Last updated: 23 / 06 / 2022
Always, La Maison Smith is involved in the protection of personal data and ensures compliance with the regulations resulting from the Personal Information Protection and Electronic Documents Act of Canada, known as PIPEDA, as well as the Act respecting the protection of personal information in the private sector, known as LPRPSP.
Recently, <b>La Maison Smith</b><span style="font-weight:400;"> has also committed to respecting the GDPR in order to be able to export its know-how to Europe. Indeed, according to European regulations, the Canadian protection regime is considered to be high enough to allow the exchange of data between Europe and Canada.</b></b>
When the terms "you" or "your" are used, they refer to the users, subscribers and individuals of our website (https://www.smithcafe.com) and/or of our loyalty program.
In order for you to be fully informed on our personal data protection policy, we have prepared this document in which you will find information on how we collect, use and store your data, as well as how you can manage them.
This policy concerns both the data collected in our branches via our loyalty program and those that you communicate to us through our website (https://www.smithcafe.com).
We are proud to truly be able to say that at La Maison Smith , we apply principles that respect the data of our customers.
For exemple :
- No data is marketed or resold to a third party.
- Data is only collected for specific purposes which all have the common objective of providing you with our products and services, with a constant concern to improve our offer and to satisfy you.
- We only collect data that is necessary for its purpose.
- We do not do any canvassing by phone or by post.
- We do not send any commercial solicitation by email without your consent.
- We make sure to respect your rights and answer all your questions about your data.
This policy was updated on June 29, 2020 and may be modified and updated by La Maison Smith as necessary in order to take into account the evolution of our sites and the services offered and thus meet the requirements of the applicable regulations on the protection of personal data.
1- Data controller
The data is collected by Smith House Inc., a company registered with the Registraire des entreprises du Québec under number (NEQ) n ° 1169075695 whose registered office is located at 201 3e Avenue, Québec (Québec) G1L2V7, Canada.
2- The type of data collected
A- Data collected through the website
In general, the personal data that La Maison Smith collects through the website (https://www.smithcafe.com) are those belonging to the following categories:
- Identity-related data such as surname, first name and email;
- Data linked to the delivery address and/or the invoice address such as the postal address;
- Data related to areas of interest;
- Data related to your internet browsing such as the type of device used and the IP address;
- Data related to your purchasing operations and the history of your orders or your payment details;
- Data related to the commercial or contractual relationship such as the content of complaints;
- Data related to professional life such as your CV when you apply to La Maison Smith ;
The only data collected by La Maison Smith for newsletter subscriptions is the email address.
B- Data collected through our loyalty program
In general, the personal data that La Maison Smith collects through its loyalty program are those belonging to the following categories:
- Identity-related data such as last name, first name, postal address, email address, date of birth and date of entry into the loyalty program Smith Rewards;
- Data related to your purchasing operations, location and the history of your orders;
Depending on its purpose, this data is collected either because you agree to communicate it to us, or because it is necessary for the performance of our contracts or of our services, or because it meets a legal obligation.
In accordance with the second principle of PIPEDA as well as articles 4, 5 and 8 of LPRPSP, your personal data are collected and processed because of the legitimate interests pursued by La Maison Smith, in particular for the reasons set out above, without this affecting violates your interests or fundamental rights and freedoms.
3- When is my data collected and why?
We collect personal data when you carry out transactions, use our services or communicate with us and in particular:
- When you make purchases in our branches or on our website (https://www.smithcafe.com);
- When you register for our loyalty program by creating your member account;
- When you purchase or use a Smith Gift Card;
- When you subscribe to our newsletter;
- When you decide to participate in one of our competitions;
- When you contact our Customer Service;
- When you apply on our website recruitment page.
In any case, we make sure to inform you on our website or support concerned of the existence of a collection of your data and to obtain your consent if necessary.
ORDER MANAGEMENT, DELIVERY, BILLING
The purpose of the data collected in this regard is the proper management, execution and delivery of your product orders, which also includes the management of deliveries and invoicing. These purposes are based on the execution of the contract for the sale or supply of our products.
This concerns all purchases and services made in our branches or on our website (e.g. purchase of a bag of coffee, purchase of a toque, purchase of a Smith Gift Card, purchase of a service of our catering service, ...).
CUSTOMER RELATIONSHIP MANAGEMENT
The purpose of the data collected in this regard is to monitor the customer relationship such as the management of complaints and after-sales service. These purposes are based on the execution of the contract for the sale or supply of our products and services through our branches or our website.
IMPROVEMENT AND CUSTOMIZATION OF OUR SERVICES
We collect data for the purpose of improving and personalizing the services we offer you.
Certain processing operations are based on our legitimate interest, such as carrying out satisfaction surveys, collecting and managing customer opinions, and selecting customers to carry out studies, surveys and product tests. We also carry out audience measurements via statistics, we For example, we measure the number of page views, the number of visits to the site, as well as the activity of visitors to the site and their frequency of return.
SMITH INFORMATION AND NEWSLETTER
The purpose of this purpose is to send you our information and our newsletter concerning our activity, our products and our services. This is based on your consent, so that you can choose at any time to receive offers from our brand by email or to unsubscribe.
GAMES OR CONTEST
The purpose of this processing is the management and execution of competitions for which customers have registered. This processing is based on the execution of the contract (competition rules).
CUSTOMER SERVICE CONTACT
The purpose of this processing is to allow La Maison Smith to answer questions that you send to us by telephone or via our website and which may relate in particular to our products, our services, our stores, the exercise of your rights (see §7) as well as any other information. It is based on our legitimate interest in being able to answer your questions.
MEMBER ACCOUNT MANAGEMENT - SMITH LOYALTY PROGRAM
The purpose of processing your personal data within the framework of the loyalty program is to manage your registration for the loyalty program and the management of rewards, which aims to enhance and reward active members of the Smith community through gifts, discounts, offers, invitations, previews, etc. Enrollment in the Smith Loyalty Program and use of these services is based on your consent.
The purpose of processing candidates' personal data is to enable them to apply in order to possibly join the La Maison Smith team through our website. https://smithcafe.com/pages/equipe. This processing is based on the consent of the candidates.
FIGHT AGAINST FRAUD
The purpose of this processing - based on our legitimate interest - is to protect our customers' online purchases and to detect risky payments. In order to ensure an optimal quality of service and protect consumers in the context of distance selling, we work with our partner Shopify who secures payments and deliveries.
La Maison Smith only collects personal data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. These objectives are specific and legitimate and, under any circumstances, your personal data will not be processed subsequently in a manner incompatible with these purposes, except with your prior consent.
4- What is the retention period for my personal data?
La Maison Smith only keeps personal data for the time necessary to accomplish the purposes pursued, subject to legal archiving possibilities, obligations to keep certain data and / or anonymization.
Personal data will thus be deleted at the latest one (1) year from:
- the last connection to your account or the last contact on our website;
- the last purchase listed on your loyalty card;
- termination of your member account in our Smith Loyalty Program.
To meet our legal obligations, for example in the context of the establishment, exercise or defense of legal claims or to meet legal obligations, in particular accounting, tax or archiving, we may have to keep your data longer than the times mentioned below. In this case, we will archive your data with access restricted to only authorized services / recipients.
5- Who are the recipients of my personal data?
Personal data collected by La Maison Smith may be communicated, for the purposes of achieving the purposes mentioned above in Article 3, to the following persons:
- Authorized personnel within La Maison Smith and, more specifically, depending on the case, the people in charge of marketing, IT and sales services as well as their hierarchical superiors, each having limited access to only the data that are necessary for the purpose that it sets. artwork ;
- Service providers, agents or suppliers involved in the supply and delivery of a product or service ordered on the sites (postal and delivery services, for example);
- Service providers or agents providing IT services such as those in charge of hosting and supplying our website and our loyalty program database (STR, InterServer, Shopify) and analyzing the customer behavior on the Sites (Google Analytics);
- Payment service providers (types of payment via Shopify such as Visa, Mastercard, American Express, Shopify Pay, Apple Pay, Google Pay as well as PayPal);
- The competent authorities on request, in accordance with the regulations in force.
6- What are the security measures implemented to protect my personal data?
The website of La Maison Smith has an SSL certificate to ensure that the information and the transfer of data passing through our site are secure.
Personal data being confidential, La Maison Smith limits their access to only recipients who need it for the execution of the processing.
All persons with access to personal data are bound by a duty of confidentiality and are liable to disciplinary measures and / or other sanctions if they do not comply with these obligations.
When La Maison Smith uses subcontractors, this communication is subject to a contract to ensure compliance with PIPEDA.
The data is hosted and processed on secure servers located in the United States (United States) and operated by Quebec subcontractors of La Maison Smith within Canada, acting in accordance with the requirements of PIPEDA.
In the event that the integrity, confidentiality or security of the user's personal data is compromised, La Maison Smith undertakes (i) to report the breach to the Office of the Privacy Commissioner of Canada (CPVC) within 72 hours of becoming aware of it and (ii) to notify the person concerned as soon as possible when the breach is likely to create a high risk for the rights and freedoms of that person.
7- Are my personal data transferred outside of Quebec / Canada?
La Maison Smith may need to transfer, for certain specific processing, your personal data to countries outside Canadian borders. In that case, La Maison Smith takes the appropriate measures to maintain a high level of security and confidentiality of your data.
STR is the subcontractor chosen by La Maison Smith for the installation and maintenance of cash register software and the company's intranet. It was chosen because of a high quality of service but also for their collaboration with the company ACRONIS for the storage of their data.
Access to STR company computers is secure, and the information on them is therefore restricted.
ACRONIS for its part, is based on internationally known security processes such as ISO 27001 and NIST. Access to information is very limited and its transmission is protected by SSL (Secure Sockets Layer) software or other similar encryption technologies. All data on their servers as well as any data transfer are secured by a high level of encryption (AES-256). ACRONIS also ensures network security while minimizing the risk of external penetration, thanks to a web application firewall (WAF) which includes different devices against any threat.
In addition, it has significant physical security ensured by high fences, 24/7 security personnel and video surveillance with archiving for 90 days. Biometric scan hand geometry and proximity key card are required to access it.
Finally, ACRONIS has implemented an internal security policy allowing access to information and data resources to be limited.
ACRONIS, being established in the United States, is a member and certified to the United States Privacy Shield.
Interserver is the subcontractor chosen by La Maison Smith for the hosting of its customer data because of its recognized excellence in the field as well as the commitments and measures taken in terms of security. All data centers are surrounded by a closed perimeter fence with CCTV surveillance. Access to any facility requires photo identification. Each of their facilities is staffed with security guards 24 hours a day, 365 days a year. Security in the data center is strongly limited to specific floors, rooms and cages to which the individual should not have access. Each floor and room requires a key card and biometric verification.
MailChimp is the subcontractor chosen by La Maison Smith for sending emails, in particular the newsletter and promotional offers, because beyond the quality of service, it offers the necessary guarantees to respect the confidentiality and security of your personal data, such as data center security, protection against data loss, corruption, application-level security, internal IT security, internal information and education protocol, as well as PCI certification SOC II compliant DSS. MailChimp, based in the United States, is a subscriber and certified to the United States Privacy Shield.
Use of social media sharing buttons
We draw your attention to the fact that when you decide to share information about our services on social networks (Facebook, Pinterest, Twitter, Google), data about you may be transferred to the United States.
Your personal data may be transferred outside Canadian borders, and in particular to the United States by the service provider Google Analytics.
Regarding this data transfer to the United States, La Maison Smith undertakes to verify that the service provider receiving the information is a member of the Privacy Shield, a self-certification mechanism offering an adequate level of protection to personal data transferred to the United States or demonstrating highly secure procedures to protect the data received.
8- What are your rights with regard to personal data?
In accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), you have rights over your data.
Permission to access
You have the right to request confirmation from La Maison Smith that your data is indeed being processed and obtain information relating to this processing (purposes, recipients, etc.).
Right of rectification
You can request the rectification of your data when it is inaccurate or incomplete. You naturally have the possibility of modifying your data in your "My account" area, "Account details" section, available on the website (https://www.smithcafe.com). For any other modification of your data, you can contact directly La Maison Smith via the following email address: email@example.com
Right of deletion
You have the right to ask La Maison Smith the erasure, as soon as possible, of your personal data, when one of the following reasons applies:
- Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You wish to withdraw your consent on which the processing of your personal data was based, if applicable, and there is no other basis justifying this processing;
- You consider and can establish that your personal data have been the subject of unlawful processing;
- Your personal data must be erased by legal obligation.
Right to restriction of processing
This right can be exercised in several situations. For example, you can request the limitation of the processing that we carry out on your data during the period of verification of the accuracy of your data by La Maison Smith or prefer to limit the processing to the erasure of your data.
Right to object to processing
The right to object can be exercised at any time to the processing we carry out on your data in the following situations:
- When the data is processed for commercial prospecting purposes
- When your specific situation justifies the end of treatment
- When the processing of your data is necessary for the purposes of the legitimate interests pursued by La Maison Smith
- When the processing of your data is based on profiling.
In that case, La Maison Smith will no longer process personal data, unless it can be demonstrated that there are legitimate and compelling reasons for the processing which prevail over the interests and rights and freedoms of the data subject, or for the establishment, exercise or defense of legal rights.
You will have the possibility to object free of charge, except those related to the transmission of the refusal, to the use of your personal data for sending the newsletter or emails, when your data personal data are collected and each time a prospecting email is sent to you, in particular by clicking on the unsubscribe link at the bottom of each newsletter.
Right to portability of your data
You have the right to request that we provide you with your personal data or that we transfer it to another service provider.
Right to define the fate of your data after death
You have the option of providing us with instructions relating to the retention, erasure and communication of your personal data after your death.
In the absence of directives, La Maison Smith recognizes the heirs the possibility of exercising certain rights, in particular the right of access, if it is necessary for the settlement of the deceased's estate, and the right of opposition to proceed with the closure of the deceased's user accounts and oppose the processing of their personal data.
Right to lodge a complaint with the supervisory authority (the Access to Information Commission)
In accordance with articles 42 et seq. Of the LPRPSP as well as articles 77 et seq. Of the GDPR, any interested person may bring any disagreement relating to the application of the information to the Information Access Commission / control authority. present laws on access, protection and deletion of personal data.
9- How to exercise your rights in terms of personal data?
Just contact our customer service
by registered letter with acknowledgment of receipt to the following address:
La Maison Smith - Customer Service
201 3rd Avenue,
Quebec, QC, G1L2V7
- via the contact form https://smithcafe.com/pages/nous-joindre
In accordance with the regulations in force, your request must be signed and accompanied by a photocopy of an identity document bearing your signature and specify the address to which the reply must be sent. A response will then be sent to you within one month of receipt of the request. If necessary, this period may be extended by two months given the complexity and the number of requests addressed to La Maison Smith . In this case, you will be informed of this extension and the reasons for the postponement. If your request is made in electronic form, information will also be provided to you electronically where possible, unless you expressly request otherwise.