PRIVACY POLICY

EFFECTIVE DATE: July 1, 2020

 

Safety Group Inc.  (“Safety Group”) values your privacy and is committed to protecting your personal data.  In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information that we obtain about visitors to our website located at https://www.safetygroup.ca (the “Site”), any Ads published and managed by Safety Group Inc.  with which you interact (our “Ads”) collectively, the Site, Ads and any other marketing materials or services offered are herein referred to as the “Services”.

 

By visiting the Site, or interacting and engaging with any of our Services, you agree and understand that your personal information will be handled as described in this Policy. Your use of our Site or Services, and any dispute over privacy, is subject to this Policy, including its applicable limitations on damages and the resolution of disputes.

 

We continuously revise this Policy to reflect changes in Safety Group Inc. ’s personal data collection and handling practices.  The latest version of the Policy is provided here with an effective date as set forth above.

1.    The Information We Collect About You


1.1.     We collect information about you directly from you and from third parties, as well as 
automatically, through your use of our Site or Services.


2.    Information We Collect Directly from You


2.1.     Certain areas and features of our Services require registration. To submit a request for 
us to contact you, you must provide your email address and name.

2.2.     We also may collect additional optional information from you; however, you are not 
required to provide us with this information.

2.3.     It is important that the personal data (personal data, or personal information, means any 
information about you through which you can be identified; it does not include data where the 
identity has been removed such as anonymous data) we hold about you is accurate and current.

2.4.     Please keep us informed if your personal data changes during your relationship with us.


3.    Information We Collect Automatically


3.1.     We may automatically collect information about your use of our Services through cookies, 
web beacons, log files, and other technologies including,

3.1.1.   your domain name; your browser type and operating system; page views; links you click; IP 
address; location information; the length of time you visit our Site; referring URL; access date 
and time; mobile device ID; advertising ID (IDFA, IDFV, or GAID); location and language 
information; device name and model; operating system type, name, and version.


3.2.     We may combine this information with other information that we have collected about you, 
including, where applicable, your user name, name, and other personal information.  Please see the 
section “Cookies and Other Tracking Mechanisms” below for more information.


4.    Information We Don’t Collect


4.1.     We do not collect any Special Categories of Personal Data about you (this includes details 
about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, 
political opinions, trade union membership, information about your health, genetic and biometric 
data).

4.2.     Nor do we collect any information about criminal convictions and offences.


5.    How We Use Your Information


5.1.     We will only use your personal data when the law allows us to. Most commonly, we will use 
your information, including your personal information, for the following purposes: To communicate 
with you about your use of our Services, to respond to your inquiries, to fulfill your requests, 
and for other customer service purposes.

5.2.     To tailor the content and information that we may send or display to you, to offer 
location customization, and personalized help and instructions, and to otherwise personalize your 
experiences while using the Site or our Services.

5.3.     For marketing and promotional purposes. For example, we may send you news and newsletters, 
special offers, and promotions, or to otherwise contact you about products or information we think 
may interest you via email, and ads. We also may use the information that we learn about you to 
assist us in advertising our Services on third- party websites.

5.4.     To better understand how users access and use our Site and Services, both on an aggregated 
and individualized basis, in order to improve our Site and Services and respond to user desires and 
preferences, and for other research and analytical purposes.

6.    How We Store and Share Your Information


6.1.     We will only retain your personal data for as long as necessary to fulfil the purposes we 
collected it for, including for the purposes of satisfying any legal, accounting, or reporting 
requirements. We store and share your information, including personal information, as follows:

7.    Service Providers and Partners


7.1.     We may disclose the information we collect from you to third-party business and technology 
partners, vendors, service providers, contractors or agents who perform functions on our behalf.
 

7.1.1.   All information provided will be protected to align with data privacy concepts, and the 
partner or service provider must agree to the GDPR requirements if any personal data will be 
originating from or processed in the EU.


7.1.1.1.     We require all third parties to respect the security of your personal data and to 
treat it in accordance with the law.
 

7.1.1.2.     We do not allow our third-party service providers and partners to use personal data of 
EU data subjects for their own purposes and only permit them to process personal data originating 
from or processed in the EU for specified purposes and in accordance with our instructions.

8. Business Transfers


8.1.     If we are acquired by or merged with another company, if substantially all of our assets 
are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the 
information we have collected from you to the other company.

9. In Response to Legal Process


9.1.      We also store and may disclose the information we collect from you in order to comply 
with the law, a judicial proceeding, court order, or other legal processes, such as in response to 
a court order or a subpoena.

10. To Protect Us and Others


10.1.     We also store and may disclose the information we collect from you where we believe it is 
necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, 
situations involving potential threats to the safety of any person, violations of our Terms of Use 
or this Policy, or as evidence in litigation in which Safety Group Inc.  is involved.

11.Retention period


11.1.     To determine the appropriate retention period for personal data, we consider the amount, 
nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or 
disclosure of your personal data.

11.2.     The purposes for which we process your personal data and whether we can achieve those 
purposes through other means, and the applicable legal requirements.

12. Cookies and Other Tracking


12.1.     As mentioned above, we might use cookies and other tracking mechanisms to track 
information about your use of our Site. We may combine this information with other personal 
information we collect from you.


13. Do-Not-Track


13.1.     Currently, our Site does not recognize browser “do-not-track” requests. You may, however, 
disable certain tracking as discussed in this section (e.g., by disabling cookies or opting out of 
ad networks.)

14. Cookies


14.1.     Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive 
through your web browser for record-keeping purposes.

14.2.     We might use cookies to uniquely identify you, in order to help us to process your 
transactions and requests, to track aggregate and statistical information about user activity, and 
to display advertising both on our Site and on third-party sites.

14.3.     The Help portion of the toolbar on most browsers will tell you how to prevent your 
computer from accepting new cookies, how to have the browser notify you when you receive a new 
cookie, or how to disable cookies altogether.

14.3.1.   If you disable cookies some features of our Site may not function.

15.Clear GIFs


15.1.     Clear GIFs (a.k.a. web beacons, web bugs or pixel tags) are tiny graphics with a unique 
identifier, similar in function to cookies.

15.1.1.   In contrast to cookies, though, clear GIFs are embedded invisibly on web pages, not 
stored on your hard drive.

15.2.     We might use clear GIFs to track the activities of Site visitors, help us manage content, 
and compile statistics about usage.

15.3.     We and our third-party service providers also might use clear GIFs in HTML emails to our 
customers, to help us track email response rates, identify when our emails are viewed, and track 
whether our emails are forwarded.

16. Third-Party Analytics


16.1.     We also use automated devices and applications to evaluate usage of our Site.  We use 
these tools to gather non-personal information about users to help us improve our services, 
performance and user experiences.

16.2.     We do not share your name or contact information with these third parties. However, these 
analytics providers may use cookies and other technologies to perform their services and may 
combine the information that they collect about you on our Sites with other information that they 
have collected.

16.2.1.   This Policy does not cover such third parties’ use of the data.

17. User-Generated Content


17.1.     We invite you to post content on our Site, including, but not limited to your comments, 
pictures, and any other information that you would like to be available on our Site.

17.2.     If you post content to our Site, all of the information that you post will be available 
to all users on our Site.

17.3.     If you post your own content on our Site,

17.3.1.   your posting may become public and Safety Group Inc.  cannot prevent such information 
from being used in a manner that may violate this Policy, the law, or your personal privacy.

18. Third-Party Links


18.1.     Our Site and Services may contain links to third-party websites.

18.1.1.   Any access to and use of such linked websites is not governed by this Policy but instead 
is governed by the privacy policies of those third-party websites.

18.1.2.   We do not control and are not responsible for the information practices of such 
third-party websites.

18.1.3.   When you leave our website, we encourage you to read the privacy notice of every website 
you visit.

19. Access to My Personal Information


19.1.     You may access, correct, erase, withdraw, or modify personal information that you have 
submitted by logging into your account and updating your profile information.

19.1.1.   Please note that copies of information that you have updated, modified or deleted may 
remain viewable in cached and archived pages of the Site for a period of time.

20. What Choices Do I Have Regarding Use of My Personal Information?


20.1.     You have the rights of access, correction, erasure, restriction, withdrawal, objection, 
and data portability of your personal information.

20.1.1.   For example, we may send periodic promotional or informational emails to you.

20.1.2.   You may opt-out of such communications by following the opt-out instructions contained in 
the email. Please note that it may take up to 10 business days for us to process opt-out requests.


20.1.3.   If you opt-out of receiving emails about recommendations or other information we think 
may interest you, we may still send you emails about your account or any Services you have 
requested or received from us.

20.1.4.   You also have the right to withdraw consent for us to use your personal information.

20.1.4.1.     To withdraw your consent or erase your personal information, please go to your 
personal profile, to confirm the withdrawal or erasure.

20.1.4.2.     You will not have to pay a fee to access your personal data (or to exercise any of 
the other rights).

20.1.4.2.1.      However, we may charge a reasonable fee if your request is clearly unfounded, 
repetitive or excessive.

20.1.4.2.2.      Alternatively, we may refuse to comply with your request in these circumstances.

20.1.4.3.     We may need to request specific information from you to help us confirm your identity 
and ensure your right to access your personal data (or to exercise any of your other rights).

20.1.4.4.     This is a security measure to ensure that personal data is not disclosed to any 
person who has no right to receive it.

20.1.4.5.     We may also contact you to ask you for further information in relation to your 
request to speed up our response.

21. Special Information for California Consumers


21.1.     California residents may request a list of certain third parties to which we have 
disclosed personally identifiable information about you for their own direct marketing purposes.

21.1.1.   You may make one request per calendar year.

21.2.     In your request, please attest to the fact that you are a California resident and provide 
a current California address for your response. You may request this information in writing by 
contacting us at Rene@safetygroup.ca.

21.2.1.   Please allow up to thirty (30) days for a response.

22. European Union (EU) General Data Protection Regulation (GDPR)


22.1.      Safety Group Inc.  may at times be subject to GDPR, which is the European Union’s 
General Data Protection Regulation, as a controller or processor, of personal data as described 
below:

 

22.1.1.   The GDPR considers data protection as a fundamental human right of an individual, which 
includes a “right to the protection” of their personal data. Any data subjects (i.e. anyone) based 
in the EU, or anyone handling or targeting the personal data of an EU-based individual must have 
processes, technology, and automation to effectively protect such personal data.

22.1.2.   The GDPR applies to a controller or a processor who is based or established in the EU, or 
to a company not based in the EU but who offers goods or services from outside the EU borders in 
the EU or who monitors the behaviour of personal data in the EU.

22.1.3.   To avoid fragmentation and ambiguity, GDPR has set a baseline for data protection by 
requiring anyone processing the personal data of an individual that is in the EU to follow the 
requirements set forth in the GDPR.

22.2.     In compliance with GDPR, Safety Group Inc.  has implemented data security processes set 
forth below to ensure the following are properly identified and processed:

23. GDPR Definitions


23.1.     Data Subject: A person who can be identified directly or indirectly by means of an 
identifier. For example, an identifier can be a National Provider Identifier (NPI) number, a user 
name, or a web cookie.

23.2.     Personal Data: Any personal information, including sensitive personal information, 
relating to a Data Subject. For example, email address, name or phone number.

23.3.     Controller: A natural or legal person, public authority, agency or any other body which 
alone or jointly with others determines the purposes and means of the processing of personal data. 
For example, a controller can be an organization that works with Safety Group Inc.  and determines 
the processing of personal data provided to Safety Group Inc.  Safety Group Inc.  is a controller 
for its third-party partners when Safety Group Inc. determines the processing of personal data 
provided to the third-party.

23.4.     Processor: A natural or legal person, agency or any other body which processes Personal 
Data on behalf of the Controller. For example, a developer, a tester, or an analyst. A Processor 
can also be a cloud service provider or an outsourcing company.

23.5.     Recipient: A natural or legal person, agency or any other body to whom the personal data 
is disclosed. For example, an individual, an attorney, an insurance agent, or an agency.


23.6.     Enterprise: Any natural or legal person engaged in economic activity. This essentially 
includes all organizations whether in the public or private sector, whether in the EU or outside of 
the EU.

23.7.     Third-party: Any natural or legal person, agency or any other body other than the Data 
Subject, the Controller, the Processor and the persons who, under the direct authority of the 
Controller or the Processor, are authorized to process the data. For example, partners or 
subcontractors.


23.8.     Supervisory Authority: An independent public authority established by an EU member state 
(known as the National Data Protection Authority under the current EU Data Protection Directive), 
or auditing agency.

24. Key GDPR Data Security Requirements


24.1.     Safety Group Inc. ’s key GDPR data security requirements can be broadly classified into 
three categories:

24.1.1.   Assessment,

24.1.2.   Prevention, and

24.1.3.   Monitoring/Detection.

24.2.     The GDPR also requires compliance with the data protection principles to enhance the 
quality and rigour of the protection of the data. This section summarizes key data security 
requirements discussed in the GDPR and adopted by Safety Group Inc.

24.3.     Specifically, we have put in place appropriate security measures to prevent your personal 
data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.

24.4.     In addition, we limit access to your personal data to those employees, agents, 
contractors and other third parties who have a business need to know.

24.4.1.   They will only process your personal data on our instructions and they are subject to a 
duty of confidentiality.

24.4.2.   We have put in place procedures to deal with any suspected personal data breach and will 
notify you and any applicable regulator of a breach where we are legally required to do so.

24.4.3.   More on these security measures, limitations, and procedures are described below.

 

 

 

25. Assess Security Risks


25.1.     Data protection impact assessments lay a foundation for preventing breaches by evaluating 
the gaps and risks.

25.2.     The GDPR mandates that Controllers perform Data Protection Impact Assessments when 
certain types of processing of Personal Data are likely to present a “high risk” to the data 
subject.


25.3.     Safety Group Inc. ’s assessment includes a systematic and extensive evaluation of 
processes, profiles, and how these tools safeguard the Personal Data, and when applicable a data 
processing agreement with Controllers and Processors.

26. Prevent Attacks


26.1.     At various places in the regulation, the GDPR reiterates the importance of preventing 
security breaches. The GDPR recommends several techniques to prevent an attack from succeeding:

26.1.1.   Encryption: The GDPR considers encryption as one of the core techniques to render the 
data unintelligible to any person who is not authorized to access the personal data. When 
applicable, Safety Group Inc.  encrypts personal data it collects to render it unintelligible if 
accessed without authorization, and as applicable when processing or transferring the data to a 
Processor.

26.1.1.1.     The GDPR provides that in the event of a data breach, the Controller does “not” need 
to notify data subjects if data is encrypted and rendered unintelligible to any person accessing 
it.

26.1.2.   Anonymization and Pseudonymization: Data anonymization is the technique of completely 
scrambling or obfuscating the data, and pseudonymization refers to reducing the linkability of a 
data set with the original identity of a data subject.

26.1.3.   The GDPR states that anonymization and pseudonymization techniques can reduce the risk of 
accidental or intentional data disclosure by making the information un-identifiable to an 
individual or entity. Where applicable, Safety Group Inc.  anonymizes and pseudonyms the personal 
data it processes.

26.1.3.1.     This includes aggregating the data to be personally unidentifiable, such that the 
Personal Data is rendered anonymous and unlinkable to the original identity of a data subject.

26.1.4.   Privileged User Access Control: The GDPR implies controlling privileged users who have 
access to Personal Data to prevent attacks from insiders and compromised user accounts.

26.1.4.1.     Safety Group Inc.  limits access to Personal Data to specific individuals within the 
organizations, and with instructions as to the sensitivity of the Personal Data to prevent attacks 
and compromises of the Personal Data.

26.1.5.   Fine-grained Access Control: In addition to privileged user control, the GDPR recommends 
adopting a fine-grained access control methodology to ensure that the Personal Data is accessed 
selectively and only for a defined purpose.

26.1.5.1.     This kind of fine-grained access control can help organizations minimize unauthorized 
access to Personal Data. Safety Group Inc.  selectively uses Personal Data for the specific purpose 
for which it is required.

 


26.1.6.   Data Minimization: The GDPR recommends minimizing the collection and retention of 
Personal Data as much as possible to reduce the compliance boundary. While collecting, processing, 
or sharing Person Data, Controllers and Processors must be frugal and limit the amount of 
information to the necessities of a specific activity.

26.1.6.1.     Safety Group Inc.  minimizes the Personal Data it collects by considering what is 
adequate and relevant to what is necessary for relation to the purposes for which they are 
processed.

26.1.7.   Monitor to Detect Breaches: While preventive security measures help Safety Group Inc.  
minimize the risk of attack, they cannot eliminate the possibility that a data breach may occur. 
Thereby Safety Group Inc.  monitors and alerts to detect such breaches through recording or 
auditing of the activities on the Personal Data and maintaining it so that processors and third 
parties must not be able to tamper or destroy the audit records.

26.1.7.1.     In the case of a Personal Data breach, Safety Group Inc.  shall without undue delay 
and, where feasible, not later than 72 hours after having become aware of it, notify the 
supervisory authority of any Personal Data breach.

26.2.     The three broad categories of security guidelines (assessment, prevention, and detection) 
help Safety Group Inc.  address threats from multiple angles and secure the data from unauthorized 
access.

27. Transfer of EU data subjects personal data to third parties outside the EU


27.1.     Many of our external third parties are based outside the European Economic Area (EEA) so 
their processing of EU data subjects’ personal data will involve a transfer of data outside the 
EEA.

27.2.     Whenever we transfer an EU data subject’s personal data to external third parties based 
outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least 
one of the following safeguards is implemented:

27.3.     We will only transfer EU data subjects’ personal data to countries that have been deemed 
to provide an adequate level of protection for personal data by the European Commission.


27.3.1.   For further details, see European Commission: Adequacy of the protection of personal data 
in non-EU countries. (https://ec.europa.eu/info/law/law- topic/data-protection/data-transfers-outside-eu/adequacy-protection- 
personal-data-non-eu-countries_en)

27.4.     Where we use certain service providers, we may use specific contracts approved by the 
European Commission which give personal data the same protection it has in Europe.

27.4.1.   For further details, see European Commission: Model contracts for the transfer of 
personal data to third countries. (https://ec.europa.eu/info/law/law-

topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-
personal-data-third-countries_en)

 


27.5.     Where we use providers based in the US, we may transfer data to them if they are part of 
the Privacy Shield which requires them to provide similar protection to personal data shared 
between the EU and the US.

27.5.1.   For further details, see European Commission: EU-US Privacy Shield. 
(https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers- 
outside-eu/eu-us-privacy-shield_en)


28. Contact Us


28.1.     You have the right to make a complaint at any time to your respective supervisory 
authority. (http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080)


28.2.     We would, however, appreciate the chance to deal with your concerns before you approach 
the supervisory authority so please contact us in the first instance.

28.3.     If you have questions about the privacy aspects of our Website, Services or would like to 
make a complaint, please contact us at Rene@safetygroup.ca.

29. Changes to this Policy


29.1.     This Policy is current as of the Effective Date set forth above.

29.2.     We may change this Policy from time to time, so please be sure to check back 
periodically.


29.3.     We will post any changes to this Policy on our Site, at 
https://www.safetygroup.ca/privacy-policy/.


29.4.     If we make any changes to this Policy that materially affect our practices with regard to 
the personal information we have previously collected from you,

29.4.1.   we will endeavour to provide you with notice in advance of such change by highlighting 
the change on our Site or contacting you via email from Rene@safetygroup.ca.
 

Schedule a consult

BBB.PNG

© 2020 by SafetyGroup.ca LTD


Privacy Policy

  • Facebook
  • Linkedin