Token Privacy Policy

Token Creative Services (“Token”, “we”, “us” or “our”) is committed to protecting your privacy and confidentiality in accordance with its obligations under the Personal Information Protection and Electronic Documents Act (PIPEDA) and the applicable provincial privacy legislation.

This Privacy Policy (the “Policy”) explains how we may collect, use and disclose your Personal Information. We urge you to read the Policy carefully in order to gain a clear understanding of how we may collect, use or disclose your Personal Information in the course of your use of our products, services and websites (belonging to the domain tokencs.ca and any other subdomains therein). This Policy covers the following:

What is Personal Information?

What Personal Information do we collect?

How do we collect your Personal Information?

Cookies and tracking technologies

How do we use your Personal Information?

How do we share your Personal Information?

How long do we retain your Personal Information?

Where do we store your Personal Information?

How do we protect your Personal Information?

What do we do in case of a privacy or security breach?

How can you access or correct any inaccuracies in your Personal Information?

Your choices with respect to the collection, use and disclosure of your Personal Information

(i) How can you disable cookies and tracking technologies?

(ii) How can you opt-out of the collection, use or disclosure of your Personal Information, including for the purposes of advertising and marketing?

Links to other websites

Resolving your privacy concerns

Changes to this Privacy Policy

The following is a short summary of the key elements of this Policy. You can read the full version of the Policy following the summary.

Summary
We may collect the following Personal Information:

name, email address, telephone number;

information that may be collected automatically, including through the use of analytics tools, such as website URLs, device identifier and usage information.

We may use your Personal Information for the following purposes:

to provide you with our products, services and websites;

to complete transactions and process payment; 

to respond to your inquiries;

to provide a better user experience with respect to the use of our websites;

to provide you with a customized user experience, including with tailored advertisements (you can opt out of Interest-Based advertisement)

to continue improving the quality of our products, services and websites; 

to communicate with you about our products and services, including updates or newsletters, or to deliver content that may be of interest to you;

to ensure that our websites remain functioning and secure;

to investigate, prevent or act on any illegal activities or violations of the Terms of Service. 

We may share your Personal Information with the following parties:

(a) individuals or organizations who are our advisers or consultants;

(b) service providers, including individuals or organizations who are, or may be, involved in maintaining, reviewing and developing our systems, procedures and infrastructure including testing or upgrading of our computer systems;

(c) the following advertising and marketing service providers: Facebook Messenger/Advertising Pixels, Google Analytics, Google Ads, HotJar and Hubspot;

https://www.facebook.com/policies/ads/

https://marketingplatform.google.com/about/analytics/terms/us/

https://policies.google.com/technologies/ads?hl=en-US

https://www.hotjar.com/legal/policies/privacy

https://legal.hubspot.com/privacy-policy

(d) our accounting services provider, Quickbook;

https://quickbooks.intuit.com/eu/privacy-policy/

(e) collaboration and productivity apps: Google G-Suite;

https://gsuite.google.com/terms/2013/1/premier_terms.html

You have the following choices:
Depending on the products, services or your use of our website, your choices may include the following:

Interest-based advertising. Visit the Network Advertising Initiative’s online resources, and/or the DAA’s resources to learn about how you may opt-out of certain interest-based advertising. Note that some of these opt-outs may not be effective unless your browser is set to accept cookies. Furthermore, if you use a different device, change browsers or delete cookies, you may need to perform the opt-out task again. 

Cookies Settings and Preferences. You may disable cookies and other tracking technologies through the settings in your browser. 

E-mail Settings and Preferences. If you no longer want to receive marketing e-mails from us, you may choose to unsubscribe at any time. You can also set your e-mail options to prevent the automatic downloading of images that may contain tracking technologies. 

Opt-Outs. You may contact us to opt out of the use of your personal information for marketing purposes and/or the provision of your personal information to our business partners for such purposes. 

In case of a breach of security safeguards, we will:

determine whether the breach creates a real risk of significant harm to you, including physical, financial or reputational harm;

notify you, the Office of the Privacy Commissioner of Canada and any provincial Information and Privacy Commissioners, as appropriate;

notify any other organization or government institution that can reduce the risk or mitigate the harm from the breach; and

keep a record of the breach in accordance with our legal obligations.

How to contact us:

For more information about this Policy, our privacy practices or to obtain access to or correction of your Personal Information, please contact our Privacy Officer at privacy@tokencs.ca.

 

Privacy Policy
Privacy Principles

Token complies with the following principles set out in Schedule I to PIPEDA:

Principle 4.1 (Accountability) – An organization is responsible for personal information under its control and must designate an individual responsible for compliance with PIPEDA;

Principle 4.2 (Identifying Purposes) – An organization must specify why it is collecting personal information, and such purposes must be identified at or before the information is collected;

Principle 4.3 (Consent) – An organization must obtain an individual’s consent for the collection of personal information and subsequent use and disclosure;

Principle 4.4 (Limiting Collection) – An organization must limit the collection of information to that which is necessary for the identified purposes;

Principle 4.5 (Limiting Use, Disclosure, and Retention) – An organization must not use or disclose personal information for a purpose other than for which it was collected, except with the consent of the individual or where required or permitted by law;

Principle 4.6 (Accuracy) – An organization must ensure that personal information it maintains is accurate, complete, and up to date;

Principle 4.7 (Safeguards) – An organization must take appropriate safeguards to protect personal information;

Principle 4.8 (Openness) – An organization must be open about its policies and practices;

Principle 4.9 (Individual Access) – An organization must provide individuals with a right of access to their personal information, subject to certain restrictions as set out in PIPEDA; and

Principle 4.10 (Challenging Compliance) – An organization must advise individuals of its complaint procedures.

1. What is Personal Information?
"Personal Information" means any information, recorded in any form, about an identified individual or an individual whose identity may be inferred or determined from such information. “Personal Information” may or may not include business contact information, depending on the jurisdiction.  

This Policy does not cover anonymized aggregated data from which the identity of an individual cannot be determined. Token retains the right to use business contact information and aggregated data in any way that it determines appropriate.

2. What Personal Information do we collect?
We may collect the following types of personal information when you fill out contact forms on our websites: name, email address, telephone number. 

Information collected automatically

Our websites may also be configured to collect domain information, including through the use of analytics tools, such as website URLs, device identifier and usage information.

3. How do we collect your Personal Information?
Token only collects Personal Information for purposes that would be considered reasonable in the circumstances and only such information as is required for the purposes of providing our products, services or websites. We use only fair and lawful methods to collect Personal Information. 

(i) Consent

Unless permitted by law, no Personal Information is collected, without first obtaining the consent of the individual concerned to the collection, use and disclosure of that information. However, we may seek consent to use and disclose Personal Information after it has been collected in those cases where we wish to use the information for a new or different purpose where the individual concerned has not already consented to such a use of their personal information.

(ii) Withdrawing your consent

In most cases and subject to legal and contractual restrictions, you are free to refuse or withdraw your consent at any time upon reasonable, advance notice. Consent cannot be withdrawn retroactively. It should be noted that in certain circumstances, our products or services can only be offered if you provide us with your Personal Information. Consequently, if you choose not provide us with the required Personal Information, we may not be able to offer you these products or services. We will inform you of the consequences of the withdrawal of consent. 

4. Cookies and tracking technologies 
We use cookies (data files placed on your device) on our website to collect usage information when you visit our websites. Cookies may also be used to associate you with social networking sites like Facebook and, if you so choose, enable interaction between your activities on our websites and your activities on such social networking sites. We, or our third party advertising partners, may place cookies or similar files on your device for security purposes, to facilitate site navigation, and for the purposes of Interest-based advertising to personalize your experience while visiting our websites (such as to select which ads or offers are most likely to appeal to you, based on your interests, preferences, location, or demographic information), as well as for market research related purposes. 

Disabling cookies: To learn how you may be able to reduce the number of cookies you receive from us, or disable cookies that have already been installed in your browser's cookie folder, please refer to your browser's help menu or other instructions related to your browser. You can also learn more about cookies by visiting www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies using different types of browsers. Note that while disabling cookies may negatively affect your user experience on our websites, it will not prevent us from transacting with you.

5. How do we use your Personal Information?
We use the information we collect for the following purposes:

to provide you with our products, services and websites;

to complete transactions and process payment; 

to respond to your inquiries;

to provide a better user experience with respect to the use of our websites;

to provide you with a customized user experience, including with tailored advertisements (you can opt out of Interest-Based advertisement);

to continue improving the quality of our products, services and websites; 

to communicate with you about our products and services, including updates or newsletters, or to deliver content that may be of interest to you;

to ensure that our websites remain functioning and secure;

to investigate, prevent or act on any illegal activities or violations of the Terms of Service. 

Our use of Personal Information is limited to the purposes described in this Policy. We do not otherwise sell, trade, barter, exchange or disclose for consideration any Personal Information we have obtained. 

6. How do we share your Personal Information?
We may share your Personal Information with the following third parties: 

(a) individuals or organizations who are our advisers or consultants;

(b) service providers, including individuals or organizations who are, or may be, involved in maintaining, reviewing and developing our systems, procedures and infrastructure including testing or upgrading of our computer systems;

(c) the following advertising and marketing service providers: Facebook Messenger/Advertising Pixels, Google Analytics, Google Ads, HotJar and Hubspot ;

https://www.facebook.com/policies/ads/

https://marketingplatform.google.com/about/analytics/terms/us/

https://policies.google.com/technologies/ads?hl=en-US

https://www.hotjar.com/legal/policies/privacy

https://legal.hubspot.com/privacy-policy

(d) our accounting services provider, Quickbook;

https://quickbooks.intuit.com/eu/privacy-policy/ 

(e) collaboration and productivity apps: Google G-Suite;

https://gsuite.google.com/terms/2013/1/premier_terms.html 

(i) Third Party Service Providers 

We may contracts with third party service providers to provide support services required for the provision of our products, services or websites. When we transfer Personal Information to service providers or contractors that perform services on its behalf, we will require those third parties to use such information solely for the purposes of providing services to us or our users, and to have appropriate safeguards for the protection of that Personal Information. 

(ii) Interest-based Advertisement 

We participate in interest-based advertising and use third party advertising companies (Facebook Messenger/Advertising Pixels, Google Analytics, Google Ads, HotJar to serve you targeted advertisements based on your browsing history. We permit these companies to collect information about your use of our websites over time so that they may play or display ads on our websites, or other websites, apps or services you may use, and on other devices you may use. 

Typically, though not always, the information used for interest-based advertising is collected through cookies or similar tracking technologies, which recognize the device you are using and collect information, including click stream information, browser type, time and date you visited the site and other information. We may share a common account identifier (such as an email address or user ID) with our third party advertising partners to help identify you across devices. We and our third party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research. 

See Your Choices below, to learn more about how you may control or opt out of interest-based advertising.

(iii) Where Disclosure can be made without consent

Please note that there are circumstances where the use and/or disclosure of Personal Information may be required or permitted without consent.  Such circumstances may include:

(a) Where required by law or by order or requirement of a court, administrative agency or governmental tribunal;

(b) Where Token believes, upon reasonable grounds, that it is necessary to protect the rights, privacy, safety or property of an identifiable person or group;

(c) Where it is necessary to permit us to pursue available remedies or limit any damages that we may sustain; 

(d) Where the information is public as permitted by law; 

(e) Where it is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity; or

(f) Where it is necessary for the purpose of a prospective business transaction if the information is necessary to determine whether to proceed with the transaction or to complete the transaction, or a completed business transaction where the information is necessary to carry on the activity that was the object of the transaction. A “business transaction” includes:

the purchase, sale or other acquisition or disposition of an organization or a part of an organization, or any of its assets;

the merger or amalgamation of two or more organizations; 

the making of a loan or provision of other financing to an organization or a part of an organization; 

the creating of a charge on, or the taking of a security interest in or a security on, any assets or securities of an organization; 

the lease or licensing of any of an organization’s assets; and 

any other prescribed arrangement between two or more organizations to conduct a business activity.

Where required or permitted to disclose information without consent, we will not disclose more information than is required.

7. How long do we retain your Personal Information?
We keep your Personal Information only as long as it is required for the reasons it was collected.  The length of time we retain information varies, depending on the purpose for which it was collected and the nature of the information. This period may extend beyond the end of your relationship with us but it will be only for so long as it is necessary for us to have sufficient information to respond to any issues that may arise at a later date. When your Personal Information is no longer required for the purposes for which it was collected, we will destroy, delete, erase or convert it into an anonymous form.

8. Where do we store your Personal Information?
(i) Secure CRM system

We store the Personal Information we collect on our secure cloud-based Customer Relationship Management (CRM) system on servers which may be located outside Canada. 

(ii) Cross Border Transfer of Information

Token may transfer personal information to a service provider which is located outside of Canada where privacy laws may offer different levels of protection from those in Canada. Your Personal Information may also be subject to access by and disclosure to law enforcement agencies under the applicable foreign legislation. 

9. How do we protect your Personal Information?
Token endeavours to maintain appropriate physical, procedural and technical security with respect to its offices and information storage facilities so as to prevent any loss, misuse, unauthorized access, disclosure, or modification of Personal Information. This also applies to our disposal or destruction of Personal Information. We further protect Personal Information by restricting access to it to those employees that require access to the information in order to provide our products, services or website.  

10. What do we do in case of a privacy or security breach?
A “breach of security safeguards” is defined as the loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of an organization’s security safeguards or from a failure to establish those safeguards. In case of a breach of security safeguards involving your Personal Information under our control, we will notify you and the Privacy Commissioner of Canada, and any provincial Information and Privacy Commissioner, as appropriate, if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to you, including physical, financial or reputational harm. We will also notify any other organization or government institution that can reduce the risk or mitigate the harm from the breach. We will keep a record of all breaches in accordance with our legal obligations.

11. How can you access or correct any inaccuracies in your Personal Information?
Token endeavors to ensure that any Personal Information provided and in its possession is as accurate, current and complete as necessary for the purposes for which we use that information. If we become aware that Personal Information is inaccurate, incomplete or out of date, we will revise the Personal Information and, if necessary, use its best efforts to inform third party service providers or contractors which were provided with inaccurate information so that those third parties may also correct their records.

Token permits the reasonable right of access and review of Personal Information held by us about an individual and will endeavour to provide the information in question within a reasonable time, generally no later than 30 days following the request. To guard against fraudulent requests for access, we may require sufficient information to allow us to confirm that the person making the request is authorized to do so before granting access or making corrections.  

12. Your choices with respect to the collection, use and disclosure of your Personal Information
Cookies Settings and Preferences: You may disable cookies and other tracking technologies through the settings in your browser. However, doing so may negatively affect your ability to access certain features of our websites and/or receive our services. However, disabling cookies and other tracking technologies will not prevent you from transacting with us. 

Interest-based advertising: Visit the Network Advertising Initiative’s online resources, and/or the DAA’s resources to learn about how you may opt-out of certain interest-based advertising.  Some of these opt-outs may not be effective unless your browser is set to accept cookies. Furthermore, if you use a different device, change browsers or delete cookies, you may need to perform the opt-out task again. 

E-mail communications: If you no longer want to receive marketing e-mails from us, you may choose to unsubscribe at any time. 

Marketing and advertising emails: You may contact us to opt out of the use of your personal information for marketing and advertising purposes and/or the provision of your personal information to our business partners for such purposes. 

13. Links to other websites 
We may provide links to, or automatically produce search results for, third-party websites or resources or third-party information referencing or linking to third-party websites or resources. Token has no control over such third-party websites and resources, and you acknowledge and agree that Token is not responsible for the content or information contained therein. When you follow such a link, you are no longer protected by our Privacy Policy, and we encourage you to read the privacy statements or other disclaimers of such other parties. Token is not responsible for the privacy or security practices or the content of external websites, services or products. 

Token cannot and does not guarantee, represent or warrant that the content or information contained in such third-party websites and resources is accurate, legal, non-infringing or inoffensive. Token does not endorse the content or information of any third-party Web site or resource and, further, Token does not warrant that such websites or resources will not contain viruses or other malicious code or will not otherwise affect your computer. By using any of Token’s systems or websites to search for or link to a third-party website, you agree and understand that Token shall not be responsible or liable, directly or indirectly, for any damages or losses caused or alleged to be caused by or in connection with your use of, or reliance on, Token to obtain search results or to link to a third-party website.

14. Resolving your Privacy Concerns 
In the event of questions about: (i) access to your Personal Information;  (ii) our collection, use, management or disclosure of Personal Information; or (iii) this Policy; please contact our Privacy Officer by sending an e-mail to privacy@tokencs.ca.

We will investigate all complaints and if a complaint is justified, we will take all reasonable steps to resolve the issue. If we are unable to resolve your concerns to your satisfaction you may contact the Privacy Commissioner of Canada by writing to:

Office of the Privacy Commissioner of Canada

30, Victoria Street

Gatineau, Quebec

K1A 1H3

https://www.priv.gc.ca/en/contact-the-opc/ 

15. Changes to this Privacy Policy
We will update this policy from time to time if our practices change or if the law requires changes to it. We will post any Privacy Policy changes on this page, and, if the changes are significant, we will provide a more prominent notice and a summary of the relevant changes at the top of the page. You should review this policy regularly for changes, and can easily see if changes have been made by checking the Effective Date below. If you do not agree to the terms of this Privacy Policy or any other Token policy, agreement, or disclaimer, you should exit the site and cease use of all Token services immediately. Your continued use of the website and services following the posting of any changes to this Policy means you agree to be bound by the terms of this Policy.

Effective Date: This Privacy Policy was last updated on June 24, 2019.