Privacy policy to the attention of customers based in the EU

(LAST UPDATE: 24/01/2022)

Objective of this policy


This policy informs you (as the data subject) about how we process your personal data, in our capacity as controller, in accordance with all applicable data protection and privacy laws and regulations, including the “RGPD” – Regulation (EU) 2016/679 (hereinafter referred to as “Data Protection Laws“), and in particular pursuant to Articles 13 and 14 of the RGPD. This policy is also intended to inform you of your rights regarding the processing of your personal data.

Personal Data” means any information relating to an identified or identifiable natural person. An “identifiable natural person” is defined as a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity. This includes, for example (and not limited to), your name, home and business addresses, telephone number, email address, credit card or other billing information, certain data about your business activities, certain data about your activities on our website, and other information you provide us.

This policy describes how Rivercity Innovations manages Personal Data collected both through Rivercity Innovations’s website and through other means (for example, from forms, telephone calls, e-mails, purchase orders, interactions with our services, or other communications with you).

By accessing and using Rivercity Innovations’ Website, benefiting from the services of Rivercity Innovations, purchasing products or services to Rivercity Innovations, or otherwise providing your data to Rivercity Innovations (including in the context of a business relationship), you acknowledge that you have read and understood this policy.

This policy does NOT apply when Rivercity Innovations processed data for its customers in its capacity of Processor (namely, when Rivercity Innovations processes data on behalf of its customers, who remain controllers of the processing activities). In such cases, Rivercity Innovations is bound to the customer (controller of the processing) by a Data Processing Agreement, and you (as data subject) should refer to the information provided directly to you by such customer.

 

Information on the data controller


 Controller’s Identity:

Name: RIVERCITY INNOVATIONS LTD

Address: #201-116 Research Drive, Saskatoon, SK, S7N 3R3

Registration/Incorporation number: 102049605 

Email address: [email protected]

(hereafter referred to as “Rivercity Innovations” or “we”).

Representative’s identity: the controller is represented in the EU by:

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Rivercity Innovations Ltd. has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR: 

-by using EDPO’s online request form: https://edpo.com/gdpr-data-request/

-by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

 

Information on the different personal data processing activities


In this section, for each Personal Data processing activity that we carry out when providing our services to Customers in the EU, we provide you with information on:

  • The purposes of the processing for which the Personal Data are intended (why we process your data);
  • The legal basis of the processing (and, where applicable, the legitimate interest pursued by us or by a third party);
  • The categories of Personal Data concerned (what types of data are processed);
  • The sources of your data;
  • If applicable, the recipients, or categories of recipients of Personal Data (with whom we share data);
  • The retention period during which Personal Data are kept, or if it is not possible to specify, the criterion used to determine this duration;
  • Where appropriate, the transfer of personal data to recipients in countries outside the EU or to international organizations and the safeguards allowing such transfer;

In order to be as transparent and clear as possible, this information is presented in the table below, and is provided by processing activity:

Management and securing of our IT solution

Categories of data subjects: any Customer’s user.

Purpose: ensure a good connection with our platform, and secure the platform and the infrastructure used to put it online.

Legal basis: GDPR, art. 6, §1 b) (execution of contractual or pre-contractual measures), GDPR, art. 6, §1 f) (legitimate interest: management and security of the solution)

Data categories: User identification data (first name, family name, phone numbers, email address) electronic identifyers (IP address) and connection data (logs).

Sources: internet & network connections

Recipients: /

Transfer outside EU: Canada (safeguard: adequation decision from the EU Commission)

Retention period: as long as necessary to properly secure the solution

Management and securing of this website

Categories of data subjects: any visitor of our website (including you, as you are currently consulting this policy on our website)

Purpose : ensure a good connection with our website, and secure the website and the infrastructure used to put it online

Legal basis : GDPR, art. 6, §1 f) (legitimate interest : securing the website)

Data categories : electronic identifyers (IP address) and connection data (logs)

Sources : internet connections and website

Recipients : /

Transfer outside EU : Canada (safeguard: adequation decision from the EU Commission)

Retention period: as long as necessary to properly secure the website

Cookies

Categories of persons concerned: Internet users

Purpose: Website operation, Website improvement, Analysis and statistics, Website customization

Legal basis: GDPR, art. 6, §1 f) (legitimate interest: functioning of the website) and GDPR, art. 6, §1, a) (consent: non-essential cookies)

Data categories: Connection data

Sources: Data subjects, Website

Recipients: /

Transfer outside EU: Canada (safeguard: adequation decision from the EU Commission)

Retention period: As long as necessary for the purpose of the installed cookies 

FOR MORE DETAILED INFORMATION AND TO CONFIGURE THE INSTALLATION OF COOKIES PLEASE ALSO REFER TO OUR COOKIE POLICY

Customer management

Categories of data subjects: Customers’ contact persons.

Purpose: Orders and contract management (order tracking and fulfillment, sales information, invoicing, after-sales /maintenance/ support services, etc.).

Legal basis: GDPR, art. 6, §1 b) (execution of contractual or pre-contractual measures), GDPR, art. 6, §1 c) (execution of legal and regulatory obligations).

Data categories: Traditional identifiers (surname, first name, address, telephone), Electronic identifiers, Customer code, Function, Language, Communications content, Commercial information

Sources: Data subjects

Recipients: Public administrations in the context of legal obligations.

Transfer outside EU: Canada (safeguard: adequation decision from the EU Commission)

Retention period: the data are kept until all obligations regarding the contractual relations with the Customer are time-barred.

Prospecting

Categories of data subjects: prospects.

Purpose: general prospecting, company development.

Legal basis: GDPR, art. 6, §1 f) (legitimate interest: prospecting of professional customers, development of economic activities).

Data categories: Traditional identifiers (surname, first name, address, telephone), Electronic identifiers, Administrative data, Sectoral data, Representative, Communications content, Commercial information.

Sources: Data subjects, official databases, trade (public) databases.

Recipients: Data controller, commercial intermediaries.

Transfer outside EU: Canada (safeguard: adequation decision from the EU Commission)

Retention period: 3 years.

Email marketing

Categories of data subjects: customers, prospects.

Purpose: marketing communication by e-mail.

Legal basis: GDPR, art. 6, §1 a) (consent), GDPR, art. 6, §1 f) (legitimate interest: soft opt-in for existing customers).

Data categories: Electronic identifiers.

Sources: Data subjects.

Recipients: /

Transfer outside EU: Canada (safeguard: adequation decision from the EU Commission)

Retention period: until unsubscribing.

 

Where the provision and processing of Personal Data is necessary for compliance with laws or contractual obligations, your refusal to provide us with the data or your provision of false or incomplete data may result in us refusing or stopping any business relationship with you or your company (the “Customer”).

If we process personal data for purposes other than those set out in this article, we will provide you with information about this new purpose and any other relevant information before starting the new processing.

 

Your rights as a data subject


Data protection laws grant you rights in certain cases and under certain conditions, including the rights of access, rectification, request for deletion of your personal data, as well as the right to request the limitation of processing or to oppose processing. In certain cases and under certain conditions, you also have a right to the portability of your data.

Please contact us as specified in the section 2 above to make any request to exercise your rights or if you have any questions or concerns about how we handle your Personal Data. You can, in principle, exercise these rights free of charge. Please note, however, that the processing of external requests, which are found to be unfounded or excessive, may sometimes be subject to reasonable administrative fees.

Please note that some Personal Data may be exempted from the rights of access, rectification, objection, deletion, limitation or portability in accordance with personal data protection laws or other legislation.

 

Safety and security


Rivercity Innovations shall take appropriate technical, physical, legal and organizational measures, which comply with the Laws on the Protection of Personal Data. 

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that an interaction with us is no longer secure (for example, if you believe that the security of any personal data you may have with us has been compromised), please notify us immediately.

 

Complaints


If you are not satisfied with our handling of your personal data and you think that contacting us will not solve the problem, the Data Protection Laws give you the right to file a complaint with the competent supervisory authority (more information on the latter’s website):

IN BELGIUM:

https://www.autoriteprotectiondonnees.be

Autorité de Protection des Données
Rue de la Presse, 35
1000 Bruxelles (Belgique)
Tel. : +32 (0)2 274 48 00
Fax : +32 (0)2 274 48 35
Email : contact(at)apd-gba.be

ELSEWHERE IN EUROPE :

A list of the other European Data Protection Authorities is available on the website of the European Data Protection Board: https://edpb.europa.eu/about-edpb/board/members_en

 

Who to contact about your Personal Data


Questions or requests relating to our processing of personal data may be addressed to Rivercity Innovations (see contact details in section 2).

 

Changes to this Policy


We regularly review this Policy and reserve the right to make changes at any time to reflect changes in our business or new legal requirements.

To inform you of the changes, we will inform you by email or through the communication channels of your Company.

Please check the “last updated” date at the top of this Policy to see when it was last revised.