PRIVACY POLICY
EFFECTIVE DATE: July 1, 2020
Safety Group Inc. (“Safety Group”) values your privacy and is committed to protecting your personal data. In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information that we obtain about visitors to our website located at https://www.safetygroup.ca (the “Site”), any Ads published and managed by Safety Group Inc. with which you interact (our “Ads”) collectively, the Site, Ads and any other marketing materials or services offered are herein referred to as the “Services”.
By visiting the Site, or interacting and engaging with any of our Services, you agree and understand that your personal information will be handled as described in this Policy. Your use of our Site or Services, and any dispute over privacy, is subject to this Policy, including its applicable limitations on damages and the resolution of disputes.
We continuously revise this Policy to reflect changes in Safety Group Inc. ’s personal data collection and handling practices. The latest version of the Policy is provided here with an effective date as set forth above.
1. The Information We Collect About You
1.1. We collect information about you directly from you and from third parties, as well as
automatically, through your use of our Site or Services.
2. Information We Collect Directly from You
2.1. Certain areas and features of our Services require registration. To submit a request for
us to contact you, you must provide your email address and name.
2.2. We also may collect additional optional information from you; however, you are not
required to provide us with this information.
2.3. It is important that the personal data (personal data, or personal information, means any
information about you through which you can be identified; it does not include data where the
identity has been removed such as anonymous data) we hold about you is accurate and current.
2.4. Please keep us informed if your personal data changes during your relationship with us.
3. Information We Collect Automatically
3.1. We may automatically collect information about your use of our Services through cookies,
web beacons, log files, and other technologies including,
3.1.1. your domain name; your browser type and operating system; page views; links you click; IP
address; location information; the length of time you visit our Site; referring URL; access date
and time; mobile device ID; advertising ID (IDFA, IDFV, or GAID); location and language
information; device name and model; operating system type, name, and version.
3.2. We may combine this information with other information that we have collected about you,
including, where applicable, your user name, name, and other personal information. Please see the
section “Cookies and Other Tracking Mechanisms” below for more information.
4. Information We Don’t Collect
4.1. We do not collect any Special Categories of Personal Data about you (this includes details
about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation,
political opinions, trade union membership, information about your health, genetic and biometric
data).
4.2. Nor do we collect any information about criminal convictions and offences.
5. How We Use Your Information
5.1. We will only use your personal data when the law allows us to. Most commonly, we will use
your information, including your personal information, for the following purposes: To communicate
with you about your use of our Services, to respond to your inquiries, to fulfill your requests,
and for other customer service purposes.
5.2. To tailor the content and information that we may send or display to you, to offer
location customization, and personalized help and instructions, and to otherwise personalize your
experiences while using the Site or our Services.
5.3. For marketing and promotional purposes. For example, we may send you news and newsletters,
special offers, and promotions, or to otherwise contact you about products or information we think
may interest you via email, and ads. We also may use the information that we learn about you to
assist us in advertising our Services on third- party websites.
5.4. To better understand how users access and use our Site and Services, both on an aggregated
and individualized basis, in order to improve our Site and Services and respond to user desires and
preferences, and for other research and analytical purposes.
6. How We Store and Share Your Information
6.1. We will only retain your personal data for as long as necessary to fulfil the purposes we
collected it for, including for the purposes of satisfying any legal, accounting, or reporting
requirements. We store and share your information, including personal information, as follows:
7. Service Providers and Partners
7.1. We may disclose the information we collect from you to third-party business and technology
partners, vendors, service providers, contractors or agents who perform functions on our behalf.
7.1.1. All information provided will be protected to align with data privacy concepts, and the
partner or service provider must agree to the GDPR requirements if any personal data will be
originating from or processed in the EU.
7.1.1.1. We require all third parties to respect the security of your personal data and to
treat it in accordance with the law.
7.1.1.2. We do not allow our third-party service providers and partners to use personal data of
EU data subjects for their own purposes and only permit them to process personal data originating
from or processed in the EU for specified purposes and in accordance with our instructions.
8. Business Transfers
8.1. If we are acquired by or merged with another company, if substantially all of our assets
are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the
information we have collected from you to the other company.
9. In Response to Legal Process
9.1. We also store and may disclose the information we collect from you in order to comply
with the law, a judicial proceeding, court order, or other legal processes, such as in response to
a court order or a subpoena.
10. To Protect Us and Others
10.1. We also store and may disclose the information we collect from you where we believe it is
necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud,
situations involving potential threats to the safety of any person, violations of our Terms of Use
or this Policy, or as evidence in litigation in which Safety Group Inc. is involved.
11.Retention period
11.1. To determine the appropriate retention period for personal data, we consider the amount,
nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or
disclosure of your personal data.
11.2. The purposes for which we process your personal data and whether we can achieve those
purposes through other means, and the applicable legal requirements.
12. Cookies and Other Tracking
12.1. As mentioned above, we might use cookies and other tracking mechanisms to track
information about your use of our Site. We may combine this information with other personal
information we collect from you.
13. Do-Not-Track
13.1. Currently, our Site does not recognize browser “do-not-track” requests. You may, however,
disable certain tracking as discussed in this section (e.g., by disabling cookies or opting out of
ad networks.)
14. Cookies
14.1. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive
through your web browser for record-keeping purposes.
14.2. We might use cookies to uniquely identify you, in order to help us to process your
transactions and requests, to track aggregate and statistical information about user activity, and
to display advertising both on our Site and on third-party sites.
14.3. The Help portion of the toolbar on most browsers will tell you how to prevent your
computer from accepting new cookies, how to have the browser notify you when you receive a new
cookie, or how to disable cookies altogether.
14.3.1. If you disable cookies some features of our Site may not function.
15.Clear GIFs
15.1. Clear GIFs (a.k.a. web beacons, web bugs or pixel tags) are tiny graphics with a unique
identifier, similar in function to cookies.
15.1.1. In contrast to cookies, though, clear GIFs are embedded invisibly on web pages, not
stored on your hard drive.
15.2. We might use clear GIFs to track the activities of Site visitors, help us manage content,
and compile statistics about usage.
15.3. We and our third-party service providers also might use clear GIFs in HTML emails to our
customers, to help us track email response rates, identify when our emails are viewed, and track
whether our emails are forwarded.
16. Third-Party Analytics
16.1. We also use automated devices and applications to evaluate usage of our Site. We use
these tools to gather non-personal information about users to help us improve our services,
performance and user experiences.
16.2. We do not share your name or contact information with these third parties. However, these
analytics providers may use cookies and other technologies to perform their services and may
combine the information that they collect about you on our Sites with other information that they
have collected.
16.2.1. This Policy does not cover such third parties’ use of the data.
17. User-Generated Content
17.1. We invite you to post content on our Site, including, but not limited to your comments,
pictures, and any other information that you would like to be available on our Site.
17.2. If you post content to our Site, all of the information that you post will be available
to all users on our Site.
17.3. If you post your own content on our Site,
17.3.1. your posting may become public and Safety Group Inc. cannot prevent such information
from being used in a manner that may violate this Policy, the law, or your personal privacy.
18. Third-Party Links
18.1. Our Site and Services may contain links to third-party websites.
18.1.1. Any access to and use of such linked websites is not governed by this Policy but instead
is governed by the privacy policies of those third-party websites.
18.1.2. We do not control and are not responsible for the information practices of such
third-party websites.
18.1.3. When you leave our website, we encourage you to read the privacy notice of every website
you visit.
19. Access to My Personal Information
19.1. You may access, correct, erase, withdraw, or modify personal information that you have
submitted by logging into your account and updating your profile information.
19.1.1. Please note that copies of information that you have updated, modified or deleted may
remain viewable in cached and archived pages of the Site for a period of time.
20. What Choices Do I Have Regarding Use of My Personal Information?
20.1. You have the rights of access, correction, erasure, restriction, withdrawal, objection,
and data portability of your personal information.
20.1.1. For example, we may send periodic promotional or informational emails to you.
20.1.2. You may opt-out of such communications by following the opt-out instructions contained in
the email. Please note that it may take up to 10 business days for us to process opt-out requests.
20.1.3. If you opt-out of receiving emails about recommendations or other information we think
may interest you, we may still send you emails about your account or any Services you have
requested or received from us.
20.1.4. You also have the right to withdraw consent for us to use your personal information.
20.1.4.1. To withdraw your consent or erase your personal information, please go to your
personal profile, to confirm the withdrawal or erasure.
20.1.4.2. You will not have to pay a fee to access your personal data (or to exercise any of
the other rights).
20.1.4.2.1. However, we may charge a reasonable fee if your request is clearly unfounded,
repetitive or excessive.
20.1.4.2.2. Alternatively, we may refuse to comply with your request in these circumstances.
20.1.4.3. We may need to request specific information from you to help us confirm your identity
and ensure your right to access your personal data (or to exercise any of your other rights).
20.1.4.4. This is a security measure to ensure that personal data is not disclosed to any
person who has no right to receive it.
20.1.4.5. We may also contact you to ask you for further information in relation to your
request to speed up our response.
21. Special Information for California Consumers
21.1. California residents may request a list of certain third parties to which we have
disclosed personally identifiable information about you for their own direct marketing purposes.
21.1.1. You may make one request per calendar year.
21.2. In your request, please attest to the fact that you are a California resident and provide
a current California address for your response. You may request this information in writing by
contacting us at Rene@safetygroup.ca.
21.2.1. Please allow up to thirty (30) days for a response.
22. European Union (EU) General Data Protection Regulation (GDPR)
22.1. Safety Group Inc. may at times be subject to GDPR, which is the European Union’s
General Data Protection Regulation, as a controller or processor, of personal data as described
below:
22.1.1. The GDPR considers data protection as a fundamental human right of an individual, which
includes a “right to the protection” of their personal data. Any data subjects (i.e. anyone) based
in the EU, or anyone handling or targeting the personal data of an EU-based individual must have
processes, technology, and automation to effectively protect such personal data.
22.1.2. The GDPR applies to a controller or a processor who is based or established in the EU, or
to a company not based in the EU but who offers goods or services from outside the EU borders in
the EU or who monitors the behaviour of personal data in the EU.
22.1.3. To avoid fragmentation and ambiguity, GDPR has set a baseline for data protection by
requiring anyone processing the personal data of an individual that is in the EU to follow the
requirements set forth in the GDPR.
22.2. In compliance with GDPR, Safety Group Inc. has implemented data security processes set
forth below to ensure the following are properly identified and processed:
23. GDPR Definitions
23.1. Data Subject: A person who can be identified directly or indirectly by means of an
identifier. For example, an identifier can be a National Provider Identifier (NPI) number, a user
name, or a web cookie.
23.2. Personal Data: Any personal information, including sensitive personal information,
relating to a Data Subject. For example, email address, name or phone number.
23.3. Controller: A natural or legal person, public authority, agency or any other body which
alone or jointly with others determines the purposes and means of the processing of personal data.
For example, a controller can be an organization that works with Safety Group Inc. and determines
the processing of personal data provided to Safety Group Inc. Safety Group Inc. is a controller
for its third-party partners when Safety Group Inc. determines the processing of personal data
provided to the third-party.
23.4. Processor: A natural or legal person, agency or any other body which processes Personal
Data on behalf of the Controller. For example, a developer, a tester, or an analyst. A Processor
can also be a cloud service provider or an outsourcing company.
23.5. Recipient: A natural or legal person, agency or any other body to whom the personal data
is disclosed. For example, an individual, an attorney, an insurance agent, or an agency.
23.6. Enterprise: Any natural or legal person engaged in economic activity. This essentially
includes all organizations whether in the public or private sector, whether in the EU or outside of
the EU.
23.7. Third-party: Any natural or legal person, agency or any other body other than the Data
Subject, the Controller, the Processor and the persons who, under the direct authority of the
Controller or the Processor, are authorized to process the data. For example, partners or
subcontractors.
23.8. Supervisory Authority: An independent public authority established by an EU member state
(known as the National Data Protection Authority under the current EU Data Protection Directive),
or auditing agency.
24. Key GDPR Data Security Requirements
24.1. Safety Group Inc. ’s key GDPR data security requirements can be broadly classified into
three categories:
24.1.1. Assessment,
24.1.2. Prevention, and
24.1.3. Monitoring/Detection.
24.2. The GDPR also requires compliance with the data protection principles to enhance the
quality and rigour of the protection of the data. This section summarizes key data security
requirements discussed in the GDPR and adopted by Safety Group Inc.
24.3. Specifically, we have put in place appropriate security measures to prevent your personal
data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
24.4. In addition, we limit access to your personal data to those employees, agents,
contractors and other third parties who have a business need to know.
24.4.1. They will only process your personal data on our instructions and they are subject to a
duty of confidentiality.
24.4.2. We have put in place procedures to deal with any suspected personal data breach and will
notify you and any applicable regulator of a breach where we are legally required to do so.
24.4.3. More on these security measures, limitations, and procedures are described below.
25. Assess Security Risks
25.1. Data protection impact assessments lay a foundation for preventing breaches by evaluating
the gaps and risks.
25.2. The GDPR mandates that Controllers perform Data Protection Impact Assessments when
certain types of processing of Personal Data are likely to present a “high risk” to the data
subject.
25.3. Safety Group Inc. ’s assessment includes a systematic and extensive evaluation of
processes, profiles, and how these tools safeguard the Personal Data, and when applicable a data
processing agreement with Controllers and Processors.
26. Prevent Attacks
26.1. At various places in the regulation, the GDPR reiterates the importance of preventing
security breaches. The GDPR recommends several techniques to prevent an attack from succeeding:
26.1.1. Encryption: The GDPR considers encryption as one of the core techniques to render the
data unintelligible to any person who is not authorized to access the personal data. When
applicable, Safety Group Inc. encrypts personal data it collects to render it unintelligible if
accessed without authorization, and as applicable when processing or transferring the data to a
Processor.
26.1.1.1. The GDPR provides that in the event of a data breach, the Controller does “not” need
to notify data subjects if data is encrypted and rendered unintelligible to any person accessing
it.
26.1.2. Anonymization and Pseudonymization: Data anonymization is the technique of completely
scrambling or obfuscating the data, and pseudonymization refers to reducing the linkability of a
data set with the original identity of a data subject.
26.1.3. The GDPR states that anonymization and pseudonymization techniques can reduce the risk of
accidental or intentional data disclosure by making the information un-identifiable to an
individual or entity. Where applicable, Safety Group Inc. anonymizes and pseudonyms the personal
data it processes.
26.1.3.1. This includes aggregating the data to be personally unidentifiable, such that the
Personal Data is rendered anonymous and unlinkable to the original identity of a data subject.
26.1.4. Privileged User Access Control: The GDPR implies controlling privileged users who have
access to Personal Data to prevent attacks from insiders and compromised user accounts.
26.1.4.1. Safety Group Inc. limits access to Personal Data to specific individuals within the
organizations, and with instructions as to the sensitivity of the Personal Data to prevent attacks
and compromises of the Personal Data.
26.1.5. Fine-grained Access Control: In addition to privileged user control, the GDPR recommends
adopting a fine-grained access control methodology to ensure that the Personal Data is accessed
selectively and only for a defined purpose.
26.1.5.1. This kind of fine-grained access control can help organizations minimize unauthorized
access to Personal Data. Safety Group Inc. selectively uses Personal Data for the specific purpose
for which it is required.
26.1.6. Data Minimization: The GDPR recommends minimizing the collection and retention of
Personal Data as much as possible to reduce the compliance boundary. While collecting, processing,
or sharing Person Data, Controllers and Processors must be frugal and limit the amount of
information to the necessities of a specific activity.
26.1.6.1. Safety Group Inc. minimizes the Personal Data it collects by considering what is
adequate and relevant to what is necessary for relation to the purposes for which they are
processed.
26.1.7. Monitor to Detect Breaches: While preventive security measures help Safety Group Inc.
minimize the risk of attack, they cannot eliminate the possibility that a data breach may occur.
Thereby Safety Group Inc. monitors and alerts to detect such breaches through recording or
auditing of the activities on the Personal Data and maintaining it so that processors and third
parties must not be able to tamper or destroy the audit records.
26.1.7.1. In the case of a Personal Data breach, Safety Group Inc. shall without undue delay
and, where feasible, not later than 72 hours after having become aware of it, notify the
supervisory authority of any Personal Data breach.
26.2. The three broad categories of security guidelines (assessment, prevention, and detection)
help Safety Group Inc. address threats from multiple angles and secure the data from unauthorized
access.
27. Transfer of EU data subjects personal data to third parties outside the EU
27.1. Many of our external third parties are based outside the European Economic Area (EEA) so
their processing of EU data subjects’ personal data will involve a transfer of data outside the
EEA.
27.2. Whenever we transfer an EU data subject’s personal data to external third parties based
outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least
one of the following safeguards is implemented:
27.3. We will only transfer EU data subjects’ personal data to countries that have been deemed
to provide an adequate level of protection for personal data by the European Commission.
27.3.1. For further details, see European Commission: Adequacy of the protection of personal data
in non-EU countries. (https://ec.europa.eu/info/law/law- topic/data-protection/data-transfers-outside-eu/adequacy-protection-
personal-data-non-eu-countries_en)
27.4. Where we use certain service providers, we may use specific contracts approved by the
European Commission which give personal data the same protection it has in Europe.
27.4.1. For further details, see European Commission: Model contracts for the transfer of
personal data to third countries. (https://ec.europa.eu/info/law/law-
topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-
personal-data-third-countries_en)
27.5. Where we use providers based in the US, we may transfer data to them if they are part of
the Privacy Shield which requires them to provide similar protection to personal data shared
between the EU and the US.
27.5.1. For further details, see European Commission: EU-US Privacy Shield.
(https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-
outside-eu/eu-us-privacy-shield_en)
28. Contact Us
28.1. You have the right to make a complaint at any time to your respective supervisory
authority. (http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080)
28.2. We would, however, appreciate the chance to deal with your concerns before you approach
the supervisory authority so please contact us in the first instance.
28.3. If you have questions about the privacy aspects of our Website, Services or would like to
make a complaint, please contact us at Rene@safetygroup.ca.
29. Changes to this Policy
29.1. This Policy is current as of the Effective Date set forth above.
29.2. We may change this Policy from time to time, so please be sure to check back
periodically.
29.3. We will post any changes to this Policy on our Site, at
https://www.safetygroup.ca/privacy-policy/.
29.4. If we make any changes to this Policy that materially affect our practices with regard to
the personal information we have previously collected from you,
29.4.1. we will endeavour to provide you with notice in advance of such change by highlighting
the change on our Site or contacting you via email from Rene@safetygroup.ca.