Data Controller Information:
- Aliro is the data controller of your personal information.
- Our contact information is as follows:
Aliro Technologies Inc. #201 – 888 Arthur Erickson Pl, West Vancouver, BC V7T 0B1.
2. Data Collection
2.1 Types of Personal Data Collected:
Our Platform collects the following non-exhaustive list of types of personal data from our users:
- Contact information, such as name, email address, postal address, and phone number.
- Payment information, such as credit/debit card numbers and billing information.
- Visa information, such as languages spoken, career industries, and schooling subjects.
- Account login information, such as username and password.
- Profile information, such as job title, industry, and location.
- Service-related information, such as service requests and other information submitted through our Platform.
2.2 Data Collection Methods:
We collect personal data from the following sources:
- Directly from users when they create an account, submit a service request, or provide information through our marketplace.
- From third-party sources, such as payment processors, for verification purposes.
2.3 Legal Basis for Collection:
We collect personal data from users on the following legal bases:
- To perform a contract with the user, such as when they use our marketplace to request services.
- To comply with legal obligations, such as anti-money laundering, data privacy, and tax reporting requirements.
- To pursue our legitimate interests, such as improving our Platform and preventing fraud.
2.4 Purpose of Collection:
We collect personal data for the following purposes:
- To provide and manage our Services.
- To process payments and prevent fraud.
- To communicate with users, such as responding to service requests and providing updates.
- To comply with legal obligations.
- To provide targeted advertising to you, such as with immigration service providers.
- For internal statistical, marketing or operational purposes, including without limitation generating sales reports and measuring and understanding demographic, user interest, purchasing and other trends among our customers.
- To improve and personalize our marketplace, Platform and related Services.
2.5 Data Retention: We will retain personal data for as long as necessary to fulfill the purposes outlined in section 2.4, unless a longer retention period is required or permitted by law. Upon written request to our Data Privacy Officer, we will delete or anonymize a user’s personal data within a reasonable amount of time, unless we are required to retain it for legal or compliance purposes.
After it is no longer necessary for us to retain your Personal Information, we dispose of it in a secure manner according to our data retention and deletion policies. We are not responsible for any liability or loss you experience as a result of our disposal of Personal Information.
3. Data Usage
3.1 Purpose of Processing Personal Data
- The purpose of collecting and processing personal data from the users of our Platform is to provide them with a personalized and efficient service. This includes creating user accounts, managing payment and billing, providing support and customer service, and improving the services offered by the marketplace.
- Personal data may also be used for internal analysis, research, and marketing purposes, and to comply with legal and regulatory requirements.
3.2 Legal Basis for Processing Personal Data
- The legal basis for processing personal data is based on the user’s consent and the performance of a contract between the user and the marketplace.
- In some cases, processing personal data may be necessary to comply with legal obligations or to protect the vital interests of the user.
3.3 Third-Party Data Sharing
- We may share personal data with third-party service providers who provide essential services such as payment processing, customer support, and marketing. These third-party service providers are bound by strict confidentiality obligations and are only authorized to use the personal data for the specific purpose of providing the service.
- Personal data may also be disclosed to government and law enforcement agencies, as required by law, or in response to a legal request.
- We will not sell, rent, or otherwise share personal data with third parties for commercial purposes without obtaining explicit consent from the user.
4. Data Security
4.1 Technical and Organizational Measures
- The company implements appropriate technical and organizational measures to ensure the security of Personal Data, including but not limited to, encryption of Personal Data, secure servers, and restricted access to Personal Data.
- The company continuously reviews and updates these measures to ensure the security of Personal Data.
4.2 Data Breach Notification
- In the event of a data breach that may result in high risk to the rights and freedoms of data subjects, the company will promptly notify the relevant supervisory authority, as well as affected data subjects, without undue delay.
- The company will provide all relevant information to the supervisory authority, including the nature of the breach, the categories and number of data subjects affected, and the measures taken to address the breach.
5. Data Subject Rights
5.1 Right of Access
- Our Platform provides users with the right to access their personal data.
- Users can request a copy of their personal data at any time.
- The request can be made by contacting our Data Protection Officer or through the designated request form on our website.
5.2 Right to Rectification
- Our Platform provides users with the right to rectify any inaccuracies in their personal data.
- Users can request the rectification of their personal data by contacting our Data Protection Officer or through the designated request form on our website.
- Our Platform will take reasonable steps to ensure that any rectified data is accurate and up-to-date.
5.3 Right to Erasure
- Our Platform provides users with the right to request the erasure of their personal data.
- Users can request the erasure of their personal data by contacting our Data Protection Officer or through the designated request form on our website.
- Our Platform will erase the personal data unless there are legitimate grounds for retaining it.
5.4 Right to Restrict Processing
- Our Platform provides users with the right to request the restriction of processing their personal data.
- Users can request the restriction of processing their personal data by contacting our Data Protection Officer or through the designated request form on our website.
- Our Platform will restrict the processing of personal data unless there are legitimate grounds for continuing the processing.
5.5 Right to Object to Processing
- Our Platform provides users with the right to object to the processing of their personal data.
- Users can object to the processing of their personal data by contacting our Data Protection Officer or through the designated request form on our website.
- Our Platform will stop processing personal data unless there are compelling legitimate grounds for continuing the processing.
5.6 Right to Data Portability
- Our Platform provides users with the right to request the transfer of their personal data to another organization.
- Users can request the transfer of their personal data by contacting our Data Protection Officer or through the designated request form on our website.
- Our Platform will transfer the personal data in a structured, commonly used and machine-readable format.
5.7 Right to Lodge a Complaint with a Supervisory Authority
- Our Platform informs users that they have the right to lodge a complaint with a supervisory authority or the DPO if they believe that their rights under the GDPR have been violated.
- The supervisory authority in the EU is the data protection authority in the member state where the user resides. c. The supervisory authority in the UK is the Information Commissioner’s Office.
6. Data Transfers
- Transfers within the European Union: In accordance with GDPR, personal data will not be transferred outside the European Union unless adequate protection measures are in place.
- Transfers to Third Countries: In the event that personal data is transferred to a third country, the Platform will ensure that the recipient country has an adequate level of protection for personal data in accordance with GDPR. The Platform may also enter into standard contractual clauses with the recipient country to ensure the protection of personal data.
- Transfers within Canada, USA, Australia, England, New Zealand: The Platform may transfer personal data within Canada, the USA, Australia, England, and New Zealand as long as the data protection laws in those countries provide an adequate level of protection for personal data. The Platform will regularly review the data protection laws in these countries to ensure they remain adequate.
7. Children’s Data
This Platform does not knowingly collect or process personal data from children under the age of 13, unless the visa requirements in question need such data in each instance. In instances where the age of the child falls below the age of consent in the respective jurisdiction, we require that a parent or legal guardian provide their consent for the collection and processing of the child’s personal data. If we become aware that personal data from a child under the age of consent has been collected without parental consent, we will take steps to delete the information as soon as possible.
8. Cookies and Other Tracking Technologies
8.2 Types of Cookies: We use the following types of cookies on our website:
- a. Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off. They are typically set only in response to actions made by you, such as setting your privacy preferences, logging in, or filling in forms.
- Performance Cookies: These cookies collect information about how you use our website, such as which pages you visit and if you experience any errors. The information collected is used to improve the functionality of our website.
- Functionality Cookies: These cookies remember your preferences and provide enhanced, more personalized features. For example, they can be used to remember your language preferences and to show you more relevant content.
8.3 Consent to Cookies:
8.4 Third-Party Cookies:
Our online Platform may use third-party cookies for certain functions, such as analytics or advertisements. These cookies are set by a domain other than our own and are subject to the privacy policies of the third party.
8.5 Data Retention:
Cookies and other tracking technologies used by our online Platform will be retained for as long as neecssary for the purpose for which they were collected, in accordance with our data retention policy.
8.6 Changes to This Policy:
9. Contact Information
9.1 Data Protection Officer Contact Information:
9.2 Complaint Resolution:
If you have a complaint about our processing of your personal data, please contact us at the email address provided in section 9.1 and we will do our best to resolve the issue. If you are not satisfied with the response provided, you have the right to lodge a complaint with the relevant supervisory authority, as outlined in section 5.7. The supervisory authority in the European Union is the Information Commissioner’s Office (ICO). Contact information for the ICO can be found on their website at https://ico.org.uk/.
In Canada, the privacy commission for each province or territory enforces privacy laws. Contact information for each of these privacy commissions can be found on their respective websites.
In Australia, the Office of the Australian Information Commissioner (OAIC) enforces privacy laws. Contact information for the OAIC can be found on their website at https://oaic.gov.au/.
In the United States, the Federal Trade Commission (FTC) enforces privacy laws. Contact information for the FTC can be found on their website at https://www.ftc.gov/.
In New Zealand, the Privacy Commissioner enforces privacy laws. Contact information for the Privacy Commissioner can be found on their website at https://privacy.org.nz/.
10. Data Breaches and Notifications
This section outlines the company’s approach to managing data breaches and notifications in accordance with the General Data Protection Regulation (GDPR).
10.2 Data Breach Notification:
The company will notify the relevant supervisory authority and affected individuals without undue delay in the event of a data breach. The notification will include details of the breach, its cause, and the measures taken or proposed to be taken to address the breach.
10.3 Data Breach Assessment and Management:
The company has implemented appropriate technical and organizational measures to prevent data breaches from occurring. In the event of a breach, the company will assess the potential impact on individuals and take appropriate measures to mitigate any adverse effects.
10.4 Record Keeping:
The company will keep records of all data breaches, including details of the breach, its cause, and the measures taken to address it. These records will be kept for a period of two years in accordance with GDPR regulations.
10.5 Cooperation with Supervisory Authorities:
The company will cooperate with supervisory authorities in the investigation and resolution of data breaches, and will take all necessary steps to ensure that the rights of affected individuals are protected.
11. Data Processing Agreement
11.1 Data Processing Agreement (DPA): Our company enters into a Data Processing Agreement (DPA) with all third-party data processors engaged by us to process personal data on our behalf. The DPA sets out the specific responsibilities and obligations of both our company and the data processor with respect to the processing of personal data in accordance with the GDPR.
Our company will maintain a written record of all data processing activities carried out on our behalf, including a description of the categories of data processed, the categories of data subjects, the data protection impact assessments carried out and any transfer of personal data to third countries.
12. Dispute Resolution
12.1 In the event of a dispute arising between you and the Company regarding the processing of your Personal Data, the Company will take all reasonable steps to resolve the dispute.
12.2 If a dispute cannot be resolved through internal means, the Company agrees to submit to the exclusive jurisdiction of the courts of the country in which it is headquartered for resolution.
12.3 You acknowledge and agree that you may only bring claims against the Company in your individual capacity and not as a plaintiff or class member in any purported class or representative proceeding.
12.4 The Company reserves the right to participate in any alternative dispute resolution proceedings that may be available, including without limitation, mediation and arbitration.
12.5 The Company may also seek injunctive or other equitable relief from a court of competent jurisdiction.
Last Updated on 14 March, 2023.
All rights reserved, Aliro Technologies Inc.