Privacy Policy for Crafty Penguins

Introduction

Welcome to the Privacy Policy of Crafty Penguin Technologies Inc, commonly known as Crafty Penguins. As an IT-managed services company with a fully remote workforce, we are dedicated to protecting the privacy and confidentiality of the personal information entrusted to us. At Crafty Penguins, we recognize the importance of privacy and are committed to ensuring that your personal information is handled with the utmost care and respect. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information in compliance with Alberta’s Personal Information Protection Act (PIPA), the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other relevant privacy laws in the USA, Canada, and Europe. Our commitment to privacy is fundamental to the trust our clients place in us, and we strive to maintain that trust by implementing robust privacy and security practices across our operations. Whether you are a client, an employee, or a business partner, we want you to feel confident that your personal information is safe. Please take a moment to read through this policy to understand how we manage your personal information and your rights regarding its use. If you have any questions or concerns, do not hesitate to contact us.

Scope

This Privacy Policy applies to all personal information collected, used, and disclosed by Crafty Penguin Technologies Inc, operating as Crafty Penguins, in the course of our business operations. It covers personal information related to our clients, employees, contractors, and other stakeholders, and extends to our online activities, including our website, Crafty Penguins. This policy outlines our practices regarding the collection, use, disclosure, and protection of personal information, as well as your rights concerning your personal information. It applies to all personal information, regardless of the format in which it is collected or stored, including but not limited to electronic, paper, and verbal records. The scope of this policy includes:

Online Activities:
- Personal information collected through our website, applications, and online services.
- Information shared and/or collected from visitors to our website.
Business Operations:
- Personal information collected through our business operations, including client interactions, service delivery, and employee management.
- Personal information collected from third parties in connection with our services.
Consent:
- By using our website or engaging with Crafty Penguins, you consent to our Privacy Policy and agree to its terms.

Information We Collect

Personal information you provide directly, such as your name, email address, phone number, and other details you choose to share with us.
Additional information received when you contact us, including the contents of messages and attachments.
Contact information collected during account registration, including name, company name, address, email address, and telephone number.

Use of Information

To provide, operate, and maintain our website and services.
To improve, personalize, and expand our website and services.
To understand and analyze how you use our website and services.
To develop new products, services, features, and functionality.
To communicate with you, including customer service, updates, and marketing.
To send emails and prevent fraud.

Log Files and Cookies

Use of log files to analyze trends, administer the site, and gather demographic information.
Use of cookies and web beacons to store information, optimize user experience, and customize web page content.

Third-Party Policies

Information about third-party advertising partners and their privacy policies.
Note that Crafty Penguins has no control over cookies used by third-party advertisers.

Legal Rights and Compliance

Right to access: You have the right to request access to your personal data.
Right to correction: You have the right to request corrections to inaccurate or incomplete information.
Right to erasure: You have the right to request the deletion of your personal data, subject to legal and contractual restrictions.
Right to data portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format.
Right to restrict processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.
Right to object: You have the right to object to the processing of your personal data, under certain conditions.
Right to withdraw consent: Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes applicable data protection laws.

Information on CCPA Privacy Rights for California Consumers:

Under the California Consumer Privacy Act (CCPA), California consumers have specific rights regarding their personal information. These rights include:

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you in the past 12 months, the categories of sources from which the personal information is collected, the purpose for collecting or selling personal information, and the categories of third parties with whom we share personal information.
Right to Delete: You have the right to request that we delete any personal information we have collected from you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
Right to Opt-Out of Sale: You have the right to opt-out of the sale of your personal information. Crafty Penguins does not sell personal information, but we provide this right to comply with the CCPA.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights. We will not deny you goods or services, charge you different prices or rates, or provide you with a different level or quality of goods or services for exercising your CCPA rights.

Under the General Data Protection Regulation (GDPR), individuals in the European Union have enhanced rights regarding their personal data. These rights include:

Right to Access: You have the right to request access to the personal data we hold about you, including information on how your personal data is being processed, the purpose of the processing, and with whom your personal data is shared.
Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure: Also known as the “right to be forgotten,” you have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw your consent.
Right to Restrict Processing: You have the right to request the restriction of processing your personal data under certain conditions, such as when you contest the accuracy of the data or object to its processing.
Right to Data Portability: You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format, and to transfer that data to another data controller without hindrance from us.
Right to Object: You have the right to object to the processing of your personal data for certain purposes, such as direct marketing or when processing is based on legitimate interests.
Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data infringes applicable data protection laws.

Procedures for Exercising Rights such as Access, Rectification, Erasure, and Data Portability:

Submitting a Request: To exercise your rights under the CCPA, GDPR, or other applicable data protection laws, you can contact us using the details provided in this policy. Your request should include sufficient information to allow us to verify your identity and the nature of your request.
Verification: For your protection, we may need to verify your identity before fulfilling your request. This verification process may involve requesting additional information from you to confirm your identity.
Response Time: We will respond to your request within the time frame required by applicable law. For GDPR requests, we aim to respond within one month of receiving your request. For CCPA requests, we aim to respond within 45 days of receiving your request.
Exceptions: There may be circumstances where we are unable to fulfill your request, such as when we are legally required to retain certain data or when fulfilling the request would infringe on the rights and freedoms of others. If we are unable to comply with your request, we will inform you of the reasons for our decision.
Contact Information: You can submit your requests or inquiries to our Privacy Officer, Joshua Smith, at privacy@craftypenguins.net.

Children’s Privacy Policies Regarding the Collection and Use of Personal Information from Minors:

Crafty Penguins does not knowingly collect personal information from children under the age of 13. If we become aware that we have collected such information, we will take steps to delete it promptly.

SMS Information

No sharing of mobile information with third parties/affiliates for marketing/promotional purposes, with exclusions for text messaging originator opt-in data and consent.

Collection of Personal Information Types of Personal Information Collected:

Contact information: Name, company name, address, email address, telephone number.
Account information: Usernames, passwords, and other login credentials.
Communication details: Contents of messages and attachments sent to us.
Technical information: IP addresses, browser type, Internet Service Provider (ISP), referring/exit pages, date and time stamps, and clickstream data.
Cookies and usage data: Information about website usage and preferences.

Methods of Collection:

Directly from individuals: Through forms on our website, email, phone, or other direct interactions.
Automatically: Through cookies, web beacons, and log files when visiting our website.
From third parties: Information provided by service providers, business partners, or other third parties in connection with our services.

Use of Personal Information Purposes for Which Personal Information is Used:

To provide, operate, and maintain our website and services.
To improve, personalize, and expand our website and services.
To understand and analyze how you use our website and services.
To develop new products, services, features, and functionality.
To communicate with you, including customer service, updates, and marketing.
To send you emails and other communications.
To prevent fraud and enhance security.

Legal Basis for Processing Personal Information:

Performance of a contract: Processing necessary for the performance of a contract with you.
Legitimate interests: Processing for our legitimate business interests, such as improving our services and website.
Consent: Processing based on your consent, where required by law.
Legal obligations: Processing necessary to comply with legal obligations.

Disclosure of Personal Information Situations in Which Personal Information May Be Disclosed to Third Parties:

To service providers: For the purpose of providing and improving our services.
To legal authorities: When required by law or to protect our legal rights.
In business transactions: In connection with a merger, acquisition, or sale of assets.

Types of Third Parties Who May Receive the Information:

Service providers and business partners.
Legal and regulatory authorities.
Potential buyers or investors in the event of a business transaction.

By using our website or services, you consent to the collection, use, and disclosure of your personal information as described in this policy.
Consent is obtained at the point of data collection, such as when filling out forms on our website.

You may withdraw your consent at any time by contacting us at the details provided in this policy.
Please note that withdrawing consent may affect your ability to use certain features of our website and services.

Retention of Personal Information Data Retention Periods:

Personal information is retained for as long as necessary to fulfill the purposes for which it was collected.

Criteria for Determining Retention Periods:

Legal and regulatory requirements.
Business needs and contractual obligations.

Methods for Securely Disposing of Personal Information:

Secure deletion of electronic records.
Shredding or otherwise destroying physical records.

Protection of Personal Information Security Measures to Protect Personal Information:

Use of encryption to protect data during storage and transmission.
Implementation of access controls to limit access to personal information.

Policies for Ensuring the Security of Data During Storage and Transmission:

Regular security audits and assessments.
Continuous monitoring and updating of security practices.
Data encryption at rest and during transmission.
Compliance with geographic location requirements for physical storage based on the jurisdiction of our client data.

Access and Correction Procedures for Individuals to Access Their Personal Information:

You may request access to your personal information by contacting us at the details provided in this policy.

Methods for Requesting Corrections to Inaccurate or Incomplete Information:

You may request corrections to your personal information by contacting us and providing details of the requested changes.

Accountability and Openness Contact Information for the Privacy Officer or Person Responsible for Privacy Compliance:

Privacy Officer: Joshua Smith
Email: privacy@craftypenguins.net

How the Company Ensures Accountability and Compliance with Privacy Policies:

Regular training for employees on privacy and data protection.
Periodic reviews and updates to privacy policies and practices.
Annual review and update of the privacy policy.

How Individuals Can Exercise Their Rights:

Contact us at the details provided in this policy to exercise your rights. We will respond to your request within the time frame required by applicable law.

Submit complaints or inquiries by contacting us at the details provided in this policy.

Contact Details for Submitting Complaints and Inquiries:

Email: privacy@craftypenguins.net
Privacy Officer: Joshua Smith

Changes to the Privacy Policy How the Company Will Notify Individuals of Changes to the Privacy Policy:

Changes to the policy will be posted on our website with an updated effective date.

Effective Date of the Current Version of the Privacy Policy:

May 3, 2024

International Transfers Information About Transferring Personal Information Outside of Alberta or Canada:

Personal information may be transferred to and processed in countries other than your country of residence.

Safeguards in Place for International Transfers:

We ensure that appropriate safeguards are in place, such as standard contractual clauses, to protect personal information transferred internationally.