Privacy Policy
Update date: 20/12/2024
1. About this Privacy Policy
This Privacy Policy describes how STEP LINK PLATFORM INC. (“Step Link Platform”, “we”, “our” or “us”) and our affiliates handle the data collected and processed using our website (the “Website”), our products and services (together, the “Services”).
If you do not accept this Privacy Policy or do not meet or comply with the provisions set forth herein, then you should not use our Services.
2. Who Controls Your Data
Step Link Platform is a company based in Canada. Step Link Platform controls the data collected and processed through our Services.
In certain instances, Step Link Platform acts as a data processor to its clients and is provided Personal Data by such clients acting as the data controller. In such case, we process Personal Data under the direction of that client and have no direct relationship with the individuals whose Personal Data we process Step Link Platform may also act as a data processor on behalf of its affiliates.
3. Types of Data We Collect
Depending on your interaction with us, meaning, if you are a visitor browsing our Website, or if you have registered as a user of our Services, we collect and process two types of information about you:
Personal Data: The is the type of data that identifies you as a natural person, or that may be used, either alone or in combination with other information, to personally identify you as a natural person. Such information may include:
-
Your first name, last name, Social Media profile or similar identifier (“Identity Data”)
-
Your physical address, email address, social media address, mobile or landline telephone number, location data and other contact information you may provide (“Contact Data”)
-
Details about your usage of our Services and payments for such Services (“Transaction Data”) and billing, banking and payment card information (“Financial Data”).
-
Certain technical data about the equipment you use to access our Services (“Technical Data”) and the way you use our Services (“Usage Data”). This Technical and Usage Data may be considered Personal Data in certain jurisdictions.
Non-Personal Data: This is the type of data that is non-personal and non-identifiable data that cannot personally identify or lead to identifying a natural person. For example, statistics or aggregated information, or any other type of data that can no longer be attributed to you. In the event we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data for as long as it remains combined.
Sensitive Personal Data: To use our Services, you are not required to provide us with any Sensitive Personal Data. Sensitive Personal Data includes, for example, information about racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data and data concerning health, sex life or sexual orientation. You are not required by law to provide us with any information. You can always avoid providing us certain Personal Data; however, you acknowledge that it may prevent us from providing you certain Services.
4. How Personal Data and Non-Personal Data is Collected and Why
Personal and Non-Personal Data automatically collected from you
As you interact with our Website we may automatically collect technical data about your computer and mobile device. This may include information such as Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used) and other device identifier, your login data, access dates and times, browser type and version, device information, cookie data, time zone setting and location data, browser plug-in types and versions, operating system and platform, mobile phone carrier identification, the language your system uses and other technology on the devices you use to access our Services. We refer to this as “Technical Data”. We may also collect information about how you use our Services, such as your browsing actions and patterns, which links you click on, or information that you type into pages or forms we present to you. If you receive email or other form of electronic communication from us, we use certain tools to capture data related to when you open our messages, click on any links or banners it contains and subscribe to our Services. We refer to this as “Usage Data”.
We collect this Technical and Usage Data by using cookies, pixels, server logs and other similar technologies. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed. We may also receive Technical Data and Usage Data about you if you visit other websites employing our cookies and other similar technologies, including on third party websites. See our Cookie Policy for further information.
We have a legitimate interest in collecting Technical Data and Usage Data as this allows us to make our Website and mobile applications operate efficiently, to improve our Services, to monitor, detect and prevent fraudulent activities on our Website, to provide you with service offerings that you might find most useful and help us understand which of our Services is the most popular.
Personal Data we receive from third parties
We may receive Personal Data in the form of Technical Data and Usage Data about you from various third-parties such as analytics providers. We may also participate in behavior-based advertising. This means that a third party uses technology (e.g., a cookie) to collect information about your use of our Website so that they can provide advertising about products and services tailored to your interests on our Website, or on other websites. However, these non-essential/third party cookies will not be deployed until you specifically consent to their use through a separate opt-in consent mechanism.
When Step Link Platform acts as a data processor
Where Step Link Platform processes your Personal Data in the capacity of a data processor, and you seek access, or want to correct, amend, or delete your Personal Data, or have other requests, we will provide you with the data controller’s contact information, so you can contact them directly. In rare instances, however, circumstances may necessitate Step Link Platform to assist you with your question or request.
Personal Data that we process as a data processor is retained by us only for the duration required to service the data controller client, and/or in accordance with the instructions from such client, and/or as necessary to comply with our legal obligations.
5. Sharing of Personal and Non-Personal Data
In addition to the specific situations discussed elsewhere in this Privacy Policy, we may share Personal Data in the following situations:
-
Service providers. We share your information with service providers that we use to support our business or help provide our Services to you, including, but not limited to, third-parties that host our Website, assist us to verify your identity, perform website and platform maintenance, risk assessments, and security, perform data and web analytics, provide databases, IT services, customer service, payment platforms and credit card processing, communication services, and email services. Our service providers will be given access to your Personal Data as is reasonably necessary to provide the Website and related Services. Our service providers are contractually obligated to use your Personal Data only at our direction, to handle your Personal Data in confidence, and to not disclose your Personal Data to unauthorized third parties. However, certain of those service providers provide services pursuant to standard terms and conditions that may be non-negotiable. These service providers have informed us or the general public that they apply security measures they consider adequate for the protection of information within their system, or they have a general reputation for applying such measures. However, we will not be liable (to the fullest extent permitted by law) for any damages that may result from the misuse of any information, including Personal Data, by these companies.
-
Affiliates and acquisitions. We may share information with our corporate affiliates. If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
-
Other disclosures with your consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this Privacy Policy.
-
Other disclosures without your consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.
Except as otherwise stated in this Privacy Notice, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Data with third parties without your consent. We may use or share Non-Personal Data in any of the above circumstances, as well as for the purpose of providing and improving our Service and for commercial use.
6. Retention of your Personal Data
The length of time for which we retain Personal Data depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. Where there are technical limitations that prevent deletion or anonymization, we safeguard Personal Data and limit active use of it. See the Section 8 about the storage of your Personal Data.
7. How We Protect your Personal Data
We implement security measures designed to protect your Personal Data from unauthorized access. We apply these tools based on the sensitivity of the Personal Data we collect, use, and store, and the current state of technology. We protect your Personal Data through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access, and unauthorized disclosure and alteration. We periodically review our information collection, storage and processing practices, including technical and organizational measures, to guard against unauthorized access to systems.
Because the internet is not a completely secure environment, we cannot warrant the security of any information you transmit to us or guarantee that information on the Website may not be accessed, disclosed, altered and/or destroyed by breach of any of our physical, technical and/or managerial safeguards. In addition, while we take reasonable measure to ensure that service providers keep your information confidential and secure, such service provider’s practices are ultimately beyond our control.
We are not responsible for the functionality, privacy and/or security measures of any other organization. By using our Website, you acknowledge that you understand and agree to assume these risks. You may ask for a list of technical and organizational measures taken to protect your Personal Data by e-mailing us at: info@step-link.ca
8. Your choices
You may take the below actions to change or limit the collection or use of your Personal Data.
-
Unsubscribe to promotional/marketing emails. You may choose to provide us with your email address for the purpose of allowing us to send offers and other promotional/marketing materials to you, as well as targeted offers from third parties. You can stop receiving promotional/marketing emails by following the unsubscribe instructions in e-mails that you receive and also adjust your email preference. If you decline to receive promotional and/or marketing emails, we may still send you transactional and Service-related messages.
-
Device and usage information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
9. Your Privacy Rights
Under the European Union (“EU”) General Data Protection Regulation (“GDPR”), EU residents have certain rights with respect to their Personal Data. We provide GDPR-type rights to all our users globally. You can make the following choices regarding your Personal Data:
-
Access to your Personal Data. You may request access to your personal information by contacting us at the address described below. If required by law, upon request, we will grant you reasonable access to the personal information that we have about you. We will provide this information in a portable format, if required.
-
Changes to your Personal Data. We rely on you to update and correct your Personal Data. If our Website does not permit you to update or correct certain information, you may contact us at the address described below in order to request that your information be modified. Note that we may keep historical information in our backup files as permitted by law.
-
Objections/restrictions to your Personal Data. You have the right to object to how Personal Data is processed in relation to public interest/official authority and our legitimate interests as well as direct marketing purposes – including profiling under both. You also have the right to request that processing of your Personal Data be restricted where its accuracy or lawfulness is contested, you need it in response to legal claims or in relation to verification as to whether legitimate interests for processing exist.
-
Deletion of your Personal Data. Typically, we retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Where certain grounds apply, the law authorizes you to make a request that your personal information be deleted and triggers our corresponding obligation to comply, unless exceptions apply. Note, however, that we may not always be able to comply with your request for erasure and in such circumstances, will notify our reasons to you.
-
Move, copy or export Personal Data. This is known as the Right to Portability. You have the right to request that your Personal Data be forwarded to a third party.
-
Provision/revocation of consent. You have the right to provide or decline consent to the processing of Personal Data. If you’ve already provided consent, you also have the right to revoke it. This will not impact the legality of processing prior to revocation. If you revoke your consent for the processing of Personal Data, then we may no longer be able to provide you Services. In some cases, we may deny your request to revoke consent if the law permits or requires us to do so – such as when we are unable to adequately verify your identity. You may revoke consent to processing (where such processing is based upon consent) by contacting us at the address described below.
Complaints. We are committed to resolving valid complaints about your privacy and our collection or use of your Personal Data. For questions or complaints regarding our data use practices or this Privacy Notice, please contact us as provided below. Should you remain unsatisfied with our response to your complaint, you have the right to contact your local data protection authority.
Please note that your rights are not absolute, meaning that in some circumstances, exceptions exist under applicable law. The law may provide exemptions from requests involving your Personal Data. For example, in order to provide our Services to you, deleting your Personal Data may prevent you from accessing or using such Services.
You may exercise these rights by contacting us at info@step-link.ca. We will respond to any such request in a timely manner as specified by the GDPR. If we need more time to fulfill your request, we will let you know in advance. We will not exceed the legally specified time limit under any circumstance.
Note that, as required by law, we will require you to prove your identity. We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name or other personal information. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files.
In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. We will require verification that you provided the authorized agent permission to make a request on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us.
10. International Data Transfers
Our company operates globally and has a global infrastructure. We may store or process your Personal Data in various countries, including the United States, Canada and the European Economic Area (“EEA”), depending on the type of Personal Data processed. If you visit our Websites or use our Services from locations outside of Canada, please note that any information you provide to us through your use of our Website or Service may be transferred to and processed in countries other than the country from which you accessed our Websites or Services.
We will take the necessary steps to ensure that international transfers of Personal Data meet all requirements under applicable data protection laws. When Personal Data collected within the EEA is transferred outside the EEA, we will take the steps necessary to ensure that the transfer of such data provides sufficient safeguards. We will do so by transferring Personal Data to jurisdictions which, according to the European Commission and the Court of Justice of the European Union, offer an adequate level of protection to Personal Data or pursuant to standard contractual clauses approved by the European Union.
Personal Data transferred outside the EEA for processing by AWS on its servers in the United States, and among the Company’s affiliates, in both cases is accomplished pursuant to standard contractual clauses approved by the European Union. If you would like to understand more about these arrangements and your rights in connection therewith, please contact our Data Protection Officer at: info@step-link.ca.
11. Third Party Websites and Services
We have no control over the privacy practices of websites or applications that we do not own. We are not responsible for the practices employed by any websites and/or services linked to and/or from our Website, including the information and/or content contained therein. Please remember that when you use a link to go from our Website to another website and/or service, our Privacy Notice does not apply to such third-party websites and/or services. Your browsing and interaction on any third-party website and/or service, including those that have a link on our Website, are subject to such third-party’s own rules and policies. In addition, you agree that we are not responsible and do not have control over any third parties that you authorize to access your Personal Data. If you are using a third-party website and/or service and you allow them to access your Personal Data, you do so at your own risk.
12. Changes to our Privacy Notice
In general, changes will be made to this Privacy Notice to address new or modified laws and/or new or modified business procedures. However, we may update this Privacy Notice at any time, with or without advance notice, so please review it periodically. We may provide you additional forms of notice of modifications and/or updates as appropriate under the circumstances. Your continued use of the Website after any modification to this Privacy Notice will constitute your acceptance of such modifications and/or updates. You can determine when this Privacy Notice was last revised by referring to the date it was last “Updated” above.
13. Contacting Us
For questions or complaints regarding our use of your Personal Data or Privacy Notice, please contact us at: info@step-link.ca or STEP LINK PLATFORM INC., 6210 Northwest Dr, unit 102 , Mississauga, ON, L4V 1J6