Janis Spindel Serious Matchmaking, Inc. Privacy Policy Updated January 2023
It will notify you of the following:
- What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared.
- What choices are available to you regarding the use of your data.
- The security procedures in place to protect the misuse of your information.
- How you can correct any inaccuracies in the information.
Information Collection, Use, and Sharing
We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone. We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to support you in daily operation of the software. Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.
Your Access to and Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Have us delete any data we have about you.
- Express any concern you have about our use of your data.
Security
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected. Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
Updates
Our Privacy Policy may change from time to time and all updates will be posted on this page. If you feel that we are not abiding by this privacy policy, you should contact us immediately.
Privacy Standards
PIPEDA (Personal Information Protection and Electronic Documents Act) – An Act to extend the present laws that protect the privacy of individuals and that provide individuals with a right of access to personal information about themselves.
Janis Spindel Serious Matchmaking, Inc. privacy standards are based on the Principles Set Out in the National Standard of Canada Entitled Model Code for the Protection of Personal Information, http://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-11.html#h-26 It addresses: the ways in which organizations collect, use and disclose personal information; the rights of individuals to have access to their personal information; and the right to have it corrected, if necessary: http://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-11.html#h-26 The Model Code’s 10 principles are (These principles are usually referred to as “fair information principles”. They are the foundation of PIPEDA.)
Principle 1 – Accountability. An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.
Principle 2 – Identifying Purposes. The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection.
Principle 3 – Consent. The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
Principle 4 – Limiting Collection. The collection of personal information must be limited to that which is needed for the purposes identified by the organization. Information must be collected by fair and lawful means.
Principle 5 – Limiting Use, Disclosure, and Retention. Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.
Principle 6 – Accuracy. Personal information must be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.
Principle 7 – Safeguards. Personal information must be protected by appropriate security relative to the sensitivity of the information.
Principle 8 – Openness. An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.
Principle 9 – Individual Access. Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10 – Challenging Compliance. An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.
Canadian GDPR Adequacy designation
It is important to note that PIPEDA has been recognised as providing an adequate level of privacy protection relative to the GDPR. This “adequacy” determination, one of the original reasons of enacting PIPEDA, permits Canadian organizations to process personal information of EU residents without having to comply with the “Privacy Shield” which governs U.S. companies.
While a review of compliance requirements under the GDPR reveals that many are reflected in Canadian privacy law already, a number are potentially more rigorous. Janis Spindel Serious Matchmaking, Inc. updated its procedures, documents and policies to meet the following additional new compliance requirements:
Breach reporting.
The requirement for reporting of breaches to the relevant “data protection authority”, where feasible, within 72 hours of the occurrence. As we know, PIPEDA has been amended to provide for reporting of breaches, as well as notification of affected individuals – another new GDPR requirement. However these new PIPEDA rules do not stipulate a specific time period for reporting.
Accountability.
A key new GDPR compliance requirement is internal organizational accountability, specifically the establishment of a comprehensive data protection program. Such a program must include documented policies and procedures, maintaining detailed records of all data processing activities, guided by the principle of “privacy by design and by default”. While some features of this requirement go beyond what is dictated expressly under PIPEDA, Canadian businesses again are familiar with this overall dictate which is consistent with guidance issued by the federal and provincial Privacy Commissioners.
Substantive privacy rights.
The GDPR also stipulates a number of new or enhanced substantive privacy rights for individuals which organizations will need to address and build into their privacy protection procedures, including the following:
Consent.
Must be a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of his or her personal data and must be given by a statement or a clear affirmative action.
Right to erasure (“right to be forgotten”).
Broader than under the Directive and not specifically provided for under Canadian privacy laws.
Right of individuals to restrict processing of their data.
E.g. as when accuracy is challenged – expanded.
Data portability.
The right of individuals to transfer their data from one data collector to another