LAST UPDATE : NOVEMBER 22, 2021
This Policy describes the information that we collect from you as part of the normal operation of our services and what may happen to that information. Our subsidiaries and affiliated companies operate under similar privacy practices as described in this Policy and, subject to the requirements of applicable law, we strive to provide a consistent set of privacy practices throughout our global www.mdfcommerce.com user community. For the purposes of this Policy, personal information means information about an identifiable individual.
By accepting the Policy, you expressly consent to the collection, use and disclosure of your personal information in accordance with this Policy.
In order to use certain features of our Solutions, we may request that you provide certain personal information. We only collect personal information that is necessary to provide you with our different services. Where possible, we indicate which fields are required and which fields are optional.
- If you wish to create an account and/or subscribe to a service on one of our Solutions, we may collect your name, business email address, phone number, and other information about your company. Information from your account will be used to facilitate the service(s) you request. Amongst other things, we use your information to troubleshoot problems; customize your experience; detect and protect us against error, fraud, and other criminal activity. We may compare and review your personal information for errors, omissions and for accuracy. In certain cases, we may verify this information to ensure only professionals from a specific field have access to our services.
- If you make a payment through one of our Solutions, we will collect the information necessary to process the payment. This includes your name, credit card number, credit card expiration date and the address linked to your credit card.
- If you use the contact feature on our Site of one of its subdomains, we may collect your name, email address, phone number, job title, and other information about your company. We use this information to respond to your request or comment. If you send us emails or letters, we may collect such information in a file specific to you.
- If you use our job application feature with respect to an employment opportunity posted on our Site or one of its subdomains, we will collect your name, email address, and any other information you provide, including employment history. We use this information to review and respond to your application.
- If you subscribe to a mailing list, we will collect your name and email address to send you emails about various news and promotions around the Solution to which you subscribed. Even after subscribing to one or more newsletters and/or opting in to one or more offers to receive marketing and/or promotional communications from us, you may elect to modify their preferences by following the “Unsubscribe” link provided in an email or communication received.
- When you visit our Site, we may collect information about your visit through cookies and similar technologies (see our section on Cookies and other tracking technologies for more information).
We may also use the personal information we collect to communicate with you, including through tailored marketing messages and transactional emails, about products and services offered by, to conduct, process and complete transactions with clients, to meet legal, regulatory, insurance, security and processing requirements, and otherwise with your consent, or as permitted or required by law.
Unless otherwise permitted or required by applicable laws or regulations, we will retain your personal information only as long as necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying legal, accounting or auditing requirements. Furthermore, mdf does not sell your information to third parties.
Certain services may require our clients to provide us with their customers’ personal information. When we collect and use personal information on the instructions of our customers, we are acting as a service provider/data processor to that client, processing personal information on their behalf, and we refer to this data as “Customer Data”. We may also use Customer Data on an aggregated and non-identifiable basis to improve and enhance our product and service offerings.
We rely on our clients to comply with all applicable privacy laws when collecting, using, or disclosing personal information through the services, including by obtaining appropriate consent prior to collecting, using, and disclosing personal information through the services. Where required by law, we sign agreements framing this sharing of personal information.
mdf will only disclose your personal information with your consent or if it has legal authority to do so, such as in the following contexts:
- mdf may transfer personal information to third-party service providers (including affiliates acting in this capacity) that perform services on our behalf, such as data hosting and processing, and to complete transactions.
- We may use and disclose personal information in the context of a business transaction, in connection with the proposed or actual financing, securitization, insuring, sale, assignment, or other disposal of all or part of mdf, or our business or assets, for the purposes of evaluating and/or performing the proposed transaction. Assignees or successors of mdf, or our business or assets, may use and disclose your personal information for similar purposes as those described in this Policy.
- mdf may disclose personal information as necessary to meet legal, regulatory, insurance, audit, and security requirements, and as otherwise with your consent, or as permitted or required by law (including as required by applicable Canadian and foreign laws applicable to us or our service providers). Therefore, in response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can (and you authorize us to) disclose your name, city, province, telephone number, email address, and order history without a subpoena. However, in an effort to balance your right to privacy and the ability to keep the community free from bad actors, we will not disclose additional information to law enforcement or other government officials without a subpoena, court order, or substantially similar legal procedure, except when the additional disclosure of information is necessary to prevent imminent physical harm or financial loss.
In order for us to carry out the services offered by our Solutions, the information may be processed by us (or our third-party service providers) outside of your jurisdiction of residence. We ensure that our service providers comply with applicable privacy and data protection laws, and implement contractual clauses that ensure the protection of privacy rights, as applicable.
By submitting your personal information or engaging with the Site or one of its subdomains, you consent to such transfer and storage.
We use this information to do internal research on our users’ demographics, interests, and behaviour to better understand, protect and serve you and our community, and to improve our services. We may use both session and persistent cookies. A “session cookie” expires immediately when you end your session (i.e. close your browser). A “persistent cookie” stores information on the hard drive so when you end your session and return to our Site at a later date, the cookie information is still available. The cookies placed by our server are readable only by us, and cookies cannot access, read or modify any other data on a computer.
Subdomains operated by mdf are designated as “powered by mdf”. We may offer links to other websites controlled by other entities. We are not responsible for, nor do we accept any liability for how such other entities collect, use, and disclose personal information. You should consult the privacy policies of these other websites before providing any personal information.
We take reasonable steps to protect the personal information in our custody or control using physical, electronic or procedural security measures, including firewalls and encryption, that are appropriate having regard to the nature and sensitivity of the information. We take reasonable measures to limit access to this data to authorized employees and contractors who need to know that information in order to perform, develop or improve our Services.
Please note that the safety and security of your information is also your responsibility. If you have chosen a password to access certain parts of the Solutions, you are responsible for keeping this password confidential. We ask that you do not share your password with anyone.
However, please note that no security measures can offer absolute security.
It is important that the personal information we hold about you is accurate and up to date. Please keep us informed if your personal information changes. By law, you have the right to request access to and/or correction of the personal information we hold about you.
If you wish to review, verify, correct, or withdraw your consent to the use of your personal information, you may also send us an email to email@example.com to request access, correction, or deletion of any personal information you have provided to us. We may not accept a request to change information if we believe that the change would violate a law or legal requirement or result in incorrect information.
Before providing you with access to your information, we may ask you for specific information to help us confirm your identity and right of access, and to provide you with the personal information we hold about you, or to make the requested changes. In some cases, applicable law requires us to refuse to provide you with access to some or all of the personal information we hold about you, or that we may have destroyed, erased or made anonymous in accordance with our legal record-keeping obligations and privacy best practices.
Please note that if you request deletion of certain information, we may not be able to provide you with certain services. We will explain the consequences of deletion at that time to assist you in your decision.
If we are unable to provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions. Such restrictions may include, for example, information about another individual that would reveal their personal information or confidential business information, or would be prohibitively costly to provide.
If you are a California resident, you have certain privacy rights under the California Consumer Privacy Act (CCPA) regarding your personal information. These include:
- the right to request mdf to disclose what personal information is collected, and how it is used;
- the right to request to have your information deleted;
- the right to request mdf to disclose how it sells your personal information;
- the right of non-discrimination if you make a request about your personal information; and
- the right to opt out of having your personal information sold, or opt in having your personal information sold if you are under 16 years old.
You can submit requests about your information to firstname.lastname@example.org.
You may only make two requests over a 12-month period. mdf will respond to your request within 45 days of receiving your request, and will provide information from the 12-month period prior to your request.
There are some exceptions to these requests. For example, mdf can keep your personal information for certain business purposes, such as processing payments for subscription or undertaking internal research for our technological developments. Additionally, the CCPA provides for certain exemptions, such that requests under the CCPA cannot prevent mdf’s ability to:
- comply with federal, state, or local laws;
- comply with certain requests by legal authorities;
- cooperate with enforcement agencies;
- exercise or defend legal claims;
- collect, use, retain, sell, or disclose consumer information that is de-identified or aggregate consumer information; or
- preserve evidentiary privileges.
In some instances, mdf may refuse to respond to such a request based on an exemption, a legal requirement, or other business or legal policy. mdf will inform you as to the basis for refusing any such request.
This Policy is effective as of the last updated date above and may be revised from time to time. If we intend to use or disclose personal information for purposes materially different than those described in this Policy, we will make reasonable efforts to notify you of this, including by posting the revised Policy on our Site. Your continued provision of personal information or use of our Site following any changes to this Policy constitutes your acceptance of any such changes.