This Privacy Policy was last updated on, and is effective as of, April 5, 2019.

Welcome to our website www.RightLabs.com (the “Website”), which is operated by TransACT Communications Canada Ltd., d/b/a RightLabs (“RightLabs”, the “Company”, “we” or “us”).  This Privacy Policy (“Privacy Policy”) is intended to inform you of the ways in which we collect and handle information for the Website, the uses that we make of that information, and the ways in which we will protect any personal information you choose to provide us.

By using the Website, you consent to the collection, use and transfer of your information in accordance with this Privacy Policy. If you do not agree to this Privacy Policy, please do not use this Website.

  1. Information for All Users of Our Website

Summary

RightLabs is committed to protecting the privacy of users who visit our Website. We collect information as part of our Website operations and service offerings and related processes. We fiercely protect your personal information and RightLabs doesn’t sell your personal information to anyone. The above is just a summary.  However, RightLabs’ lawyers requested that we also provide you the additional details below.

Overview

RightLabs is a Canadian company headquartered in the Province of Alberta that services the needs of North American organizations, which are primarily not-for-profit organizations that host, promote, conduct and administer events. One of our tenets of operational excellence is the methods and standards we provide around the protection of personal information both collected on behalf of and disclosed to our customers and other third parties in all of our business operations. This Privacy Policy is a formal statement of principles and practices concerning the protection and handling of personal information collected through the Website and the service offered through the Website.  RightLabs will regularly review its Privacy Policy to ensure that it is relevant and remains current with changing technologies and laws. Most importantly, RightLabs wants to ensure it continues to meet the evolving needs of our Website users whose Personal Information is collected through the Website.

Information Voluntarily Provided by You

We may collect information that our Website users provide or visitors volunteer to us, including but not be limited, information about them as an identifiable person, such as name, date of birth, postal address, email address, telephone numbers, cell phone numbers, gender, credit information, personal preferences and other personal information (collectively, “Personal Information”), but does not include aggregated information that cannot be associated with a specific individual. Any Personal Information you send us will be used for the purposes indicated on the Website or as stated in this Privacy Policy.

Use of Personal Information

Personal Information will be held by us and may be used by us and our affiliated companies and their agents, partners or licensees.  We will not sell, exchange or otherwise distribute your Personal Information to unaffiliated third parties without your consent, except to the extent required by law, or as set out in this Privacy Policy, including as follows:

  • Agents and Service Providers. We sometimes contract with other companies and individuals to perform functions or services on our behalf. They may have access to Personal Information needed to perform their functions, but are restricted from using the Personal Information for purposes other than providing services for us.

 

  • Promotions and Marketing. We may sometimes engage with third parties (including supplier brands) in various promotional and marketing efforts concerning offerings, services, promotions, or upcoming events that we or they believe may be of interest to you and as part of such activities we may share information with such third parties.

 

  • Business Transfers. In the event that our business is transferred to, merged with or acquired by another company or entity, your Personal Information may be transferred to another company or entity that is part of the business transfer, merger or acquisition.

 

  • We may assign our rights and duties under this Privacy Policy, including, without limitation, our rights in information collected through the website, to any third party at any time without notice to you.

 

  • Legal Matters. We may preserve and disclose any Personal Information and any information about your use of this Website if we have a good faith belief that such action is necessary to: (a) protect and defend the rights, property or safety of RightLabs, its affiliates, other users of this Website, or the public; (b) enforce the Website’s Terms of Service; or (c) respond to claims that any content violates the rights of third-parties. We may also disclose information, as we deem necessary to satisfy any applicable law, regulation, legal process or governmental request.

The Personal Information we receive will be used in our marketing, promotion and advertising of the Website. As a result of providing us with your contact information, we may contact you by sending you mailings or other communications (electronic or otherwise) regarding the Website and products, services, promotions, or upcoming events that we believe may be of interest to you. We may also ask you (or have a service provider ask on your behalf) to participate in surveys seeking information or opinions related to our category of products and services.

Use of Cookies

A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your computer’s hard disk, so that the website can remember certain information. Cookies cannot be used by themselves to identify you. 

Two types of cookies are used on this Website, session cookies and persistent cookies.

Session cookies are temporary cookies that remain in the cookie file of your browser until you leave the site.

We use session cookies to:

  • Carry information across pages of our Website and maintain your preferred language throughout the session. This cookie will be initiated each time you affirm your age on our Website.
  • Persistent cookies remain in the cookie file of your browser even after the browser is closed. The length of time a cookie remains depends on its lifespan.

We use persistent cookies to:

  • Generate anonymous, aggregated statistics about the visitors to this Website by using Google Analytics. These statistics help us understand how users navigate the Website and help us improve the structure of our Website. These statistics include for example: most popular and least popular pages visited, amount of time visitors stay on the site and the percentage of visitors that leave the site before entering their birth date. These cookies expire within two hours after you leave the Website. Google offers instructions to opt out of tracking by Google Analytics across all websites here.

Note that most browsers are initially set to accept cookies. However, you have the ability to disable cookies if you wish, generally through changing the internet software browsing settings. It may also be possible to change the settings to enable acceptance of specific cookies. Please refer to the help section on your browser. If cookies are disabled you will be unable to access our Website.

For more information about cookies and how to disable them please visit allaboutcookies.org.

Emails to Other Persons Through the Website.

In the event that we offer the functionality to permit you to send messages regarding Website-related content to a friend or other persons through the Website, you may provide us with such persons’ email address so that we can facilitate your sending a message to such persons; provided, however, that we reserve the right to refuse to facilitate the message for any reason, including without limitation restrictions placed on this functionality by your jurisdiction or that of such person.  We may retain that person’s email address but will use such email address only as described in this Privacy Policy and will not send additional promotional messages to your friend unless your friend registers with us (or has registered previously). Please note that any personal data you provide in connection with your request to send messages to such a person may be disclosed to them.  By using this functionality, you confirm that all persons that you specify to receive messages have consented to receiving the emails from this Website that you request us to send.

Promotions

We may have promotions or sweepstakes on our Website. When you enter a promotion or sweepstakes, we will ask for Personal Information about you. We will use this information for the purposes of administering the promotion or sweepstakes. We will also use and store this information for the purposes set forth under “Use of Personal Information” above unless you instruct us otherwise either through mechanisms provided with the entry form or by contacting us. Any additional uses for this information will be set forth in the applicable official rules, if any, of the promotion.

Information Posted by Visitors

We may make available through the Website services such as message boards to which you are able to post information, photos, images and other materials. Please note that any information, photos, images or materials you disclose through such services or otherwise on the Website, becomes public information, and may be available to visitors to the Website all over the world and to the general public. In addition, when you choose to make a posting on such services, certain personal data will be available for other users to view. We urge you to exercise discretion and caution when deciding to disclose personal data, or any other information, on the Website. WE ARE NOT RESPONSIBLE FOR THE USE OF ANY PERSONAL INFORMATION YOU VOLUNTARILY DISCLOSE THROUGH PUBLICLY VIEWABLE PORTIONS OF THE WEBSITE.

Third-Party Websites

The Website may contain links to third-party websites. These linked websites are not under our control, and we are not responsible for the privacy practices, the contents of any such linked website, any link contained in any linked website or any malware or malicious code that may be present on any such linked website.  We provide such links only as a convenience, and the inclusion of a link on the website does not imply endorsement of the linked website by us. If you provide any personal data through any such third-party website, your transaction will occur on the third party’s website (not this Website) and the personal data you provide will be collected by and controlled by the privacy policy of that third party. We recommend that you familiarize yourself with the privacy policies and practices of any third parties. This Privacy Policy does not address the privacy or information practices of any third parties.

Your Information and Opting-Out

If you do not want to receive further email communications from us through the Website or its services, please follow the opt-out instructions in the email you receive from us.  Otherwise, you may not get email communications you would otherwise expect to receive from us.

Access to and Amendment of Information

You can ask to review and correct the Personal Information that we maintain about you by sending a written request by email to us at privacyofficer@RightLabs.com.

Information Storage and Securitymailto:privacyofficer@RightLabs.com

This Website and all information that you submit through this Website is collected, stored, and processed in Canada or the United States. We use reasonable physical, electronic, and administrative safeguards to protect your Personal Information from unauthorized or inappropriate access. However, regardless of the effectiveness of our security measures, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We ask that you do your part by, at a minimum, keeping any computer passwords you use to access the Internet or this Website strictly confidential.

Changes and Updates to this Privacy Policy

We may modify and update this Privacy Policy from time to time. Changes in our Privacy Policy will be effective immediately. You should review this Privacy Policy on a regular basis.  We will post at the top of this Privacy Policy the date that modifications were last made, which should alert you to any changes since your last visit to the Website.  Your continued use of the Website is your agreement to the revised Privacy Policy. 

Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the province of Alberta, Canada, without regard to its conflict of laws principles.

 Contact Information

For questions relating to RightLabs’ Privacy Policy, please contact our Privacy Officer as follows: (i) by postal mail to Privacy, RightLabs, Inc., 10436 81 Avenue NW Suite 300 Edmonton, AB, T6E 1X6, Canada, (ii) by email to privacyofficer@RightLabs.com, or by phone at (780) 424-3144, ext. 336.  

III. Additional Information for Canadian Users of Our Website

One of the objectives of the Privacy Policy is to promote responsible and transparent practices in the management of personal information, in accordance with the provisions of the Personal Information Protection and Electronic Documents Act (Canada) (“PIPEDA”), the Personal Information Protection Act (Alberta), the regulations enacted thereunder, and any other applicable legislation or regulations.

Scope and Application

The ten principles of PIPEDA, which form the basis of the Privacy Policy, are interrelated and RightLabs shall adhere to the ten principles as a whole. Each principle must be read in conjunction with the accompanying commentary. The commentary in the Privacy Policy has been tailored to reflect personal information issues specific to RightLabs. The scope and application of the Privacy Policy are as follows:

  • The Privacy Policy applies to personal information about RightLabs customers that is collected, used, or disclosed by RightLabs.
  • The Privacy Policy applies to the management of personal information in any form whether oral, electronic or written.
  • The Privacy Policy does not impose any limits on the collection, use or disclosure of the following information by RightLabs:
    • a customer’s name, address, telephone number and email address, when listed in a directory or available through directory assistance;
    • other information about the customer that is publicly available and is specified by regulation pursuant to PIPEDA, the Personal Information Protection Act (Alberta) or other applicable legislation.
  • The Privacy Policy does not apply to information regarding RightLabs corporate customers; however, such information is protected by other RightLabs policies and practices, if any, and through contractual arrangements.
  • The application of the Privacy Policy is subject to the requirements and provisions of Part 1 of PIPEDA, the Personal Information Protection Act (Alberta), the regulations enacted thereunder, and any other applicable legislation or regulations.

Definitions as used in the Part III of the Privacy Policy

  1. Collection – means the act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.
  2. Consent – means a voluntary agreement to collect, use and disclose of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of RightLabs. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.
  3. Customer – means an individual who uses, or applies to use, RightLabs products or services, including the Website and the services available through the Website, including where such individual is an individual carrying on business alone as a sole proprietorship or in partnership with other individuals.
  4. Disclosure – means making personal information available to a third party.
  5. Personal information – means information about an identifiable person, such as name, date of birth, postal address, email address, telephone numbers, cell phone numbers, gender, credit information, personal preferences and other personal information, but does not include aggregated information that cannot be associated with a specific individual.
  6. RightLabs – means RightLabs Inc. and its subsidiary companies, as they may exist from time to time.
  7. Third party – means an individual or organization outside RightLabs.
  8. Use – means the treatment, handling, and management of personal information by and within RightLabs.

PRINCIPLE 1

ACCOUNTABILITY

RightLabs is responsible for personal information under its control and shall designate one or more persons who are accountable for RightLabs compliance with the following principles.

  1. Responsibility for ensuring compliance with the provisions of the RightLabs Privacy Policy rests with the senior management of RightLabs, which shall designate one or more persons to be accountable for compliance with the Privacy Policy. Other individuals within RightLabs may be delegated to act on behalf of the designated person(s) or to take responsibility for the day-to-day collection and processing of personal information.
  2. RightLabs shall make known, upon request, the title of the person or persons designated to oversee RightLabs compliance with the RightLabs Privacy Policy.
  3. RightLabs is responsible for personal information in its possession or control. RightLabs shall use appropriate means to provide a comparable level of protection while information is being processed by a third party (see Principle 7).
  4. RightLabs shall implement policies and procedures to give effect to the RightLabs Privacy Policy, including:
    1. Implementing procedures to protect personal information and to oversee RightLabs compliance with the RightLabs Privacy Policy;
    2. Establishing procedures to receive and respond to inquiries or complaints;
    3. Training and communicating to staff about RightLabs policies and practices; and
    4. Developing public information to explain RightLabs policies and practices.

PRINCIPLE 2

IDENTIFYING PURPOSES FOR COLLECTION OF PERSONAL INFORMATION

RightLabs shall identify the purposes for which personal information is collected at or before the time the information is collected.

  1. RightLabs collects personal information for the following purposes:
    1. to process, assemble, organize and distribute through RightLabs software or services for clients of RightLabs;
    2. to establish and maintain responsible commercial relations with customers and to provide ongoing service;
    3. to understand customer needs and preferences;
    4. to develop, enhance, market or provide products and services;
    5. to manage and develop RightLabs business and operations, including personnel and employment matters;
    6. to meet legal and regulatory requirements; and
    7. for such other purposes as may be determined by RightLabs, acting reasonably, or is otherwise in compliance with the applicable legislation.

Further references to “identified purposes” mean the purposes identified in this Principle.

  1. RightLabs shall specify orally, electronically or in writing the identified purposes to the customer at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within RightLabs who shall explain the purposes.
  2. Unless required by law, RightLabs shall not use or disclose for any new purpose personal information that has been collected without first identifying and documenting the new purpose and obtaining the consent of the customer.

PRINCIPLE 3

OBTAINING CONSENT FOR COLLECTION, USE OR DISCLOSURE OF PERSONAL INFORMATION The knowledge and consent of a customer are required for the collection, use, or disclosure of personal information, except where inappropriate. In certain circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, RightLabs may collect or use personal information without knowledge or consent if it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is seriously ill or mentally incapacitated. RightLabs may also collect, use or disclose personal information without knowledge or consent if seeking the consent of the individual might defeat the purpose of collecting the information, such as in the investigation of a breach of an agreement or a contravention of a federal or provincial law. RightLabs may also use or disclose personal information without knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened. RightLabs may disclose personal information without knowledge or consent to a lawyer representing RightLabs, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required or authorized by law. 

  1. In obtaining consent, RightLabs shall use reasonable efforts to ensure that a customer is advised of the identified purposes for which personal information will be used or disclosed. Purposes shall be stated in a manner that can be reasonably understood by the customer.
  2. Generally, RightLabs shall seek consent to use and disclose personal information at the same time it collects the information. However, RightLabs may seek consent to use and disclose personal information after it has been collected, but before it is used or disclosed for a new purpose.
  3. RightLabs will require customers to consent to the collection, use or disclosure of personal information as a condition of the supply of a product or service only if such collection, use or disclosure is required to fulfill the identified purposes.
  4. In determining the appropriate form of consent, RightLabs shall take into account the sensitivity of the personal information and the reasonable expectations of its customers.
  5. In general, the use of products and services by a customer constitutes implied consent for RightLabs to collect, use and disclose personal information for all identified purposes.
  6. A customer may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Customers may contact RightLabs for more information regarding the implications of withdrawing consent.

PRINCIPLE 4

LIMITING COLLECTION OF PERSONAL INFORMATION

RightLabs shall limit the collection of personal information to that which is necessary for the purposes identified by RightLabs. RightLabs shall collect personal information by fair and lawful means.

  1. RightLabs collects personal information primarily from its customers.
  2. RightLabs may also collect personal information from other sources including credit bureaus, employers or personal references, or other third parties who represent that they have the right to disclose the information.

PRINCIPLE 5

LIMITING USE, DISCLOSURE, AND RETENTION OF PERSONAL INFORMATION

RightLabs shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. RightLabs shall retain personal information only as long as necessary for the fulfillment of those purposes.

  1. RightLabs may disclose a customer’s personal information to:
    1. organization for which the information is being collected as consented to prior to collection;
    2. a person who in the reasonable judgment of RightLabs is seeking the information as an agent of the customer;
    3. a company involved in supplying the customer with association or association related services;
    4. a company or individual employed by RightLabs to perform functions on its behalf, such as research or data processing;
    5. an agent used by RightLabs to evaluate the customer’s creditworthiness or to collect the customer’s account;
    6. a credit reporting agency;
    7. a public authority or agent of a public authority, if in the reasonable judgment of RightLabs, it appears that there is imminent danger to life or property which could be avoided or minimized by disclosure of the information; and
    8. a third party or parties, where the customer consents to such disclosure or disclosure is required by law;
    9. another comment or individual for the development, enhancement, marketing or delivery of any RightLabs products or services.
  2. Only RightLabs employees with a business need to know, or whose duties reasonably so require, are granted access to personal information about customers.
  3. RightLabs shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a customer, RightLabs shall retain, for a period of time that is reasonably sufficient to allow for access by the customer, either the actual information or the rationale for making the decision.
  4. RightLabs shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous.

PRINCIPLE 6

ACCURACY OF PERSONAL INFORMATION

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

  1. Personal information used by RightLabs shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a customer.
  2. RightLabs shall update personal information about customers as and when necessary to fulfill the identified purposes or upon notification by the individual.

PRINCIPLE 7

SECURITY SAFEGUARDS

RightLabs shall protect personal information by security safeguards appropriate to the sensitivity of the information.

  1. RightLabs shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures which may include physical, organizational and technological measures. RightLabs shall protect the information regardless of the format in which it is held.
  2. RightLabs shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
  3. All of RightLabs employees with access to personal information of customers shall be required to respect the confidentiality of that information.

PRINCIPLE 8

OPENNESS CONCERNING POLICIES AND PRACTICES

RightLabs shall make readily available to customers specific information about its policies and practices relating to the management of personal information.

  1. RightLabs shall make information about its policies and practices easy to understand, including:
    1. the title and address of the person or persons accountable for RightLabs compliance with the RightLabs Privacy Policy and to whom inquiries or complaints can be forwarded;
    2. the means of gaining access to personal information held by RightLabs; and
    3. a description of the type of personal information held by RightLabs, including a general account of its use.
  2. RightLabs shall make available information to help customers exercise choices regarding the use of their personal information and the privacy enhancing services available from RightLabs.

PRINCIPLE 9

CUSTOMER AND EMPLOYEE ACCESS TO PERSONAL INFORMATION

RightLabs shall inform a customer of the existence, use, and disclosure of his or her personal information upon request and shall give the individual access to that information. A customer shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

  1. Upon request, RightLabs shall afford customers a reasonable opportunity to review the personal information in the individual’s file. Personal information shall be provided in understandable form within a reasonable time, and at a minimal or no cost to the individual.
  2. In certain situations, RightLabs may not be able to provide access to all the personal information that it holds about a customer. For example, RightLabs may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, RightLabs may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor – client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of a federal or provincial law. If access to personal information cannot be provided, RightLabs shall provide the reasons for denying access upon request.
  3. Upon request, RightLabs shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, RightLabs shall provide a list of organizations to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.
  4. In order to safeguard personal information, a customer may be required to provide sufficient identification information to permit RightLabs to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.
  5. RightLabs shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, RightLabs shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.
  6. Customers can obtain information or seek access to their individual files by contacting a designated representative at RightLabs business offices.

PRINCIPLE 10

CHALLENGING COMPLIANCE

A customer shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for RightLabs compliance with the RightLabs Privacy Policy.

  1. RightLabs shall maintain procedures for addressing and responding to all inquiries or complaints from its customers about RightLabs handling of personal information.
  2. RightLabs shall inform its customers about the existence of these procedures as well as the availability of complaint procedures.
  3. The person or persons accountable for compliance with the RightLabs Privacy Policy may seek external advice where appropriate before providing a final response to individual complaints procedures as well as the availability of complaint procedures.
  4. RightLabs shall investigate all complaints concerning compliance with the RightLabs Privacy Policy. If a complaint is found to be justified, RightLabs shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A customer shall be informed of the outcome of the investigation regarding his or her complaint.
  5. ADDITIONAL NOTICES TO CALIFORNIA RESIDENTS WHO ARE USERS OF OUR WEBSITE

 

California Do-Not-Track Disclosure

 

At this time, the Website is not set up to honor web browser do-not-track settings.  Do-not-track is a privacy preference that users can set in their web browsers. When a user activates the do-not-track settings in browsers that offer this setting, the browser sends a message to websites requesting them not to track the user. For more information about do-not-track matters, please visit www.allaboutdnt.org.

 

Information on Marketing Disclosures

 

California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at Privacy, RightLabs, Inc., #217-8008 104 Street, Edmonton SAB, T6E 4E2 CANADA or by email to privacyofficer@RightLabs.com.

 

  1. ADDITIONAL NOTICES TO EUROPEAN UNION RESIDENTS AND OTHER DATA SUBJECTS WHO ARE USERS OF OUR WEBSITE

 

In addition to the information provided elsewhere in this Privacy Policy, persons (“GDPR Data Subjects”) who are residents of the member countries of the European Union (“EU”) or other data subjects covered by the EU’s General Data Protection Regulation, (EU) 2016/679 (the “GDPR”), have certain additional privacy rights under applicable law.  The following provisions of this Privacy Policy provide an overview of these additional rights and related information.

 

Our Commitment


RightLabs embraces the approach to privacy protection reflected in the GDPR, giving our Website users a greater say in what happens with their data. Please contact our data protection officer at either Privacy, RightLabs, Inc., #217-8008 104 Street, Edmonton SAB, T6E 4E2 CANADA or by email to privacyofficer@RightLabs.com, if you have any questions about any matters related to our GDPR compliance.

 

Legal Bases for Processing Personal Information of European Union Residents or Other GDPR Data Subjects

 

If you are a GDPR Data Subject, RightLabs may rely on one or more of the following legal bases (or other available legal grounds) when processing your personal information, depending on the circumstances:

 

  • Legitimate Interests – RightLabs may process your personal information where RightLabs has a legitimate interest in such processing for managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights or freedoms.

 

  • Consent – RightLabs may process your personal information where RightLabs has obtained your consent to the processing.

 

  • Contractual Necessity – RightLabs may process your personal information where such processing is necessary in connection with any contract that RightLabs has with you.

 

  • Legal Requirements – RightLabs may process your personal information where such processing is required by applicable law.

 

Disclosures to Third Parties

 

If you are a GDPR Data Subject, your personal information will not be disclosed to third parties except where it is necessary for fulfillment of RightLabs’s obligations to you or where RightLabs is obliged or permitted to do so by law (including, without limitation, through the terms of any agreement RightLabs may have with you), or where RightLabs makes disclosures that are otherwise consistent with the uses described in this Policy.

 

RightLabs may also disclose any information (including personal information) relating to you to law enforcement authorities or any regulatory or government authority in response to any request including requests in connection with the investigation of any suspected illegal activities.

 

RightLabs reserves the right to transfer any personal information RightLabs has about you in the event RightLabs sells or transfers all or a portion of our business or assets, or merges with another organization. Should such a sale, transfer or merger occur, RightLabs will use reasonable efforts seeking to require that the transferee uses personal information you have provided to RightLabs in a manner that is consistent with this Policy.

 

RightLabs will not sell, resell or lease your personal information to any third parties but RightLabs may, if required for the purpose(s) for which your personal information was collected and processed, share it with RightLabs partners and/or service providers to enable them to provide their services to RightLabs or to you, as applicable. The foregoing are in addition to the other uses described elsewhere in this Policy.

 

Security of Personal Information of European Residents or Other GDPR Data Subjects

 

RightLabs has policies and technical and organizational measures in place which are intended to safeguard and protect your personal information against unauthorized access, accidental loss, improper use and disclosure. However, you should be aware that information transmitted over the internet is not completely secure because of the nature of the internet and that systems and measures used to secure information are not flawless. For these reasons, although RightLabs will use reasonable efforts to protect your personal information, RightLabs does not warrant the security of personal information transmitted to RightLabs or stored by RightLabs, and personal information that is transmitted to RightLabs by you electronically is done at your own risk.

 

Retention of Personal Information of European Residents or Other GDPR Data Subjects

 

RightLabs’s policy is to retain your personal information only for as long as is necessary to fulfill the purposes for which RightLabs collected such personal information, including for the purposes of satisfying any professional, legal, accounting or reporting requirements to which RightLabs is subject. To determine the appropriate retention period for personal information, RightLabs considers the scope, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of the personal information, the purposes for which RightLabs collected and processed your personal information and whether RightLabs can achieve those purposes through other means, and any applicable legal and professional requirements.

 

Your Rights as a European Resident or Other GDPR Data Subject

 

If you are a GDPR Data Subject, you have a number of rights concerning your personal information that RightLabs holds and uses, including the following:

 

  • Right of Access – You have the right to be informed about what personal information RightLabs holds about you and to a copy of this personal information.

 

  • Right to Rectification – You have the right to have any inaccurate personal information which RightLabs holds about you updated or corrected.

 

  • Right to Erasure – In certain circumstances you may request that RightLabs delete the personal information that RightLabs holds about you.

 

  • Right to Complain – You have the right to lodge a complaint regarding the processing of your personal information to an applicable governmental or supervisory authority in your country.

 

  • Right to Withdraw Consent – Where processing of personal information is based on your consent, you have the right to withdraw such consent at any time.

 

  • Right to Object – Where RightLabs relies on our legitimate interests to process your personal information, you have the right to object to such use and RightLabs is required to discontinue such processing unless RightLabs can demonstrate an overriding legitimate interest in such processing.

 

  • Right to Restriction – You have the right to request that RightLabs stop using your personal information in certain circumstances including if you believe that the personal information RightLabs holds about you is inaccurate or that RightLabs’ use of your personal information is unlawful. If you validly exercise this right, RightLabs will store your personal information and will not carry out any other processing until the issue is resolved.

 

You may exercise any of the above requests in writing, or request that RightLabs stop using your personal information for marketing purposes by contacting, us by postal mail at Privacy, RightLabs, Inc., #217-8008 104 Street, Edmonton SAB, T6E 4E2 CANADA, or by email at privacyofficer@RightLabs.com.