PRIVACY POLICY
Last revised: July 22th, 2024
Glamic Beauty Technologies Inc. (“Glamic”, “us”, “we” or “our”), is committed to protecting your privacy and safeguarding your personal information. The purpose of this Privacy Statement is to inform you about the types of Personal Information (as defined in section 1) that we collect, use, and disclose. It explains how we use and disclose that information, the choices you have regarding such use and disclosure, and how you may correct that information. Your privacy is one of our priorities. We are proud to be complying with the laws and regulations under applicable privacy laws in Canada. This Privacy Statement is designed to meet the standards prescribed by the Personal Information Protection and Electronic Documents Act and the regulations thereunder (“PIPEDA”) as well as applicable provincial privacy legislation and regulations. This Privacy Statement applies to the collection, use, and disclosure of Personal Information by Glamic.
ARTICLE 1: THE TYPES OF PERSONAL INFORMATION THAT WE COLLECT
1.1 “Personal Information” is any information that is identifiable with you, as an individual. This information may include, without limitation, your name, e-mail address, phone number, mailing address, billing address, credit card information, IP address, location data, and other standard internet log information.
ARTICLE 2: HOW WE COLLECT YOUR PERSONAL INFORMATION
2.1 We will always collect your Personal Information by fair and lawful means (for example, when you register a Glamic Member account with us). We may collect Personal Information from you directly and/or from third parties including, without limitation, Glamic Providers, where we have obtained your consent to do so or as otherwise required or permitted by law.
2.2 We may collect standard internet log information about how and when you use the website and/or Glamic Android/IOS Apps. This information may include, without limitation, your IP address and location data, weblogs, time, date, browser used, referring web addresses, other communication data, searches conducted, and pages visited.
2.3 To ensure the Site is optimized for each of use, we or our service provider(s) including, without limitation, Glamic Providers, may use cookies, web beacons, tags, and pixels. These are intended to optimize your experience of our Site.
2.4 In addition to the information collected directly from our website and mobile app, we may collect information through our advertisements and other promotional materials. This information may include your first name, last name, email address, and phone number. This data is collected to provide you with offers, communications, and to assist in creating accounts for our services.
ARTICLE 3: HOW WE USE YOUR PERSONAL INFORMATION
3.1 We generally use your Personal Information for the following purposes (the “Purposes”):
- To provide you with the requested services and, as necessary, to Glamic Providers in order to provide you with the requested services;
- To develop and maintain strong business relationships with customers, partners, Glamic Providers, and potential customers, partners, and Glamic Providers;
- To manage your Glamic Member account including booking, billing, marketing, payment, troubleshooting, and administrative-related services;
- To respond to your questions, comments, or concerns regarding Glamic;
- To provide you with information about products, services, promotions, and events that may be of interest to you;
- To allow for more meaningful and useful sales and marketing initiatives;
- To use Google Analytics to better understand our web traffic and marketing effectiveness;
- To administer the Site and any Glamic software applications;
- To diagnose any problems with our computer server;
- To perform analysis for research, developing, creating, and improving the functionality of the services;
- Such purposes for which Glamic may obtain consent from time to time; and
- Such other uses as may be permitted or required by law.
ARTICLE 4: TO WHOM WE MAY PROVIDE YOUR PERSONAL INFORMATION
4.1 We identify to whom, and for what purposes, we disclose your Personal Information, at the time we collect such information from you and obtain your consent to such disclosure.
4.2 We may transfer your Personal Information to our agents, representatives, contractors, and third-party service providers with whom we have a contractual agreement that includes appropriate privacy standards, where such third parties are assisting us with the Purposes.
4.3 In addition, we may send Personal Information outside of the country for the Purposes, including for processing and storage by service providers. To the extent that any Personal Information is out of the country, it is subject to the laws of the country in which it is held.
ARTICLE 5: HOW YOU CAN MAKE CHANGES TO YOUR PERSONAL INFORMATION
5.1 You have the right to access, delete, or modify your Personal Information collected by Glamic at any time. If you make a written request to review any Personal Information about you that we have collected, utilized, or disclosed, we will provide you with any such Personal Information to the extent required by law.
5.2 At any time, you can challenge the accuracy or completeness of your Personal Information in our records. If you demonstrate that your Personal Information in our records is inaccurate or incomplete, we will amend the Personal Information as required.
5.3 We will attempt to respond to each of your written requests not later than thirty (30) days after receipt of such requests.
ARTICLE 6: WHERE WE STORE, AND HOW LONG WE MAY UTILIZE, DISCLOSE, OR RETAIN YOUR PERSONAL INFORMATION
6.1 We will keep the Personal Information that we collect at the Glamic secure cloud servers or at the offices of our third-party service providers.
6.2 We may keep a record of your Personal Information, correspondence, or comments, in a file specific to you. We will utilize, disclose, or retain your Personal Information for as long as necessary to fulfill the purposes for which that Personal Information was collected and as permitted or required by law.
ARTICLE 7: HOW WE OBTAIN YOUR CONSENT
7.1 We generally obtain your consent prior to collecting, and in any case, prior to using or disclosing your Personal Information for any purpose. You may provide your consent to us either orally, electronically, or in writing.
ARTICLE 8: HOW WE WILL UPDATE THIS PRIVACY STATEMENT
8.1 We may update this Privacy Statement from time to time. The Privacy Statement is current as of the “last revised” date which appears at the top of this page.
ARTICLE 9: HOW YOU CAN CONTACT US
9.1 All comments, questions, concerns, or complaints regarding your Personal Information, our privacy practices, or this Privacy Statement should be forwarded to our Privacy Information Officer as follows:
Privacy Information Officer
Glamic Inc.
20 Bay St, 11th floor
Toronto, Ontario, Canada, M5J2N8
By email: privacy@glamic.com
Google User Data Handling
- Integration with Google Calendar: Glamic utilizes Google Calendar’s API to enable bi-directional calendar synchronization. This feature allows users to view their existing calendar events within Glamic to display accurate booking availability and inserts Glamic bookings into their Google Calendar. This integration requires access to your calendar events but not the content within those events. Glamic uses your email to trigger the authentication process for creating this sync.
- Types of Data Accessed: Glamic requests access to your Google Calendar events to determine accurate availability for bookings. We only access event IDs and do not store any calendar event details on our servers.
- Managing Your Data: Users can manage or delete their data associated with Glamic by navigating to the ‘Manage Account’ section and selecting the ‘Delete’ option. This will remove any Glamic-related data but will not delete any existing calendar events from your Google Calendar.
- Security of Google User Data: Glamic takes stringent measures to ensure the security of Google user data during its transmission to our application and while stored within our systems. Our security practices are designed to protect against unauthorized or unlawful access, use, alteration, or destruction of your data.
- Data Breach Protocol: In the unlikely event of a data breach affecting Google user data, Glamic will promptly inform affected users and take immediate steps to mitigate the breach, in accordance with our comprehensive data breach response plan.
User Consent and Privacy Disclosures
- Informed Consent: Before accessing your Google Calendar data, Glamic provides clear information about the types of data accessed and the purpose of this access. Consent is obtained through an explicit opt-in mechanism during the authentication process.
- Notification of Privacy Policy Changes: Any changes to our privacy policy or how we handle Google user data will be communicated to our users through email notifications and updates on our website.
Data Sharing and Third-Party Use
- Third-Party Data Sharing: Glamic does not share Google user data with any third parties, except as necessary to provide the requested services or as required by law. All third parties are required to adhere to our privacy standards and Google’s policies.
Compliance with Children’s Privacy
- Children’s Privacy: Glamic is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we take steps to remove such information and terminate the child’s account.
Limited Use and Permissions
- Necessity and Context of Data Requests: Glamic limits its data requests to only what is necessary to provide our service, ensuring that permission requests are made in context so users understand why the data is needed.
Transparency and Accessibility
- Privacy Policy Hosting: Our privacy policy, including these Google user data handling practices, is hosted on our website, accessible from the homepage and directly within the Glamic app, ensuring easy access for all users.
Google API Services
Facebook Login
- Integration with Facebook: Glamic utilizes Facebook’s API to enable social login functionality, allowing users to log in with their Facebook credentials. This feature requires access to certain data from your Facebook account to facilitate login and enhance user experience.
- Types of Data Accessed: Glamic requests access to your public profile information and email address to authenticate your identity and create your Glamic account. We do not store or access any other Facebook data beyond what is necessary for login.
- Managing Your Data: Users can manage or delete their data associated with Glamic by navigating to the ‘Manage Account’ section and selecting the ‘Delete’ option. This will remove any Glamic-related data but will not delete any existing Facebook data.
- Security of Facebook User Data: Glamic takes stringent measures to ensure the security of Facebook user data during its transmission to our application and while stored within our systems. Our security practices are designed to protect against unauthorized or unlawful access, use, alteration, or destruction of your data.
- Data Breach Protocol: In the unlikely event of a data breach affecting Facebook user data, Glamic will promptly inform affected users and take immediate steps to mitigate the breach, in accordance with our comprehensive data breach response plan.
- User Consent and Privacy Disclosures: Before accessing your Facebook data, Glamic provides clear information about the types of data accessed and the purpose of this access. Consent is obtained through an explicit opt-in mechanism during the authentication process.
- Notification of Privacy Policy Changes: Any changes to our privacy policy or how we handle Facebook user data will be communicated to our users through email notifications and updates on our website.
- Third-Party Data Sharing: Glamic does not share Facebook user data with any third parties, except as necessary to provide the requested services or as required by law. All third parties are required to adhere to our privacy standards and Facebook’s policies.
Compliance with Children’s Privacy
- Children’s Privacy: Glamic is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we take steps to remove such information and terminate the child’s account.
Limited Use and Permissions
- Necessity and Context of Data Requests: Glamic limits its data requests to only what is necessary to provide our service, ensuring that permission requests are made in context so users understand why the data is needed.
Transparency and Accessibility
- Privacy Policy Hosting: Our privacy policy, including these Facebook user data handling practices, is hosted on our website, accessible from the homepage and directly within the Glamic app, ensuring easy access for all users.
Additional Information Collection
- In addition to required information such as first name, last name, email, and phone number, you may elect to provide optional information including your business name, date of birth, and gender. This information is not mandatory but can help us tailor our services to better meet your needs.
Global Compliance
For all the countries we operate in, including Canada, USA, UK, Australia, Netherlands, UAE, Saudi Arabia, and New Zealand, we ensure that our data collection and handling practices comply with local regulations and laws to protect your personal information. This includes but is not limited to:
- Canada (PIPEDA): Explicit consent, data use explanation, third-party disclosure, user rights to access and correct data.
- USA (CCPA, GDPR): Explicit consent, data use and third-party disclosure, user rights to access, delete, and opt-out, and contact information.
- UK (GDPR): Explicit consent, data use and third-party disclosure, user rights to access, rectify, and erase data, and data transfers.
- Australia (Privacy Act 1988): Explicit consent, data use and third-party disclosure, user rights to access and correct data, and overseas disclosure.
- Netherlands (GDPR): Explicit consent, data use and third-party disclosure, user rights to access, rectify, and erase data, and data transfers.
- UAE (Data Protection Law): Explicit consent, data use and third-party disclosure, user rights to access and correct data.
- Saudi Arabia (PDPL): Explicit consent, data use and third-party disclosure, user rights to access and correct data.
- New Zealand (Privacy Act 2020): Explicit consent, data use and third-party disclosure, user rights to access and correct data, and overseas disclosure.
By maintaining high standards of privacy and data protection, we ensure your personal information is safe and used responsibly.
