Privacy Policy
Latest Update: [August 26th, 2021]
Thank you for using Cigo Tracker!
At Cigo Tracker (“Cigo” or “we”), we understand that you want transparency with respect to how we process your personal data. This Privacy Policy contains information about this, as well as your legal rights.
This Privacy Policy describes how Cigo processes personal data:
- When you use our website https://www.cigotracker.com/ (the “Website”)
- When you use the Cigo Tracker application (the “App”),
- When you use our products and services such as Cigo Pay.
- This Privacy Policy also covers your interactions with us on social media, our communications with you, and our marketing activities.
(together our “Services”).
As a participant of the Digital Advertising Alliance (“DAA”), we adhere to DAA’s interest-based advertising principles by providing you with enhanced notice, transparency and control of our digital marketing practices, as stated at https://youradchoices.com/principles.
In addition, this Policy covers the use of your personal information for interest-based advertising (“IBA”) on our Website. For more information about this topic, please go to Section 5 of this Policy.
If you have any questions, concerns or inquiries regarding the processing of your personal data or this Privacy Policy, do not hesitate to reach out to us. Below you will find the information needed to contact us either by email at [privacy@cigotracker.com] or by mail at:
Cigo Tracker Inc.
Attn: Privacy & Data Governance
9850 rue Saint-Urbain
Montréal, QC H3L 2T2
Canada
1. What do we consider as personal data?
We consider as personal data any information which relates to an identified or identifiable natural person, such as an identification number and location data. We consider that personal data means any information which allows us to identify you directly or indirectly, including “cookies” and other electronic data. A “cookie” is an information that a website puts on your computer’s hard disk so that the website can remember something about you at a later time. In this Privacy Policy, when we refer to “cookies” we include other technologies with similar purposes, such as pixels, tags, beacons. If you are looking for more information on cookies, you can refer to websites such as http://www.cookiecentral.com/ and https://www.allaboutcookies.org/. For more information about what we do with cookies, refer to Section 4 of this Policy.
Depending on where you are located, some of the personal data that we refer to in this Privacy Policy may not be considered personal data under the laws that apply to you.
2. When Does This Privacy Policy Not Apply?
If you click-through to links to third parties’ websites, applications, or services from our Services, this Privacy Policy does not apply to the processing of personal data by these external services. It is always a good idea to read their privacy policies to better understand what they do with your personal data. We do not control how the e-commerces that we work with, our customers, process personal data. If you have questions about how our customers process your personal data, you can refer to their privacy policies.
3. What type of personal data do we collect, and why?
As part of the Services, we collect the personal data described in the table below, which also provides you with information on the purpose of our collection. To comply with European legislation, we are required to identify the legal basis for the collection of personal data in the table below. This legal basis may not be applicable in your jurisdiction.
If we process your personal data based on your consent, you can always withdraw this consent by email at [privacy@cigotracker.com] or through the functionalities that we make available to you.
We collect personal data directly from you. However, we use Stripe as a third-party payment processor and as part of their financial compliance activities, they may obtain personal information about you from third parties, such as date of birth.
Category of Personal Data
Examples
Purposes and examples
of use
Legal basis under the GDPR
Electronic Data
- IP address
- Mobile identifier
- Device type
- Operating system
- Internet browser type
This data is collected automatically through our Services for them to function effectively, to fix bugs or to improve the security of our Services.
Legitimate interests
Usage and Performance Data
- Time spent on the Services
- Pages visited
- Links clicked
- Language preferences
- Pages that led or referred you to the Website
We collect this information for analytics purposes, to help us know more about your use of the Website and to improve it. This information is collected through analytic cookies. Please see our section 4 for more details.
Consent
Identification Data
- Name
- Content of communication
Our Website contains a live chat function to communicate with us. You can also reach us by email and social media accounts which can be used to reach out to us. When you do so, we may ask for identification data such as your first and last names, and we will collect any other information which is included in your inquiry.
Consent
Cigo Application-Deliveries
If you are fulfilling a delivery for an e-commerce via Cigo, you may be asked for permissions on your mobile device:
- Location
- Camera permission
- Microphone permission
If you allow Cigo to use your location, then this allows Cigo, the consumer, and the e-commerce to track your position when you are logged in.
We ask for these permission in order to allow consumers to track their delivery, and to allow you to take pictures of the deliveries to confirm completion and condition of the delivery.
Consent
Application-Operations
If you use the Cigo for your e-commerce operations, then you are asked to create an account. When you create this account, we ask for login credentials:
· First name
- Password
- Employee id (optional)
We collect this information to allow you to create an operator account and to login with us.
Consent
Cigo Application-consumers
If you us the Application to track your order, you will be asked for:
- First and last name
- Address
- Access code
- Phone number
- Mail address
If you are a consumer of an e-commerce with which Cigo works, you can track your order through the Cigo Application. In order to allow you to track you order, we need to collect your access code and phone number so we can send track your delivery.
The e-commerce for which we complete the delivery also provides us with information about you, notably your name and address so that we can deliver your package. Depending on the notification options they have chosen, they may also provide us with a cellphone number and email address for us to send you email or sms notifications.
Consent
Demo Form
If you fill out the demo form on our Website, you will be asked to provide the following information:
- First and last name
- Company
- Role in company
- Phone number
- Email address
- Country
- Content of communications
If you would like to get a demo of Cigo, we ask that you fill our the demo form on our Website. When you do so, we will ask that you share specific information about you.
Consent
Marketing Data
- Consent
- Email address
If you accept to receive our newsletter or marketing communications, we will ask for your opt-in consent and email address.
Please note that you can optout from receiving our marketing communications. You can do so by clicking the “unsubscribe” link at the bottom of the emails you receive from us. You can also contact us directly to do so.
Consent
Identification and Payment Data-Cigo Pay
If you use the service Cigo Pay, we may collect:
Profile information (operators):
- Name
- Picture
Billing Information:
- Full Name
- Email address
- Phone number
- Address Information
- Credit/Debit Information:
- Brand (VISA, Mastercard, etc.)
- Last 4 digits
- Expiry date
- Timezone
- IP Address
- Device information
If you use Cigo Pay to make e-transfer payments we collect these categories of information to enable payments.
Stripe also uses personal information to conduct fraud monitoring, prevention and financial compliance activities.
If you sign up to Cigo Pay as an operator, you are asked to provide information to set up your profile, including a picture so that customers can identify you in the tipping process.
Performance of the Agreement
Legitimate interests and compliance with applicable laws
Employment Data
If you apply to work at Cigo through our Website, you will be asked to provide:
· Identification information
· Background information about your career and education
· Resume and cover letter
From time to time, we have job openings that may be tempting to you! If you decide to apply, we will ask for identification information and background information about your career.
Consent
Social Media Data
Publicly available information on your social media profiles and other personal pages, such as Instagram, Facebook and LinkedIn.
If you follow us or interact with us on social media, we may process your personal data in order to exchange with you and respond to your inquiries.
Legitimate Interests
Consent (for direct messages)
4. How do we use cookies?
We use essential, functional and analytics cookies, which are necessary to provide the functionalities within our Services, and advertising cookies on our Website.
Type of cookie
Description
Essential
Essential cookies are necessary to operate the core functions of our Services. These include login cookies, session ID cookies, language cookies as well as security cookies. We collect essential cookies based on legitimate interest.
Functional
Functional cookies are used to provide you with some functionalities and to remember preferences, consents and configurations. . We collect essential cookies based on consent.
Analytics
Analytics cookies are used to generate aggregated statistical data about traffic and behavior of users when using our Services. We collect essential cookies based on legitimate interest.
Advertising
These cookies are used to deliver advertising more relevant to you and your interests. They are also used to limit the number of times you see an ad as well as to help measure the effectiveness of a campaign. We use LinkedIn, Facebook and Bing Cookies cookies to deliver more relevant advertising to you.
We collect essential cookies based on legitimate interest.
To learn more about retargeting, you can consult:
LinkedIn: https://business.linkedin.com/fr-fr/marketing-solutions/ad-targeting/retargeting.
Facebook: https://www.facebook.com/policies/cookies`.
Microsoft Bing: https://about.ads.microsoft.com/en-gb/resources/policies/microsoft-advertising-privacy-policy.
5. Do you conduct interest-based advertising?
We conduct interest-based advertising, also referred to as targeted advertising or behavioural advertising on our Website. Retargeting means that the ads that you are being served are personalized based on your behaviour when browsing online. This is enabled through cookies and requires the processing of electronic data that is considered personal information under certain laws.
If you are not comfortable with this, you can opt out of interest-based advertising by managing your cookies and other tracking technologies. Please see Section 6 of the Privacy Policy for an explanation of how to do this.
6. How can I manage my cookie preferences?
Browsers and devices have tools that allow you to control cookies; you can block them, ensure that you are notified when you are subject to cookies and control the cookies already stored on your device. However, if you block all of the cookies, you may not be able to access all the functionalities of the Services.
You can also use WebChoices which is a browser-based tool for opting out of interest-based advertising. AdChoices provides additional solutions and explanations to control block and control cookies, as well as plug-ins to retain opt-out cookie preferences, even if you delete your cookies.
Depending on the browser that you are using, different instructions are applicable. Click on your browser to have more information:
· Google Chrome
· Firefox
· Safari
· Internet Explorer
You can opt out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy.
7. Where do we collect, use and disclose your personal data?
Your personal data may be stored on servers located in a country other than where you reside. We use Amazon Web Services to host personal data in the United States. We also use third party service providers in other countries, and they may process your data in those countries. Those countries may not have the same data protection laws as the country in which you initially provided that information. Before transferring personal data outside the European Economic Area, we ensure that adequate safeguards are in place, such as by entering into agreements with such third parties that incorporate standard contractual clauses.
8. How do we protect your personal data?
We use reasonable organizational, technical, and administrative measures to protect information within our organization. We leverage encryption at rest, in storage, and in transit our databases to safeguard data.
We use service providers that have appropriate security safeguards in place. For instance, we use Amazon Web Services, which maintains several independent verifications of its security, privacy and compliance control including ISO/IEC 27001:2013, 27017:2015, 27018: 2019, 9001:2015. You can review Amazon Web Services’ safeguards here.
We also use Stripe to process payment data. Stripe maintains several security safeguards and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry. You can read more about Stripe’s security policies here.
However, no data transmission or storage system is guaranteed to be 100% secure. You also need to do your part, such as by using secure networks, especially when making a payment.
9. How long do we keep your personal data?
We retain personal information for as long as necessary to provide you with the Services or as required by applicable laws, whichever is longer. We retain personal data within Cigo Pay for a period of one year from the transaction date.
10. With which categories of recipients do we share personal data?
We do not sell your personal data. We disclose your personal data as required to provide you with the Services. Here are the categories of recipients with whom we share personal information:
Category
Explanations
IT Service Providers
We use service providers to provide and host our Services online, as well as to enable other functionalities.
For instance, we use Amazon Web Services to send out transactional emails (including payment receipt), in which case, we provide them with the email address and payment summary. We also use AWS to store files, such as the profile image, Payout details (E-transfer information)
You can consult AWS’ privacy policy here.
Analytics and Performance Providers
We use third-party Service providers to monitor and analyze the use of our Services. Notably, we use Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can consult their privacy policy here.
Social Media Partners
When you interact with our social media accounts, data about you may be shared with the social media providers. When you share our content through the social media handles on our Website, we are joint-controllers with these social media platforms, and they may use your personal data for other purposes, please consult their privacy policies below:
Payment Providers
We use payment providers to allow for payments through Cigo Pay. For instance, we integrate with Stripe to process payments. You can read Stripe’s privacy policy here.
We also share banking information with RBC to allow for online banking e-transfers. You can read their privacy policy here.
Law enforcement and other authorities
We may receive requests from law enforcement or the authorities to access personal data. Whenever permitted by law, we advise our users or clients before responding to such requests. We also validate that the request is legitimate before responding.
Business Transactions
We may disclose your personal data in connection with, or during negotiations of, any merger, sale of assets, financing, or acquisition of all or a portion of our business by another entity or investors. For instance, if we sell our assets, your personal data may be part of such assets.
11. How can users exercise their rights regarding their personal data?
Depending on where you are located, different rights are granted to you so that you can control how we process your personal data. These rights generally include the rights to access and rectify personal data. In the European Union, additional rights include:
· The right to be informed about how we process your personal data;
· The right to request the erasure of your personal data;
· The right to revoke your consent when our processing is based on your consent;
· The right to object to the processing of your personal data;
· The right to restrict the processing of your personal data;
· The right to have automated decision making reviewed in accordance with the law;
· The right to the portability of your personal data;
Some of these rights may not be applicable, depending on the circumstances. If you would like to learn more about these rights, please click here for a more detailed explanation.
If you reach out to us to exercise your rights, we will respond to you within 30 days of receiving your request, or faster if required by applicable laws. In some cases, we may need additional information to validate your identity. We will only use this information for this purpose. If you do not agree with how we responded to your request, you have the right to lodge a complaint with your local authorities. To consult the list of data protection authorities by country in the European Union, please click (https://edpb.europa.eu/about-edpb/about-edpb/members_en).
If you are located in Canada, the Officer of the Privacy Commissioner of Canada drafted this FAQ to help you access your personal information when it is held by a business. You can also contact the Office of the Privacy Commissioner of Canada’s Information Center:
Telephone
9:00 am to 4:00 pm EST
Toll-free: 1-800-282-1376
Mailing address
Office of the Privacy Commissioner
30 Victoria Street
Gatineau, Québec
K1A 1H3
If you’re not satisfied with how we process your request, you can lodge a complaint with the OPC, by filling out this form.
12. Will this Privacy Policy be updated?
Yes, we will update this Privacy Policy from time to time to reflect technological changes, new functionalities and new legislation. Please refer to the latest update date above to know when we last updated this Privacy Policy.