We have implemented safeguards to protect personal information under our control, and regularly review our practices to ensure they align with reasonable practices appropriate to the level of sensitivity of the information, in order to safeguard personal information against loss or theft, unauthorized access, alteration or disclosure.
Although we take steps to safeguard the personal information under our control, “perfect security” does not exist online or elsewhere. In particular, we cannot guarantee the security of information posted or transmitted using our Service or via email. It is possible that third parties may unlawfully intercept or access such information.
Our Service may contain links to other applications or Internet resources which are provided solely for your convenience and information. When you click on one of those links you are contacting another Internet resource. Quantum Pigeon and our corporate affilaites have no responsibility or liability for, or control over, those other Internet resources or their collection, use and disclosure of your personal information. We encourage you to read the privacy policies of those other Internet resources to learn how they collect and use your personal information.
By using our Service or otherwise by choosing to provide us with your personal information, you acknowledge and consent to the processing of your personal information in Canada in accordance with this Policy and as may be further identified when the personal information is collected. If you are located or residing outside of Canada, please be aware that our Service is intended for and directed to users in Canada, and the privacy laws and principles in Canada may differ and not offer the same level of protection as those in your location or residing country/region. Through your continued use of our Service you are transferring your personal information to Canada and you expressly consent to that transfer. We will use this consent as the legal basis for such data transfer, unless otherwise stated in this Policy.
If you do not consent to the processing of your personal information in accordance with this Policy, please do not access or continue to use any aspect of the Service or otherwise provide any personal information to us.
For the purposes of this Policy, “ personal information” means any identifiable information about an individual, including but not limited to an individual’s name, home address, telephone number, email address, except any other information otherwise exempted by the applicable laws of Canada and other jurisdictions. For example, in Canada, personal information does not include any business contact information that is processed solely to communicate with that person about his or her employment or profession.
The types of information we receive and collect depends on how the our Service is used. We require certain information to deliver our Service and without this we will not be able to provide its Services. For example, a user must provide a mobile phone number to create an account to use our Service.
Our Service has optional features which, if used, requires us to collect additional information to provide such features. You will be notified of such collection, as appropriate. If you choose not to provide the information needed to use a feature, you will be unable to use the feature. For example, sharing location with contacts will not be possible unless we are permitted to collect your location data from a your device. Permissions can be managed through your settings menu on both Android and iOS devices.
As such, when you use our Service we may collect the following personal information from you:
Your personal information may be collected when:
We only collect personal information that we need. We encourage you to not provide us with any personal information beyond what is necessary and as requested by us.
To the extent that our Service contains links to other sites, the owners of those sites are responsible for the privacy practices or content of those other sites. We do not endorse and will not be responsible for the privacy practices on third party applications.
This site is intended solely for users who are 13 years of age or older.
We do not knowingly collect personal information about anyone under the age of 13. No such minor, nor any parent or guardian as it relates to such minor, should submit such minor’s personal information to us through the Service or otherwise for any reason and under any circumstances. By using our Service, you are representing that you are at least 13 years old. Notwithstanding tha above, We comply with the requirements of the COPPA, the FTC’s Rule interpreting COPPA:
If you reside in the U.S. and are under age 13 or a parent or guardian of a Service user under age 13, additional provisions regarding the protection of personal information of children aged 13 and under can be found in Annex 2.
We may process your personal information for the following purposes (the “Purposes”):
We will only process your personal information for the Purposes for which we intend to process such information. Otherwise, we will not process your personal information without your consent.
We may disclose your personal information for the Purposes as described in this Policy in the following ways:
Your personal information that we collect may be processed outside of Canada but only in relation to the Purposes. As a result, your personal information may be accessible to law enforcement and regulatory authorities in accordance with other jurisdictions’ applicable laws.
We will process your personal information only with your knowledge and consent, except where exempted, required or permitted by applicable laws. The form of consent may vary depending on the circumstances and the type of information being requested. Your consent may be expressed with clear options to say “yes” or “no”, such as by being asked to check a box to indicate your consent, or implied, such as when you provide us with your address through a form or email seeking information and we use those means to respond to your request. Your consent can also be provided by your authorized representative. Taking into account the sensitivity of your personal information, purposes of collection, and your reasonable expectations, we will obtain the form of consent that is appropriate to the personal information being processed. By using our Service or otherwise by choosing to provide us with your personal information, you acknowledge and consent to the processing of your personal information in accordance with this Policy and as may be further identified when the personal information is collected. When we process your personal information for a new purpose, we will document that new purpose and ask for your consent again.
If you do not consent to the processing of your personal information in accordance with this Policy, please do not access or continue to use any aspect of the Service or otherwise provide any personal information to us.
You may refuse to provide consent or may notify us at any time that you wish to withdraw or change your consent to the processing of your personal information without penalty, subject to legal or contractual restrictions and reasonable notice by (i) changing your privacy preferences through the Service, (ii) deleting your account with the Service and stopping use of the Service, (iii) opting out of the use of your personal information by contacting our Privacy Officer (see Section 10 below). However, if you withdraw or change your consent, we may not be able to provide you with the Service.
Other Legal Bases
Aside from consent, we may also process your personal information under other legal bases, as permitted by the applicable laws.
The security of your personal information is important to us. We protect personal information using physical, technological and organizational safeguards. We regularly review our practices to ensure they align with reasonable industry practices appropriate to the level of sensitivity to safeguard personal information against loss or theft, unauthorized access, alteration or disclosure.
However, no method of transmission over the Internet, or method of electronic storage, is completely secure; as such, despite our safeguards and protocols, we cannot fully guarantee the security of your personal information and you should always exercise caution when disclosing personal information over the Internet.
We offer end-to-end encryption for our Service. End-to-end encryption means that your messages are encrypted to protect against both Quantum Pigeon and third parties from reading them.
Applicable privacy laws allow, to varying degrees, individuals the right to access or request the correction of errors or omissions in his or her personal information that is in our custody or under our control. You may request access to and review of your personal information in our possession. However, access may be declined where permitted or required by applicable law.
You may request that we change or delete your personal information in our possession. We reserve the right not to change any personal information if we do not agree that it is inaccurate or outdated, but will append any alternative text the individual concerned believes appropriate.
If access cannot be provided, we will notify the individual making the request within 30 days, in writing, of the reasons for the refusal.
We are committed to compliance with Canada’s Anti-Spam Legislation (“ CASL”). Any electronic communication we send to outside parties is protected by a range of business procedures, processes and policies to ensure that such communication is done in compliance with CASL. In our electronic communications with outside parties, we comply with the rules established by CASL and enforced by various Canadian authorities including the Canadian Radio-television and Telecommunications Commission. CASL regulates, and our policies generally apply to, each commercial electronic message (a “ CEM”) that we send. A CEM is an electronic message sent to an electronic address that, among its purposes, encourages participation in a commercial activity.
In addition to adopting and updating this Policy, we undertake various transparency initiatives to ensure we comply with CASL, which include:
If you receive a CEM from us but believe that you should not have or no longer wish to receive CEMs, we will aim to respect your preferences in a timely manner once you update them through our unsubscribe mechanism. CASL requires us to process unsubscribe requests within 10 business days. If you have any questions or concerns about our unsubscribe options, you may contact us at the address indicated in Section 10 below.
We generally keep personal information for only as long as it is needed to accomplish the purposes for which it was collected, or as needed for authorized or legitimate purposes. More specifically, we retain personal information as long as necessary for the fulfillment of the identified purposes for its collection or as otherwise necessary to comply with applicable laws or protect our interests. When personal information is no longer necessary or relevant for the identified purposes, or is required to be retained by applicable laws, we will take steps to have it deleted, destroyed, erased, aggregated or made anonymous. We use reasonable industry practices to ensure we have adequate controls, schedules and practices for information and records retention and destruction which apply to personal information.
This Policy was last updated on February 23, 2021. We will occasionally update this Policy and revise the “last updated” date appearing in this paragraph.
If we make any material changes we will either (a) notify you by email (sent to the email address listed in your account), or (b) provide a notice on the Service or otherwise through the Service before the change becomes effective. Any change to this Policy will apply to existing information, as well as information collected onwards from the date that this Policy is posted or on the date as specified in the notification. We encourage you to periodically review this page for the latest information on our privacy practices to ensure you are aware of any changes. Your continued use of the Service signifies your acceptance of any changes to this Policy.
You can direct any questions or concerns regarding our compliance with this Policy and our processing of your personal information to our Privacy Officer by emailing email@example.com.
If you are not satisfied with our Privacy Officer’s response to your question or concern, you may be able to file a complaint under applicable privacy laws. Our Privacy Officer will provide you with the contact information to do so if requested. We strive to offer an accessible and simple complaint procedure. We will promptly investigate all complaints received, and if a complaint is justified, we will take the necessary steps to resolve the issue in question.
Annex 1 – General Data Protection Regulation
The Company is headquartered in Canada. We provide the foregoing disclosure to European Union (“ EU”) data subjects.
The Company’s processing of the personal information shall always be in compliance with GDPR and in accordance with the country-specific data protection regulations applicable to the Company.
By means of this Policy, our Company would like to inform you of the nature, scope, and purpose of the personal information we collect, use and process, as defined herein. Specifically, if you are an EU data subject using our Service, you are hereby informed, by means of this section of our Policy, of the rights to which you are entitled, and the recourse you may seek if you have any questions regarding the collection, use, and processing of personal information by the Company.
Your Privacy Rights under the GDPR. The GDPR includes the following rights for you, as an EU data subject, if you provide personal information to the Company in connection with accessing the Service:
Legitimate Business Interest under the GDPR. Our use of your personal information is based on the legitimate business grounds that:
Data Retention/Erasure. We will retain your personal information for as long as needed to provide the applicable Services, or for a minimum period of four (4) years. If, at any time after agreeing to this Policy, you: (1) change your mind about receiving information from us; (2) wish to revoke permission for us to retain and use your personal information; (3) wish to object to the processing of your personal information; or (4) wish for us to erase a copy of your data, please make a request to the Company at firstname.lastname@example.org. If you request erasure of your data, we may retain some of your personal information only for legitimate business interests, such as fraud detection, prevention, and enhancing the safety of our Services; and to comply with our legal obligations, specifically our tax, legal reporting, and auditing obligations.
Data Controller . The Company is the “data controller,” as defined under the GDPR, or the legal entity which determines the purposes and means of the processing of personal information of the customers of the Company and users of the Service. The Company is responsible for collecting your consent, managing consent-revoking, enabling right to access, etc. If you wish to revoke consent for us to store, use, or share your personal information, you may contact us at email@example.com.
Data Processor. The Company is the “data processor,” as defined under the GDPR, or the legal entity which processes your personal information. The Company has not retained any third-party service provider to process your personal information. Any processing of personal information shall be done solely by the Company. The Company maintains records of any processing activities it performs, and is able to show how the Company complies with the data protection principles under the GDPR. It has effective policies and procedures in place. If you have questions regarding the processing of your Personal Data, you may contact us at firstname.lastname@example.org.
Data Protection Officer. The Company is not formally required to designate a Data Protection Officer (“ DPO”) because it is not: (1) a public authority; (2) an organization that carries out regular and systematic monitoring of individuals on a large scale; or (3) an organization that carries out large scale processing of special categories of data, such as health information or information about criminal convictions. Nonetheless, the Company voluntarily elects to appoint David Miller, as the DPO for this Company. David is responsible for data protection compliance and can answer any questions you may have about your personal information. They may be reached at email@example.com.
Breach . The Company has reasonable internal policies and procedures in place to effectively detect, report, and investigate a data breach. The GDPR defines a personal information breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information.” Pursuant to the GDPR, the Company will notify you of a personal information breach where the personal information breaches are likely to present a risk to data subjects to data protection authorities (“ DPAs”) without undue delay, and within 72 hours if feasible, after becoming aware of the breach; and communicate high-risk breaches to affected data subjects without undue delay. In the unfortunate event of breach, the Company shall provide you with: (i) contact details of the DPO or other contact person for the Company, (ii) a description of the nature of the breach, (iii) likely consequences of the breach, (iv) measures the Company has taken or proposes to take to address the breach, and (v) advice on steps data subjects can take to protect themselves.
Note: Data Protection Impact Assessment (DPIA). The Company is not required to undergo a DPIA because the Company’s data processing is not likely to result in a high risk to data subjects, such as in cases where: (1) new technology is being deployed; (2) profiling operations may significantly affect individuals; or (3) processing is on a large scale and involves special categories of data. If you have any questions regarding DPIA compliance by the Company, please contact the Company’s Data Protection Officer, David Miller, at firstname.lastname@example.org.
Complaints. Without prejudice to any other administrative or judicial remedy, every EU data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement of the data subject considers that the processing of personal information relating to him or her infringes this Regulation.
Annex 2 – Children’s Online Privacy Protection Act
For U.S.-based users, we recognize the need to provide further explanation regarding the privacy protections we afford to personal information we may collect from you about your child/children under the age of 13 (“ child” or “ children”) via our Service. When you sign up your child/children for our Services, we may ask you to include personal information that identifies your child/children.
Second, while we do not knowingly collect a child’s personal information from the child in connection with our Services, to the extent that a user is a child and submits his or her personal information to us via our Services, we take additional steps to protect the child’s privacy, including:
Accordingly, the foregoing PARENTAL NOTICE REGARDING THE CHILDREN’S ONLINE PRIVACY PROTECTION ACT explains our information collection, disclosure, and parental consent practices with respect to information provided by children, and uses terms that are defined throughout this Policy. This policy is in accordance with COPPA. Under COPPA we must provide you with direct notice before collecting personal information from your child. Effective July 1, 2013, the Federal Trade Commission (“ FTC”) updated COPPA to reflect changes in technology, and now considers a photograph, video, or audio file containing a child’s image or voice to be a child’s personal information . For more information about COPPA, please visit www.coppa.org. Here, we outline our practices in the United States regarding collection of children’s personal information . For more information about COPPA and general tips about protecting children’s online privacy, please visit OnGuard Online.
Retention of Information. In any instance that we collect personal information from a child, we will retain that information only so long as reasonably necessary to fulfill the provision of our services, or as required by law. In the event we discover we have collected information from a child in a manner inconsistent with COPPA’s requirements, we will either delete the information or immediately seek the parent’s consent for that collection.
Registration. As an adult registering a child with the Company for provision of services, your child/children will have the opportunity to participate in our services. If you do not provide your child/children’s personal information during the registration process, your child will not be able to register to receive our Services.
Again, while we intend for adults to register a child/children for our services, it is entirely possible that a child/children may visit our Services and self-register for an account and/or for our Services without consent from parents or guardians. During the registration process, we may ask the child to provide the same information provided by adult Services users for notification and security purposes, including an email address, the child’s first name and gender, the child’s member or account username, and password. We also may ask for birth dates from children to validate their ages. We strongly advise both adults and children never to provide any personal information in their usernames.
Please note that website visitors who are children can choose whether to share their information with us, but certain access to our Services cannot function without it. As a result, children may not be able to access certain parts of our Services if required information has not been provided. We will not require a child to provide more information than is reasonably necessary in order to engage in our Services.
Consistent with the requirements of COPPA, if we determine that a particular Service user is age 13 or under, we will ask for a parent or guardian email address before we collect any personal information from the child. If you believe your child is participating in an activity on our Service that collects personal information , and you or another parent/guardian have NOT received an email providing notice or seeking your consent, please feel free to contact us at email@example.com. We will not use parent emails provided for parental consent purposes to market to the parent, unless the parent has expressly opted in to email marketing or has separately participated in an activity that allows for such email contact.
Email Contact with a Child. To the extent a child visits the Service and emails the Company from his or her personal email address, the Company will delete this information immediately after responding to the question or request. In connection with certain activities or services, we may collect a child’s online contact information, such as an email address, in order to communicate with the child more than once. In such instances, we will retain the child’s online contact information to honor the request and for no other purpose such as marketing. Whenever we collect a child’s online contact information for ongoing communications, we will simultaneously require a parent or guardian email address in order to notify the parent about the collection and use of the child’s information, as well as to provide the parent an opportunity to prevent further contact with the child.
At any time, you may refuse to permit 1) your child’s participation in the Services, 2) further use of your information or your child/children’s information, or 3) further contact with your child/children, and request that we delete your information or your child/children’s information. To exercise any of your rights, please email us at firstname.lastname@example.org.
In conclusion, your privacy and your child/children’s privacy are important to us. We only share or disclose personal information collected from a child/children in a limited number of instances, including the following:
Annex 3 – California Consumer Privacy Act
California “Shine the Light” Law
Under California Civil Code Section 1798.83, California customers are entitled to request information relating to whether a business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. This code section applies to businesses with 20 or more full or part-time employees.
You may request and obtain from us once a year, free of charge, certain information about the personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to email@example.com.
California Consumer Privacy Act
If you are a California resident, the processing of certain personal data about you may be subject to CCPA and other applicable California state privacy laws. As of January 1, 2020, the CCPA gives you certain rights with respect to the processing of your personal data (known as “personal information”, as described under the CCPA).
RIGHT TO KNOW REQUEST – Under the CCPA, you may have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:
RIGHT TO DELETE REQUEST – You may also have a right to request that we delete personal information, subject to certain exceptions.
If you are a California resident and would like to make a verifiable request for information about the personal information we have collected about you or a request for deletion of such personal information, please submit your request in writing to firstname.lastname@example.org.