Privacy is important to us, and we are strongly committed to transparency and fairness in our data processing activities, as follows:
Principle 1 – Accountability
We are responsible and accountable for personal information under our control. We appointed a senior member of our staff to be responsible for our compliance with these fair information principles.
Principle 2 – Identifying Purposes
Principle 3 – Consent
The knowledge and consent of the individual are required for our collection, use, or disclosure of personal information, except where inappropriate.
Principle 4 – Limiting Collection
The collection of personal information is limited to that which is needed for the purposes identified here below. Information is collected by fair and lawful means.
Principle 5 – Limiting Use, Disclosure, and Retention
Unless the individual consents otherwise or it is required by law, personal information is only used or disclosed for the purposes for which it was collected. Personal information is only kept as long as required to serve those purposes.
Principle 6 – Accuracy
Personal information is as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.
Principle 7 – Safeguards
Personal information is protected by appropriate security relative to the sensitivity of the information. This involves administrative, physical and technical security safeguards to protect our data holdings against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
Principle 8 – Openness
We make detailed information about our policies and practices relating to the management of personal information, publicly and readily available.
Principle 9 – Individual Access
Upon request, an individual is informed of the existence, use, and disclosure of their personal information and is given access to that information. An individual is able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Principle 10 – Challenging Compliance
An individual is able to challenge our compliance with the above principles. The challenge should be addressed to our Data Protection Officer, who is the person responsible for our compliance with Privacy regulations.
Privacy & Security, and more specifically Personal Information (“PI”) and Personal Health Information (“PHI”) privacy, are explicit priorities within our corporate governance framework. Accordingly, we have put in place a set of procedures, tools and processes aligned with the best practices in the field to ensure adequate PI/PHI protection.
Our President and CEO is ultimately accountable for the proper implementation, administration and compliance of our Privacy & Security initiatives, and has appointed a Data Protection Officer with the specific responsibility to manage such initiatives on a day to day basis. The contact information for the Data protection Officer can be found here below.
The Privacy & Security initiatives include, but are not limited to, the following key activities:
We have also put in place a specific procedure to follow in the unlikely eventuality of a data breach. This Data Breach Reaction Procedure includes promptly notifying the authorities and data subjects, investigating the breach and the security flaw that enabled it, remediating the flaw and fixing the exploitable vulnerabilities.
If you do not wish to provide us with your personal data, or to have it processed by us, please simply do not use our Services. You may also request to delete certain data or opt-out of certain processing activities, but please keep in mind that limiting our processing may also result in us not being able to provide you with the full range of our Services, or with the best user experience when using our Services.
We do not collect any of your personal data when you navigate the Sites, unless you voluntarily supply this information by explicitly subscribing to a specific service inviting you to do so. You can always refuse to do this, or cancel a subscription to a customization service to which you are already a subscriber.
You can change your personal information at any time in the “My profile” section of the Sites. You can also ask us to delete your personal data via the Contact form accessible from the footer of each page on our Sites. We collect Personal Information by fair and lawful means and we limit the collection to what is needed for providing our Services. We periodically review the need for data collection and usage, and we delete and stop collecting any eventual data that is deemed unnecessary for providing our Services.
By browsing our Sites, ourselves, our service providers or business partners may collect data subject to your prior consent. Some data is collected from forms that you fill in manually and some other data may be collected automatically as a result of your actions on the Sites through cookies or similar technologies. We collect the following categories of data (which, to the extent it relates to an identified or identifiable individual, will be deemed as “Personal Data”):
Data that you provide: You may provide us with Personal Data such as your name, e-mail address, password, phone number, address, payment method (e.g. credit card), comments or complaints, and any other data you choose to provide when you contact us or otherwise submit any forms on our Sites.
This information is provided when:
Data obtained through Analytics Tools: We use analytics tools (e.g. Google Analytics) to collect data about the use of our Sites and Services. Analytics tools collect data such as how often Users visit or use the Sites, which pages they visit and when, and which website, ad or e-mail message brought them there. You can find more information about how Google collects information and how you can control such use at:
Our Services and some of our Service Providers utilize “cookies”, anonymous identifiers, container tags and other tracking technologies which help us provide, secure, analyze and improve our Services, personalize your experience and monitor and analyze the performance of our activities and campaigns. Such cookies and similar files or tags may also be temporarily placed on your device in the LocalStorage for example. Certain cookies and other technologies, such as an IP address, serve to recall Personal Data previously indicated by a User.
We decline all responsibility for the consequences related to the degraded operation of the Sites and / or services resulting from the refusal or deletion by the user of cookies necessary for the operation of the site.
The data collected on the Sites are primarily intended for us.
We use your Personal Data as necessary for the performance of our Services; for complying with applicable law; and based on our legitimate interests in maintaining and improving our Services and offerings, understanding how our Services are used, optimizing our marketing, customer service and support operations, and protecting and securing our Users, ourselves and members of the general public.
We do not sell your Personal Data. (also referred to as “Personal Information” in some regulations such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the California Consumer Privacy Act – CCPA).
Our personnel (customer service, dietitians and others) are properly trained in Privacy, follow our procedures and never ask for the user’s sign in credentials.
Specifically, we use Personal Data for the following purposes:
Sukha Technologies Inc. is headquartered in Canada, and the personal data that you provide is also stored in a data center located in Canada, a jurisdiction which is considered by the European Commission to be offering an adequate level of protection for the Personal Data of EU Member State residents.
We ensure that data transfer outside of the EU is secure and complies with the legal framework defined in the European Union’s General Data Protection Regulation (GDPR).
In order to protect your Personal Data, we use industry-standard physical, procedural and electronic security measures (such internal policies, access control, secure servers, firewalls, encryption, database backups, etc.).
Specifically, we do the following :
We conduct periodic reviews of our administrative, physical and technical security measures to ensure they stay efficient.
Despite all the precautions taken by STI to ensure that third parties do not access your personal information via our Sites, leaks can potentially occur. The Internet offers no intrinsic guarantee of security, so data transferred via the Internet can potentially be intercepted, lost or altered. We therefore cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any third-parties, and therefore do not accept responsibility for damage resulting from possible access by a third party via the Internet to the personal information of users, who therefore use the Services at their own risk. However, since the opening of the Sites in 2005, no security breach has affected the personal information of our users.
We may disclose or allow government and law enforcement officials access to certain Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe that we are legally compelled to do so and solely to the extent that we believe is strictly necessary to comply, or that such disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.
We engage selected business partners, third-party companies and individuals, affiliates, subcontractor and sub-processors (collectively “Service Providers”) to perform services complementary to our own (e.g. payment processing, IT and system administration services, hosting, data backup, security and storage services, data analytics, email, marketing, nutrition counseling, etc.). These Service Providers may have access to some or all of your Personal Data processed by us, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and are authorised to use it for such purposes only.
To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether those purposes can be achieved through other means, as well as applicable legal requirements.
We will also keep and use such Personal Data for as long as is required in order to comply with our legal and contractual obligations, or to protect ourselves from any potential disputes (i.e., as required by laws applicable to records and bookkeeping, and in order to have proof and evidence concerning our relationship or your use of our Services, should any legal issues arise in the future), in accordance with our data retention policy.
Please note that unless required by applicable law, we will not be obligated to retain your data for any particular period, and are free to securely delete it for any reason and at any time, with or without notice to you.
If you have any questions about our data retention policy, please contact us via the Contact form accessible from the footer of each page on our Sites.
As a user of our Sites and Services, you are considered a ‘Data Subject’ in the context of privacy laws that may apply to you (for example, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA)) or others and, as such, have rights concerning your Personal Data, such as:
Please also note that some of your Personal Data may be processed by other parties acting as ‘Data Controllers’, such as Facebook and Google. For any requests to exercise such rights with respect to such parties’ processing activities, please contact the relevant party directly.
Certain data protection laws and regulations, such as the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), typically distinguish between two main roles for parties processing Personal Data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes the data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.
We are a “co-controller” of certain portions of our Users’ data, alongside such Service Providers that process Personal Data for both our own analytics and marketing purposes – and the Service Providers’ own purposes. In such cases, such Service Providers (e.g. Facebook and Google) will in such circumstances be deemed as “co-controllers” of such data, which would typically relate to Users who also use the Service Provider’s own platforms. If you wish to limit such independent activities by these Service Providers, consider disabling third-party cookies as detailed above.
We have appointed a Data Protection Officer, who is responsible for monitoring and advising us on privacy compliance and serving as a point of contact on privacy matters for data subjects and supervisory authorities.
Data Protection Officer
Sukha Technologies Inc. | SOSCuisine
Postal address: 3470 Stanley, Suite 1605, Montreal H3A 1R9, Quebec, Canada
Phone: +1 514 564-0971
Service Communications: we may contact you with important information regarding our Services. For example, we may notify you (through any of the means available to us) of purchase order summaries, changes or updates to our Services, billing issues, etc. You will not be able to opt-out of receiving such service communications.
Promotional Communications: with your prior consent, we may send you messages and notifications about new features, offerings, events and special opportunities, and any other information we think our Users will find valuable. We may provide such notices through any of the contact means available to us (e.g. e-mail or mobile notifications), through our Sites or Services, or through our marketing campaigns on any other sites or platforms. If you wish to receive such promotional communications, give your consent when prompted during the sign-up process. You will be able to opt-out of receiving such promotional communications by clicking on the “unsubscribe” link contained in said communications.
Our Sites and Services are not designed to attract children under the age of 16: we do not knowingly collect Personal Data from children and do not wish to do so. If we learn that a child is using the Services, we will attempt to prohibit and block such use and to promptly delete any Personal Data stored with us which we deem to relate to such child. If you believe that we might have any such data, please contact our Data Protection Officer.