La Capitaine Crochète (the “Company” or “we”) attaches great importance to the protection of the personal information of the users of its websites.
This policy describes how we treat personal information so that you know, among other things, what information we collect, how we use it, and under what circumstances we disclose it, if any.
By using our website https://lacapitainecrochete.com (the “Site”), you consent to the processing of your personal information as described herein. If you do not wish your personal information to be so treated, please stop accessing and using the Site immediately.
1. Treatment of Personal Information – Definitions
Is considered personal information, any information that concerns a natural person and that allows, either by itself or in combination with other available information, to identify him/her.
The processing of personal information includes any transaction (collection, recording, retention, consultation, use, disclosure, blocking, deletion or destruction, etc.) or set of transactions involving such information, regardless of the process used.
2. Governing Law
The Company is a sole proprietorship whose principal establishment is located in Québec. The Act respecting the protection of personal information in the private sector (CQLR C P-39.1) applies in all circumstances, except to the extent that the processing of the data in question is subject to the GDPR, that is, the General Data Protection Regulation of the European Union (2016/679 of 27 April 2016), in which case the articles of section 4 will apply.
3. Principles Applicable to the Processing of Personal Information
3.1. Scope of the Policy and Corporate Responsibility
3.2. Links to external sites
3.3. Purposes of the treatment of personal information
In carrying out its activities, the Company collects personal information for the purpose of operating its businesses, submitting offers of services, hiring subcontractors and employees, serving its customers, establishing and maintaining commercial relations, to preserve the safety of its facilities, customers, employees and third parties, and to comply with its legal obligations. With regard to the Site, the processed data and the purposes of the treatment are specified below:
|Data type||End of treatment|
|Data exchanged automatically:
When you access this site, your computer and our server automatically exchange data. The data exchanged may include the following: the identification of your ISP; your IP address; the type of browser and operating system you are using; the pages you visit; the date and time that you access these pages; the referral site address, if you access this site from another website.
|This exchange is necessary for the server to send you a file compatible with the computer equipment you use. These data are collected due to technological requirements inherent in browsing the Internet
The Company reserves the right to keep this data for statistical purposes, in particular to record the number of visits and to know the most frequented pages, the technology used by the visitors, the addresses of the referring sites and the country of origin of the visitors.
|Contact information and other user information:
This is your civic address, email address, username and any other information you provide us when registering an account on the Site, if any, as well as your user’s account settings.
|This information is required to identify you, to communicate with you as needed and to offer you our products and services.|
In addition to the aforementioned data, if we request and provide you with personal information through this Site in order to place an order, close a transaction, make a payment, schedule a delivery, subscribe to services or to publications (newsletters, etc.), to communicate with us, or for any other reason indicated on the Site, you consent to us processing your personal information for these purposes.
3.4. Limits of collection
The collection of personal information by the Company is limited to what is necessary for the purposes indicated or clearly implicit at the time of collection. The Company always obtains personal information by legal means. The Company may collect and use information about a person from a third party where permitted by law and with the consent of the individual in all other cases.
3.5. Limits of conservation
The Company retains the personal information as long as it reasonably needs it for the purposes for which it was collected or as required by law.
3.6. Limitations of use and communication
The Company does not use or disclose personal information for purposes other than those for which it was collected, except with the individual’s consent or as required or permitted by law. The Company is committed to limiting disclosure and access to personal information only to those who need it for the purpose. In particular, we may share personal information with agents and trusted partners who act as data controllers on our behalf, including order fulfillment, payment processing, mailing by the post and e-mail, providing customer service and marketing services. We will not sell your personal data under any circumstances.
The Company may also use third-party computer consultants to provide service and maintenance of the Site as well as products and services that may be offered through the Site. These third-party computer consultants are subject to the confidentiality obligations and instructions of the Company.
If the Company is acquired by, or merges with, another business, your information may be transferred to the acquirer or the amalgamated entity for the same purposes for which it was collected.
In some cases, we are required by law or court procedures to disclose personal information. In this case, we will do our best to notify you in advance, unless prohibited by law or court order. In the latter case, we will ensure that your personal information disclosed is treated confidentially.
The Company makes reasonable efforts to ensure that personal information of individuals is as accurate and complete as is necessary for the purposes for which it is used. An application for correction will only be considered if it is made in writing in accordance with the procedure for requesting access to personal information provided below.
The Company undertakes to enforce and require its subcontractors to apply physical, technological and administrative security measures, in order to maintain the confidentiality of personal information, and to protect them against theft, loss, disclosure or unauthorized access. Personal information held by the Company may be stored in other jurisdictions offering protection equivalent to that provided by the law applicable to the processing of personal information.
Subject to the relevant legislation, upon receipt of a written request from an individual to this effect, the Company will inform the individual if it has any personal information about him/her.
Upon receipt of a written request to do so, the Company transmits a summary of the use that has been or has been made of the information, communicates to the individual the identity of third parties to whom it may have communicated personal information about it and the purposes for which the information is transmitted to the third party.
The Company may deny an individual access to its information in accordance with the relevant laws, in which case it shall give reasons for its refusal unless prohibited by law.
An individual over whom the Company has personal information may complain of non-compliance with this policy.
The Company has a procedure in place for receiving and handling complaints about this policy and its personal information handling practices.
If an individual is not satisfied with the Company’s response to a complaint or the Company’s policies and practices regarding the handling of personal information, he or she may file a complaint with the Commission d’accès à l’information du Québec on the Commissioner’s website at www.cai.gouv.qc.ca.
4. Rights of data subjects under the GDPR
4.1. Application and interpretation
The articles in this section 4 apply only to the extent that the processing of the data in question is subject to the GDPR. In this section, each term or term used that is defined in section 4 of the GDPR has the meaning assigned to it by it. The Company is responsible for the application.
4.2. Commitments of the Company
The Company undertakes to take all the measures required under section 32 of the RGPD relating to the security of processing. The Company will also ensure that people authorized to process personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.
Where processing is to be carried out by a third party on behalf of the Company, the latter undertakes to use only subcontractors who provide sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of applicable privacy laws, including the GDPR, and guarantees the protection of the rights of the concerned person.
4.3. Rights of the people concerned
The Company will respond to requests from the people concerned for the purpose of exercising, at all times, their rights under Chapter III of the GDPR, in particular to:
- The withdrawal of consent;
- Rectification, erasure or deletion of personal data, where appropriate;
- An application to receive their personal data in a commonly used electronic format or for the Company to return the data presented in this format to another provider, insofar as the request relates to the data provided by the data subject directly to the Corporation and that it is technically possible to do so.
6. Contact and representative
For the purpose of applying the GDPR, the Company has appointed Véronique Houde as representative in the European Union. Our European representative can be reached by email at the following address: firstname.lastname@example.org.