R Services Inc. may employ third party companies and individuals to assist us in providing services to our clients. These third parties will be given access only to the information required to perform the tasks on our behalf and are obligated not to disclose or use it for any other purpose. CF&R Services may disclose your Personal Data in the good faith belief that such action is necessary as permitted under PIPEDA:
- the organization has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial or foreign law and the information is used for that investigation;
- an emergency exists that threatens an individual’s life, health or security;
- the information is for statistical study or research;
- the information is publicly available;
- the use is clearly in the individual’s interest, and consent is not available in a timely way;
- knowledge and consent would compromise the availability or accuracy of the information, and
- collection is required to investigate a breach of an agreement.
5.4. Retention of Personal Information
Personal information will be retained as long as the project is active and for such periods of time as may be prescribed by applicable laws and regulations. Personal information in client supplied databases, unless specified by the client, will be retained for a period of 12 months.
CF&R Services Inc. endeavors to ensure that any personal information provided by the individual in his or her active file(s) is accurate, current and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained and disclosed. Individuals are requested to notify CF&R Services Inc. of any change in personal or business information. Information contained in inactive files is not updated.
7. Individual Access
An Individual who wishes to review or verify what personal information is held by CF&R Services Inc., or to whom the information has been disclosed (as permitted by the Act), may make any of the following requests:
7.1. Request Access
to their personal data (commonly known as a “data subject access request”). This enables them to receive a copy of the personal data we hold and to check that we are lawfully processing it.
7.2. Request Correction
of the personal data that we hold about them. This enables them to have any incomplete or inaccurate data we hold about them corrected, though we may need to verify the accuracy of the new data they provide to us.
7.3. Request Erasure
of their personal data. This enables them to ask us to delete or remove personal data where there is no good reason for us continuing to process it. They also have the right to ask us to delete or remove their personal data where they have successfully exercised their right to object to processing (see below), where we may have processed their information unlawfully or where we are required to erase their personal data to comply with local law. Note, however, that we may not always be able to comply with their request of erasure for specific legal reasons which will be notified to them, if applicable, at the time of their request.
7.4. Object to processing
of their personal data where we are relying on a legitimate interest (or those of a third party) and there is something about their particular situation which makes them want to object to processing on this ground as they feel it impacts on their fundamental rights and freedoms. They also have the right to object where we are processing their personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process their information which overrides their rights and freedoms.
7.5. Request Restriction of Processing
of their personal data. This enables them to ask us to suspend the processing of their personal data in the following scenarios:
- if they want us to establish the data’s accuracy;
- where our use of the data is unlawful but they do not want us to erase it;
- where they need us to hold the data even if we no longer require it as they need it to establish, exercise or defend legal claims; or
- they have objected to our use of their data but we need to verify whether we have overriding legitimate grounds to use it.
7.6. Request the Transfer
of their personal data to them or to a third party. We will provide to them, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with them.
7.7. Withdraw Consent at any time
where we are relying on consent to process their personal data. However, this will not affect the lawfulness of any processing carried out before they withdraw their consent. If they withdraw their consent, we may not be able to provide certain products or services to them. We will advise them if this is the case at the time they withdraw their consent. Any of these requests can be made in writing, to the CF&R Services' Privacy Officer. CF&R Services may need to request specific information from the individual in order to help us confirm the identity and ensure the right to access personal data (or to exercise any other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact the individual to ask you further information in relation to the request in order to speed up our response. For CF&R owned databases, we try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if the request is particularly complex or the individual has made a number of requests. In this case, we will notify the individual and keep them updated. For CF&R maintained on behalf of a client databases, we will:
- notify the client of the Individual’s Access Request with any information we may have received
- reply to the individual with the client’s contact information for their privacy officer and advise the individual that their request has been transferred to the client.
8.2.1. A cookie is a small piece of information that is placed on your computer when you visit certain websites.
When we refer to “cookies” we include other technologies with similar purposes, such as tags and identifiers. We use that information for customer analytics.
8.2.3. We may use the following types of cookie.
- Analytics cookies that anonymously remember your computer or mobile device when you visit our website. They keep track of browsing patterns and help us to build up a profile of how our readers use the website.
- Service cookies that help us to make our website work as efficiently as possible; remember your registration and login details; remember your settings preferences; to detect what device you are using and adapt how we present our services according to the screen size of that device.
8.2. How to manage your cookies
Most browsers allow you to turn off cookies. To do this look at the “help” menu on your browser. Switching off cookies may restrict your use of the website and/or delay or affect the way in which it operates.
11. Complaints / Recourse