What is personal information?
What personal information do we collect, or allow others to collect?
We collect and maintain different types of personal information through the Services. This personal information may include, but is not limited to:
- personal identification information of individuals, such as name, (“Identity Data”);
- contact information of individuals, such as address, telephone number, email address, and social media identifier (“Contact Data”);
- information about you and your account such as organization, location and demographic information (“Profile Data”);
- personal information that is contained in any User Content (as defined in the Terms) that a User creates, submits, posts, uploads, publishes or otherwise makes available to CrowdRiff on or through the Services, in connection with the services it provides (“Content Data”);
- information related to your visit to our Services, including the IP address and device domain used to access our Services, the operating system on your device, your device settings, application IDs, the type and version of your browser, crash data, other unique device identifiers, the website you came from to access our Services, the page of our Services you entered and exited at, any page within our Services that is viewed by your IP address and what country you are from (“Usage Data”);
- Third party unique identifiers such as those used by Google, Facebook or others (“Unique Identifiers”).
First party Cookies are Cookies set by the website you’re visiting. Only that website can read them. In addition, a website might potentially use external services, which also set their own cookies, known as third-party cookies.
Persistent cookies are cookies saved on your computer and that are not deleted automatically when you quit your browser, unlike a session cookie, which is deleted when you quit your browser.
We use the following cookies:
- Strictly necessary cookies. These are Cookies that are required for the operation of our website. They include, for example, Cookies that enable you to remember information you have typed into an online form.
- Analytical/performance cookies. These cookies help provide us with analytical and performance information. For example, they allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our Services. This enables us to remember your preferences.
- Targeting cookies. These Cookies record your visit to our Services, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
When you arrive on our Services, we will ask you whether or not you consent to us placing Cookies on your device. If you accept Cookies but later change your mind and wish to withdraw your consent, you can do so by emailing firstname.lastname@example.org or by modifying your browser settings. If you choose to decline Cookies, you may not be able to fully experience the interactive features of our Services.
How do we collect your personal information?
We use different methods to collect data from and about Users including through:
- Direct interactions. CrowdRiff collects personal information directly from you where you provide it to us. For example, Users may give us Identity, Contact, Business and Feedback Data by registering for or using the Services and interacting with us (such as through support requests, information downloads, surveys or otherwise). In circumstances where the personal information that we collect about you is held by a third-party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you, or implied from your actions).
- Automated technologies or interactions. As you interact with our Services, we may automatically collect personal information such as Location and Usage Data about you. We collect this personal data by using cookies, server logs and other similar technologies. From time to time, we may utilize the services of third parties and may also receive personal information collected by those third parties in the course of the performance of their services for us or otherwise. For example, we receive location information in connection with our use of Google Places and Google My Business API. For example, we may receive information when you tag a business in a Story and such information relates solely to the business rather than you (e.g., the business location, website, hours of operation and contact information).
Where we collect information directly from you, we rely on your express or implied consent for that collection. In circumstances where we receive personal information from a third party, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us.
Why do we collect and how do we use personal information?
We collect personal information to provide the services available on and through our Services and to enable us to manage, maintain, and develop our operations. For example:
|Purpose/Activity||Type of Data|
|Establish, maintain and manage our relationship with you, including by contacting you, so that we may provide you with any services or communications that you have requested;||
|Allow you to participate in, subscribe to or otherwise receive services and communications from us;||
|Be able to comply with your requests (e.g., if you prefer to be contacted by telephone or by email and advise us of your preference, we will use this information to contact you at that number);||
|Understand your preferences and tailor communications and services to you and to send you information about CrowdRiff and its affiliates’ portfolios, news, media coverage, events, filings and investor matters, as applicable;||
|Understand your interests and communicate content you view and your interests to our Users when you view content associated with a User||
|Conduct analysis and evaluations to understand usage and trends to improve our Services, communications and operations;||
|Enable us to comply with applicable laws or regulatory processes;||
|Protect CrowdRiff against error, fraud, theft and damage to our Services, assets or other properties;||
|To use data analytics to improve our Services, customer relationships and experiences and to personalize our Services;||
|To create anonymized, aggregated data that is no longer Personal Information;||
- Unless you are based in the EEA or UK, by consenting to our collection, use and disclosure of your personal information through our Services you allow us to fulfill the purposes for which we collect your personal information. When we collect your information for research, statistical and development purposes, we ensure that any information used for our analysis and reports will be de-identified and aggregated in a manner that will not identify you. This de-identified and aggregated information may be shared with third-parties.
When do we email you, and why?
We will collect your express consent prior to sending you any commercial electronic messages, unless an exception to obtaining your opt-in consent applies under Canada’s Anti-Spam Legislation. You will have the opportunity to opt-out of receiving commercial electronic messages at any time. For clarity, by using and accessing our Services you agree to receive transactional communications about your account and activities on or in connection with the Services. For example, when you create an account, reset your password you will receive an email confirming your account details. In addition, you may also receive notifications when your Story is made available, has been published and/or has reached a certain number of views. You may opt-out of receiving these transactional communications by contacting us at email@example.com.
When and to whom do we disclose your personal information?
Since the purpose of creating content is to share such content with the public, any personal information contained within content will be shared with and viewed by the public. In other words, when you voluntarily disclose personal information in content, you are sharing such information with the public. Please be careful with your personal information and make sure that the Content you share is material that you are comfortable being publicly viewable since neither you nor we can control what others do with your personal information once it is published.
We may disclose your personal information to our affiliates and our respective employees, contractors, consultants, service providers and other parties who require such information to assist us with managing our relationship with you, including third-parties that provide services to us or on our behalf. For example, we use third-party service providers to assist us with our marketing and advertising activities and communications. These service providers may send you communications on our behalf.
We may disclose to subscribers to our service limited Personal Information of (i) Users who view content associated with them (such as Unique Identifiers); or (ii) of other Users who have created an account (such as Contact Data).
Finally, your personal information may be disclosed:
- as permitted or required by applicable law or regulatory requirements;
- to comply with valid legal processes such as search warrants, subpoenas or court orders;
- as part of CrowdRiff’s regular reporting activities under applicable law to protect the rights and property of CrowdRiff;
- during emergency situations or where necessary to protect the safety of a person or group of persons; and
- for any additional purposes for which we have obtained your consent to disclose your personal information (or, if you are based in the EEA / UK, where we may notify you otherwise).
How do we obtain your consent, and how can you withdraw it?
It is important to us that we collect, use or disclose your personal information only when we have your consent to do so, unless you are based in the EEA / UK, in which case we may rely on other legal bases for processing your personal information. Unless you are based in the EEA / UK, depending on the sensitivity of the personal information, your consent may be implied, deemed (using an opt-out mechanism) or express. We may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law or regulatory requirements.
You may change or withdraw your consent at any time, subject to legal or contractual obligations and reasonable notice, by contacting our Privacy Officer using the contact information set out below. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our Privacy Officer. If you withdraw or vary your consent, we may not be able to provide you with the communications and/or services you request through our Services. For example, if you would like to receive our communications, but are not willing to provide your email address, we will not be able to fulfil your request.
How is your personal information protected?
CrowdRiff will endeavour to maintain commercially reasonable physical, technical and procedural safeguards that are appropriate based on the sensitivity of the personal information in question. These safeguards are designed to prevent your personal information from loss and unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction.
The security of your personal information is important to us. Please advise our Privacy Officer immediately of any incident involving the loss of or unauthorized access to or disclosure of personal information that is in our custody or control.
Updates to your personal information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of our relationship, please keep us informed of such changes. You change or update the information we have about you by contacting us at firstname.lastname@example.org.
In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.
Access to your personal information
You can ask to access the personal information that we have received from or possess about you. If you want to review, verify, delete or correct your personal information, please contact our Privacy Officer.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. If you require assistance in preparing your request, please contact our Privacy Officer.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices. In the event that we cannot provide you with access to your personal information, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.
How long we retain personal information
Links to third-party websites
Our Services may contain links to other websites that may be subject to less stringent privacy standards. These links are provided for your convenience only and you assume all risk for clicking these links to other websites. We cannot assume any responsibility for the privacy practices, policies or actions of the third parties that operate these websites. CrowdRiff is not responsible for how such third parties collect, use or disclose your personal information. You should review the privacy policies of these websites before providing them with personal information.
The Services are not directed to children and we do not knowingly collect, use or disclose personal information from children through the Services, except where in compliance with applicable laws.
These Services are intended to comply with the United States Children’s Online Privacy Protection Act (“COPPA”). If you reside in the United States, we encourage you to visit http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec08.shtm for more information about COPPA and children’s privacy. In the event that we become aware that we have collected COPPA-restricted personal information from any child other than as permitted under that law, we will dispose of that information, or otherwise treat it, in accordance with COPPA and other applicable laws and regulations. If you are a parent or guardian and you believe that your child under the age of thirteen (13) has provided us with personal information (as defined by COPPA) without COPPA-required consent, please write to: email@example.com.
We post customer testimonials on the Website which may contain Personal Information. We do obtain consent via e-mail to post your name prior to posting the testimonial. If you want your testimonial removed, please contact us at firstname.lastname@example.org.
by email to:
or by mail to:
1200-225 King St W, Toronto, Ontario, M5V 3M2.
**If you choose to communicate with us via email, please be aware that email is not a 100% secure medium for sending any personal or confidential information to us. **
PRIVACY NOTICE FOR USERS BASED IN THE EEA AND UK
Our legal bases for using personal information
Data controllers need a lawful basis to collect and use your personal information under the GDPR. The law allows for six legal bases for processing personal information (and additional conditions for processing sensitive personal information, which the GDPR calls “special categories of personal data”, and which include health information). Four of these legal bases are relevant to the types of processing that CrowdRiff carries out. This includes where your personal information is processed on the basis of:
- performing a contract with you – principally, where the processing of your personal information is necessary to supply the Services to you in accordance with our Terms of Service. Please note that some of your personal information is necessary for the performance of our obligations under our Terms, and without this personal information we may not be able to provide you with the communications and/or services you request through our Services;
- CrowdRiff’s legitimate interests, including our commercial interests in operating our business securely, sustainably and profitably – for example where we send you administrative information, including information regarding the Services and changes to our Terms, procedures or policies.
- A person’s consent – for example, if we send you marketing materials by email, this will be because you consented to this; and
- Processing that is necessary for compliance with a legal obligation – for example where we need to comply with statutory or financial reporting or other regulatory compliance obligations.
Data transfers outside of the EEA
In the course of providing the Services to you, we will transfer your personal information outside of the EEA, principally to CrowdRiff’s offices in Canada and servers in the United States; this means that your personal data will not have the automatic protection of European data protection laws (including the GDPR) which apply in the EEA. In these circumstances, in order to ensure that your personal information continues to have adequate protection when it is transferred outside the EEA, your personal information will only be transferred on one of the following bases:
- where the transfer is subject to one or more of the “appropriate safeguards” for international transfers prescribed by applicable law (for example, standard data protection clauses adopted by the European Commission);
- a European Commission decision provides that the country or territory to which the transfer is made ensures an adequate level of protection (which is the case for Canada, under the European Commission’s decision of 20 December 2001 in respect of PIPEDA); or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).
You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting us using the details set out below.
Your rights in relation to personal information
Under the GDPR, you have the following rights in relation to our processing of your personal information. Please note that these rights are not absolute, and we may be entitled or obliged to refuse requests where exceptions or exemptions apply:
- to obtain access to, and copies of, the personal information that we hold about you;
- to require us to correct the personal information we hold about you if it is incorrect;
- to require us to erase your personal information in certain circumstances;
- to require us to restrict our data processing activities in certain circumstances;
- to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;
- to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
- where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.
Note: If you have given your consent and you wish to withdraw it, please contact us using the contact details set out above. Please note that where our processing of your personal information relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
If you are not satisfied with how we are processing your personal information, you can make a complaint to a data protection supervisory authority in the EU, including the data protection regulator in the EU country where you or your organization is located. A list of data protection authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en.
Please note that the rights described above are not absolute and legal exceptions may apply.