Privacy Policy

1. Introduction

Retrade Technologies Inc. (address: 680 Seylynn Crescent, Unit 1205, North Vancouver, British Columbia, V7J 0B5, business registration number: 123456, tax ID: 32461064-2-13), (hereinafter: "Service Provider", "we", "us") is committed to the following privacy policy:

This Privacy Policy is provided in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the British Columbia Personal Information Protection Act (PIPA), and where applicable, the European Union's General Data Protection Regulation (GDPR) (EU) 2016/679 for cross-border data processing.

This privacy policy governs the processing of personal data on the following website: https://retrade.ca

The privacy policy is available at: https://retrade.ca/privacy-policy

Modifications to this policy take effect upon publication at the above address.

2. Definitions
  • "personal information" or "personal data": any information about an identified or identifiable individual (the "data subject" or "you"); an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of the individual;
  • "processing" or "collection, use, or disclosure": any operation or set of operations performed on personal information, whether by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
  • "organization" or "service provider": any person, government institution, or organization that collects, uses, or discloses personal information in the course of commercial activities, except where the act excludes certain entities;
  • "service provider" or "processor": a third party that processes personal information on behalf of the organization for the purpose of providing services;
  • "consent": voluntary, specific, informed consent to the collection, use, and disclosure of personal information, where the purpose for which the information is being collected, used, or disclosed is explained in a clear and understandable manner;
  • "privacy breach" or "security incident": a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information transmitted, stored, or otherwise processed;
  • "commercial activity": any particular transaction, act, or conduct that is of a commercial character;
3. Principles of Personal Information Protection

We adhere to the following principles governing the collection, use, and disclosure of personal information:

  1. Accountability: We are responsible for personal information under our control and have designated individuals accountable for our compliance with applicable privacy laws;
  2. Identifying Purposes: The purposes for which personal information is collected shall be identified by us at or before the time the information is collected;
  3. Consent: Except where inappropriate, the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information;
  4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by us. Personal information shall be collected by fair and lawful means;
  5. Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes;
  6. Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used;
  7. Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information;
  8. Openness: We shall make readily available to individuals specific information about our policies and practices relating to the management of personal information;
  9. Individual Access: Upon request, an individual shall be informed of the existence, use, and disclosure of their personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate;
  10. Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for our compliance.
4. Specific Data Processing Activities
a. User Registration
  • Purpose of processing: Provision of services that require user registration.
  • Personal information collected: Name, username, email address, phone number, province/territory, password, registration IP address, last login IP address
  • Data subjects: Registered users
  • Legal basis: Contractual performance based on Terms of Service accepted by registered users.
  • Retention period: Until account deletion
  • Service providers (processors): Amazon Web Services, Inc.
b. System Messages
  • Purpose of processing: Sending informational and status messages via email to registered users regarding services provided.
  • Personal information collected: Username, email address
  • Data subjects: Registered users
  • Legal basis: Contractual performance based on Terms of Service accepted by registered users.
  • Retention period: Until account deletion
  • Service providers (processors): Amazon Web Services, Inc., MailerLite Limited
c. Listing Creation and Publication
  • Purpose of processing: Storage and publication of listings created by registered users.
  • Personal information collected: Images and text properties associated with the listing, username, phone number, province/territory
  • Data subjects: Sellers and advertisers (registered users who create orderable products or advertisements)
  • Legal basis: Contractual performance based on Terms of Service accepted by listing creators.
  • Retention period: Publication withdrawal - upon listing deletion; Storage - until account deletion
  • Service providers (processors): Amazon Web Services, Inc.
d. Account Data Extension for Orderable Product Feature
  • Purpose of processing: Collection of bank account number necessary for processing payment to sellers.
  • Personal information collected: Bank account number
  • Data subjects: Sellers who enable the purchase feature
  • Legal basis: Contractual performance based on Terms of Service accepted by registered users.
  • Retention period: Until account deletion
  • Service providers (processors): Amazon Web Services, Inc.
e. Purchase of Product
  • Purpose of processing: Transaction processing for buyers.
  • Personal information collected: Product parameters, registration data of buyer and seller required for transaction; Stripe - product price, email address
  • Data subjects: Buyers (registered users who complete a purchase)
  • Legal basis: Contractual performance based on Terms of Service accepted by registered users.
  • Retention period: 5 years following account deletion (for tax and accounting requirements)
  • Service providers (processors): Amazon Web Services, Inc., Stripe Payments Europe Limited
f. Detection of Spam Users
  • Purpose of processing: Protection of users with listings from spam message senders.
  • Personal information collected: Email address and IP address of message senders
  • Data subjects: Users who send messages in the "Ask the seller" section
  • Legal basis: Legitimate interest for enforcing Terms of Service and protecting users with listings.
  • Retention period: 30 days from message send date
  • Service providers (processors): Amazon Web Services, Inc.
g. Newsletter
  • Purpose of processing: Sending newsletters about Service Provider's and partners' offers.
  • Personal information collected: Email address
  • Data subjects: Registered users who subscribe to newsletter
  • Legal basis: Express consent from the individual.
  • Retention period: Until consent is withdrawn
  • Service providers (processors): Amazon Web Services, Inc., MailerLite Limited
h. Complaint Handling and Incoming Messages
  • Purpose of processing: Communication regarding complaints or other inquiries submitted to Service Provider.
  • Personal information collected: Username, email address
  • Data subjects: Registered users who send messages
  • Legal basis: Contractual performance based on Terms of Service accepted by registered users.
  • Retention period: 5 years from last message exchange
  • Service providers (processors): Freshworks GmbH
5. Third-Party Service Providers
a. Stripe

Online credit card payments are processed through Stripe, an electronic payment system.

Stripe services are provided by Stripe Payments Europe Limited. Stripe Privacy Policy

b. Google Analytics

Service Provider uses Google Analytics service to measure website performance. This service analyzes which pages website visitors view, the source they arrive from, and other website visit-related characteristics. Service Provider can only analyze this data anonymously, as Service Provider cannot connect the user's cookie identifier with other identifying data.

Google Analytics service uses cookies. These cookies fall into the Statistical Cookies category, which requires user consent. Additional information and settings are available in the Cookie Settings Modification menu.

Google Analytics service is provided by Google Ireland Limited.

c. Google Ads

Service Provider uses Google Ads advertising service to promote website services. The purpose of Google Ads data collection is to provide users with relevant advertisements when viewing advertisements in the Google Ads advertising system.

Google Ads service uses cookies. These cookies fall into the Marketing Cookies category, which requires user consent. Additional information and settings are available in the Cookie Settings Modification menu.

Google Ads service is provided by Google Ireland Limited.

d. Facebook Ads

Service Provider uses Facebook Ads advertising service to promote website services. The purpose of Facebook Ads data collection is to provide users with relevant advertisements when viewing advertisements in the Facebook Ads advertising system.

Facebook Ads service uses cookies. These cookies fall into the Marketing Cookies category, which requires user consent. Additional information and settings are available in the Cookie Settings Modification menu.

Facebook Ads service is provided by Meta Platforms Ireland Limited.

6. Your Rights
a. Right to Access

You have the right to be informed about whether we are processing your personal information, and if so, to request access to your personal information and related details.

b. Right to Correction

You have the right to request correction of inaccurate or incomplete personal information about you without undue delay. Considering the purpose of processing, you are entitled to have incomplete personal information completed, including by means of providing a supplementary statement.

c. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

d. Right to Object to Processing

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal information concerning you, including profiling.

e. Right to Data Portability

You have the right to receive your personal information that you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller where technically feasible.

f. Right to Lodge a Complaint

You have the right to lodge a complaint with the relevant supervisory authority if you believe your privacy rights have been violated.

7. Response Times

We will respond to your requests regarding your personal information without undue delay, and in any event within 30 days of receipt of your request.

If necessary, this period may be extended by up to an additional 30 days, taking into account the complexity and number of requests. We will inform you of any such extension within 30 days of receipt of your request, together with the reasons for the delay.

If we do not take action on your request, we will inform you without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking judicial remedy.

8. Security of Personal Information

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, including but not limited to:

  1. Pseudonymization and encryption of personal information;
  2. Ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services handling personal information;
  3. The ability to restore the availability and access to personal information in a timely manner in the event of a physical or technical incident;
  4. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing;
  5. Access controls ensuring that only authorized personnel can access personal information, whether stored in physical or electronic format;
  6. Data retention policies ensuring that personal information is retained only for the necessary period and can be securely destroyed when no longer required;
  7. Secure destruction methods for physical and electronic media containing personal information, including shredding, secure deletion, or physical destruction.
  8. We implement the following specific security measures:
    1. Physical Protection for paper-based personal information:
      1. Documents are stored in secure, lockable, dry premises;
      2. Our premises are equipped with fire protection and asset protection systems;
      3. Personal information is only accessible to authorized personnel;
      4. Staff handling personal information must secure all data carriers before leaving the premises;
      5. When digitizing paper-based personal information, rules applicable to digitally stored documents must be applied.
    2. Information Technology Protection
      1. Computers and mobile devices used for data processing are owned by the Service Provider;
      2. Access to data on computers requires username and password;
      3. Central server access is limited to authorized personnel with appropriate permissions;
      4. We maintain backups and archiving systems for digitally stored data;
      5. Computer systems containing personal information are protected with anti-virus software;
      6. Passwords are encrypted.
9. Breach Notification

If a privacy breach creates a real risk of significant harm to you, we will notify you and the Privacy Commissioner of Canada, and the Office of the Information and Privacy Commissioner for British Columbia as soon as feasible after we become aware of the breach.

The notification to you will include clear and plain language information about the nature of the privacy breach, and the name and contact details of our Privacy Officer or other contact point for further information; a description of the likely consequences of the privacy breach; a description of the measures that we have taken or propose to take to address the privacy breach, including measures to mitigate any adverse effects.

You may not need to be notified if:

  • The breach does not create a real risk of significant harm;
  • We have taken appropriate security measures, such as encryption, that render the personal information unintelligible to unauthorized persons;
  • We take immediate action to address the breach and ensure no further breach of the same nature can occur;
  • Notification would involve disproportionate effort, in which case we may provide notification through public communication or similar equally effective measures.
10. Contact Information

For questions, concerns, or complaints about this privacy policy or our practices, please contact us at:

Service Provider: Retrade Technologies Inc.
Address: 680 Seylynn Crescent, Unit 1205, North Vancouver, British Columbia, V7J 0B5
Email: https://retrade.ca/privacy-policy

11. Complaint Procedures

If you believe your privacy rights have been violated, you may file a complaint with:

Office of the Privacy Commissioner of Canada
Place de Ville, Tower B, 19th Floor
112 Kent Street
Ottawa, Ontario K1A 1H3
Phone: 1-800-282-1376
Website: www.priv.gc.ca
Email: [email protected]

Office of the Information and Privacy Commissioner for British Columbia
4th Floor, 947 Fort Street
Victoria, British Columbia V8V 3K3
Phone: 1-250-387-5629
Website: www.oipc.bc.ca
Email: [email protected]

12. Amendments to This Policy

We reserve the right to update this Privacy Policy periodically to reflect changes in technology, legal requirements, or our services. Material changes will be notified to you via email or prominent notice on our website. The updated policy will be posted on this page with a revised "last updated" date.

13. Applicable Legislation

This Privacy Policy has been prepared in accordance with the following legislation:

  • Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5;
  • Personal Information Protection Act (PIPA) of British Columbia, S.B.C. 2003, c. 63;
  • Canada's Anti-Spam Legislation (CASL), S.C. 2010, c. 23;
  • General Data Protection Regulation (GDPR) (EU) 2016/679, as applicable for cross-border data processing;
  • Office of the Privacy Commissioner of Canada's guidelines and recommendations;
  • Office of the Information and Privacy Commissioner for British Columbia's guidelines and recommendations.