Who We Are
The responsible entity within the meaning of the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the General Data Protection Regulation 2016/679 (“GDPR”) is:
5800 Ambler Drive, Suite 210, Mississauga, Ontario,
Canada L4W 4J4
Collection and Processing of Data
Personal data is only collected if you provide this information voluntarily, for example as part of a registration, login, or enquiry. Only data that is required to fulfill the functionality of the Shopchums App will be collected. The data is only collected and processed for a specific purpose.
PIPEDA Privacy Rights
You have the ability to exercise the following rights:
You have the following rights with regard to personal data concerning you:
How Do I Make a Privacy Right Request?
If you have a question about our personal information practices, please contact us.
If you make a request, we will confirm that we have received your request and inform you accordingly if we need further information from you. We will typically respond to your request within one month unless the request is particularly complex, or we receive multiple requests from you. In these cases, we may extend the time period, but we will keep you informed about the status of your request.
For your protection, we only respond to requests for the personal information associated with the email address and/or handle name or name that you identify in your request, and we may need to take other steps to verify your identity before taking any action. When permitted by law, we may charge an appropriate fee to cover the costs of responding to your request.
The Supervisory Authority
The Office of the Privacy Commissioner of Canada (OPC) is the Shopchums relevant authority in matters of data protection. You have the right to make a complaint at any time to the OPC (www.priv.gc.ca/en). We would, however, appreciate the opportunity to deal with your concerns before you approach the OPC; if possible, please contact us in the first instance.
Relevant Legal Basis
In accordance with Article 13 of the GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated, the following applies:
Installation of Our App
Our App can be downloaded from the "Google Play Store" and "Apple App Store". Downloading our App may require prior registration with the respective App store and installation of the Shopchums App store software.
App installation via the Google Play Store
To install our App: you can use the Google service "Google Play Store" of Google Inc. (“Google”), 1600 Amphitheatre Parkway Mountain View, CA 94043, US, if you are resident outside the EU; If you are a resident within the EU, you can use “Google Play” of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
As far as we are aware, Google collects and processes the following data;
App installation via the Apple App Store
To install our App: you can use the Apple App service "App Store" a service of Apple Inc. (“Apple”), 1 Infinite Loop, Cupertino, CA 95014, US; if you are resident outside the EU. If you are a resident in the EU, use the Apple App from Apple Distribution International Ltd, Hollyhill Industrial Estate, Hollyhill Ln, Knocknaheeney, Cork, Ireland.
As far as we are aware, Apple collects and processes the following data;
We collect information from and about the device(s) you use to access our App, including hardware and software information such as IP address, device ID and type, device-specific and App settings and properties, App crashes, information about your wireless and mobile network connection, such as your service provider and signal strength; information about device sensors, such as accelerometer, gyroscope and compass.
When you install the Shopchums App and create an account, we collect some or all of the following information about you, including your email address, name, and login details. You will also be asked to create a password in connection with registering your account. Once you have registered, you can review and change this information at any time. It is your responsibility to ensure that your account details are kept up to date. The information we collect helps us improve the App and verify our users.
When You Contact Us
If you contact us, we will store your email address and may store your IP address and the information you give us so that we can process your request. We store correspondence with you for 6 years after your account is deleted.
Information We Generate When You Use the Shopchums App and Our Services
Communication and Sharing with Other Users
We store our users' communications or sharing of details, offers, deals and products that take place via the Shopchums App, as well as communications with other users. When you voluntarily share information on our Services, you disclose that information to other users. Please be careful with your information and make sure that you only share content that you truly agree to publish, as neither you nor we can control what others do with your information once you share it.
We collect information about your activity on our services, for instance how and when you use them (e.g., date and time you logged in, features you’ve been using, searches, clicks and pages which have been shown to you, referring webpage address, etc.), and how you interact with other users (e.g., users you connect and interact with, time and date of your exchanges, number of referrals you send and receive, etc.).
How We Share Information
We use third party service providers to help us operate and improve our services. These third parties assist us with various tasks, including data hosting and maintenance, analytics, customer support, marketing, data storage, and security measures. We also share user information with legal authorities as may be required from time to time.
We follow a rigorous vetting process before engaging a service provider or working with a partner. All our service providers and partners must commit to strict confidentiality.
We may transfer your information if we are involved in whole or in part in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
We may disclose your information if reasonably necessary: (i) to comply with a legal process, such as a court order, subpoena or search warrant, government/legal investigation or other legal requirement; (ii) to assist in the prevention or detection of crime (in each case, subject to applicable law); or (iii) to protect the safety of any person.
We may also disclose information: (i) if disclosure would reduce our liability in actual or threatened litigation; (ii) if necessary to protect our legal rights and the legal rights of our users or other interested parties; (iii) to enforce our agreements with you; and (iv) to investigate, prevent, or take other action regarding illegal activities, including suspected fraud or other misconduct.
We may ask for your consent to share your information with third parties. In any such case, we will make clear why we want to share the information.
Sharing of Non-Personal Information
We may use and share non-personal information such as device information, general demographic information, general behavioral information, geographic location in de-identified form, and personal information in hashed, non-human readable form in the above circumstances. We may combine this data with additional non-personal data or personal data in hashed, non-human readable form collected from other sources.
You can stop the collection of information by the Shopchums App by uninstalling it using the standard uninstall procedure for your device. When you uninstall the Shopchums App from your mobile device, the unique identifier associated with your device will continue to be stored. If you reinstall the Shopchums App on the same mobile device, we may again associate that identifier with your previous transactions and activities.
Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Authorizations and Access
We may request permission to have access to your internet connection from your mobile device. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. You can change your permissions at any time via Settings (iOS) or Settings Menu (Android).
We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art of technology at the time, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk therein.
The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we take the protection of personal data into account in the development and selection of hardware, software, and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.
For security reasons and to protect the transmission of confidential content that you provide to us, this platform uses TLS encryption (Transport Layer Security), or better known as SSL (Secure Sockets Layer). You can recognize the secure, encrypted connection to this platform by the identifier https:// of the entry in the URL line (address line) of the browser used and/or the green lock symbol. HTTPS stands for Hypertext Transfer Protocol Secure.
We would like to point out that data transmission on the Internet (e.g., when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
Cooperation With Processors, Joint Controllers and Third Parties
If, in the course of our processing, we disclose data to other persons and companies (processors, jointly responsible persons or other third parties), transfer it to them, or otherwise grant them access to the data, we will only do so on the basis of legal permission to which users have consented, if required due to a legal obligation, or on the basis of our legitimate interests.
If we disclose or transfer data to other companies or otherwise grant them access, this is done for administrative and operational purposes (our legitimate interest) and, in addition, will only be done on a basis that complies with legal requirements.
When You Send a Data Subject Access Request
If You make a data subject access request, it is our legal obligation to respond to such request, and this is the purpose for the processing of your personal data at the time of the request, and it is in our legitimate interest as well as the legal basis for the subsequent documentation of the data subject access request.
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, a data subject access request will be deleted three years after the data request is made.
You may, at any future time, object to the processing of your personal data pursuant to a data subject access request. However, if you make such objection, we would not, in such circumstances, be able to process such future data subject access requests, as it is mandatory that the processing of a respective data subject access request be documented. This should be kept in mind at the time of any such objection to data processing.
Disclosure within service supplier companies pursuant to Art. 6 (1) lit. b GDPR
We may or will share your personal data with contract software service providers, who may or will process it as part of their work performance for us. If you contact us with questions and/or complaints, they may or will accordingly have access to your data in order to process your request.
Revocation of Your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke consent you may have already given at any time. The legality of any data processing carried out prior to the revocation will remain unaffected by the revocation.
The legal basis for push messages is our legitimate interest. A push service is used to provide you with useful tips and information directly to your mobile or similar devices. When we send a push message, we send the message with a corresponding ID or token to the Push Notification Service. This ensures that the push message is sent to the device where you wish to receive such notification. Our legitimate interest is to allow us to present current information to you directly. This personal data will only be processed as long as necessary for the provision of the function. You have the right to terminate the push service, by deactivating the push service in the respective system settings of the operating system of your device.
We do not use automated decision-making or profiling.
Do Not Sell My Personal Information
We do not sell information that directly identifies you.
Updating Your Information
If you believe that the information, we hold about you is inaccurate, or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please contact us. For your protection and the protection of all other users, we may require you to provide proof of your identity prior to responding to your request.
Requests may be rejected for certain reasons, if complying with the request would cause us to commit an illegal act, or complying would cause us to infringe on the trade secrets or intellectual property or the privacy of another user. Also, we may not be able to accommodate certain requests in which you object to the processing of your personal information, when or if such requests would not allow us to provide our service to you.
Our commitment to protecting the privacy of your personal data may result in future changes to this policy. Please regularly review this policy to stay current with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy, or not acted in accordance with data protection law, then you should notify us using our contact form or via email to firstname.lastname@example.org.