PRIVACY POLICY

Pllenty Inc. (“Pllenty”) is Canadian corporation. We are a PCI (as defined below) compliant service provider for online payment solutions to businesses, merchants, not-for-profit corporations, and charities (“Pllenty Clients”). When doing that, we collect personal information and must therefore protect the privacy of the individuals to whom the information belongs. We are committed to using personal information responsibly and only to the limited extent needed to provide our services.

Application of Privacy Policy

This Privacy Policy regulates how we handle and protect private information during commercial activities. It applies to any personal information within our possession, whether we get it via email, via electronic form submission, through our website or any other means.

This Privacy Policy applies to our partners, officers, employees, contractors and authorized representatives (“Staff”). It is at all times subject to the requirements of the Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”).

Additionally, how we use or disclose your personal information may also be subject to the requirements of Canada’s anti-spam legislation, formally known as,

An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act, S.C. 2010, c. 23.

We will refer to the above statue as “CASL”.

This Privacy Policy is meant to be consistent with PIPEDA. Any term not defined in it have the meaning that PIPEDA attributes to that term. Where PIPEDA is silent on a matter then the term will have the meaning attributed to it by CASL.

Governing Law

This Privacy Policy is governed by the laws of Ontario and the laws of Canada as applicable herein. It is not a contract and will be treated as a non-contractual set of policies and practices binding on PLLENTY Staff under Principle 4.1.4 of Schedule 1 found in PIPEDA.

Accountability for Your Privacy

At Pllenty, our Privacy Information Officer is responsible for ensuring that Staff complies with this Privacy Policy. The Privacy Information Officer can be contacted at: info@pllenty.com

Responsibilities of our Privacy Information Officer

The Privacy Information Officer is responsible for,

implementing procedures contained in this Privacy Policy to protect personal information;
training our Staff to comply with this Privacy Policy and PIPEDA and communicating to Staff information about changes and updates to our Organization’s policies and practices relating to Personal Information; and
enforcing this Privacy Policy and correcting any potential or actual instances of breach; and
reviewing and responding to any communication or notice relating to this Privacy Policy or PIPEDA.

Our initial response to a privacy-related inquiry must be in writing and must include the name and contact details of the privacy team member providing the response.

Our Purpose

Pllenty is a PCI-compliant online payment solutions provider. We collect, use, and disclose personal information,

To design, code, test, and implement online payment solutions for Pllenty Clients. Without restriction, this specifically includes using personal information when making a gateway applications to enable Pllenty Clients to use one of Pllenty’s gateway partners when processing payments;
To process payments on behalf of Pllenty Clients by rerouting that personal information to a Pllenty gateway partner;
To generate receipts to confirm that a payment has been processed, including (without restriction) tax receipts needed to enable individuals to file tax returns under the Income Tax Act (Canada); and
To do any other acts as required to facilitate and process online payments on behalf of Pllenty Clients.

(the “Purpose”).

If we change the purpose set out above we give notice of the change on our website and we will post an updated Privacy Policy.

Personal Information We Collect and Use

To fulfill our purpose, we collect the following kinds of personal information:

The payor’s name, address (both shipping and billing), mobile phone number, email, and debit or credit card details; and
Corporate records from Pllenty Clients, including authorizing officer’s name and personal contact details, and the client’s banking information.

We collect and store all information electronically on password protected cloud servers that require permissions for access.

We do not use any personal information collected for marketing or advertising purposes.

How We Share your Personal Information

We provide your credit card information to our gateway partner in order to facilitate the online payment. Once a transaction is complete, we send an invoice to your email as provided during the payment process.

Cookies

As permitted by section 10(8) of CASL, when you visit our website, we may place one or more “cookies” on the hard drive of your computer to track your visit. A cookie is a small data file that is transferred to your hard drive through your web browser and can only be read by the website that placed the cookie on your hard drive. The cookie acts as an identification card and allows our website to identify your preferences.

The cookie allows us to track your visit to the website so that we can better understand your use of our website so that we can customize and tailor the website to better meet your needs. Most browsers are set to accept cookies but you can usually change this if you so desire. It should be noted that if cookies are not accepted, you may be unable to access parts of our website.

Obtaining Consent

No Implied Consent

Unless specifically permitted under PIPEDA, we do not rely on implied consent at Pllenty for collection, use or disclosure of any personal information. We will only use, disclose and process personal information with you express informed consent based on the Purpose set out above.

No Consent from Children

We do not collect personal information from children (anyone under 18). We will assume anyone supplying us with information online is over 18 years of age. Parents are strongly encouraged to discuss responsible internet use and personal information disclosure with their children.

Withdraw Consent

You can withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by sending an email to our Privacy Information Officer at the contact information above (info@pllenty.com). A change in or withdrawal of consent may severely limit our ability to provide services to you. We will inform you of any implications connected to withdrawing your consent.

Limiting Collection, Use, Disclosure and Retention

We use our best efforts to limit the personal information we collect, use and disclose solely those details we need to fulfill our Purpose. We have designed our standard forms only to collect the information that we foresee we will need. We do not collect, use and disclose personal information using deceptive, fraudulent or unlawful means, and we do not conduct video surveillance.

Need-to-Know Disclosure

When using and disclosing information to third parties, we only disclose on a need-to-know basis. Also, we only disclose with the appropriate contractual safeguards as contemplated in Principle 4.1.3 of Schedule 1 of PIPEDA.

Retaining Records

We keep records of services provided for a period of seven (7) years. These records may include personal information. Our records are stored with safeguards against inappropriate or unauthorized access.

Destruction of Personal Information

Payment information is deleted by our gateway partner at their discretion. We delete our client’s personal information upon the expiration or termination of a service contract. We destroy electronic information by deleting it and, when hardware is discarded, we ensure that the hard drive is physically destroyed.

Analytics

We may use a third party such as Google Analytics to help us gather and analyze information about the areas visited on the Website (such as the pages most read, time spent, search terms, and other engagement data) in order to evaluate and improve the user experience and the Website. These third parties may use cookies and other tracking technologies. For more information about Google Analytics or to prevent the storage and processing of this data (including your IP address) by Google, you can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can also obtain additional information on Google Analytics’ data privacy and security at the following links: https://policies.google.com/technologies/partner-sites and https://support.google.com/analytics/topic/2919631.

Our Safeguards to Protect You

We respect your privacy and will protect that privacy as vigorously as possible. The methods we use include:

Payment information provided to us is encrypted and tokenized before it is transmitted to our gateway partner via an Application Programming Interface.
Using cloud storage technology that is secured, encrypted and only permits limited access to those we allow.
Password-protected computers (including on laptops, desktops and smart-phones) and the use of technology safeguards, such as encryption and intrusion detection, to prevent hacking or unauthorized computer access.
Implementing any processes, technologies, and practices required under The Payment Card Industry Data Security Standard (PCI) from the PCI Security Standards Council.

Unfortunately, no data transmission over the internet or by email can be guaranteed to be 100% secure. As a result, we cannot ensure, warrant or represent that any information transmitted to us electronically will always be protected.

Data Breach Protocols

Despite our best efforts, there may be a circumstances where Pllenty experiences a data breach. In those rare instances, we do the following:

Our Privacy Information Officer will work with our technology solution partners to determine the full extent of the breach, including the information that was taken and the individuals affected.
As quickly as possible ascertain the sensitivity of the information that has been compromised. Based on that analysis we will determine whether the breach could result in significant harm to the individuals involved.
Based on the analysis above, we will then identify the factors that contribute to a real risk of that significant harm occurring to the individuals involved.
Once the steps above are complete, we will identify:
1. Any immediate steps that we can take to reduce the risk of harm. We will then proceed to take those steps as quickly as possible. This could include connecting with organizations or government institutions that we believe could reduce the risk of harm or mitigate that harm; and
2. Any immediate steps that the affected individuals can take to reduce the risk of harm, or otherwise mitigate harm. This could include changing logins and passwords.
Once the steps above are complete, as soon as feasible (but not later than within 72 hours of learning about the event), we will,
1. notify the Privacy Commission of Canada along with any other relevant government authorities, as required under PIPEDA; and
2. notify all individuals whose data was compromised as required under PIPEDA.
We will continue to monitor the situation until we are satisfied that there is no longer any reasonable risk of significant harm. Once that occurs, we will audit our information collection and security safeguard systems and rectify any deficiencies. We will also consult professionals, and privacy experts, and, based on their guidance, implement any other solutions required to minimize the probability of said breach occurring again.

Regular Review of Safeguards

We recognize that technology and security measures evolve at a remarkable pace. At Pllenty we annually review our personal information safeguards with our technology consultants and in-house experts. We want to ensure that our safeguards exceed best-practices used in the legal profession.

Open Privacy Practices

It is our practice to post the most up-to-date version of this Privacy Policy on our website at www.pllenty.com

Your Ability to Access Your Information

If you are a Pllenty Client or you have used our website and/or platform to process a payment, and wish to review any personal information we have on you in our files you may do so by contacting us at info@pllenty.com.

Please include sufficient details in your request about the type of information that you would like to see about yourself. We will respond to you within 30 days of receipt. Please note that we only respond if you are making a request relating to your own personal information. We will not grant access to personal information about someone else.

We will be pleased to provide you with access to your personal information as long as it does not fall within an express PIPEDA exception. Examples of such exceptions include information generated in the course of a formal dispute resolution process; information produced in the course of employment or business; or information disclosed to the police or other lawful authorities where we are required to withhold disclosure.

Costs and Fees

Please note that summary information is available on request, subject to the terms above, but more detailed requests requiring archive or other retrieval costs may be subject to our normal professional and disbursement fees.

Questions or Concerns

Should you have any questions or concerns about this Privacy Policy or how we handle your information-access request, please direct them to our Privacy Information Officer. He or she will be pleased to respond and if necessary investigate the matter.

We reserve the right to change our Privacy Policy at any time by posting a new version on our web site. In the event of a conflict between this version and another, the version that is later in time prevails.