Spring Planning Inc. recognizes that your trust is an integral part of our working relationship and is fully aware and compliant with the laws governing the handling of your personal and confidential information. This includes:
- PIPEDA The Personal Information Protection and Electronic Documents Act (Canada)
- CASL Canada’s anti-spam legislation (2014)
- GDPR General Data Protection Regulation (EU) (May 28, 2018)
Protecting your privacy and the confidentiality of your personal information is a fundamental principle of our relationship with you.
Spring Planning Inc. complies with the legislation and regulations referenced above and is committed to the lawful storage, protection, accuracy and use of Personal Information collected and controlled by us.
- procedures to protect Personal Information;
- communications and training programs to provide information to Spring Planning Inc. personnel about privacy policies and practices.
- procedures to receive and respond to complaints and inquiries.
Collection and Use
Spring Planning Inc. collects personal information for two primary purposes:
- to gather all necessary and appropriate information required to properly serve the client’s needs as mutually agreed upon
- to send our newsletter to those who have willfully opted in to the receipt of said newsletter
Limiting Collection, Use, Disclosure and Retention
Personal Information is collected only to fulfil the purposes identified, for example to respond to a request for information requested on the Contact page of our website or to prepare client work as so engaged.
Spring Planning Inc. does not use or disclose Personal Information for purposes other than those for which it is collected and in direct alignment with client contracts. We retain Personal Information for only as long as necessary to serve that purpose. Spring Planning Inc. does not sell, rent or otherwise provide any personally identifiable information about you to a third party, nor do we share or solicit the information captured in any way.
Spring Planning Inc. uses Google Analytics on its website to improve the quality and relevance of the information it publishes. Google aggregates and anonymizes the data, to maintain website visitors’ privacy. For more information, see Google’s policy for sites that use its services.
Consent for the collection of personal information can be either express or implied. Express consent is either given verbally or in writing, e.g. when providing information on the Contact page on our website or opting in to our newsletter.
It is understood that information gathered from visits to our website may be used to statistically analyze usage of the website and to make improvements to our website content. If you provide your contact information on our website, we may use your email address to contact you directly from time to time. Under no circumstances is information from our Contact page added to a mailing list or used for mass marketing purposes.
Special note with respect to the GDPR (Privacy legislation for the EU, effective May 28, 2018)
The GDPR has added additional control for EU citizens over their personal informations regardless of which country that information is used in, meaning all countries are required to abide by the GDPR when dealing with, or potentially dealing with personal information from an EU citizen. Under the GDPR, your Personal Information is also protected in the following ways:
- Notification of sharing with a third party, in our case Mailchimp: Personal information provided by you during the opt-in process of signing up for our newsletter means that the information you provide is then supplied to Mailchimp, a third party. Through their own adherence to GDPR, your information is used for the sole purpose of mailing our newsletter to you.
- You have the ability to edit information shared with Mailchimp yourself, directly from a link on our newsletter.
- As always, you have the ability to unsubscribe from the mailing list at any time using the unsubscribe button on the newsletter.
- If your personal information is used for any purpose other than our newsletter, separate consent will be obtained.
- You have the right to request that any of your Personal Information maintained by Spring Planning Inc, or Mailchimp, be permanently and promptly deleted.
Spring Planning Inc. endeavours to keep Personal Information as accurate, complete and up-to-date as necessary for the purposes for which it is to be used.
Spring Planning Inc. protects Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification with security safeguards appropriate to the sensitivity of the Personal Information. Our robust Cyber Security Policy is adhered to, updated, and reviewed with each member of Spring Planning Inc. on a semi annual basis. Spring Planning Inc. protects Personal Information regardless of the format in which it is held.
The methods of protection for Personal Information include:
- while rare in the virtual environment, any physical documents are shredded when no longer needed, and are kept in a secure location when they are being used;
- organizational measures, access to electronic records on a need-to-know basis;
- personnel training on Privacy and Security Policy and signed confidentiality agreements; and
- technological measures, such as sharing of passwords only through an encrypted password management system; not exchanging documents through non-secure channels; using encrypted VPNs to access client information; maintaining system security to guard against cyber threats.
Transparency and Access
Spring Planning Inc. makes specific information about its policies and practices relating to the management of Personal Information readily available to clients. Spring Planning Inc. is open about its policies and procedures as they relate to the handling of Personal Information. Any inquiries should be addressed to firstname.lastname@example.org.
Every client has the right to request access to their Personal Information and the right to have Personal Information deleted or modified.
As you may be aware, the General Data Protection Regulation (GDPR) came into effect on May 25th, 2018. While this is a European Union regulation, it expands on the Canadian privacy legislation already in place. Compliance with all privacy regulations is key to respecting your privacy and ensuring the security of your data.
Here are the highlights of the initiatives we’ve reviewed or updated in accordance to these new regulations:
- We’ve changed our newsletter sign-up process from single opt-in to double opt-in
- We have assigned a Privacy Officer who can be reached at email@example.com with any concerns or requests.
- We openly allow you to exercise your right to erasure if you wish to delete information we have about you through our Privacy Officer.