Privacy Policy

1. Introduction

Welcome to Arancia’s Privacy Policy. At Arancia, we value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, and safeguard your personal data in accordance with the General Data Protection Regulation (GDPR), Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant privacy laws and regulations.

2. Information We Collect

We collect various types of personal information to provide and improve our services, including:

  • Personal Identification Information: Name, email address, phone number, and other contact details.
  • Transaction Information: Details about purchases, services, and other transactions you conduct with us.
  • Technical Information: IP address, browser type, operating system, and other technical data collected through cookies and similar technologies.
  • Usage Data: Information about how you use our website and services.

3. How We Use Your Information

We use your personal information for the following purposes:

  • To Provide and Improve Services: To fulfill your requests, process transactions, and enhance your user experience.
  • To Communicate with You: To send updates, newsletters, and other information related to our products and services.
  • For Marketing Purposes: To offer personalized content and promotions based on your preferences and usage patterns.
  • For Compliance and Legal Obligations: To comply with legal requirements and protect our rights and interests.

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you have given us explicit consent to process your personal data.
  • Contract: To fulfill our contractual obligations to you.
  • Legal Obligation: To comply with legal requirements.
  • Legitimate Interests: For our legitimate business interests, provided that these do not override your rights and freedoms.

5. Data Subject Rights

Under GDPR and PIPEDA, you have the following rights regarding your personal data:

  • Access: You have the right to request access to your personal data.
  • Rectification: You can request correction of inaccurate or incomplete data.
  • Erasure: You may request the deletion of your personal data under certain conditions.
  • Restriction of Processing: You can request to restrict the processing of your data.
  • Data Portability: You have the right to receive your data in a structured, commonly used format.
  • Objection to Processing: You can object to the processing of your personal data based on legitimate interests.

6. How to Exercise Your Rights

To exercise your data subject rights, please contact us at inquiries@arancia.ca. We will respond to your request within the timeframe specified by applicable laws.

7. Complaints

If you believe your rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority. For GDPR-related complaints, you may contact your local Data Protection Authority. For PIPEDA-related complaints, you can contact the Office of the Privacy Commissioner of Canada.

8. Data Protection Impact Assessments (DPIAs)

We conduct Data Protection Impact Assessments (DPIAs) as required by GDPR. DPIAs are carried out when initiating new processing activities that may impact the privacy of individuals. We assess the risks and implement appropriate measures to mitigate them.

9. International Data Transfers

If we transfer your personal data outside of your country, we use appropriate legal mechanisms to ensure the data is protected, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).

10. Data Retention and Deletion

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. When no longer needed, data is securely deleted or anonymized.

11. Incident Response and Breach Notification

In the event of a data breach, we will notify affected parties, Data Controllers, and relevant regulators within 72 hours of becoming aware of the breach, in compliance with GDPR and PIPEDA requirements.

12. Third-Party Contracts

We ensure that our contracts with third parties include data protection clauses to comply with GDPR and PIPEDA. Third parties are only allowed to process personal data for the purposes specified in the contract and are required to implement appropriate security measures.

13. Employee Training and Awareness

Our employees and contractors receive ongoing training on data privacy and security to ensure they understand and comply with our policies and relevant regulations.

14. Data Protection Officer (DPO)

If you have any questions or concerns about data protection, please contact our Data Protection Officer (DPO), Pravine Balkaran, at pravine@arancia.ca. The DPO is responsible for overseeing our data privacy practices and addressing your queries.

15. Documentation and Records

We document all policies, procedures, and data processing activities. These documents are regularly reviewed and updated to reflect changes in laws or practices.

16. Consumer Requests

We offer various methods for submitting consumer requests, including email and web forms. Requests are verified using reasonable methods to prevent fraud.

17. Enforcement and Review

This policy is reviewed periodically to ensure continued compliance with evolving regulations and standards. Any violations are addressed, and disciplinary actions may be taken as necessary.

18. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website, and the effective date will be updated accordingly. Please review this policy periodically for any updates.

19. Contact Us

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us at:

Email: inquiries@arancia.ca