Privacy policy

Effective Date: May 25, 2018

Last Modified: September 22, 2023

Company Identification

Dracal Technologies Inc. (“we” or “our”) is responsible for managing the website https://www.dracal.com (the “Service” or the “Site”).

This page aims to inform you about our policies regarding the collection, use, and disclosure of personal information in connection with your use of the Service, as well as the choices you have regarding this information.

Definitions

Cookies

Cookies are the equivalent of small text files stored on your device (computer or mobile).

Data Controller

The data controller refers to the natural or legal person who, alone or with others, determines the purposes and means of processing any personal data.

Within the scope of this Policy, we are the Data Controller.

Personal Data

Personal data refers to information related to an identified or identifiable natural person (directly or through additional information in our possession or likely to come into our possession).

Usage Data

Usage data consists of data generated automatically by the Service or its infrastructure (e.g., page visit time).

Employee

Any person who works for Dracal Technologies Inc., whether paid or unpaid (volunteers, interns).

Report Form

The form is made available to all Employees or Users of the Service to inform the person responsible for personal information.

Privacy Incident

Any unauthorized access by law to personal information, its use, or disclosure, as well as its loss or any other form of breach of its protection.

Data Subject (or User)

A data subject refers to any living person using our Service.

Service Provider (or Service Provider)

A service provider is any natural or legal person who processes information at the request of the data controller. We may engage multiple service providers to process your information more efficiently.

Privacy Incident Register

All information recorded on reported incidents concerning the circumstances of the incident, the number of people affected, the assessment of the seriousness of the risk of harm, and the measures taken in response to the incident. Relevant dates are also included: the occurrence of the incident, detection by the company, notifications sent (if applicable), etc.

Serious Risk of Harm

The risk assessed following a privacy incident that could harm the data subjects. This risk is analyzed by the person responsible for personal information. For any privacy incident, the responsible person assesses the seriousness of the risk of harm to data subjects by estimating the “sensitivity of the information concerned,” “anticipated consequences of their use,” and “the probability of them being used for harmful purposes.”

Service

The Service is the website https://www.dracal.com, managed by Dracal Technologies Inc.

Collection and Use of Personal Data

Personal Data

During your visit to this site, we will track:

  • Products you have viewed: we will use this, for example, to show you products you have recently viewed.
  • Location, IP address, and browser type: we will use this for purposes such as estimating taxes and shipping costs.
  • Shipping address: we will ask you to enter this so we can, for example, estimate shipping costs before you place an order, and send you the order!

We will also use cookies to track the contents of your shopping cart while you browse this site.

When you make a purchase from us, we will ask you to provide information such as your name, billing address, shipping address, email address, phone number, credit card/payment details, and optional account information such as username and password. We will use this information for purposes such as:

  • Sending you information about your account and order
  • Responding to your inquiries, including refunds and claims
  • Processing payments and preventing fraud
  • Setting up your account for our store
  • Complying with all legal obligations we have, such as calculating taxes
  • Improving our in-store offerings
  • Sending you marketing messages, if you choose to receive them

If you create an account, we will save your name, address, email address, and phone number, which will be used to automatically fill in payment fields for your future orders.

Usage Data

We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s IP address, browser type and version, pages of the Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic information.

Who on our team has access to this information

Certain specific and authorized members of our team have access to the information you provide us. For example, administrators and store managers have access to:

  • Order information, such as what was purchased, when it was purchased, and where it should be shipped to, as well as
  • Customer information, such as your name, email address, as well as your billing and shipping information.

Members of our sales team have access to this information to assist you in processing orders, issuing refunds, and providing support.

Use of Data

Dracal Technologies Inc. uses the collected data for various purposes:

  • To notify you of changes in the status (received, shipped, etc.) of your order
  • To provide after-sales service and technical assistance
  • To provide and maintain our Service
  • To contact you in case of Service-related changes
  • To obtain insights or other vital information to improve the Service
  • To monitor the use of our Service
  • To detect, prevent, and address technical issues

Contact Us Form

If you use the “Contact Us” form on this website, you share with us your first name, last name, and email address. We store and protect your personal data following the same standard as if it had been acquired through any other means.

Cookies

We use cookies and similar technologies to track Service activity and retain certain information.

When you visit the “My Account” page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we also set up several cookies to save your login information and display preferences. Login cookies last for two days, and screen option cookies last for one year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, login cookies will be removed.

Cookies are sent to your browser from a website and stored on your device. Other tracking technologies, such as beacons, tags, and scripts, may also be used to collect data for the purpose of analyzing and improving the Service.

You can configure your browser to refuse all cookies or to alert you when a cookie is being sent. However, if you do not accept cookies, you may not be able to access certain portions of the Service, including the shopping cart.

We use “Session Cookies” to remember cart content while you visit other pages of the Service and allow you to return to continue shopping later.

Embedded Content from Other Websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with this embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to this website.

Analytics

We collect usage data through Google Analytics and Hotjar. This data is anonymous and is used for statistical purposes only.

Data Sharing

Service Providers

We may engage intermediary service providers to provide the Service, in whole or in part, or to analyze the use of our Service.

These service providers have access only to the data necessary to perform the tasks we entrust to them and are not authorized to use this data for other purposes.

Payment Methods

We use the services of a payment processing provider. Our payment processing provider is: Stripe

We do not collect or store any information about payment cards. This information is collected directly by the payment processing provider, which will handle this information in accordance with its own privacy policy. This provider adheres to the PCI-DSS standards adopted by the PCI Security Standards Council, a consortium of brands such as Visa, Mastercard, American Express, and Discover. The requirements of the PCI-DSS standard help ensure the protection of payment card information.

Data Retention

We typically retain your information for as long as it is necessary for the purposes for which we collect and use it, and we are not legally required to retain it. For example, we will keep order information for seven (7) years for tax and accounting purposes. This includes your name, email address, as well as billing and shipping addresses.

For users who create an account, we also retain the personal information they provide in their user profile. All users can view, modify, or delete their personal information at any time (except for their username). Website administrators can also view and modify this information.

Dracal Technologies Inc. retains your personal data for as long as necessary for the purposes outlined in this policy. We retain and use your personal data to fulfill our legal obligations (for example, to comply with applicable laws), resolve disputes, and enforce our policies and legal agreements.

Dracal Technologies Inc. also retains usage data for internal analysis purposes. Usage data is typically retained for a shorter period unless it is used to secure or enhance the functionality of our Service, or if we have a legal obligation to retain it for a longer period.

Your Rights Regarding Your Data

If you have an account on this site, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include data we are obligated to keep for administrative, legal, or security purposes.

Your data protection rights are governed by the General Data Protection Regulation (GDPR), the Private Sector Privacy Act, and the Act Modernizing Legislative Provisions Concerning the Protection of Personal Information (Act 25).

Dracal Technologies Inc. aims to allow you to correct, amend, delete, or limit the use of your personal data.

If you would like to obtain a copy of the information we hold about you or request its removal from our systems, please contact us.

Depending on the circumstances, you have the following rights:

  • Right of access and rectification. Where possible, you can access, modify, or request the erasure of your personal data. You can contact us to make such a request.
  • Right to rectification. You have the right to have your information corrected if it is incomplete or inaccurate.
  • Right to object. You have the right to object to the processing of your personal data.
  • Right to restrict processing. You have the right to request the restriction of the processing of your personal information.
  • Right to data portability. You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format.
  • Right to withdraw your consent. You have the right to withdraw your consent to the processing at any time after initially giving it.

Please note that we may ask you to confirm your identity before responding to such requests.

You have the right to lodge a complaint with a supervisory authority. Refer to your local supervisory authority for guidance.

Do Not Track Header

We do not support the Do Not Track (DNT) signal. Do Not Track is an option that can be configured in your browser to inform websites that you do not want to be tracked.

Transfer and Storage of Your Data on Servers

Data Transfer

Your information, including personal data, may be transferred to and stored on servers located outside of your province, state, country, or other governmental authority, where data protection laws may differ from those in your jurisdiction.

If you consent to sharing personal data with us, please note that it may be transferred and processed in Canada and the United States.

By sharing your personal data with us after consenting to this policy, you also consent to such transfer.

Dracal Technologies Inc. takes all necessary measures to ensure secure processing in accordance with this policy. No transfer takes place without the necessary data security precautions.

Hotjar

Your usage data only may be sent to Hotjar for internal review purposes.

Hotjar is used by the Service to enhance user experience on this website. The tool records interactions and uses usage data to analyze user behaviour.

Please refer to Hotjar’s privacy policy for more details.

Note: Hotjar respects the “Do Not Track” header.

HubSpot

We use your email address to send order-related data via HubSpot.

HubSpot is a marketing and sales platform that helps businesses attract visitors, convert leads, and close sales.

Please refer to HubSpot’s data privacy policy for more details.

Brevo

We use your email address to send your personal data (Name, First Name, and email address) to Brevo for marketing communication purposes.

You can unsubscribe from these communications at any time, but unless you make a specific request, your data will remain on Brevo’s servers.

Please refer to Brevo’s privacy policy for more details.

Google Servers

Your personal data and usage data are stored on Google servers for communication and statistical analysis purposes.

Please consult Google’s privacy policy for more details.

ClickShip

Your personal data is transferred to ClickShip, an application of Freightcom Inc. that facilitates the management of order shipments.

Please refer to Freightcom’s privacy policy for more details.

If you wish to learn about the privacy policies of the carriers we work with, please see the links below:

  • UPS. Their privacy policy can be found here.
  • FedEx. Their privacy policy can be found here.
  • Purolator. Their privacy policy can be found here.
  • DHL. Their privacy policy can be found here.

Data Protection

We take the security of your personal data seriously, but please be aware that no method of transmission over the Internet or data storage is 100% secure. While we make every commercially reasonable effort to protect your data, we cannot guarantee absolute security.

Procedures in the Event of a Privacy Incident

The procedures are detailed in Appendices B and C of this policy. In brief, an incident of privacy breach should be reported via the privacy incident report form. This report will be recorded in a registry. Subsequently, the responsible individual will assess the potential harms as per Appendix D and decide whether or not to notify the Information Access Commission (in the case of an incident affecting a Quebec User), depending on the risk of serious harm. The affected individual(s) will be promptly contacted.

Data Disclosure

Business Transactions

If Dracal Technologies Inc. is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will communicate with you before your personal data is transferred and subjected to a different privacy policy.

Disclosure Required by Law

In certain circumstances, Dracal Technologies Inc. may be required to disclose your personal data to comply with a law or in response to a valid request from a public authority (e.g., a court or government agency order).

Legal Obligation

Dracal Technologies Inc. may disclose your personal data in good faith if it is necessary to:

  • Comply with a legal obligation
  • Protect the rights and property of Dracal Technologies
  • Prevent or investigate misuse related to the Service
  • Protect the safety of Service users or the public
  • Protect against legal liability

Additional Information

Processing under the General Data Protection Regulation (GDPR)

The processing of personal data by Dracal Technologies is lawful and fair because:

  • The processing is necessary for the performance of a contract
  • The individual has consented to the processing
  • The processing is necessary for the legitimate (and private) interests pursued by the data controller or by a third party.
  • The processing is necessary for compliance with a legal obligation

Links to External Websites

This site may contain links to external websites that we do not operate. If you click on a link to a third-party site, you will be directed to that third-party site. We strongly advise you to review the privacy policy of each site you visit.

We have no control over third-party websites and services and assume no responsibility for their content, privacy policies, or practices.

Changes to this Policy

We may update our privacy policy at any time. We will notify you of these changes by posting them on this page.

If we make significant changes, we will notify you by email or by a notice on the homepage of this site.

We recommend checking this policy regularly to stay informed of any changes. Changes take effect from the time they are posted.

Children’s Privacy

This site is not intended for individuals under the age of 18 (“Children”).

We do not knowingly collect personal information from minors. If you are a parent or guardian and are aware that your child has provided us with personal data, please contact us. If we discover that we have collected data from a child without parental consent, we will remove that data from our servers.

Contact

For any questions or requests related to this privacy policy, please contact us:

  • By email: info@dracal.com
  • Responsible person: Ariane Garon, President and CEO of Dracal Technologies Inc.