Privacy and Data Protection Notice
At SkyPower Global (hereafter referred to as “SkyPower” or the “Company”), including its affiliates (“our”, “us” or “we”), we are committed to maintaining the confidentiality and privacy of your personal information (referred to herein as personal data). The purpose of this Privacy and Data Protection Notice (“Privacy Notice”) is to explain the types of personal data that SkyPower collects, how the personal data is obtained, how it is used and the choices that you have regarding our use of, and your ability to review and correct, the information we collect about you.
This Privacy Notice applies for all business activities involving SkyPower, including users accessing our website or parties engaging in communications or transactions with SkyPower. Please read this Privacy Notice as it provides important information regarding your use of our website, our data and privacy practices and explains your rights.
What Information We Collect
Personal information or personal data is data about an “identifiable individual”. Examples of the personal data we collect may include your name, postal address, email address, phone number, date of birth, job title, as well as any other information you choose to provide to us. We may collect information about visits to the site.
Whether you choose to provide information requested by SkyPower is completely your own choice; however, if you choose not to provide the information we request, you may be unable to receive or access certain services, offers and information.
Collecting Information of Minors
We do not collect personal data of minors.
Protecting Your Information
While we are committed to developing, implementing, maintaining, monitoring and updating a reasonable information security program, unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. Data security incidents and breaches can occur due to vulnerabilities, criminal exploits or other factors that cannot reasonably be prevented. Accordingly, while our reasonable security program is designed to manage data security risks and thus help prevent data security incidents and breaches, it cannot be assumed that the occurrence of any given incident or breach results from our failure to implement and maintain reasonable security. As a result, while we strive to protect your personal information/personal data, you acknowledge that: (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity, and privacy of any and all information and data exchanged between you and us through the website cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party.
If you have reason to believe that your interaction with SkyPower is no longer secure, please immediately notify SkyPower of the problem by contacting SkyPower in accordance with the “Contacting SkyPower” section below.
We keep your personal data for as long as it is required by us for our legitimate business purposes, to perform our contractual obligations, or where longer, such longer period as is required by law or regulatory obligations which apply to us.
Links to Third-Party Websites
Privacy and Data Protection Policy
The EU has recognized PIPEDA as providing adequate protection in respect of businesses. Canada’s adequacy status ensures that data processed in accordance with the GDPR can be subsequently transferred from the EU to Canada without requiring additional data protection safeguards. According to the GDPR, SkyPower is the controller of your Personal Data.
Principle 1: Accountability
SkyPower is responsible for maintaining and protecting personal data under its control. In fulfilling this mandate, SkyPower is required to designate an individual or individuals who are accountable for the Company’s compliance with the following principles.
SkyPower’s Vice President, Compliance is the Privacy Officer of SkyPower and is responsible for ensuring the protection of personal data collected, used, or disclosed by the Company and compliance with the governing legislation.
In the event of a breach of Personal Data, the Privacy Officer will oversee the risk assessment of the breach and will advise the business concerning whether or not the individual(s) whose information was disclosed should be advised of the disclosure.
Principle 2: Identifying Purposes
The purposes for which personal data is collected shall be identified by SkyPower before or at the time the personal data is collected.
Only that personal data will be collected which is necessary for our own internal business purposes, including lawful purposes related to recruitment.
Principle 3: Consent
The knowledge and consent of the individual is required for the collection, use or disclosure of personal data, except where required or permitted by law.
Prior consent will be obtained for the Company to collect, use, or disclose to third parties, Personal Data about an individual. Any use of the personal data other than that for which it was collected, will be identified to the individual, and will require the consent of the individual.
Consent may be obtained in a wide variety of forms and may be expressed or implied by the individual. Express consent is given in writing (or electronically), and consent is implied when it can be reasonably inferred by action or inaction by the individual. Under the GDPR, consent must be given by a statement or a clear affirmative act establishing a freely given, specific, informed, and unambiguous indication of an individual’s agreement to the processing of their personal data.
An individual can withdraw consent which has been given to the Company at any time – provided this is not prohibited by law, or by a contractual arrangement which the individual has entered into.
The Company can collect or use personal data without the knowledge or consent of the individual in exceptional circumstances where such collection or use is permitted or required by law such as when asking for consent may compromise the availability or accuracy of the data being sought and collection relates to an investigation of a breach of an agreement, or contravention of laws of Canada or a province or another jurisdiction in which the
Company is carrying on business.
There may be times when the Company must disclose personal data about an individual, without the individual’s consent or knowledge. For example, the Company may have to disclose personal data when served with a court order, or pursuant to any legal or regulatory requirement, to assist in law enforcement, or in the detection or prevention of fraud.
Principle 4: Limiting Collection
The collection of personal data shall be limited to that which is necessary for the purposes identified by SkyPower. Personal data shall be collected by fair and lawful means.
The Company, upon request, will inform the individual when and how it collects personal dataand will not deceive or overtly or covertly coerce the individual into providing personal data. Personal data will not be collected in contravention of any law or regulation.
The Company does not solicit or knowingly accept information from persons under the age of 18.
Principle 5: Limiting Use, Disclosure and Retention
Personal data shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual, or as required by law. Personal data shall be retained only as long as necessary for the fulfillment of those purposes. The Company stores personal data at its headquarters in Toronto, Canada.
The Company will not use personal data for any purposes other than those for which it was collected.
The Company will retain personal data in accordance with the documented retention criteria set forth in the policies of SkyPower.
The Company will destroy personal data in accordance with documented procedures.
Portions of services may be provided by organizations with which the Company has a contractual relationship. In such cases, the Company may provide collected personal data to these organizations. These vendors and services companies agree in accordance with contractual obligations to respect the confidentiality of such information, safeguard it, and abide by applicable law. The Company may also be required to disclose personal data in response to requests by legal, governmental, or regulatory agencies with proper jurisdiction.
In certain circumstances, the Company may be required to use or disclose personal data without the individual’s consent, as outlined in Principle 3: Consent.
Principle 6: Accuracy
Personal information shall be as accurate, complete and up to date as is necessary for the purposes for which it is to be used.
The Company will use commercially reasonable efforts to update the personal data it holds about an individual as necessary, to prevent inaccurate personal data from being disclosed and as applicable to avoid making wrong or unfair decisions about the individual.
Principle 7: Safeguards
Personal data shall be protected by security safeguards appropriate to the sensitivity of the Personal Data.
The Company takes responsibility to protect the security and privacy of the personal data it collects from loss; theft; unauthorized access; unauthorized or accidental disclosure, use, copying, change, modification, or erasure.
Policies and procedures are reviewed on at least an annual basis to assure that they are appropriate and effective.
The GDPR requires Controllers, such as SkyPower, to adopt internal policies and implement appropriate technical and organizational measures which meet the principles of data protection by design and data protection by default.
Under the GDPR, data protection impact assessments will become mandatory when processing data, particularly using new technologies, is likely to result in a high risk to the rights and freedoms of natural persons.
In addition, the GDPR requires that data breaches be reported to the competent supervisory authority without undue delay and where feasible, within 72 hours of the organization becoming aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
Principle 8: Openness
SkyPower shall make readily available to individuals and website users’ specific information about its policies and practices relating to the management of personal data.
Principle 9: Individual Access
Upon request, individuals and website users shall be informed of the existence, use and disclosure of their personal data and shall be given access to that personal data. An individual shall be able to challenge the accuracy and completeness of the personal data and have it amended as appropriate.
An individual has the right to request access to his/her personal data. The Company will action the request within 30 days or notify the individual that an extension is required and the reasons for the extension. If requested, the Company will let an individual know how and for what purposes it has used or uses personal data, and the names of any third parties to which it has or may have been disclosed. As required by the GDPR an individual has the right of access, including a right to data portability, meaning that an individual has the right to receive their personal data from the Company in a structured, commonly used and machine-readable format so they can transfer those data to another data controller without hindrance.
There may be limited and specific circumstances when the Company cannot allow the individual access to certain records, which may contain personal data about the individual. For example:
• The records may contain information about other individuals, or other parties to whom the Company owes a duty of confidentiality under law and the excepted information cannot be severed.
• The personal data may be subject to solicitor-client or litigation privilege.
• The personal data would reveal information that is the confidential commercial information of the Company; and
• The personal data cannot be disclosed for legal reasons.
If these circumstances are encountered, the reasons for withholding access will be explained to the individual and the contact information for the Privacy Officer, who can answer the individual’s questions concerning the refusal.
In addition, the GDPR grants the more express and expansive right to require organizations to “erase” or delete individuals’ personal information without undue delay in certain circumstances. This GDPR “right to be forgotten” is nonetheless subject to certain exceptions, including when the processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation or the establishment, exercise or defence of legal claims; or for reasons of public interest such as public health, archiving, statistical purposes, or for scientific or historical research.
Principle 10: Challenging Compliance
Clients shall be able to address a challenge concerning compliance with the above principles to the Privacy Officer. The Privacy Officer is accountable for the Company’s compliance and will respond to all request for information or will investigate all complaints, as the case may be.
If you would like to exercise any of these rights, please feel free to email the Skypower Privacy Officer at: email@example.com.
To improve the services we can offer you, SkyPower may opt to expand our capabilities for obtaining information, including personal data, about users in the future. SkyPower will update this Privacy Notice when necessary to ensure that you are aware of developments in this area.
SkyPower will post those changes on our website and update our Privacy Notice so that you will know what information we collect online, how we use it and what choices you have. Please be sure to check this page before proceeding to use our website. Regardless of any changes we make to our Privacy Notice, SkyPower will always use your personal data in accordance with the version of the Privacy Notice in place at the time you provided your information, unless you give your express consent for us to do otherwise.
Additional Privacy Terms
In conducting business with SkyPower or using our website, you may be required to agree to additional written or electronic agreements, including additional privacy terms and conditions (“Additional Privacy Terms”), as a condition to visiting the website. In the event of any conflict between the Additional Privacy Terms and this Privacy Notice, the Additional Privacy Terms shall prevail but we will treat personal data that you provide to us before we adopt such Additional Privacy Terms in accordance with the terms of this Privacy Notice, unless and until you agree with the application of the Additional Privacy Terms to your personal data collected by us prior to the updates or amendments.
When you are based in the EU and the EEA, personal data collected from you, including via the website of the Company may be transferred to SkyPower at its corporate headquarters in Canada or to one or more of its affiliates. You hereby consent to the transfer of your personal data to recipients as described in this Privacy Notice which are located outside of the EU/EEA. You may withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Do Not Track
Most web browsers and some mobile operating systems include a Do Not Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. Because there is not yet a common understanding of how to interpret the DNT signal, the websites currently do not respond to DNT browser signals or mechanisms.
Use of this Website
If you do not agree with the terms set forth above, please discontinue the use of this website.
SkyPower is constantly working to make the SkyPower website as usable and accessible as possible for every user.
We have made every effort to ensure that this website meets or exceeds the relevant legal requirements. We believe that this website meets or exceeds the requirements of the level A criteria of the World Wide Web Consortium Web Accessibility Initiative (WCAG WAI) 2.0 Guidelines.
The website should be compatible with recent versions of all assistive devices.
Questions and Feedback
We intend that you should have no difficulty in accessing any information on this website. However, if you do have any difficulty, we want to hear from you so that we can put things right. Please contact us at firstname.lastname@example.org submit your comment or question in writing to the following address:
SkyPower GlobalCommerce Court West
199 Bay Street | 44th Floor | Suite 4400 | Toronto, Ontario | M5L 1E9 | Canada
Attention: Privacy Officer
LAST UPDATED 12/17/2020