Privacy Policy

Effective: June 2023

Privacy Policy

1. Introduction

Welcome to DataCandy!

DataCandy, a tradename owned by Paystone Inc. (hereafter “DataCandy” or “us” or “we”) processes information as part of our mission to help make commerce better for everyone.  In all of this, we seek to preserve the ability for you to control your data and maintain the timeless value of your privacy. Our efforts start with making sure you get meaningful choices about how and why your data is collected, used, stored, and by providing you with sufficient information needed to make the choices that are right for you, your business and your customers across our products and services (the “Services”). Earning your trust is always a priority for us by focusing on five key privacy principles below:

  Your Benefit: We will ensure the data we collect will enable fulfilling experiences for our Clients and Customers.

  Transparency: We will be transparent about our collection and use of your data so you can be informed.

  Security: We will utilize strong security and encryption to protect the data you entrust us with.

  Strong legal compliance: We believe in your privacy as a fundamental human right and will respect all local privacy laws ourselves as well as seek to support our Clients in doing so.

  Control: We will provide you the ability to manage your privacy where applicable.

This Privacy Policy clarifies how we collect, use, process, and share your personal information when you use any of our Services, or by dealing with a business Client using our Services, as applicable. We may update this Privacy Policy from time to time in order to reflect changes to our privacy practices or for other operational, legal, or regulatory reasons. If we make material changes to this Privacy Policy, we will give you notice of such changes by posting the revised policy on this Website, and where appropriate, by other means. By continuing to use this Website or the Services after these changes are posted, you agree to any such revised policy.

We maintain relationships with various parties and accordingly collect information on:

  • Clients: Businesses and entities contracting our Services
  • Customers: End users interacting with our Clients
  • Partners: Entities who help enable and promote our Services
  • Others: Anyone interacting with us via our physical locations, website, or our applications as available on point-of-sale devices, payment terminals, and mobile devices.

This Privacy Policy applies to all the parties listed above and the terms “you” or “your” herein shall refer to any such party.

2. What information do we collect and why?

We only process personal information with due consideration to potential risks to your privacy, limiting the information we keep, limiting what we do with your information, and utilizing anonymization or pseudo-anonymization where possible.

Our purpose and legal basis for processing your personal information is generally tied to either a contractual obligation with our Client, ‘legitimate interest’ whereby we enable business among the parties we engage with (for example enabling our Clients to improve their Customers’ experience), or to fulfill a legal obligation (for example record keeping requirements tied to financial services).  Where we cannot rely on an alternative legal basis for processing or where we are required by law, we may process your personal information in accordance with your consent such as in the context of some of our sales and marketing activities. At any time, you have a right to withdraw your consent by changing your communication choices, opting out from our communications or by contacting us.

2.1. Information collected from our Clients

Below is a list of information we collect from our Clients and their corresponding purposes:

Information Collected

Purpose

1) We collect account related information such as your name, company name, date of birth, address, email address, phone number(s), government ID information and payment details (for example, your credit card and banking information).

We use this information to provide you with the best user experience of our Services in the following ways:

 

Provide you with our service, including:

* Enabling authentication so you can securely access your account

* Invoicing

 

Provide customer support and resolve issues, including:

* Administrative matters

* Transaction emails, for example those containing your invoice

* Resolve queries you may have

* Investigate and resolve technical issues

* Update you on changes that will impact your account

* Offer opportunities to participate in our beta program for new and upcoming product releases.

 

Improve our product offering, including:

* Personalize your in-app experience based on information such as your location

* Protect our product and clients from security risk and fraud

* Monitoring for defects and user experience issues

 

2) We collect data about the DataCandy mobile and web applications you have registered to use and websites that you visit. We also collect data about how and when you access your account with us, including information about the device and browser you use, your network connection, your IP address, and information about how you browse through our platform interface.

We use this information to provide you with the best user experience of our services in the following ways:

 

Improve our product offering, including:

* Provide you our Services or other contractual obligations

* Understand how and where to make improvements by tracking your interaction with the app and app usage. If we publish results outside of the organization, it will always be aggregated or anonymized.

* Monitoring for defects and user experience issues.

* Protect our product and clients from security risk and fraud.

 

Communicate relevant product offerings to you, including:

* Personalize your in-app experience based on previous interactions with the app, for example highlighting available features that we believe you could benefit from but have not yet adopted.

* Send you email communications to help you get more value from the product, for example highlighting new or unused features that we believe you would benefit from.

 

3) We collect and process personal information about your Customers that you share with us or that your Customers provide us by using our Services we provide you.

We process this information on behalf of you to provide you with our Services to achieve the following:

 

Help you create exceptional experiences for your Customers, including:

* Enabling the sending of gifts to your Customers

* Facilitate and automate communication between you and your Customers

* Easily collect payments from your Customers

 

Grow your business through various efforts, including;

* Collect Customer payments

* Identify opportunities to improve the experience for your least vocal Customers

 

4) We may record phone, email and other conversations that take place in the process of serving you and providing our Services.

We use this information for the following purposes:

 

Improve our customer support:

* Quality assurance

* Training of our customer support team members

* Collaborate among the team to best resolve queries you may have

 

Improve our product offering, including:

* Learn from our conversations with you about how and where to make product improvements

* Identify opportunities for new products and features that serve your needs

 

You will be notified prior to the call that it is being recorded and will be offered the opportunity to opt out of having the call recorded.

 

5) We use some of the personal information you provide us to conduct some level of automated decision-making.

We use this information to ensure security and ease of use for Clients and Customers. For example; we use certain personal information to help us screen accounts for risk or fraud concerns in order to provide protection and security for you and your business.

 

6) We will also collect information from third parties.

We use this to serve you and service any needs you may have. This includes but is not limited to referrals by your other service providers you utilize that partner with us.

 

7) We will also use personal information in other cases where you have given us your express permission.

We use this information in accordance with your consent.

 

2.2. Information collected from Customers dealing with our Clients

Below is a list of personal information we collect related to Customers on behalf of our Clients, and their corresponding purposes:

Information Collected

Purpose

1) We collect Customer information generated in the course of your use of our Services as acquired by our Clients you deal with, which include first and last name, gender, birthdate, language preference, social media handles, email, shipping and billing address, payment details, phone number, IP address, information about orders you initiate, account and authentication information, other information as required by Clients to be collected to serve their Customers, information about our Clients you visit, and information about the device and browser you use.

 

We use this information on behalf of our Clients to help them serve their Customers in the following ways:

* Receive and process orders
* Risk and fraud screening
* Customer authentication
* Process payments from Customers
* Enable sending and receiving of gift for Customers

* Manage loyalty points collection and redemption for Customer accounts

 

Communicate relevant product offerings to Customers such as you, including:

* Personalize your in-app experience based on previous interactions with the app, for example highlighting available features that we believe you could benefit from but have not yet adopted.

* Send you email communications to help you get more value from the product, for example highlighting new or unused features that we believe you would benefit from.

 

Grow our Clients’ business through various efforts, including;

* Identify the most loyal and vocal Customers for our Clients

* Identify opportunities for our Clients to improve the experience for the least vocal, active or loyal Customers


We also use this information to improve our Services for better serving Customers through following efforts:

* Ensure proper functionality and continuous improvement of Services. For example, to make our interface easier to use.
* Pre-fill checkout information for Customers

* Help customize and improve Customer experience when dealing with our Clients by personalizing the type of messages or offers they receive.

* Communicate with Customers about relevant offers, incentives, gifts, appreciations, newsletters, campaigns, contests or promotions offered by our Clients or Partners

 

2) We may collect information from and about the devices (computers, phones, and other internet devices) used by you that integrate with our Services, and we combine this information across the different devices used.

 

 

3) We may collect information from third party partners, such as your friends or those related to our Clients.  Partners, such as, but not limited to, point of sale partners, payment processing partners, Online Ordering Platforms, Mobile Apps and Websites, and Clients who may share additional information of similar nature as described in the previous points of this section. We may get information from your friends and family to refer services they may find beneficial for you. We may collect and compile your comments and reviews about our Clients on the web, including through social media.

 

4) We use some of the personal information you provide us to conduct automated decision-making.

We use this information to ensure security and ease of use for Clients and Customers. For example; we use certain personal information (including but not limited to, IP addresses or payment information) to automatically block certain potential fraudulent transactions for a short period of time, providing an extra level of protection to your accounts and funds.

5) We will also use personal information in other cases where you have given our Clients or us your express permission. 

We use this information in accordance with your consent.

 

2.3. Information collected from our Partners

Below is a list of information we collect from Partners, and their corresponding purposes:

Information Collected

Purpose

We collect your name, company name, website, social media handles, phone number(s), address, business type, email address, payment account, and tax number.

We use this information to work with you, confirm your identity, contact you, pay you and to screen for risk, fraud, or other similar types of issues.

We collect data about our websites that you visit. We also collect data about how and when you access any relevant account, including information about the device and browser you use, your network connection, your IP address, and information about how you browse through the DataCandy interface.

We use this information to give you access to and improve our Services.

We collect personal information about your customers that you share with us or that they provide to us directly.

We use this information to work with you and to provide our Services to your customers which can allow for a more seamless experience.

We will also use personal information in other cases where you have given us express permission.

We use this information in accordance with your consent.

 

2.4. Information collected from users using our applications, website, locations, and support services

Below is a list of information we collect from users interacting with our locations, website, applications as available on point-of-sale devices, payment terminals, and mobile devices, and support services, and their corresponding purposes:

Information Collected

Purpose

1) As you visit or browse our websites, we collect information about the device and browser you use, your network connection, your IP address, and information about the cookies installed on your device. We also collect personal information submitted by you via any messaging feature available from any of our websites.

We use this information to verify your account, to provide and enhance our Services (including supporting or servicing by Clients, if applicable), and answer any questions you may have.

2) We may also receive personal information when you make a purchase or make other requests to us via any of our websites.

 

3) From telephone support users, we collect your phone number, call audio, and other personal information you provide us during our call. If applicable, we may request additional documentation from you during our call to verify your identity.

 

4) From chat support users, we collect your name, email address, information about the device and browser you use, your network connection, your IP address, chat transcript, and other personal information you provide us during our chat. If applicable, we may request additional documentation from you during our chat to verify your identity.

 

 

2.5. Information about Minors

Our Services are not intended for minors and no person under the age of 14 may register for any account with us. We do not knowingly collect personal information about any person under the age of 14, and no such person, nor any parent or guardian as it relates to such person, should submit their personal information to us for any reason.

2.6. Automated Decision-Making

In the course of offering our Services, we use a number of machine learning algorithms and forms of automated decision-making. For example, we use automated decision-making: to prevent risk and fraud by Clients, to help Clients avoid fraudulent transactions from their Customers, to personalize our Client experience when they engage with us, and to determine eligibility for certain services.

One of the ways we are able to help our Clients is to better understand and serve their Customers through our machine learning that gathers important insights from Customer data (referred to as “automated decision-making” in certain jurisdictions). For example, we could provide information to match specific offerings of our Clients to their Customers.  We ensure such machine learning implementation has sufficient human oversight. When we use machine learning we ensure to avoid significant privacy implications, and at all times we will avoid having such algorithms make decisions based on ‘sensitive information’ provided to us (such as political opinions, religious beliefs, health information, etc.) as classified by some jurisdictions.

 

3. When and with whom do we share this information?

3.1. Third Party Sharing

We will protect your personal information from others and never sell or rent such information.  We will refuse to share with third parties unless it is to enable us to support growth of our Clients, provide Services to our Clients and improve their Customers engagement, or because we are legally required to do so.  Below are cases where we may share your Personal Information with third parties:

  • We work with a variety of third parties and service providers to help provide our Services and we may share personal information with them to support these efforts. For example, we rely on technology service providers to store and manage information, and provide analytics in accordance with strong security measures.
  • We may also share Client information with Partners who provide complementary services we believe may be of benefit to your business.
  • We may also share Customer information with our Clients and third-party partners/service providers to help customize and improve your shopping experience.
  • We may share information with third parties to help us conduct our marketing and/or advertising campaigns.
  • We may share your information to prevent, investigate, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service or any other agreement related to the Services, or as otherwise required by law.
  • We may share personal information to conform to legal requirements, or to respond to lawful court orders, subpoenas, warrants, or other requests by public authorities (including to meet national security or law enforcement requirements).
  • Personal information may also be shared with a company that acquires our business or the business of a merchant whose store you visit or access, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceeding.

3.2. International Data Transfers

While we are a Canadian company and store data in Canada, the United States, and the European Union when providing our Services to users around the world. Accordingly, we may transmit your personal information outside of the country, state, or province in which you are located to process in Canada, the United States or European Union, and transferred data may be subject to the laws of such countries.

 

4. Obligations of our Clients

If you are our Client, your Customers need to understand how you (and how DataCandy on your behalf as a ‘processor’) collect and process their personal information as the data ‘controller’. Accordingly, if you use the Services, you agree to post an up-to-date and accurate privacy policy that is accessible for your customers and complies with the laws applicable to your business. You also agree to obtain consent from your Customers for the use, processing, and access of their personal information by us where applicable, such as in the context of some of our sales and marketing activities.   Privacy laws in certain places treat ‘businesses’ and ‘service providers’ differently. Under those laws, a business is the company that decides why and how to process personal information. A service provider processes personal information on behalf of a business in order to provide services. When we process your Customers data on behalf of Clients, we act as their service provider.  It is the responsibility of Clients to ensure they understand they are fulfilling their obligations as ‘controllers’ and ‘businesses’.

 

5. For how long do we retain your personal information?

  • In general, we keep your personal information as long as needed to support your relationship with us. For Clients, this means we will keep your information as long as you maintain an account with us. For Partners, this means we will keep your information until you inform us that you wish to terminate your Partner relationship with us.  For Customers, we generally process your information solely as a data processor on behalf of our Clients, and it is up to the Client to determine how long they will store your information in our systems.  In some cases, your payment processing information is managed by acquiring banks and we have no control over how long such information is stored by such banks.
  • Once you terminate your relationship with us, we generally will continue to store archived copies of your personal information for legitimate business purposes such as to defend a contractual claim, improve our product offering and services, or for audit purposes and to comply with the law, except when we receive a valid erasure request.
  • We may also continue to store anonymous or anonymized information, such as website visits, gift and loyalty transaction history without identifiers, in order to improve our Services and for reporting and statistical analysis.

 

6. How do we keep your personal information secure?

  • The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. We employ physical, administrative, contractual, and technological safeguards to protect personal information, and insist that our service providers do the same.   We insist that our personnel, and those of our providers, only access and use personal information in order to properly perform their duties, and even then only to the strict extent necessary to perform them.
  • When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using Transport Layer Security (TLS). TLS encrypts information entered on our site before it is sent over the Internet, and we use TLS in an industry-recognized standard manner to encrypt our Internet transmissions to and from you. In addition, to the extent we do store your personal information, some of it may be stored in encrypted form, and it is unencrypted in memory by our Service when and as needed. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and so you should always exercise caution when disclosing sensitive information over the Internet, and we cannot guarantee the absolute security of your personal information. If you have any questions about security on our website, you can contact us through information at the bottom of this policy.
  • On an annual basis, we have a scan of all of our IT infrastructure with a third-party vendor and thereafter act on recommendations provided to ensure we continue to meet industry standards or higher for data security and compliance.  We also perform annual audits to ensure our handling of your credit card information aligns with industry guidelines and are PCI DSS compliant.

 

7. Information from cookies and similar tracking technologies

A cookie is a small amount of data, which may include a unique identifier, that is sent to your browser from a website and stored on your device. We assign a different cookie to each device that accesses our website.

We use cookies and similar tracking technology to:

  • recognize your device and provide you with a personalized experience on our websites, or otherwise through the Services.
  • keep track of your specified preferences. This allows us to honor your preferences, such as whether or not you would like to see interest-based ads.
  • keep track of items stored in your shopping cart.
  • conduct research and diagnostics to improve our content, products, and services.
  • prevent fraudulent activity.
  • Improve security.
  • deliver content, including ads, relevant to your interests on our sites and third-party sites (see the Interest-Based Ads notice for how we use cookies in serving interest-based ads).
  • perform reporting, allowing us to measure and analyze the performance of our Services.

 

8. Region Specific Matters

8.1. EU/UK - General Data Protection Regulation (GDPR)

We understand that you have rights over your personal information, and take reasonable steps to allow you to access, correct, amend, delete, port, or limit the use of your personal information. If you are a Client or a Partner, you can update many types of personal information, such as payment or contact information, directly within your account settings. If you are unable to change your personal information within your account settings, or if you are concerned about data collected as you visit us or affiliated websites or use our support services, please contact us to make the required changes with the contact information provided below.

If you are a Customer served by our Clients and wish to exercise these rights, please contact the Client you interacted with directly -- we serve as a processor on their behalf and can only forward your request to them to allow them to respond.

It’s important to remember that if you delete or limit the use of your personal information, the Services may not function properly.

8.2. Canada Anti-Spam Legislation

We are committed to compliance with the Canada’s Anti-Spam Legislation (“CASL”).   Any electronic communication sent by us to outside parties is protected by a range of business procedures, processes and policies to ensure that such communication is done in compliance with CASL. In addition to adopting this Privacy Policy, and to provide transparency about our compliance, we have undertaken various initiatives in order to ensure we are compliant with CASL in all respects. If you have received a commercial electronic message from us, and you believe that you should not have or you do not wish to receive them (even if we are allowed to send them), we will endeavour to respect your inbox preferences.  If you have any questions or concerns about our unsubscribe methods, you may contact us at the address indicated below.

8.3. Quebec Law 25

We are committed to compliance with the Quebec Law 25, which followed the 2021 adoption of Bill 64 in the Canadian province of Quebec, an Act to modernize legislative provisions as regards to the protection of personal information. Our privacy officer is provided in Section 9 below and we have in place mandatory breach reporting as required.  This updated Privacy Policy also addresses our compliance with other aspects of the law related to transparency in our collection and use of personal information belonging to Quebec residents, and how we facilitate access and erasure rights.  We regularly conduct privacy impact assessments of any export of personal information out of Quebec to ensure security and risk mitigation, and we have also been engaged in anonymization efforts where it is possible. 

8.4. California Consumer Privacy Act

We are committed to compliance with the California Consumer Privacy Act (“CCPA”). This Privacy Policy describes how we collect, use, and share California consumers' Personal Information in our role as a business, and the rights applicable to such residents. If you are unable to access this Privacy Policy due to a disability or any physical or mental impairment, please contact us and we will arrange to supply you with the information you need in an alternative format that you can access.

 

9. How to contact DataCandy

If you would like to make a legal request or serve a subpoena or similar document seeking information about our Clients, or other parties whose data we process, please contact us directly.  If you have any questions about your personal information or this policy, or if you would like to make a complaint about how we process your personal data, please also contact us directly.

Data Protection Officer

DataCandy

509 Commissioners Rd. W., Unit 434

London, ON, N6J 1Y5

Email: compliance@paystone.com