Last Update : May 16th 2020
WHO ARE WE?
Living Sisu Inc. is a corporation incorporated under the Canada Business Corporations Act.
We are a corporation that offers access to sports privileges through membership for our members.
Subject to any provision to the contrary, we are the “data controller” of your personal data. As such, we determine the purposes and manner in which we will process it.
If you have any questions about this Policy, you may submit them to us by mail at our head office address, or by e-mail at the following address: firstname.lastname@example.org.
TYPE OF DATA COLLECTED
The term “personal data” refers to any information that directly or indirectly identifies an individual (e.g. name, e-mail, registration number, telephone number, photograph, date of birth, address, fingerprint, etc.). In this regard, we may collect the following personal data in particular: (i) your contact information, such as name, address, e-mail address, telephone number; (ii) marketing and business development data, including your communication preferences; (iii) data that you send us following a public advertisement, in particular to apply for a position (resume, biographical notes, etc…). ); (iv) your personal data concerning your use of our website collected by means of cookies, registration form, entry of email address for newsletter, membership on our website, acceptance of user cookies, message via our contact form, population of your personal profile or comments on our social networks; including your IP address, location, email address, usage preference, first and last name; (v) any personal data provided by our customers on their behalf; (vi) your personal data in your capacity as an employee of one of our customers, suppliers or business partners, including your contact information, employment details, and our relationship with you, provided that you have been notified of and have consented to such transfer; and (vii) any other personal data you have provided to us, provided that prior to transferring personal data to us about someone other than you, you must notify them of such transfer and obtain their consent to transfer it to us.
PURPOSES OF DATA COLLECTION AND RETENTION
DATA COLLECTED IN THE CONTEXT OF A CONTRACT AND ITS EXECUTION
Thus, when you create an account on our website, we collect the following information about you:
- First name and surname
- Your date of birth
- Your email address
- Your confidential password of your choice
These data may be stored for a period of 7 years.
DATA COLLECTED FOR MARKETING PURPOSES
We may use your contact information to pursue our legitimate promotional interests with the company you work for or if you are a customer, otherwise we will never use your contact information without obtaining your prior consent.
DATA COLLECTED THROUGH THE WEBSITE
When we collect data, such as IP address and connection data, location of connection, browser data, through our website by technical means, including cookies, web page counters or other analysis tools, this data will be used to the extent necessary to pursue our legitimate interests in order to adapt our website to visitors, including in particular the relevance of its content, its intelligibility, the adaptation of our marketing strategy to visitors. When this data is personal information, it will be stored for a period of one year. This data may also be used to collect general statistical data.
DATA COLLECTED IN YOUR CAPACITY AS AN EMPLOYEE
When you act as an employee or representative of a customer, supplier, partner, we may collect data about you. We use your employee data to the extent necessary to pursue our legitimate interests to manage our relationship with your organization. If we have a business relationship with you or your organization, your organization may provide us with data about you.
We store employee data for up to seven years after the end of our relationship with your organization.
DATA COLLECTED TO COMPLY WITH OUR LEGAL OR REGULATORY OBLIGATIONS OR TO PROTECT US IN THE EVENT OF LITIGATION
We may collect your personal data in order to comply with our legal or regulatory obligations and to protect us in the event of a dispute, in particular in the event that we consider there is a risk that we may be a party to a dispute or that we are a party to a dispute, in order to assert our rights, to meet our legal or regulatory obligations with regard to disclosure of information and/or to protect the rights of third parties. This data may be stored for as long as our legal or regulatory obligations or our protection in the event of a dispute so require. This data may be transmitted to our legal, financial and insurance representatives.
DATA COLLECTED FOR RESEARCH AND DEVELOPMENT PURPOSES
We may collect your personal data to the extent necessary to pursue our legitimate interests in the context of research and development, in particular in order to analyse and understand the requirements, wishes and experiences of our customers to enable a better understanding of their needs, and to improve our service offering.
DATA COLLECTED FOR RECRUITMENT PURPOSES
We may collect your personal data to the extent necessary to pursue our legitimate interests when you apply for a position in our organisation, including any personal data contained in your application documents.
DATA TRANSMITTED AS PART OF A REORGANIZATION
As part of a reorganization of our business, or a change in our business, including a merger, a transfer of assets, we may need to transfer personal data to third parties as part of a due diligence process to the extent necessary to pursue our legitimate interests, or transfer it to the reorganized entity for the same purposes as set out in this Policy or for the purposes of the reorganization.
OTHER PERSONAL DATA PROVIDED
We may collect any other personal data that you have provided to us. Before you provide us with personal information about someone other than yourself, you shall notify such person and obtain their consent to provide it to us.
PERSONAL DATA COLLECTED THROUGH THIRD PARTIES
Our service providers may provide us with personal data, which we will process in accordance with this Policy.
Notwithstanding anything to the contrary, we will store your collected personal data for as long as necessary for the purposes set out in this Policy and to comply with our legal and regulatory obligations.
TERM EXTENSION OF STORAGE
Where necessary to fulfil the purposes for which we have collected your personal data, including compliance with legal, accounting or other requirements, we may store your data for a longer period than originally intended. We will try to find solutions to reduce the stroage period.
COMMUNICATION AND SHARING OF YOUR DATA
Our service providers are the following : Stripe, SendGrid and Facebook.
We may share your personal data for the purposes mentioned in this Policy.
TO WHOM MIGHT WE SHARE YOUR PERSONAL DATA?
We may share some of your personal data with certain third parties, including:
- Our service providers, including our legal, accounting, tax and financial advisers, who may access or process personal data. At all times, we will limit access and processing of such data to what is necessary to perform the services agreed with us.
- Government authorities and any law enforcement agency, including any supervisory authority relating to the protection of personal data, in accordance with applicable law. Accordingly, we may disclose personal data when we are required to do so by applicable law, or if we believe such disclosure is necessary to comply with applicable law.
- The acquirer, successor or assignee in connection with any type of transaction or reorganization, whether in connection with any merger, acquisition, any type of financing, whether debt or equity, sale of assets, or any proceeding, action or process relating to our insolvency, including the transfer of your personal data to a third party.
PROTECTION OF PERSONAL DATA BY THIRD PARTIES
Third parties to whom we disclose and share your personal data are required to take appropriate security measures to protect it in accordance with applicable legislation. In the event that third parties process your personal data on our behalf as “data controllers”, they are required to comply with this Policy and applicable law.
ANONYMIZATION OF YOUR PERSONAL DATA
We may anonymise your personal data before passing it on to a third party or using it internally. This will mean that you will no longer be identifiable, and your personal data will be protected.
Our principal place of business is located in Laval, Canada, (the location of our head office) and we also operate primarily in Canada, but our web visitors could come from anywhere in the world. We will process your personal data in a manner that complies with applicable legal requirements in Canada, or abroad if applicable, in accordance with this Policy, including security, including with respect to the GDPR (Decision of Adequacy). At all times, before transferring or sharing data in any country, we will ensure that the level of protection of your personal data of the persons to whom such data is transferred complies with applicable law, including any applicable Canadian or provincial legislation and the GDPR (including, without limitation, adequacy decisions and EU-approved model clauses).
Security measures have been taken to ensure the safe use of your data. The purpose of these measures is to prevent the (accidental) loss, use, consultation, modification or distribution without your permission. We will only give access to your personal data to employees, third parties, agents or any other person who need to have access to it.
We will take the necessary measures in the event of a potential breach of your personal data, including having internal policies in place in such cases, notifying you and any competent supervisory authority regarding a breach of personal data protection.
Applicable laws grant you several rights with respect to your personal data, including rights:
- information regarding the use of your personal data;
- access to your personal data (copy of your file, verification of the method of collection, storage, processing, transfer of your personal data);
- to request the rectification or suspension of the processing of your personal data if it is incomplete or inaccurate or to request the purposes of the processing of such data;
- to delete your personal data in certain circumstances. We may refuse to delete your personal data in particular to comply with the law or if there are complaints;
- withdraw your consent to any action we may take that you have previously consented to in relation to your personal data; and
- to contact the competent data protection supervisory authority regarding our use of your personal data, in particular to file a complaint.
We will not automatically accept all your requests, especially if your request is clearly unfounded. In addition, we may ask you for additional information in order to fully understand your request or for security reasons.