Introduction
CrowdRiff Inc. (“CrowdRiff”, “we”, “us” or “our”) is committed to maintaining the accuracy, confidentiality and security of your personal information. This Privacy Policy describes the personal information that CrowdRiff or its affiliates collect from or about visitors of our websites and users of our services, on or through one of our web platforms made available through any of our websites (together the “Services”). This Privacy Policy also describes how we use and to whom we disclose the personal information that we collect from the users of our Services. Unless you are based in the European Economic Area (EEA) or United Kingdom (UK), by accessing or using our Services, you signify your acceptance of this Privacy Policy and consent to be bound by its terms. You can withdraw your consent at any time by contacting our Privacy Officer as directed below, however, if you choose to withdraw your consent, we may not be able to provide you with the services or communications that are available through this Services.
Changes to this Privacy Policy
CrowdRiff may make changes to this Privacy Policy from time to time to reflect changes in its legal or regulatory obligations or in the manner in which we deal with your personal information. We will post any revised version of this Privacy Policy on our Services.
If we make any material changes we will notify you as required by law, but encourage you to check back often for updates. Your continued use of the Services after an update or amendment to this Privacy Policy means that you consent to the collection, use, and disclosure of your personal information as described in the updated Privacy Policy.
This Privacy Policy was last updated on May 26, 2022.
What is personal information?
For the purposes of this Privacy Policy, personal information is any information about or relating to an identified or identifiable natural person, and under certain laws that may or may not be applicable to you, identifies a specific household or device.
What personal information do we collect, or allow others to collect?
We collect and maintain different types of personal information through the Services. This personal information may include, but is not limited to:
- personal identification information of individuals, such as name, (“Identity Data”);
- contact information of individuals, such as address, telephone number, email address, and social media identifier (“Contact Data”);
- information about you and your account such as organization, location and demographic information (“Profile Data”);
- personal information that is contained in any User Content (as defined in the Terms) that a User creates, submits, posts, uploads, publishes or otherwise makes available to CrowdRiff on or through the Services, in connection with the services it provides (“Content Data”);
- information related to your visit to our Services, including the IP address and device domain used to access our Services, the operating system on your device, your device settings, application IDs, the type and version of your browser, crash data, other unique device identifiers, the website you came from to access our Services, the page of our Services you entered and exited at, any page within our Services that is viewed by your IP address and what country you are from (“Usage Data”);
- Third party unique identifiers such as those used by Google, Facebook or others (“Unique Identifiers”).
Cookies
Our Services use cookies and technologies which are similar to cookies (“Cookies”). A Cookie is a small file of letters and numbers that we may set on your device to store and sometimes track information about you. Cookies and similar technologies we use are designed for “analytics”. This allows us to distinguish you from other users of the Services. This helps us to provide you with a good experience when you use the website and also allows us to improve our Services.
First party Cookies are Cookies set by the website you’re visiting. Only that website can read them. In addition, a website might potentially use external services, which also set their own cookies, known as third-party cookies.
Persistent cookies are cookies saved on your computer and that are not deleted automatically when you quit your browser, unlike a session cookie, which is deleted when you quit your browser.
We use the following cookies:
- Strictly necessary cookies. These are Cookies that are required for the operation of our website. They include, for example, Cookies that enable you to remember information you have typed into an online form.
- Analytical/performance cookies. These cookies help provide us with analytical and performance information. For example, they allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our Services. This enables us to remember your preferences.
- Targeting cookies. These Cookies record your visit to our Services, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
When you arrive on our Services, we will ask you whether or not you consent to us placing Cookies on your device. If you accept Cookies but later change your mind and wish to withdraw your consent, you can do so by emailing privacy@crowdriff.com or by modifying your browser settings. If you choose to decline Cookies, you may not be able to fully experience the interactive features of our Services.
How do we collect your personal information?
We use different methods to collect data from and about Users including through:
- Direct interactions. CrowdRiff collects personal information directly from you where you provide it to us. For example, Users may give us Identity, Contact, Business and Feedback Data by registering for or using the Services and interacting with us (such as through support requests, information downloads, surveys or otherwise). In circumstances where the personal information that we collect about you is held by a third-party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you, or implied from your actions).
- Automated technologies or interactions. As you interact with our Services, we may automatically collect personal information such as Location and Usage Data about you. We collect this personal data by using cookies, server logs and other similar technologies. From time to time, we may utilize the services of third parties and may also receive personal information collected by those third parties in the course of the performance of their services for us or otherwise. For example, we receive location information in connection with our use of Google Places and Google My Business API. For example, we may receive information when you tag a business in a Story and such information relates solely to the business rather than you (e.g., the business location, website, hours of operation and contact information).
Where we collect information directly from you, we rely on your express or implied consent for that collection. In circumstances where we receive personal information from a third party, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us.
Why do we collect and how do we use personal information?
We collect personal information to provide the services available on and through our Services and to enable us to manage, maintain, and develop our operations. For example:
Purpose/Activity | Type of Data |
---|---|
Establish, maintain and manage our relationship with you, including by contacting you, so that we may provide you with any services or communications that you have requested; |
|
Allow you to participate in, subscribe to or otherwise receive services and communications from us; |
|
Be able to comply with your requests (e.g., if you prefer to be contacted by telephone or by email and advise us of your preference, we will use this information to contact you at that number); |
|
Understand your preferences and tailor communications and services to you and to send you information about CrowdRiff and its affiliates’ portfolios, news, media coverage, events, filings and investor matters, as applicable; |
|
Understand your interests and communicate content you view and your interests to our Users when you view content associated with a User |
|
Conduct analysis and evaluations to understand usage and trends to improve our Services, communications and operations; |
|
Enable us to comply with applicable laws or regulatory processes; |
|
Protect CrowdRiff against error, fraud, theft and damage to our Services, assets or other properties; |
|
To use data analytics to improve our Services, customer relationships and experiences and to personalize our Services; |
|
To create anonymized, aggregated data that is no longer Personal Information; |
|
- Unless you are based in the EEA or UK, by consenting to our collection, use and disclosure of your personal information through our Services you allow us to fulfill the purposes for which we collect your personal information. When we collect your information for research, statistical and development purposes, we ensure that any information used for our analysis and reports will be de-identified and aggregated in a manner that will not identify you. This de-identified and aggregated information may be shared with third-parties.
For further information about how we use your personal information if you are based in the EEA or UK, including the legal bases we may rely on to process your personal information as an alternative to obtaining your consent, please see the EEA and UK section of this Privacy Policy.
When do we email you, and why?
We will collect your express consent prior to sending you any commercial electronic messages, unless an exception to obtaining your opt-in consent applies under Canada’s Anti-Spam Legislation. You will have the opportunity to opt-out of receiving commercial electronic messages at any time. For clarity, by using and accessing our Services you agree to receive transactional communications about your account and activities on or in connection with the Services. For example, when you create an account, reset your password you will receive an email confirming your account details. In addition, you may also receive notifications when your Story is made available, has been published and/or has reached a certain number of views. You may opt-out of receiving these transactional communications by contacting us at privacy@crowdriff.com.
When and to whom do we disclose your personal information?
Since the purpose of creating content is to share such content with the public, any personal information contained within content will be shared with and viewed by the public. In other words, when you voluntarily disclose personal information in content, you are sharing such information with the public. Please be careful with your personal information and make sure that the Content you share is material that you are comfortable being publicly viewable since neither you nor we can control what others do with your personal information once it is published.
We may disclose your personal information to our affiliates and our respective employees, contractors, consultants, service providers and other parties who require such information to assist us with managing our relationship with you, including third-parties that provide services to us or on our behalf. For example, we use third-party service providers to assist us with our marketing and advertising activities and communications. These service providers may send you communications on our behalf.
We may disclose to subscribers to our service limited Personal Information of (i) Users who view content associated with them (such as Unique Identifiers); or (ii) of other Users who have created an account (such as Contact Data).
Personal information may also be disclosed or transferred to another party during the course of, or upon completion of, a change in ownership of, or the grant of a security interest in, all or a part of CrowdRiff or its affiliates through, for example, an asset or share sale, or some other form of business combination, merger or joint venture, provided that such party is bound by appropriate agreements or obligations and required to use or disclose your personal information in a manner consistent with the use and disclosure provisions of this Privacy Policy, unless you consent otherwise (or, if you are based in the EEA / UK, where we may notify you otherwise).
Finally, your personal information may be disclosed:
- as permitted or required by applicable law or regulatory requirements;
- to comply with valid legal processes such as search warrants, subpoenas or court orders;
- as part of CrowdRiff’s regular reporting activities under applicable law to protect the rights and property of CrowdRiff;
- during emergency situations or where necessary to protect the safety of a person or group of persons; and
- for any additional purposes for which we have obtained your consent to disclose your personal information (or, if you are based in the EEA / UK, where we may notify you otherwise).
Since we may share your personal information with third parties, as described in this Privacy Policy, your personal information may be collected, used, processed, stored or disclosed outside of your jurisdiction of residence, including in Canada and the United States. As such, your personal information may potentially be accessible to law enforcement and national security authorities of another jurisdiction where local laws provide for a different level of protection for personal information. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security agencies in those other countries may be entitled to access your personal information.
If you would like further information about our policies and practices regarding the third parties (including our service providers) with whom we disclose your personal information and how these third parties collect, use, disclose and store personal information, please contact our Privacy Officer using the contact details below. Unless you are based in the EEA or UK, by providing your personal information to us, you consent to our disclosure of this information to our service providers (and other third parties) as described in this Privacy Policy, including those that may be located outside of your jurisdiction of residence.
For further information about how we use your personal information if you are based in the EEA or UK, including the legal bases we may rely on to process your personal information as an alternative to obtaining your consent, please see the EEA and UK section of this Privacy Policy.
How do we obtain your consent, and how can you withdraw it?
It is important to us that we collect, use or disclose your personal information only when we have your consent to do so, unless you are based in the EEA / UK, in which case we may rely on other legal bases for processing your personal information. Unless you are based in the EEA / UK, depending on the sensitivity of the personal information, your consent may be implied, deemed (using an opt-out mechanism) or express. We may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law or regulatory requirements.
Typically, we will seek your consent at the time that we collect your personal information. In certain circumstances, your consent may be obtained after collection but prior to our use or disclosure of your personal information. If we plan to use or disclose your personal information for a purpose not previously identified (either in this Privacy Policy or separately), we will endeavour to advise you of that purpose before such use or disclosure.
You may change or withdraw your consent at any time, subject to legal or contractual obligations and reasonable notice, by contacting our Privacy Officer using the contact information set out below. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our Privacy Officer. If you withdraw or vary your consent, we may not be able to provide you with the communications and/or services you request through our Services. For example, if you would like to receive our communications, but are not willing to provide your email address, we will not be able to fulfil your request.
Unless you are based in the EEA or UK or you advise us otherwise, through the access and use of our Services, you have consented to the collection, use and disclosure of your personal information as explained in this Privacy Policy. For further information about how we use your personal information if you are based in the EEA or UK, including the legal bases we may rely on to process your personal information as an alternative to obtaining your consent, please see the EEA and UK section of this Privacy Policy.
How is your personal information protected?
CrowdRiff will endeavour to maintain commercially reasonable physical, technical and procedural safeguards that are appropriate based on the sensitivity of the personal information in question. These safeguards are designed to prevent your personal information from loss and unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction.
The security of your personal information is important to us. Please advise our Privacy Officer immediately of any incident involving the loss of or unauthorized access to or disclosure of personal information that is in our custody or control.
Updates to your personal information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of our relationship, please keep us informed of such changes. You change or update the information we have about you by contacting us at privacy@crowdriff.com.
In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.
Access to your personal information
You can ask to access the personal information that we have received from or possess about you. If you want to review, verify, delete or correct your personal information, please contact our Privacy Officer.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. If you require assistance in preparing your request, please contact our Privacy Officer.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices. In the event that we cannot provide you with access to your personal information, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.
How long we retain personal information
We don’t keep your personal information forever. We keep your personal information as long as is reasonably necessary for us to complete our dealings with you, or as may be required by law, whichever is longer. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. All retained personal information will remain subject to the terms of this Privacy Policy. If you request that your name be removed from our databases, it may not be possible to completely delete all your Personal Information due to technological and legal constraints.
Links to third-party websites
Our Services may contain links to other websites that may be subject to less stringent privacy standards. These links are provided for your convenience only and you assume all risk for clicking these links to other websites. We cannot assume any responsibility for the privacy practices, policies or actions of the third parties that operate these websites. CrowdRiff is not responsible for how such third parties collect, use or disclose your personal information. You should review the privacy policies of these websites before providing them with personal information.
Interpretation of this Privacy Policy
Any interpretation associated with this Privacy Policy will be made by our Privacy Officer. This Privacy Policy includes examples but is not intended to be restricted in its application to such examples; therefore, where the word “including” is used, it shall mean “including without limitation”.
This Privacy Policy does not create or confer upon any individual any rights, or impose upon CrowdRiff any rights or obligations outside of, or in addition to, any rights or obligations imposed by Canada’s federal and provincial privacy laws, as applicable. Should there be, in a specific case, any inconsistency between this Privacy Policy and Canada’s federal and provincial privacy laws, as applicable, this Privacy Policy shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy laws.
Children
The Services are not directed to children and we do not knowingly collect, use or disclose personal information from children through the Services, except where in compliance with applicable laws.
These Services are intended to comply with the United States Children’s Online Privacy Protection Act (“COPPA”). If you reside in the United States, we encourage you to visit http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec08.shtm for more information about COPPA and children’s privacy. In the event that we become aware that we have collected COPPA-restricted personal information from any child other than as permitted under that law, we will dispose of that information, or otherwise treat it, in accordance with COPPA and other applicable laws and regulations. If you are a parent or guardian and you believe that your child under the age of thirteen (13) has provided us with personal information (as defined by COPPA) without COPPA-required consent, please write to: privacy@crowdriff.com.
Testimonials
We post customer testimonials on the Website which may contain Personal Information. We do obtain consent via e-mail to post your name prior to posting the testimonial. If you want your testimonial removed, please contact us at privacy@crowdriff.com.
Contact Us
If you have any questions about this Privacy Policy or concerns about how we manage your personal information, please contact our Privacy Officer by telephone, in writing or by e-mail. We will endeavour to answer your questions and advise you of any steps taken to address the issues raised by you. If you are dissatisfied with our response, you may be entitled to make a written submission to the Privacy Commissioner in your jurisdiction. We have appointed a Privacy Officer to oversee compliance with this Privacy Policy. The contact information for our Privacy Officer is as follows:
by email to:
or by mail to:
CrowdRiff Inc.,
240 Richmond St. W., 5th floor, Unit 5-101, Toronto, ON M5V 1V6
**If you choose to communicate with us via email, please be aware that email is not a 100% secure medium for sending any personal or confidential information to us. **
PRIVACY NOTICE FOR USERS BASED IN THE EEA AND UK
This section is applicable to you only if you are based in the EEA or the UK. To the extent there is any inconsistency in this Privacy Policy between any terms of this section and any terms in the rest of the Privacy Policy, the terms of this section will govern if you are based in the EEA or the UK.
This section of the privacy policy includes information that is specific to how we process the personal information of Services users who are based in the EEA and the UK. For the purposes of the EU’s General Data Protection Regulation (“GDPR”) CrowdRiff is the data controller and can be contacted in accordance with the “Contact Us” section of this Privacy Policy above. CrowdRiff is a ‘data controller’ subject to the GDPR only insofar as we are offering goods or services to individuals in the EEA / UK or where our Services may be used to monitor individuals’ behavior as far as it takes place in the EEA / UK.
Our legal bases for using personal information
Data controllers need a lawful basis to collect and use your personal information under the GDPR. The law allows for six legal bases for processing personal information (and additional conditions for processing sensitive personal information, which the GDPR calls “special categories of personal data”, and which include health information). Four of these legal bases are relevant to the types of processing that CrowdRiff carries out. This includes where your personal information is processed on the basis of:
- performing a contract with you – principally, where the processing of your personal information is necessary to supply the Services to you in accordance with our Terms of Service. Please note that some of your personal information is necessary for the performance of our obligations under our Terms, and without this personal information we may not be able to provide you with the communications and/or services you request through our Services;
- CrowdRiff’s legitimate interests, including our commercial interests in operating our business securely, sustainably and profitably – for example where we send you administrative information, including information regarding the Services and changes to our Terms, procedures or policies.
- A person’s consent – for example, if we send you marketing materials by email, this will be because you consented to this; and
- Processing that is necessary for compliance with a legal obligation – for example where we need to comply with statutory or financial reporting or other regulatory compliance obligations.
Data transfers outside of the EEA
In the course of providing the Services to you, we will transfer your personal information outside of the EEA, principally to CrowdRiff’s offices in Canada and servers in the United States; this means that your personal data will not have the automatic protection of European data protection laws (including the GDPR) which apply in the EEA. In these circumstances, in order to ensure that your personal information continues to have adequate protection when it is transferred outside the EEA, your personal information will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (for example, standard data protection clauses adopted by the European Commission);
- a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection (which is the case for Canada, under the European Commission’s decision of 20 December 2001 in respect of PIPEDA); or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting us using the details set out below.
If you are a CrowdRiff customer, please refer to Section 6 of the CrowdRiff Data Processing Addendum for more information.
Your rights in relation to personal information
Under the GDPR, you have the following rights in relation to our processing of your personal information. Please note that these rights are not absolute, and we may be entitled or obliged to refuse requests where exceptions or exemptions apply:
- to obtain access to, and copies of, the personal information that we hold about you;
- to require us to correct the personal information we hold about you if it is incorrect;
- to require us to erase your personal information in certain circumstances;
- to require us to restrict our data processing activities in certain circumstances;
- to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;
- to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
- where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.
Note: If you have given your consent and you wish to withdraw it, please contact us using the contact details set out above. Please note that where our processing of your personal information relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
If you are not satisfied with how we are processing your personal information, you can make a complaint to a data protection supervisory authority in the EU, including the data protection regulator in the EU country where you or your organization is located. A list of data protection authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en.
Please note that the rights described above are not absolute and legal exceptions may apply.