Drivewise Simcoe/Brantford/Woodstock Privacy Policy
Your privacy is important to us. It is Drivewise Simcoe/Brantford/Woodstock’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, https://drivewiseontario.ca, and other sites we own and operate.
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.
In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.
This policy is effective as of 16 December 2023
Last updated: 16 December 2023
Information We Collect
Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.
“Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions.
“Automatically collected” information refers to any information automatically sent by your devices in the course of accessing our products and services.
Log Data
When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.
Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Device Data
When you visit our website or interact with our services, we may automatically collect data about your device, such as:
Device type
Operating system
Unique device identifiers
Device settings
Geo-location data
Data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.
Personal Information
We may ask for personal information — for example, when you make a purchase or when you contact us — which may include one or more of the following:
Name
Date of birth
Phone/mobile number
Home/mailing address
Legitimate Reasons for Processing Your Personal Information
We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.
Collection and Use of Information
We may collect personal information from you when you do any of the following on our website:
Enhanced Conversion Tracking
We use Google Ads enhanced conversion tracking to better understand the effectiveness of our advertising and improve our services. This technology helps us measure when a user completes an action on our website, such as submitting a form, after interacting with one of our ads.
What Information Is Collected & How Is This Information Used?
When you submit a form on our website, certain information (such as your email address or phone number) may be collected. This information is securely hashed before being shared with Google and is used only for conversion tracking and ad performance measurement. Hashing is a one-way mathematical function that turns personal data into a string of nondescript text that cannot be reversed or decoded. In the context of cybersecurity, hashing is a way to keep sensitive information and data — including passwords, messages, and documents — secure and private.The Google Data Manager hashes data using the SHA256 algorithm, which is the industry standard for one-way hashing.
In addition, we use Google Analytics 4 (GA4) and Meta Pixels to track user interactions on our website. These technologies help us analyze the effectiveness of our advertising campaigns and improve the user experience. They may collect data such as pages viewed, actions taken, and device information. The data shared with these platforms is anonymized and aggregated to ensure your privacy.
Data Sharing and Cross-Border Transfers
The hashed data from Google Ads enhanced conversion tracking may be transferred to and processed by Google servers located outside Canada, including in the United States. Google’s Data Processing Terms cover the obligations related to how Google processes personal data and includes clauses related to data processing and the use of personal data in advertising.
Data collected through Google GA4 and the Meta Pixel may also be processed by servers located outside Canada. These platforms are committed to safeguarding your data in accordance with their respective privacy policies.
Your Choices and Rights
You can opt out of personalized advertising or conversion tracking by adjusting your Google Ads settings or by visiting the following link: https://adssettings.google.com/
You can also control your ad preferences and tracking settings for Meta and Google. For more details, visit:
- Meta Ads Preferences: https://www.facebook.com/adpreferences/
- Google Ads Settings: https://adssettings.google.com/
More Information
For more information on how Meta, Google Analytics 4, and LinkedIn handle your data, please see their privacy policies:
- Meta Privacy Policy: https://www.facebook.com/privacy/policy
- Google Privacy Policy: https://policies.google.com/privacy and https://safety.google/security-privacy/
- LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Purchase any products and/or services
Purchase a subscription
Use a mobile device or web browser to access our content
Contact us via email, social media, or on any similar technologies
When you mention us on social media
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
to provide you with our platform’s core features and services
to process any transactional or ongoing payments
to deliver products and/or services to you
to contact and communicate with you
for internal record keeping and administrative purposes
to comply with our legal obligations and resolve any disputes that we may have
for security and fraud prevention, and to ensure that our sites and apps are safe, secure, and used in line with our terms of use
We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. For example, if you provide us with your location, we may combine this with general information about currency and language to provide you with an enhanced experience of our site and service.
Security of Your Personal Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring you do not make your personal information publicly available via our platform.
How Long We Keep Your Personal Information
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information such as an email address when contacting us about a specific enquiry, we may retain this information for the duration of your enquiry remaining open as well as for our own records so we may effectively address similar enquiries in future. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
Children’s Privacy
We do not aim any of our products or services directly at children under the age of 13 and we do not knowingly collect personal information about children under 13.
Disclosure of Personal Information to Third Parties
We may disclose personal information to:
a parent, subsidiary or affiliate of our company
third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, ad networks, analytics, error loggers, debt collectors, maintenance or problem-solving providers, providers, professional advisors, and payment systems operators
our employees, contractors, and/or related entities
our existing or potential agents or business partners
credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
third parties, including agents or sub-contractors who assist us in providing information, products, services, or direct marketing to you
third parties to collect and process data
an entity that buys, or to which we transfer all or substantially all of our assets and business
Third parties we currently use include:
Google Analytics
Square
International Transfers of Personal Information
The personal information we collect is stored and/or processed in Canada, or where we or our partners, affiliates, and third-party providers maintain facilities.
The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.
Your Rights and Controlling Your Personal Information
Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example processing and fulfilling orders), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.
Business Transfers
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
Limits of Our Policy
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to This Policy
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
Additional Disclosures for Personal Information Protection and Electronic Documents Act (PIPEDA) Compliance (Canada)
Additional scope of personal information
In accordance with PIPEDA, we broaden our definition of personal information to include any information about an individual, such as financial information, information about your appearance, your views and opinion (such as those expressed online or through a survey), opinions held about you by others, and any personal correspondences you may have with us. While this information may not directly identify you, be aware that it may be combined with other information to do so.
As PIPEDA refers to personal information using the term Personally Identifying Information (PII), any references to personal information and PII in this privacy policy, and in official communications from Drivewise Simcoe/Brantford/Woodstock , are intended as equivalent to one another in every way, shape and form.
Valid Consent
Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place. When you contact us, we assume your consent based on your positive action of contact, therefore you consent to your name and email address being used so we can respond to your enquiry. Under PIPEDA, consent is only valid if it is reasonable to expect that an individual to whom the organisation’s activities are directed would understand the nature, purpose, and consequences of the collection, use, or disclosure of the personal information to which they are consenting.
Where you agree to receive marketing communications from us, we will do so based solely on your indication of consent or until you instruct us not to, which you can do at any time.
While you may request that we delete your contact details at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
International Transfers of Information
While Drivewise Simcoe/Brantford/Woodstock endeavour to keep, store and handle customer data within locations in Canada, it may use agents or service providers located in the United States (U.S.), European Economic Area (EEA) or United Kingdom (UK) to collect, use, retain and process personal information as part of providing services to you. While we use all reasonable efforts to ensure that personal information receives the same level of security in any other jurisdiction as it would in Canada, please be aware that privacy protections under U.S. laws may not be the same adequacy.
Customer Data Rights
Although PIPEDA does not contain an extensive set of consumer rights, it does grant consumers the right to:
Access the personal information organisations hold about them;
Correct any inaccurate or outdated personal information the organisation hold about them (or, if this is not possible, delete the inaccurate personal information)
Withdraw consent for any activities for which they have consented (e.g. direct marketing or cookies
Right to Withdraw Consent
Where you give us consent to collect and use your personal information for a specific purpose. Subject to some restrictions, you can, at any time, refuse to consent, or continue to consent to the collection, use or disclosure of their personal information by notifying us using the email address below in the ‘Contact Us’ section. Withdrawal of consent may impact our ability to provide or continue to provide services.
Customers cannot refuse collection, use and disclosure of their personal information if such information is required to:
be collected, used or disclosed as required by any law;
fulfil the terms of any contractual agreement; and
be collected, used or disclosed as required by any regulators including self regulatory organisations
While you may request that we delete your contact details at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
Right of Access under PIPEDA
PIPEDA gives you a general right to access the PII held by businesses subject to this law. Under PIPEDA, you need to make your access request in writing and pay a minimal fee of $30.00.
If any organisational fees seem unjust, you have the right to complain about this. We retain the right to decide how we disclose the copies of your PII to you. We will take all necessary measures to fulfil your request in 30 days from receipt, otherwise we must inform you of our inability to do so before the 30-day timeframe if:
meeting the time limit would unreasonably interfere with our business activities; or
the time required to undertake consultations necessary to respond to the request would make it impractical to meet the time limit.
We can also extend the time limit for the length of time required to convert the personal information into an alternative format. In these circumstances, we will advise you of the delay within the first 30 days and explain the reason for it.
Right of rectification under PIPEDA
You may request a correction to any factual errors or omissions within your PII. We would ask you to provide some evidence to back up your claim. Under PIPEDA, an organisation must amend the information, as required, if you successfully demonstrate that it’s incomplete or inaccurate.
You may contact us at any time, using the information provided in the Contact Us section of this privacy policy if you believe your PII on our systems is incorrect or incomplete.
If we cannot agree on changing the information, you have the right to have your concerns recorded with the Office of the Privacy Commission of Canada.
Compliance with PIPEDA’s Ten Principles of Privacy
This privacy policy complies with the PIPEDA’s requirements and ten principles of privacy, which are as follows:
Accountability. Drivewise Simcoe/Brantford/Woodstock is responsible for the PII under its control and will designate one or more persons to ensure organisational accountability for compliance with the ten principles of privacy under PIPEDA, whose details are included below. All personnel are accountable for the protection of customers’ personal information.
Identifying purposes. Drivewise Simcoe/Brantford/Woodstock identifies the purposes for which personal information is collected at or before the time the information is collected.
Consent. Consent is required for Drivewise Simcoe/Brantford/Woodstock’s collection, use or disclosure of personal information, except where required or permitted by PIPEDA or other law. In addition, when customers access a product or service offered by us, consent is deemed to be granted. Express consent may be obtained verbally, in writing or through electronic means. Alternatively, consent may be implied through the actions of customers or continued use of a product or service following Drivewise Simcoe/Brantford/Woodstock’s notification of changes.
Limiting collection. Personal information collected will be limited to that which is necessary for the purposes identified by Drivewise Simcoe/Brantford/Woodstock.
Limiting use, disclosure and retention. We will not use or disclose personal information for purposes other than those for which the information was collected, except with your consent or as required by law. We will retain personal information only for as long as is necessary to fulfil the purposes for collecting such information and compliance with any legal requirements.
Accuracy. Personal information will be maintained by Drivewise Simcoe/Brantford/Woodstock in an accurate, complete and up-to-date format as is necessary for the purpose(s) for which the personal information was collected.
Safeguards. We will protect personal information with security safeguards appropriate to the sensitivity of such information.
Openness. We will make our policies and practices relating to the collection and management of personal information readily available upon request, including our brochures or other information that explain our policies, standards, or codes.
Customer access. We will inform customers of the existence, use and disclosure of their personal information and will provide access to their personal information, subject to any legal restrictions. We may require written requests for access to personal information and in most cases, will respond within 30 days of receipt of such requests. Customers may verify the accuracy and completeness of their personal information, and may request the personal information be corrected or updated, if appropriate.
Challenging compliance Customers are welcome to direct any questions or inquiries concerning our compliance with this privacy policy and PIPEDA requirements using the contact information provided in the Contact Us section of this privacy policy.
Cookie Compliance
Our email interactions with our customers are compliant with Canadian Anti-Spam Legislation. The Company does not send unsolicited email to persons with whom we have no relationship. We will not sell personal information, such as email addresses, to unrelated third-parties. On occasion, your personal information may be provided to our third-party partners to administer the products and services you request from us.
When you leave our website by linking to another website, you are subject to the privacy and security policies of the new website. We encourage you to read the privacy policies of all websites you visit, especially if you share any personal information with them.
Please refer to our Cookie Policy for more information.
Enquiries, Reports and Escalation
To enquire about Drivewise Simcoe/Brantford/Woodstock’s privacy policy, or to report violations of user privacy, you may contact us using the details in the Contact us section of this privacy policy.
If we fail to resolve your concern to your satisfaction, you may also contact the Office of the Privacy Commissioner of Canada:
30, Victoria Street
Gatineau, Quebec K1A 1H3
Toll Free: 1.800.282.1376
www.priv.gc.ca
Contact Us
For any questions or concerns regarding your privacy, you may contact us using the following details:
Kristine Hill: [email protected]