Privacy Policy for Smartmatch Systems Inc

Information We Collect

We collect the following types of personal information:

• The Information Smartmatch Systems Inc. Users Provide: We collect personal information that our users provide to us when they register for an account, use our services, or communicate with us. This includes names, email addresses, phone numbers, and other contact information.
• The Information Smartmatch Systems Inc. Collect Automatically: We collect information about how our users interact with our services, including the pages they visit, the links they click, and other actions they take.
• The Information Smartmatch Systems Inc. Collect From Other Sources: We may receive information about our users from other sources, such as public databases, marketing partners, social media platforms, and other third parties.

All information collected by Smartmatch Systems Inc. is considered private data.

Clients are responsible for providing complete and accurate personal information to SmartMatchApp during information collection or in case of any changes. SmartMatchApp doesn’t manipulate the data provided by clients.

We will not share our clients’ information with any third party outside of our organization, other than as necessary to fulfill the client’s request, e.g. to support you in the daily operation of the software. Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy. Smartmatch Systems Inc. reserves the right to share clients’ use cases on public social channels.

Use of Information

Smartmatch Systems Inc. uses the personal information we collect to:

• Provide and improve our services.
• Communicate with our clients about our services.
• Personalize our clients’ experience with our services.
• Prevent fraud and other prohibited or illegal activities.
• Enforce our terms and conditions and other policies.

Disclosure of Information

We may disclose your personal information to:

Service Providers: We may share your personal information with service providers who perform services on your behalf, such as hosting, data analysis, and customer support services.

Legal Requirements: We may disclose your personal information if required by law, regulation, or court order.

Your Rights and Choices

You have the right to:

• Access, correct, or delete your personal information.
• Object to our processing of your personal information.
• Withdraw your consent at any time.
• Request a copy of your personal information.
• Express any concern you have about our use of your data.

To exercise their rights, our users can contact us using the contact information provided on our website or the Contact Us page

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected. Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers where we store personally identifiable information are kept in a secure environment.

Detailed information can be found in the Smartmatch Systems Inc. Information Security Policy and other Security-related policies.

Privacy Standards

PIPEDA ( Personal Information Protection and Electronic Documents Act ) – An Act to extend the present laws that protect the privacy of individuals and that provide individuals with a right of access to personal information about themselves.

Smartmatch Systems Inc. privacy standards are based on the Principles Set Out in the National Standard of Canada Entitled Model Code for the Protection of Personal Information, https://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-11.html#h-26 It addresses: the ways in which organizations collect, use and disclose personal information; the rights of individuals to have access to their personal information; and the right to have it corrected, if necessary: http://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-11.html#h-26 The Model Code’s 10 principles are (These principles are usually referred to as “fair information principles”. They are the foundation of PIPEDA. )

Principle 1 - Accountability. An organization is responsible for personal information under its control. It must appoint someone to be accountable for its compliance with these fair information principles.

Principle 2 - Identifying Purposes. The purposes for which the personal information is being collected must be identified by the organization before or at the time of collection.

Principle 3 - Consent. The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.

Principle 4 - Limiting Collection. The collection of personal information must be limited to that which is needed for the purposes identified by the organization. The information must be collected by fair and lawful means.

Principle 5 - Limiting Use, Disclosure, and Retention. Unless the individual consents otherwise or it is required by law, personal information can only be used or disclosed for the purposes for which it was collected. Personal information must only be kept as long as required to serve those purposes.

Principle 6 - Accuracy. Personal information must be as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.

Principle 7 - Safeguards. Personal information must be protected by appropriate security relative to the sensitivity of the information.

Principle 8 - Openness. An organization must make detailed information about its policies and practices relating to the management of personal information publicly and readily available.

Principle 9 - Individual Access. Upon request, an individual must be informed of the existence, use, and disclosure of their personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Principle 10 - Challenging Compliance. An individual shall be able to challenge an organization’s compliance with the above principles. Their challenge should be addressed to the person accountable for the organization’s compliance with PIPEDA, usually their Chief Privacy Officer.

Canadian GDPR Adequacy Designation

It is important to note that PIPEDA has been recognized as providing an adequate level of privacy protection relative to the GDPR. This “adequacy” determination, one of the original reasons for enacting PIPEDA, permits Canadian organizations to process the personal information of EU residents without having to comply with the “Privacy Shield” which governs U.S. companies.

While a review of compliance requirements under the GDPR reveals that many are reflected in Canadian privacy law already, a number are potentially more rigorous. SMA updated its procedures, documents, and policies to meet the following additional new compliance requirements:

Breach reporting

The requirement for reporting breaches to the relevant “data protection authority”, where feasible, within 72 hours of the occurrence. As we know, PIPEDA has been amended to provide for reporting of breaches, as well as notification of affected individuals – another new GDPR requirement. However, these new PIPEDA rules do not stipulate a specific time period for reporting.

Accountability

A key new GDPR compliance requirement is internal organizational accountability, specifically the establishment of a comprehensive data protection program. Such a program must include documented policies and procedures, maintaining detailed records of all data processing activities, guided by the principle of “privacy by design and by default”. While some features of this requirement go beyond what is dictated expressly under PIPEDA, Canadian businesses again are familiar with this overall dictate which is consistent with guidance issued by the federal and provincial Privacy Commissioners.

Substantive privacy rights

The GDPR also stipulates a number of new or enhanced substantive privacy rights for individuals which organizations will need to address and build into their privacy protection procedures, including the following:

Consent

Must be a freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing of his or her personal data and must be given by a statement or a clear affirmative action.

Right to erasure (“right to be forgotten”)

Broader than under the Directive and not specifically provided for under Canadian privacy laws.
Right of individuals to restrict processing of their data.
E.g. when accuracy is challenged - expanded.

Data portability

The right of individuals to transfer their data from one data collector to another.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated Privacy Policy will be posted on our website with the last revision date. We encourage you to review the Privacy Policy periodically.

Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at the Contact Us page

Effective Date

This Privacy Policy is effective as of May 4, 2017
This Privacy Policy was reviewed and approved on Jul 1, 2023