Last updated: February 09, 2023
This privacy notice for Montessori Alzheimer Center (“Company,” “we,” “us,” or “our”), describes how and why we might collect, store, use, and/or share (“process”) your information when you use our services (“Services”) – this includes when you:
- Visit our website at https://montessori-alzheimer.ca/, or any website of ours that links to this privacy notice
- Engage with us in other related ways, including any sales, marketing, or events
If you have any questions or concerns regarding our policies and practices, please do not hesitate to reach out to us. We are here to help you understand your privacy rights and choices. If you do not agree with our policies and practices, we kindly ask that you refrain from using our Services. For any inquiries, please email us at [email protected]. Thank you for taking the time to read our Privacy Notice.
SUMMARY OF KEY POINTS
This summary outlines the main points of our privacy notice. For more information on any of these topics, take a look at the table of contents below to find the relevant section.
Our business is committed to protecting our customers’ privacy and adheres to the principles outlined in PIPEDA (Personal Information Protection and Electronic Documents Act), the federal private-sector privacy law in Canada. We take accountability for ensuring the secure handling of our customers’ personal information, obtain their consent for its use, and are committed to keeping it accurate and up to date.
What personal data do we process? Depending on how you interact with Montessori Alzheimer Center and the Services, the choices you make, and the products and features you use, we may process personal data.
Do we process any sensitive personal data? We may process sensitive personal data when necessary with your consent or as otherwise allowed by applicable law.
Do we receive any information from third parties? We do not receive any information from third parties.
How do we process your data? We process your data to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your data for other purposes with your consent. We process your data only when we have a valid legal reason to do so.
In what situations and with which parties do we share personal data? We may share data in specific situations and with specific third parties.
How do we keep your data safe? We have organizational and technical processes and procedures in place to protect your personal data. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your data.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal data.
Exercising your rights is simple. Fill out our data subject request form available here or contact us. We will take your request into account and act in accordance with the relevant data protection laws.
TABLE OF CONTENTS
- WHAT INFORMATION DO WE COLLECT?
- HOW DO WE PROCESS YOUR INFORMATION?
- WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
- WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
- HOW LONG DO WE KEEP YOUR INFORMATION?
- HOW DO WE KEEP YOUR INFORMATION SAFE?
- DO WE COLLECT INFORMATION FROM MINORS?
- WHAT ARE YOUR PRIVACY RIGHTS?
- CONTROLS FOR DO-NOT-TRACK FEATURES
- DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
- DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
- DO WE MAKE UPDATES TO THIS NOTICE?
- HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
- HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
1. WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
When you contact us, express an interest in our products and Services, or participate in activities on the Services, we collect personal information that you provide to us voluntarily.
The type of personal information we collect is contingent upon the context of your interactions with us and the Services, the choices you make, and the products and features you use. This may include:
- email addresses
- phone numbers
- personal information submitted in form fields
With your consent or as otherwise permitted by applicable law, we process certain categories of sensitive information when necessary. This includes, but is not limited to, information that requires special handling.
- health data
If you make purchases, we may collect data necessary for processing your payment, such as the payment instrument number and the security code associated with it. All payment data is securely stored by Stripe. You may find their privacy notice link(s) here: https://stripe.com/en-ca/legal/privacy-center.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information automatically collected
When you visit our Services, certain data is automatically collected, including your Internet Protocol (IP) address and/or browser and device characteristics.
When you visit, use, or navigate the Services, we automatically collect certain information. This data does not reveal your identity (e.g. name or contact info), but may include device and usage information such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is mainly used to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
The data we gather comprises:
- Log and Usage Data. Service-related, diagnostic, usage and performance information are automatically collected by our servers when you access or utilize our Services, and are recorded in log files. This log data may encompass your IP address, device information, browser type and settings, as well as details about your activity within the Services, such as the dates and times of usage, viewed pages and files, searches and other actions taken, including the features utilized. Additionally, device event information such as system activity, error reports, and hardware settings may be included.
- Device Data. Information about your computer, phone, tablet, or other device used to access our Services is collected as device data. The type of device used affects the type of data collected, which can include your IP address or proxy server, device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
- Location Data. Location data, which can be either precise or imprecise, is also gathered, such as information regarding the location of your device. The amount of data collected is dependent on the type and settings of the device used to access the Services. For instance, we may use GPS and other technologies to obtain geolocation data based on your IP address, revealing your current location. However, if you opt out of allowing us to collect this information by disabling your Location setting on your device or refusing access to the data, certain features of our Services may not be available to you.
2. HOW DO WE PROCESS YOUR INFORMATION?
Your information is processed by us to enhance and manage our Services, communicate with you, ensure security and prevent fraud, and comply with legal requirements. With your consent, we may also process your information for other purposes.
We use your personal information for various reasons, based on your interaction with our Services, including:
- To offer the requested service. We process your information to provide you with the service you have requested.
- To answer user inquiries and offer support. We process your information to answer your questions and resolve any issues you may have with the service.
- To send administrative details. We process your information to send you information about our products, services, changes to our policies, and similar information.
- To handle and manage orders. We process your information to manage your orders, payments, returns, and exchanges made through our Services.
- To facilitate user-to-user communication. We process your information if you choose to use any of our offerings that allow communication with other users.
- To gather feedback. We process your information to request feedback and to contact you regarding your use of our Services.
- To display personalized advertising. We process your information to show personalized content and advertising that is tailored to your interests, location, and more.
- To analyze usage trends. We process your information to understand how our Services are used, so we can improve them.
- To evaluate marketing campaigns. We process your information to determine the effectiveness of our marketing and promotional campaigns, making them more relevant to you.
- To safeguard an individual’s vital interest. We may process your information when necessary to prevent harm and protect an individual’s vital interests.
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
We process your personal information only when we have a legitimate reason and believe it is necessary. This is based on the legal basis outlined in the applicable law, such as consent, compliance with laws, fulfilling contractual obligations, protecting rights, and fulfilling our business interests.
If you are located in the EU or UK, the General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal basis we use to process your information. The legal basis we may rely on includes:
- Consent – We may process your information if you have given us permission to do so for a specific purpose. You can withdraw your consent at any time.
- Performance of a Contract – We may process your information to fulfill our contractual obligations or to enter into a contract with you.
- Legitimate Interests – We may process your information when it is necessary for our business interests, such as to personalize and display relevant advertising, improve our Services, support marketing activities, and understand user behavior.
- Legal Obligations – We may process your information to comply with legal obligations, such as cooperating with law enforcement or disclosing information in litigation.
- Vital Interests – We may process your information to protect your vital interests or the vital interests of others in emergency situations.
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time. We are fully compliant with PIPEDA and take great care to ensure the protection of your personal information.
If you are located in Canada, we may process your information with your express or implied consent. However, in some cases, we may be legally permitted to process your information without your consent, including:
- Clear individual interests
- Investigations and fraud detection
- Business transactions
- Insurance claims
- Identification of injured or deceased persons
- Reasonable grounds of financial abuse
- Compromised information accuracy
- Compliance with subpoena or court order
- Information produced in employment or business
- Journalistic, artistic, or literary purposes
- Publicly available information.
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We may share information in specific situations described in this section and/or with the following third parties.
We may need to share your personal information in the following situations:
- Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
The utilization of cookies and other tracking technologies for the purpose of gathering and storing data may be employed by our website. For further details on our use of these technologies and options for rejecting specific cookies, please consult our Cookie Notice.
6. HOW LONG DO WE KEEP YOUR INFORMATION?
This privacy notice outlines the reasons for retaining your information, which will be kept for as long as necessary for these reasons, unless legally mandated otherwise. We will only keep your personal data for the time necessary for fulfilling the purposes outlined in this notice, which will not exceed 13 months, unless longer retention is legally required. Upon conclusion of a legitimate business reason for processing your personal information, we will either delete or anonymize it. In instances where deletion is not feasible (for example, if the information has been saved in backup archives), we will securely store it and prevent any further processing until it can be deleted.
7. HOW DO WE KEEP YOUR INFORMATION SAFE?
Our objective is to guarantee the security of your personal data through a combination of technical and organizational safeguards. Although we have implemented appropriate and reasonable technical and organizational measures to protect personal information processed by us, the complete security of electronic transmission over the Internet or information storage technology cannot be guaranteed. Hence, we cannot ensure that unauthorized third parties will not breach our security measures and collect, access, steal, or alter your information. Despite our efforts to secure your personal data, the transmission of such information to and from our Services is at your own risk. For added security, it is advisable to only access the Services in a secure environment.
8. DO WE COLLECT INFORMATION FROM MINORS?
Individuals under the age of 18 are not targeted or have their data collected by us. We are dedicated to protecting the privacy of children and do not knowingly solicit data from minors under 18 years of age. By using our Services, you are confirming that you are at least 18 years old or have the consent of a minor’s parent or guardian for their use of the Services. In case we collect personal information from a minor under 18, the account will be immediately deactivated, and the necessary steps to delete the data from our records will be taken. If you become aware of any data collected from a minor under 18, kindly contact us at [email protected].
9. WHAT ARE YOUR PRIVACY RIGHTS?
Residents in areas such as the European Economic Area (EEA), United Kingdom (UK), and Canada have legal rights that allow them to have greater control over their personal information. They can review, modify, or end their account at any time.
For those in regions such as the EEA, UK, and Canada, data protection laws provide specific rights. These rights may include (i) the ability to request access and obtain a copy of your personal information, (ii) the right to request correction or removal, (iii) the right to limit the processing of personal information, and (iv) if applicable, the right to data mobility. In specific cases, individuals may also have the right to object to the processing of personal information. Requests can be made by reaching out to us through the contact information listed below.
We will take into consideration and act on any requests in accordance with relevant data protection laws.
For residents in the EEA or UK who believe we are illegally processing their personal information, they have the right to file a complaint with their local data protection authority. Contact information can be found at https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
For residents in Switzerland, the data protection authority’s contact information is available at https://www.edoeb.admin.ch/edoeb/en/home.html.
If we are processing personal information with the consent of the individual, they have the right to withdraw their consent at any time. Express or implied consent, as defined by applicable law, may be required. To withdraw consent, individuals can reach out to us through the contact information listed in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.
Please note that withdrawing consent does not make the previous processing unlawful, and it may not affect processing based on lawful grounds other than consent.
Cookies and Similar Technologies
Web browsers typically have cookies enabled by default. If desired, individuals can usually choose to remove or reject cookies in their browser settings. If cookies are removed or rejected, it may affect certain features or services offered through our Services.
If you have questions or comments about your privacy rights, you may email us at [email protected].
10. CONTROLS FOR DO-NOT-TRACK FEATURES
The Do-Not-Track (DNT) setting is available on most web browsers and some mobile operating systems and apps, allowing you to signal your privacy preference not to have your online browsing data monitored and collected. However, there is currently no standardized technology to recognize and implement DNT signals. Therefore, we do not respond to DNT browser signals or any other means of communicating your choice not to be tracked. If a standard for online tracking is established in the future, we will update this privacy notice to reflect such practices.
11. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
California residents have specific rights regarding access to their personal information.
As a California resident, you are entitled to request and receive information from us once a year, free of charge, about the categories of personal information disclosed to third parties for direct marketing purposes, as well as the names and addresses of these third parties. To make this request, please submit a written request using the provided contact information.
California residents under the age of 18 who have a registered account with our Services may request removal of their publicly posted data. To do so, contact us using the provided contact information and include your email address and a statement of residency in California. Although the data will no longer be publicly displayed, it may not be completely removed from all systems such as backups.
Ccpa Privacy Notice
A “resident” in the California Code of Regulations refers to:
(1) an individual who is in California for a purpose other than temporary or transitory, and
(2) an individual who is domiciled in California but outside the state for a temporary or transitory purpose.
All others are considered “non-residents.”
If this definition applies to you as a resident, we must comply with specific rights and obligations regarding your personal information.
Personal Information Categories We Collect
We have collected the following categories of personal information in the past twelve (12) months:
|A. Identifiers||Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name||
|B. Personal information categories listed in the California Customer Records statute||Name, contact information, education, employment, employment history, and financial information||
|C. Protected classification characteristics under California or federal law||Gender and date of birth||
|D. Commercial information||Transaction information, purchase history, financial details, and payment information||
|E. Biometric information||Fingerprints and voiceprints||
|F. Internet or other similar network activity||Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements||
|G. Geolocation data||Device location||
|H. Audio, electronic, visual, thermal, olfactory, or similar information||Images and audio, video or call recordings created in connection with our business activities||
|I. Professional or employment-related information||Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us||
|J. Education Information||Student records and directory information||
|K. Inferences drawn from other personal information||Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics||
|L. Sensitive Personal Information||Account login information, contents of email or text messages and health data||
We will use and retain the collected personal information as needed to provide the Services or for:
- Category A – As long as the user has an account with us
- Category B – As long as the user has an account with us
- Category C – As long as the user has an account with us
- Category G – As long as the user has an account with us
- Category I – As long as the user has an account with us
- Category K – As long as the user has an account with us
- Category L – As long as the user has an account with us
Category L information may be used, or disclosed to a service provider or contractor, for additional, specified purposes. You have the right to limit the use or disclosure of your sensitive personal information.
Other Personal Information Collection
We may gather additional personal information outside of these categories through various means such as:
Obtaining support through our customer support channels;
Engaging in customer surveys or contests; and
Facilitating the provision of our Services and responding to your inquiries.
Usage and Sharing of Personal Information
For more information on our data collection and sharing practices, please refer to our privacy notice.
You can reach us through email at [email protected] or through the contact details at the bottom of this document.
If you choose to appoint an authorized agent to exercise your right to opt out, we may decline the request if the authorized agent fails to provide proof of their authorization to act on your behalf.
Sharing with Third Parties
In accordance with written contracts between us and our service providers, we may share your personal information with them. These service providers, who are for-profit entities, process the information on our behalf, under the same strict privacy protection regulations outlined by the CCPA.
We may use your personal information for our own internal business purposes, such as for conducting research for technological advancement and demonstration. This is not considered as the “selling” of your personal information.
In the past twelve months, Montessori Alzheimer Center has not disclosed, sold, or shared any personal information to third parties for business or commercial purposes. Montessori Alzheimer Center will not sell or share personal information belonging to website visitors, users, or other consumers in the future.
Rights Regarding Your Personal Data
Right to Request Deletion – Deletion Request
You have the right to ask for the deletion of your personal information. If you make this request, we will respect it and delete your personal information, with certain exceptions as mandated by law, such as (but not limited to) the exercise of another consumer’s right to free speech, compliance with legal obligations, or processing required to protect against illegal activities.
Right to be Informed – Request to Know
Depending on the circumstances, you may have the right to know:
If we collect and use your personal information;
- The categories of personal information that we collect;
- The purposes for which the collected personal information is used;
- If we sell or share personal information to third parties;
- The categories of personal information that were sold, shared, or disclosed for business purposes;
- The categories of third parties to whom the personal information was sold, shared, or disclosed for business purposes;
- The business or commercial purpose for collecting, selling, or sharing personal information; and
- The specific pieces of personal information we collected about you.
- In accordance with applicable laws, we are not obligated to provide or delete consumer information that has been de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.
Right to Non-Discrimination for Privacy Rights Exercise
You will not face discrimination for exercising your privacy rights.
Right to Limit Use and Disclosure of Sensitive Personal Information
You have the right to limit the use and disclosure of your sensitive personal information.
If the business collects any of the following sensitive personal information:
- Social security information, drivers’ licenses, state ID cards, passport numbers
- Account login information
- Credit card numbers, financial account information, or credentials allowing access to such accounts
- Precise geolocation
- Racial or ethnic origin, religious or philosophical beliefs, union membership
- The contents of email and text, unless the business is the intended recipient of the communication
- Genetic data, biometric data, and health data
- Data concerning sexual orientation and sex life
- You have the right to direct the business to limit its use of your sensitive personal information to that which is necessary to perform the Services. The business cannot use or disclose your sensitive personal information for any other purpose unless you provide consent.
Please note that this right does not apply to sensitive personal information that is collected or processed without the purpose of inferring characteristics about a consumer, or to publicly available information. To limit the use and disclosure of your sensitive personal information, email [email protected].
To verify your identity and ensure that you are the same person about whom we have information in our system, we will ask for information to match with the information we already have on file. Depending on the request, we may ask for certain information or contact you through a previously provided communication method (e.g. phone or email). We may also use other verification methods as needed.
We will only use the personal information provided in your request to verify your identity and authority to make the request. If we cannot verify your identity from the information we already have, we may request additional information for verification and security purposes. We will delete this additional information as soon as verification is complete.
Additional Privacy Rights
You also have the right to:
- Object to the processing of your personal information
- Request correction of incorrect or outdated personal data or restrict its processing
- Designate an authorized agent to make a request under the CCPA, although we may deny a request from an authorized agent without proof of valid authorization
- Opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act within fifteen (15) days from the date of the request submission.
To exercise these rights, contact us by email at [email protected] or refer to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we welcome your feedback.
12. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
Virginia residents have specific rights to access and use their personal information under the Virginia Consumer Data Protection Act (CDPA).
Virginia CDPA Privacy Notice
According to the CDPA, a “consumer” is defined as a resident of the Commonwealth who acts as an individual or household, but not in a commercial or employment context. “Personal data” refers to any information linked to an identifiable person and does not include de-identified data or public information. “Sale of personal data” means exchanging personal data for monetary compensation.
If you are considered a “consumer,” Montessori Alzheimer Center must follow specific rights and obligations related to your personal data. The information collected, used, and disclosed about you may vary based on your interactions with Montessori Alzheimer Center and its services.
Your rights regarding personal data:
- Right to be informed of data processing
- Right to access personal data
- Right to correct inaccuracies
- Right to request deletion
- Right to obtain a copy of previously shared data
- Right to opt out of processing for targeted advertising, data sale, or profiling
This privacy notice provides more information about our data collection and sharing practices.
If you have any questions or concerns, you may reach us through email at [email protected], by filling out our data subject request form, or by checking the contact information located at the bottom of this document.
Please note that if you use an authorized agent to exercise your rights, we may reject the request if they do not present adequate evidence of their authorization to act on your behalf.
In order to verify your identity, we may require additional information from you or your authorized agent. If you are submitting the request through an agent, we may have to gather extra information to verify your identity before processing your request.
Upon receiving your request, we will respond promptly, but no later than 45 days after receipt. In certain circumstances, the response period may be extended by another 45 days, and we will notify you of such an extension and the reason for it within the initial 45-day response period.
If we decline to fulfill your request, we will notify you of our decision and the reasons for it. If you wish to appeal this decision, please send us an email at [email protected]. Within 60 days of receiving your appeal, we will provide a written response detailing any actions taken or not taken and the reasons behind our decisions. If your appeal is denied, you may reach out to the Attorney General to file a complaint.
13. DO WE MAKE UPDATES TO THIS NOTICE?
Yes, updates to this notice will be made as needed to ensure compliance with relevant laws.
Updates to this privacy notice may occur periodically. The latest version will be indicated by a revised “Last Updated” date and will become effective immediately upon being made available. If substantial changes are made to this privacy notice, notification of such changes will either be posted prominently or sent directly to you. It is recommended that you review this privacy notice regularly to stay informed on how we protect your information.
14. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have inquiries or comments about this notice, our Data Protection Officer (DPO), Mark Norris, can be reached through email at montessorial[email protected], by phone at (418) 337-8092, or by mail to:
Montessori Alzheimer Center
132 de L’Anse
Cap Santé, Quebec G0A1L0
15. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Depending on the laws of your country, you may have the right to access the personal information we collect from you, make changes to it, or request that it be deleted. To request to review, update, or delete your personal information, please submit a request form by clicking here.