R3 Continuum collects personal data from business leaders and others who interact with our various marketing initiatives to be used for sales and marketing demand generation and revenue growth purposes. from and for various marketing initiatives. In an effort to ensure we adhere and maintain compliance with the various data privacy regulations, including but not limited to CAN-SPAM, PIPEDA, GDPR, and CCA. We have implemented the following policy and procedures. Defined within is our approach to protecting, managing, and discarding of personal information obtained and utilized by R3 Continuum marketing and sales efforts.
Personal Data Collected:
R3 Continuum collects the following personal data:
- Email Address
- Phone Number
- Company Domain if Associated with Email
No personal information should be submitted to the R3 website by children less than 13 years of age without the consent of their parent or guardian. R3 encourages all parents or guardians to instruct their children in the safe and responsible use of their Personal Information while using the Internet. R3 will not knowingly collect or use any personal information collected from children for any purpose whatsoever, including disclosure to third parties.
How Data is Stored:
User’s Protection Rights
R3 Continuum would like to make sure that users and employees are fully aware of all of the protection rights given to our users. These rights are outlined below:
- The right to access– Users have the right to request copies of their personal data.
- The right to rectification– Users have the right to request that R3 Continuum correct any information they believes is inaccurate. Users also have the right to request R3 Continuum to complete the information they believe is incomplete.
- The right to erasure– Users have the right to request that R3 Continuum erase their personal data.
- The right to restrict processing– Users have the right to request that R3 Continuum restrict the processing of their personal data, under certain conditions.
- The right to object to processing– User have the right to object to R3 Continuum’s processing of their personal data, under certain conditions.
- The right to data portability– Users have the right to request that R3 Continuum transfer the data that we have collected to another organization, or directly to them.
- The right to opt-out of any promotional emails – Users have the right to opt-out of any emails from R3 Continuum either through an unsubscribe link on the bottom of any of R3 Continuum’s email communications or by requesting it via any of our contact us platforms
- R3 Continuum’s appointed data protection attorney will review any relevant changes in the compliances that have happened over the past year with R3 Continuum
Requirements to be Compliant
We are using JAMS as our Alternative Dispute Resolution Provider under the EU–U.S. Privacy
Shield Program and/or the Swiss–U.S. Privacy Shield Program. If at any time an issue is brought against R3 Continuum for something bigger than a data removal, we will need to submit a case and they will help us with providing a solution for all parties.
Pricing in the Event of a Case Brought Against R3 Continuum
- Two-person party matter – $1200
- Three-person party matter – $2000
- Mediator for two-hour mediation session – $500
GDPR Compliance Requirements
- Know all of the data we are collecting
- Appoint a Data Protection Officer (Marketing Coordinator)
- Create a GDPR Data Register
- Evaluate our data collection requirements
- Instantly Report Data Breaches
- Be Transparent about data collection motives
- Verify the age of all users consenting to data processing
- Include a double opt-in for all new email list sign-ups
- Regularly assess all third-party risks
- CCA Compliance Requirements
- Provide notice to consumers at or before they collect personal data.
- Allow consumers to opt-out, read, and delete their personal data from the business’s storage. Companies must provide a “Do Not Sell My Personal Information” link for opt-out requests.
- Respond to consumer requests within specific time frames.
- Show consumers privacy settings that signal their choice to opt-out.
- Verify the identity of consumers who ask to read and delete their information, even if they have a password-protected account with the business.
- Disclose financial incentives for retaining or selling the consumer’s personal data and how they the value that data.
- Maintain records of all access requests for 24 months, as well as how the business responded
- PIPEDA (Canada) Requirements
- Be Accountable
Under the first requirement of PIPEDA, businesses have to appoint someone to be responsible for PIPEDA compliance and develop and implement personal information policies and practices that protect personal information – including information sent to a third party for processing.
- Identify the Purpose
Businesses have to identify and document the purpose(s) for collecting personal information, advise customers why their personal information is being collected, and – if the purpose changes – contact customers to obtain their consent to use the information for the new purpose.
- Obtain Valid, Informed Consent
Informed consent is an essential element of the PIPEDA requirements; and, for informed consent to be valid, businesses must make sure customers know what they are consenting to. To be valid, customers must also have the option of withdrawing their consent.
- Limit Collection
Businesses must only collect the personal information required to fulfil a legitimate identified purpose. Furthermore, the information must be collected by fair and lawful means. Businesses that use deceitful means to collect personal information are in violation of PIPEDA.
- Limit Use, Disclosure, and Retention
Businesses are only allowed to use and disclose personal information for the purpose(s) it was collected. Once the personal information has been used or disclosed, it should be destroyed, erased, or anonymized within a reasonable period of time.
- Be Accurate
Businesses must minimize the possibility of using incorrect information when making a decision about an individual or when disclosing information to third parties, and should implement measures to verify the accuracy, completeness, and timeliness of personal information.
- Use Appropriate Safeguards
Businesses must implement appropriate safeguards to protect all personal information against loss, theft, or any unauthorized access, disclosure, copying, use, or modification. Note: PIPEDA does specify any particular safeguards to use due to the evolving nature of cybercrime.
- Be Open
Individuals should not be expected to decipher complex legal language in order to make informed decisions on whether or not to provide consent, so businesses are required to make policies and practices easy to understand and easily available.
- Give Individuals Access
Individuals have a right to access the personal information that a business holds about them, and businesses are required to inform customers how they can request access and challenge the accuracy of the information. Note access requests must be resolved within 30 days.
- Challenging Compliance
Customers have the right to challenge a business´s compliance with PIPEDA, and – to comply with this PIPEDA requirement – businesses must implement simple complaint handling and investigation procedures, plus inform complainants with their avenues of recourse.
- Be Accountable