MakeShift Privacy Policy

Lu en français

Updated: April 30, 2019

Table of Contents

• Information We Collect and How We Use It
• Cookies and Other Similar Technologies
• Sharing and Third Parties
• Account Data and Account Termination
• Data Security
• Privacy of Website Information
• Information Related to Data Collected through the MakeShift Service
• Choice
• Access to Data Controlled by Our Clients
• Children
• Use Common Sense in All Your Online Activities
• Contact Us
• Updates To This Privacy Policy

This privacy policy (this "Policy") describes MakeShift's ("MakeShift", "we", "us", "our") policies with respect to our collection, use, storage and disclosure of personally identifiable information about you ("Personal Information") in connection with your use of our emails, mobile applications, websites and web pages, all services owned, provided or operated by our parent company AppColony Inc. ("AppColony"), and all services owned, provided or operated by any subsidiary, joint venture or other organization under common control of MakeShift (collectively the "Services"). This Policy also describes the choices available to you regarding our use of your Personal Information and how you can access and update your Personal Information.

This Policy does not apply to the practices of companies or websites that we do not own or control, or to people that we do not employ or manage.

By using the Services, you are consenting to our collection, use and disclosure of your Personal Information in accordance with this Policy.

Information We Collect and How We Use It

It is our policy to only collect, use and disclose Personal Information with explicit consent except where applicable law does not require such consent, or where consent is clear from the circumstances, such as where you ask for access to the Services and voluntarily provide your Personal Information as requested by us.

We require parental consent from any individual under the age of 16 before we collect any Personal Information. All individuals have the right to withdraw their consent at any time and we inform individuals of that right at the time of obtaining consent.

The Services may be provided conditional on your consent where the collection, use or disclosure of your Personal Information is integral to providing the Services. If a consent integral to providing the Services is not provided by you, or if a consent integral to the Services is withdrawn by you, we will inform you of the effect of that on our ability to provide the Services. We will not be liable for any inability to provide the Services or any portion of the Services caused by lack of a required consent, or withdrawal of a required consent.

In connection with your use of the Services, we may collect and store information that you submit through the Services, as well as information about your use of and activities on the Services. The Personal Information we collect, use or disclose may include the following:

• (a) Your Account. If you create an account with us, we may collect and store your email address, phone number, name, and employee ID. You can make changes to your account details here http://app.makeshift.ca.
• (b) Your Activity. We may collect and store information about how you use the Services, such as the pages you visit from within our websites or mobile applications, and the date and time of your access to the Services.
• (c) Location. Location features of the Services, such as our time tracking capabilities feature, requires your geographic location. For example, when you use the mobile applications or our websites, we may collect your location information, which will allow us to provide you with information relevant to a particular geographic location. You can enable or disable the location features of the Services at any time.
• (d) Your Hardware. We may collect and store information about your computer or mobile device, including the type of device, web browser information and referring URLs, mobile carrier, IP address, Bluetooth connection, location data and compass information, unique device or account identifier.
• (e) IP Address. We collect and analyze traffic on our Service by keeping track of the IP addresses of our visitors. An IP address is a unique number assigned to your computer when you are using your browser on the Internet. We log this information so that we can monitor things like the number of visitors visiting the Services. However, we do not link your IP address to any personally identifying information.
• (f) Emails and Notifications. If you create an account with us, you are agreeing to receive emails and electronic notifications from MakeShift. You can change your notification preferences on your mobile phone. Please note that you may opt-out of receiving commercial electronic messages, but not others such as important service messages or legal notices from MakeShift.
• (g) Uses of Personal Information. If you have provided us your consent via opt-in-subscription, we may use the Personal Information we have collected about you in the following ways:
  • i) to send personalized, targeted information that we think you will find relevant. This may include information from our third-party business partners if you consent to receiving such information.
  • ii) to support any of your requests like order processing.
  • iii) to send promotions, offers, advertisements, and coupons based on your interests.
  • iv) to contact you for feedback and surveys.
  • v) to send you other information about AppColony or its affiliates or business partners. These communications include but are not limited to e-mail, postal mail, and SMS messages.
  • vi) to respond to your questions or comments that you send to us.
  • vii) to provide you with newsletters or other subscription information.
  • viii) with your explicit consent, to distribute to sponsors and advertisers who run the promotions and/or for purposes of marketing by our sponsors and advertisers.
  • ix) to run chatrooms, blogs, discussion groups, and bulletin boards.
  • x) to gather aggregate information on website use and to provide services to the public of a general or specific nature, paid or unpaid.
• The use of Personal Information collected through our Services shall be limited to the purpose of providing the Services for which you have subscribed or requested.
• (h) Personalizing your Experience on the Services. We attempt to personalize your experience on the Services by tracking shift requests, shift exchange requests, and other content you may have sent or received. From time to time, we may send you surveys or solicit your feedback. We use surveys to gauge user interest in products and premiums we may offer, as well as to try and enhance your experience with the Services, by creating additional products or services, or optimizing those Services that already exist. We will ask for your feedback on many site and Services features. We may also use your Personal Information, with your explicit consent, to alert you to offers and products which you may be interested in.
• (i) Information Gathered from Members. If you elect to contact us, setup a free trial, or purchase a product on an AppColony owned website, such as MakeShift, you will be required to provide us with certain Personal Information, including your name, e-mail address, credit card number, expiration date, and billing address (this required information is subject to change from time to time). There may also be opportunities for you to provide us with additional information regarding your preferences and interests. This additional information, however, is not required and is completely optional on your part. Additional data may be collected from you based on certain services you elect to utilize. By obtaining this information, we can provide our users with specific content and advertising in which they might be interested. None of this information is required to use our Services or to become a user; however, the omission of certain types of data will limit the value or functionality of your use of these features.

Cookies and Other Similar Technologies

We, and third parties, including our partners, affiliates, tracking utility company, and services providers, may use cookies. Cookies are pieces of information or data sent to your browser from a web server and stored on your computer’s hard drive for record-keeping purposes. Cookies tell our computer that you have visited before and help to make your visit more personalized, so you do not have to re-enter information on a return visit. Cookies also allow us to count the number of unique and return visitors who use our Website. We do not tie the information gathered to your Personal Information.

We, and third parties, including our partners, affiliates, tracking utility company, and services providers, may also use web beacons/pixel tags, log files, local shared objects (which may, on the web-coded portions of the Services, include “flash cookies”) barcodes, session ID, persistent cookies, and other technologies to collect certain information about users of the Services, interactions with our applications, websites, emails and online advertisements. For example, through these means, we may collect your browser, device type and its operating system, viewed webpages, links that are clicked, IP address, sites visited before coming to our website, emails we send that you open, forward, or click through to our website. Collecting this information, and linking it with your Personal Information, helps us to best tailor the Services and enhance your experience by saving your preferences while you are using the Services, and to help identify site features that may be of particular interest to you. The use of cookies by third parties including our partners, affiliates, tracking utility company, services providers, is not covered by our Policy.

If you prefer, you can reset your browser to notify you when you have received a cookie or, alternatively, disable some cookies and similar technologies through settings on your device or internet browser. Note that the opt-out will apply only to the device or browser that you are using when you elect to opt out. Furthermore, it is important to note that you may not be able to use certain features like checking out (and participation in certain offerings) on our Services if you choose not to accept cookies. Cookies can also enable us to track and target the interests of our users to enhance the experience with our Services.

Sharing and Third Parties

We may share your Personal Information or portions of your Personal Information with third parties in accordance with law or with this Policy. We do not sell your Personal Information to third parties.

We may share your Personal Information with third parties in the following ways:

• (a) Business Transactions. In the event that AppColony, its units or subsidiaries are ever sold, acquired, merged, liquidates, reorganized, or otherwise transferred, we reserve the right to transfer our user databases together with any Personal Information contained therein, to a third party acquiring AppColony assets. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
• (b) De-Identified Data. We may share aggregated, anonymous information that includes or is based on information about you with third parties. This is information that is combined with the information of other users, in summary form that does not identify you and is not Personal Information.
• (c) Use of De-Identified Data. Aggregated, anonymous information collected through the Services may be used and disclosed to improve the performance, functionality and content of the Services.
• (d) Supplementing Aggregate Information. We may supplement aggregate information collected from the Services with similar information obtained from companies with whom we have marketing or other business relationships and other third party sources. If aggregate information is ever linked with your Personal Information, such information will be treated as Personal Information for the purposes of this Privacy Policy as long as it is linked.
• (e) External Links. The Services may contain links to unaffiliated third party websites. Except as discussed in this Policy and with your consent, we do not share your Personal Information with them, and are not responsible for their privacy practices. Any information submitted by you to such a third party is subject to that third party’s privacy policy. Please review the privacy policies on these linked sites before sharing your Personal Information with third parties.
• (f) Facilitating Your Sharing. The Services may provide you with the opportunity to share your MakeShift profile through social media services like Facebook and Twitter. Note that the Personal Information you share on those platforms will be governed by the terms of use and privacy policies of those social media services, and we have no control over those.
• (g) Legal Process, Investigations and Emergencies. If permitted by law, we may collect, use or disclose your Personal Information. Under Alberta law, we are permitted to collect, use or disclose your Personal Information without your consent or knowledge under certain circumstances, which include:
  • the collection, use or disclosure is clearly in the interests of the individual and consent cannot be obtained in a timely way;
  • collection, use, or disclosure is reasonable for the purposes of an investigation or proceeding;
  • the Personal Information is available to the public from a prescribed source; or
  • the collection, use, or disclosure is required or authorized by a statute or regulation of Alberta or Canada.
• (h) Our Corporate Family. We may share Personal Information with our parent, subsidiaries, joint ventures and other organizations under common control of MakeShift.
  • (i) Our Service Providers, Sub-Processors/Onward Transfer. We may provide your Personal Information to companies that provide services to help us with our business activities such as data hosting providers or offering you customer service. These companies are authorized to use your Personal Information only as necessary to provide these services to us, and in a manner consistent with this Policy.

Account Data and Account Termination

AppColony will retain Personal Information only as long as necessary for the fulfillment of the purpose for which it was disclosed and for a reasonable time thereafter or for so long as we are required to maintain such information by applicable law.

If you wish to subscribe to our newsletters, we will use your name and email address to send the newsletter to you. Out of respect for your privacy, you may choose to stop receiving our newsletter or marketing emails by following the inscribe instructions included in these emails or you can contact us at support@makeshift.ca. To opt out of push notifications, please edit settings at the device level. All decisions we make involving Personal Information are based on accurate, complete and up-to-date information. We rely on you, however, to disclose all material information and to inform us of any relevant changes or corrections as they may relate to you.

If your Personal Information changes, you may correct, update, or delete it by making your changes on the member information page of your online account or you may request that we make the changes by email to us at support@makeshift.ca. We encourage you to contact us as soon as possible, and we will make the appropriate reasonable corrections or amendments, upon receipt of appropriate evidence justifying the corrections or amendments. We will retain Personal Information only as long as is reasonably required for the purposes we describe and as is required under law. Where you wish to access a "right to be forgotten", and you have such right under applicable law, you may do so by deletion of your Personal Information by your own actions, or by asking us to make the deletions, in which case we will do so where legally required.

We will either securely destroy your Personal Information when it is no longer needed or required to be kept for reasonable legal or business purposes, or we may remove your personally identifiable information to render remaining the remaining information anonymous.

Data Security

When you place orders for purchased products or access your payment information, we use an advanced encryption technology known as Secure Socket Layer (“SSL”) to protect the storage and transfer of your data from unauthorized parties. While on a secure page, such as our registration form, a lock or key icon appears on the bottom of your web browser. In addition to our online security efforts, we take reasonable steps to protect your personal data online.

We follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and once we receive it. All of your information, not just the sensitive information mentioned above, is restricted in our offices. Our main servers are operated from a dedicated internet hosting facility with state-of-the-art physical security features, including smoke detection and fire suppression systems, motion sensors, and 24/7 secured access, as well as video camera surveillance and security breach alarms. It is important to note, however, that no method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about the security of our websites, you can send an email to support@makeshift.ca.

Privacy of Website Information

This policy applies to all aspects of our Services, including your personalized messages, attached photos or graphics, or other personal content. We do not monitor or edit the contents of the online messages or information you send. On occasion, however, we may need to view your messages in connection with the maintenance of our network.

Outsourcing and Data Hosting Outside of Canada

We may use third party service providers to process or deal with records, documents, data and information on our behalf, and such records, documents, data and information may include Personal Information. In order to protect the confidentiality and security of Personal Information processed on our behalf by our service providers, we will use contractual and similar measures with such service providers, including contractual non-disclosure provisions.

We may use cloud computing third party service providers, and those providers may be either in or outside Canada, and the data housed, hosted and processed by such providers may reside in or outside of Canada, and may include Personal Information. Where consent or notification is legally required, it is our policy to notify individuals about such service providers outside of Canada, and such notification will include the way in which the individual may obtain access to written information about our policies and practices with respect to service providers outside of Canada and the name or tile of a person who can answer any questions about the collection, use, disclosure or storage of Personal Information by any service providers outside Canada.

Security

We recognize our legal obligations to protect the Personal Information we have in our custody or control. We have therefore made arrangements to secure against unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction of Personal Information. These arrangements may include physical security measures, network security measures, and organizational measures such as non-disclosure agreements and need-to-know access. The categories of individuals with access to Personal Information are senior personnel who are under obligations of confidentiality with respect to Personal Information.

When you place orders for purchased products or access your payment information, we use an advanced encryption technology known as Secure Socket Layer (“SSL”) to protect the storage and transfer of your data from unauthorized parties. While on a secure page, such as our registration form, a lock or key icon appears on the bottom of your web browser. In addition to our online security efforts, we take reasonable steps to protect your personal data online.

Notification of Loss or Unauthorized Access or Disclosure

Where an incident occurs involving the loss of or unauthorized access to or disclosure of Personal Information under our control, where a reasonable person would consider that there exists a real risk of significant harm to an individual as a result of the loss or unauthorized access or disclosure, we will, without unreasonable delay, provide notice to the Information and Privacy Commissioner of Alberta of the incident, including any information required by law at the time to be provided to the Commissioner. While Alberta law provides that the Commissioner has the authority to require us to notify individuals of the unauthorized access or disclosure, we may elect to immediately do so in the event we consider it reasonable in the circumstances. Where any incident affects residents of the European Union, our policy is to notify affected individuals where possible within 72 hours of your becoming aware of the incident.

Requests for Access

Alberta law permits individuals to submit written requests to us to provide them with:

• access to their Personal Information under our custody or control;
• information about the purposes for which their Personal Information under our custody or control has been and is being used; and
• the names of organizations or persons to whom and the circumstances in which Personal Information has been and is being disclosed by us.

Requests for access are subject to the following:

• Any requests must be in writing.
• In order to receive a response to such a request, the individual must provide us with sufficient information to locate their record, if any, and to respond to them.
• We will respond to requests in the time allowed by Alberta law, which is generally 30 days.
• We will make a reasonable effort to assist applicants and to respond as accurately and completely as reasonably possible.
• All requests may be subject to any fees and disbursements the law permits us to charge.
• Where appropriate to do so, we may require advance payment of a deposit or the entire costs of responding to a request for access to Personal Information.

Please note that an individual’s ability to access his or her Personal Information under our control is not an absolute right. Alberta law provides that we must not disclose Personal Information where:

• the disclosure could reasonably be expected to threaten the safety or physical or mental health of an individual other than the individual who made the request;
• the disclosure would reveal Personal Information about another individual; or
• the disclosure would reveal the identity of an individual who has in confidence provided us with an opinion about another individual and the individual providing the opinion does not consent to the disclosure of his or her identity.

Alberta law also provides that we may choose not to disclose Personal Information where:

• the Personal Information is protected by any legal privilege;
• the disclosure of the information would reveal confidential commercial information and it is not unreasonable to withhold that information;
• the Personal Information was collected by us for an investigation or legal proceeding;
• the disclosure of the Personal Information might result in similar information no longer being provided to us when it is reasonable that it would be provided;
• the Personal Information was collected or created by a mediator or arbitrator in the conduct of a mediation or arbitration for which he or she was appointed to act
  • under an agreement,
  • under an enactment, or
  • by a court; or
• the Personal Information relates to or may be used in the exercise of prosecutorial discretion.

Responses to Requests

Our responses to requests for access to Personal Information will be in writing, and will confirm:

• whether we are providing all or part of the requested information,
• whether or not we are allowing access or providing copies, and,
• if access is being provided, when and how that will be given.

If access to information or copies are refused by us, we will provide written reasons for such refusal and the section of PIPA (the Personal Information Protection Act, Alberta) on which that refusal is based. We will also provide the name of an individual who can answer questions about the refusal, and particulars of how the requesting individual can ask the Information and Privacy Commissioner of Alberta to review our decision. In order to receive a response to such a request, the individual must provide us with sufficient information to locate their record, if any, and to respond to them.

Requests for Correction

Alberta law permits individuals to submit written requests to us to correct errors or omissions in their Personal Information that is in our custody or control. If an individual alleges errors or omissions in the Personal Information in our custody or control, we will either:

• correct the Personal Information and, if reasonable to do so, and if not contrary to law, send correction notifications to any other organizations to whom we disclosed the incorrect information; or
• decide not to correct the Personal Information but annotate the Personal Information that a correction was requested but not made.

Where you wish to access a "right to be forgotten", and you have such right under applicable law, you may do so by deletion of your Personal Information by your own actions, or by asking us to make the deletions, in which case we will do so where legally required.

Corrections or amendments will rarely, if ever, be made to opinions, including expert or professional opinions, as opposed to factual information, which may be corrected if in error.

Amendment

We may amend this Policy from time to time as required and without notice, in order to better meet our obligations under the law. When an updated version of this policy is implemented, it will be posted on our websites and in the Services, and you will see a date depicting the last update of the Policy at the beginning of the Policy. If there are material changes to this Policy or in how we use your Personal Information, we will prominently post such changes prior to implementing the change. We expect you to periodically review this Policy to be informed of how we are protecting your information. You may review this Policy anytime as it will always be linked to our website or available in the Services.

Information Related to Data Collected through the MakeShift Service

AppColony collects information under the direction of its clients and has no direct relationship with the individuals whose personal data it processes.

Choice

We collect information for our clients, if you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our Services, please contact the client that you interact with directly.

Access to Data Controlled by Our Clients

AppColony has no direct relationship with the individuals whose personal data it processes. An individual who seeks access or who seeks to correct, amend, or delete inaccurate data should direct his query to the AppColony client, the data controller. If the client requests AppColony to remove the data, we will respond to their request within 30 days.

Use Common Sense in All Your Online Activities

Even the best Privacy Policy cannot protect your online privacy and security in all circumstances. Unscrupulous advertisers, hackers, and scam artists are constantly searching the internet looking for new targets. Your best protection is to understand the limits to the privacy on the internet and use common sense in all your online activities.

Be aware that email is an inherently insecure form of communication. Remember that third parties are sometimes able to illegally intercept your unencrypted message, including online greetings.

Anytime you visit a chat room or post a message to an online bulletin board, your email address can be accessed by advertisers looking to compile lists for unsolicited commercial email (also known as spam). Be sure that you only disclose your email address in circumstances in which it is safe to do so. You should also be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your Personal Information from our blog or community forum, contact us at support@makeshift.ca. In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why. Beware of scams in which persons unknown to you request your screen name, password, or credit card information. Make sure you verify the identity of anyone asking for Personal Information.

Contact Us

If you have any questions about this Policy, or if you wish to exercise your rights to access your Personal Information, or to change or correct your information or have it deleted, you can contact MakeShift customer service at:

MakeShift Privacy Officer

MakeShift
P.O. Box 1118, Station M
Calgary, Alberta, Canada
T2P 2K9

Email: support@makeshift.ca
Phone: 1-587-390-2060
Fax: 1-587-390-0098