Stack8 Technologies Inc. DBA ZIRO (“ZIRO”, “we” “us” or “our”) is committed to protecting your privacy and providing you with a positive experience on our websites and in using our products and services.
The purpose of this Policy is to explain how we collect, use and disclose the personal information you may provide to us and is meant to comply with all applicable Canadian legislation (“CASL”) and, when applicable, with the General Data Protection Regulation (“GDPR”).
1.0 Scope of this Policy
This Policy applies to the personal information that is in ZIRO’s possession or under its control, including the information we may transfer to a third party for processing purposes.
2.0 Collection of the Personal Information
ZIRO does not automatically gather any personal information through its website, products, or services.
ZIRO uses software that receives and records the Internet protocol IP addresses. ZIRO will not link these addresses with the identity of the individuals visiting its website, except in cases of abuse or to investigate a situation.
As described above, for much of the personal information we collect and process through our products and services, we act as a processor on behalf of our clients.
All personal information collected or processed by ZIRO is treated as confidential information.
ZIRO does not use “cookies” to track the visitors of its website.
4.0 Use of the Personal Information
We may use the personal information we collect or receive about you in reliance on our (and where applicable, our clients’) legitimate interests for the following purposes:
- To provide, support, and improve our products and services;
- To establish and maintain our business relationship with you;
- To communicate with you when you submit questions, comments, or suggestions to us;
- To meet legal requirements, including complying with court orders, subpoenas, and other appropriate legal mechanisms;
- To prevent errors and fraud;
- To fulfill our legitimate business interests.
The personal information we collect or receive will not be used for purposes other than those described above unless consent is obtained or to the extent permitted or required by law.
5.0 Communication of the Personal Information
ZIRO recognizes that, except in the cases and under the conditions described hereinafter and as authorized or required by law, the communication of your personal information requires your consent when your personal information is communicated to a third person.
According to the applicable legislation, for example, personal information about you may be communicated by ZIRO, without your consent, to the following persons:
- To parent companies, affiliates, subsidiaries, or contractors as necessary to carry out the purposes for which the information was supplied or collected;
- To a person or body having the power to compel communication of the information if it is required in the exercise of his or its duties or functions including to comply with a subpoena, a warrant, or rules of the Court pertaining to the production of documents;
- To a person or body responsible, by law, for the prevention, detection, or repression of crime or statutory offenses who requires it in the performance of his or its duties and if the information is needed for the prosecution of an offense under applicable law;
- To our representatives and advisors, including attorneys and accountants;
- To a person to whom it is necessary to communicate the information under applicable law.
Access within ZIRO also does not require your consent but is strictly limited to the persons for whom such information is necessary for the performance of their functions and duties. Unauthorized access to or disclosure of your personal information by a ZIRO employee is strictly prohibited.
6.0 Security Measures
ZIRO has put in place a series of security safeguards to protect your personal information against loss and theft, as well as unauthorized access, disclosure, copying, use, and modification, regardless of the format in which the information is held.
These security safeguards include physical measures, organizational measures, and technological measures that are reasonable given the sensitivity of the information, the purposes for which it is to be used, the quantity and distribution of the information, and the medium on which it is stored.
ZIRO further recognizes that it is important to keep personal information accurate, complete, and up-to-date and takes reasonable steps to ensure the accuracy and completeness of the personal information it uses and discloses.
However, you are responsible to inform us of any significant change in your personal information which may occur during our business relationship.
We will keep your personal information for the time required to fulfill the identified purposes, our legitimate business interest, and to conform to the legislative requirements.
When required by law, ZIRO will notify any competent authority without undue delay of any breach of security if there are reasons to believe that the breach creates a real risk of harm to your personal information and will also notify you as soon as possible.
7.0 Access and rectification requests
You have the right to request to consult and to obtain communication of your personal information held by ZIRO. You can also request that information that is inaccurate, incomplete, or equivocal be rectified, and that information not justified by the purpose of the file be deleted.
All questions or concerns regarding this Policy or about the collection, use, and disclosure of your personal information, including requests for access, rectification, or complaints, should be made in writing to:
Stack8 Technologies Inc. DBA ZIRO
Attn: Marketing Dept.
1550 Rue Metcalfe #500,
Montréal, QC H3A 1X6
ZIRO will respond to every request for access, rectification, and complaint within 30 days of receiving the written request. In the event that we cannot provide access to or rectify your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions, and we will inform you of any recourse available.
8.0 Processing of personal information of individuals in the European Economic Area (EEA)
If your consent is given in a written declaration that relates to other matters, ZIRO will make sure that the request for consent to the processing of personal information is clearly distinguishable. While we believe that we do not collect such information, we acknowledge that explicit consent is required for the processing of data relating to ethnic origin, a person’s sex life or sexual orientation, political opinions, religious or philosophical beliefs or trade union membership, data concerning health or genetic or biometric data.
8.2 Collection, retention, and use of personal information
As stated above, ZIRO will not keep personal information for longer than necessary to achieve the purposes for which it was collected and will make reasonable efforts to specify in advance the time period during which personal information will be retained, or the criteria used to determine that period.
8.3 Automated decision-making
ZIRO recognizes that you have the right to know if your personal information is being processed by an automated decision-making process. Upon request, we will provide you with information about the reasoning behind the automation. Unless otherwise required or authorized by law, you have the right not to be subjected to a decision based solely on an automated decision-making process, if said decision produces a legal effect on you.
8.4 Data protection impact assessment
ZIRO will carry out a data protection impact assessment prior to using new technologies if it is likely to result in a high risk to the rights and freedoms of individuals, including the right to privacy.
8.5 Right to erasure
If the law so authorizes, you have the right to obtain from ZIRO the erasure of your personal information without undue delay.
8.6 Accuracy and safeguards
ZIRO will implement, before the collection of personal information, appropriate technical and organizational measures such as pseudonymization and data minimization.
ZIRO only shares personal information with agents, mandataries, consultants, data processors, or service providers which provide sufficient guarantees that appropriate safeguards are in place to protect individuals’ personal information. The processing of personal information by agents, mandataries, consultants, data processors, or service providers is governed by a data protection agreement or another legal document.
We ensure we can account for and demonstrate compliance with the GDPR in our processing of personal information. This is notably achieved by maintaining a record of processing when applicable and training our employees on data protection compliance.
8.8 Complaint procedures, right of access, and rectification
ZIRO will facilitate your right to access, rectify and obtain your personal information. You can always obtain from us confirmation as to whether or not your personal information is being processed.
Any rectification or erasure of your personal information shall be communicated to each third party to whom the personal information has been disclosed.
Revised 30 MAR 2022. Subject to change without notice.