Effective Date: September 1, 2020
1. ABOUT US
For website visitors located in Canada or the United States of America (“USA”), we are RL Publishing Inc., 2300 Yonge Street, Suite 1400, Toronto, Ontario Canada M4P 1E4. For website visitors located in any other jurisdiction, we are Pernimus Limited, 9 Karpenisiou, Strovolos, 2021, Nicosia, Cyprus (as applicable, “we,” “us,” “our” or “Pillowtalk“).
- Controller: Where you are a Canadian or US resident, RL Publishing Inc., will be the organization collecting your personal data. Where you are a resident of any other jurisdiction, Pernimus Limited will be the “controller” (or the equivalent thereof in your jurisdiction of residence) of your data.
- Information Processed: We process different types of data from you in connection with your access to and use of the Services. In particular, we collect data when you register for a Service which can be attributed to you individually (for example, your email address if you sign up for marketing emails from us). We also collect data automatically from your use of the Services (for example, cookies and your IP address(es)). For more information about the types of personal data we collect or process, see Section 3, below.
- Usage: We use the data we collect from you for a number of different purposes which are described in Section 4, below. The main purpose is to facilitate your use of the Services.
- Disclosure: We disclose the data we collect from you in a number of different circumstances, including to our service providers to perform certain functions on our behalf in connection with our provision of the Services. Some of the recipients to whom we disclose your data may be located in jurisdictions outside your own. For more information about who we disclose information to, see Section 5, below.
- Security: We take the protection of your personal data seriously. For more information about how we protect your data, see Section 7, below.
- Your Rights: Depending on where you are located, you will have various rights in relation to your data. For more information about your rights, see Section 10, below.
3. WHAT TYPES OF INFORMATION DO WE COLLECT?
When you use the Services, we collect and receive two types of data:
- Data that, alone or in combination with other reasonably available data, can be used to identify you (“Personal Data”). For clarity, “Personal Data” includes any personal information, personal data or personally identifiable information as defined by the privacy or data protection laws in your jurisdiction; and
We collect and receive the following Personal Data and Non-Personal Data directly from you and automatically through your use of our Services:
Data you may choose to provide to us
- If you choose to sign up for marketing emails from us, you will be required to provide us with your email address, age, gender and first name.
Data that will be collected automatically from your device
- When you visit the website, we collect your IP address (which may reveal your general geographic location) from your browser access to help us respond to inquiries and requests quickly and efficiently.
Data collected from third parties.
- We may receive Personal Data about you from a third-party analytics vendor (see Section 11, below); however, we do not seek or purchase Personal Data about you from other third parties.
4. HOW DO WE USE YOUR INFORMATION?
We may use the Personal Data and Non-Personal Data that we collect for the following purposes:
- to provide you with Services, including:
- Email alerts (if you have signed up for marketing emails) to let you know about website content that may interest you
- Special offers from our affiliates and or third-parties;
- to maintain and improve our Services, including improving the content and functionality of our website;
- to tailor the content and information that we may send or display to you (if you have signed up for marketing emails);
- to conduct surveys and market research in order to improve the Services;
- with your consent or as permitted by law, to communicate with you in connection with the Services including, for the purposes of informing you of changes or additions to the Services, or of any products and services of our affiliates or third parties that we believe may be of interest to you;
- with your consent or as permitted by law, to deliver targeted advertising and promotional offers to you from external companies;
- to provide you with customer support;
- to protect our own rights and interests, such as to resolve any disputes, enforce our Terms and Conditions, or to respond to legal process;
- to protect the rights and interests of users of the site;
- to comply with applicable law;
- to track your return visits to, and use of, the Services in order to create aggregated usage statistics to help us better understand and optimize web usage;
- in connection with a potential sale of our business or assets and/or to manage legal claims against us each of which are described in more detail below.
We also use Non-Personal Data. For example, we may collect and analyze aggregated and/or de-identified information to produce statistical data to help us improve our provision of the Services.
The following only applies to users residing in the EU.
We collect your data as a Data Controller when we have a legal basis to do so. The following legal bases pertain to our collection of data:
- Our use of your Personal Data is necessary to perform a contract or take steps to enter into a contract with you. This applies to our processing activities described at 4A above. Where the information processed is a “special category of personal data” (known as sensitive data – in particular health information or information about your sexual preferences or ethnicity), we require an additional lawful basis which will be your consent.
- Our use of your Personal Data is in our legitimate interest as a commercial organization to make improvements to our services and to expand our business. This applies to our processing activities described at 4B, 4C, 4D, and for certain purposes in 4H.
- Our use of your Personal Data is necessary to comply with a relevant legal or regulatory obligation that we have, in particular, where we are required to disclose Personal Data to a court, tax authority or regulatory body in the event of an investigation. This applies to some purposes involved our processing activities described at 4E, 4G, and 4I.
- Our use of your Personal Data is in accordance with your consent. This applies to our processing activities described at 4E, 4H and 4J (in each case where required by local law).
5. HOW WILL WE SHARE YOUR INFORMATION?
We may provide Personal Data to third parties in the following limited circumstances:
- To trusted third parties to assist us in the provision of the Services and the operation of our business.
- We will share your Personal Data with third party service providers that we have engaged to perform services on our behalf, based on our instructions, such as to our parent, subsidiary or sister companies, or to advertising agencies, marketing agents, data processing and storage companies or organizations which provide administrative and support services to us.
- We limit our disclosure of your Personal Data to such third parties to that which is reasonably necessary for the purpose or service for which the third-party service provider is engaged.
- We also use contractual and other means to provide a comparable level of protection while the data is being processed by such third parties, including limiting such providers to using your Personal Data solely to provide us with the specific service for which those providers were engaged, and for no other purpose. You can obtain more information about our policies and practices with respect to the use of Personal Data by third party service providers by contacting [email protected].
- To courts, regulators and law enforcement as required or permitted by law, including:
- to government bodies and law enforcement agencies, pursuant to warrant, order, subpoena or statutory requirement;
- in connection with any legal proceedings or prospective legal proceedings involving RL Publishing Inc. or Pernimus Limited; and
- to otherwise establish, exercise or defend our legal rights and protect against misuse of our Services, or to protect the personal safety and property or our users or the public as permitted by law.
- In the event of a sale or merger, including:
- as required, in connection with the sale, assignment, bankruptcy proceeding or other transfer of the business or a portion of the business of our Services, including a corporate merger, consolidation, restructuring, sale of assets or other corporate change of our direct or indirect parent companies that affects us, as well as the insurance or securitization of our assets. In any such case, the recipient parties will be required contractually to keep the information confidential and use it only for the purposes of the transaction, or proposed transaction, in question.
We do not otherwise share, give, rent or sell your Personal Data to any third parties, unless you give us additional consent to do so.
We may disclose Non-Personal Data in a number of circumstances, including to third-party advertisers.
6. DATA TRANSFERS
As we have a global business operation, your Personal Data may be transferred between RL Publishing Inc. and Pernimus Inc., or between either of those entities and our parent, subsidiary or sister entities, or with service providers.
As a result, your Personal Data may be collected, stored, accessed, used and/or disclosed in countries outside your jurisdiction of residence, including without limitation Canada and Cyprus. Some of these jurisdictions do not have an equivalent level of data protection laws as those in your country; however, we will take steps to ensure that the information receives the same level of protection as if it remained within your home country. In particular, if you are a resident of the European Union, whenever we transfer your data outside of Europe we will either: (a) ensure that the country is deemed adequate by the European Commission; (b) put in place Standard Contractual Clauses; or, (c) implement appropriate safeguards approved by the European Commission to ensure an adequate level of protection in compliance with applicable data protection laws. You have a right to request details about the appropriate safeguards where this is documented (but it may be redacted to ensure security and confidentiality).
We take the protection of your Personal Data seriously. We implement appropriate measures and take steps to protect Personal Data against loss and theft as well as unauthorized access, disclosure, copying, use, and modification using security safeguards, including physical, organizational and technological measures, commensurate with the sensitivity of your Personal Data. Our employees who have access to your Personal Data are made aware of the importance of keeping it confidential.
Where we use service providers who might have access to your Personal Data, we require them to have privacy and security standards that are comparable to ours. We use contracts and other measures with our service providers to maintain the confidentiality and security of your Personal Data and to prevent it from being used for any other purpose.
Please be aware that no data security measures can guarantee complete security. You also should take steps to protect against unauthorized access to your phone, other mobile device and computer by, among other things, signing off after using a shared computer, and choosing a robust password – for access to your hardware – that nobody else knows or can guess easily.
8. HOW LONG DO WE KEEP THE PERSONAL DATA WE COLLECT?
We keep your Personal Data for only as long as it is required for the purposes for which it was collected, or as otherwise permitted by applicable law, after which we delete or de-identify your Personal Data, rendering it Non-Personal Data.
In general, we retain your Personal Data for a period of time corresponding to a statute of limitations setting out the period during which legal claims may be filed in court. For example, we may retain your Personal Data during the statute of limitation period, to maintain an accurate record of your dealings with us and, as applicable, assert or defend against a legal claim. However, in some circumstances we may retain Personal Data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.
The Services are not for use by children under the age of 18 years. Accordingly, we do not knowingly collect, store, share or use the Personal Data of children under 18 years. If you are under the age of 18 years, please do not use this Service or provide any Personal Data, even if prompted by the website to do so. If you choose to sign up for marketing emails, you will be required to provide us with your age. Failure to answer accurately will be deemed to be fraudulent on your part, and you, not us, will bear responsibility for such fraudulent behaviour and any resultant consequences.
10. YOUR RIGHTS
You have the ability to exercise the following rights:
- Right to withdraw consent.
- You have the right to withdraw your consent at any time, subject to legal and contractual restrictions. For example, if you wish to opt-out of receiving electronic marketing communications, you can use the ‘unsubscribe’ link provided in our emails, or otherwise contact us at [email protected], and we will stop sending you communications. Note that your withdrawal of such consent may limit your ability to fully use the Services.
- Right of access, rectification and erasure.
- You have the right to request access to and obtain a copy of any of your Personal Data that we may hold, to request correction of any inaccurate data relating to you, and to request the deletion of your Personal Data under certain circumstances.
- Data portability.
- Where the Personal Data is processed by automatic means, you have the right to receive all such Personal Data which you have provided us in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
- Right to restriction of processing.
- You have the right to restrict our processing of your Personal Data (meaning we could only store it unless we have your consent or as otherwise required by law) where:
- you contest the accuracy of the Personal Data, until we have taken sufficient steps to correct or verify its accuracy; or
- we no longer need your Personal Data for the purposes of the processing, but you require such Personal Data for the purposes of a dispute, complaint or proceeding.
- You have the right to restrict our processing of your Personal Data (meaning we could only store it unless we have your consent or as otherwise required by law) where:
- Right to object to direct marketing (including profiling).
- You have the right to object to our use of your Personal Data (including profiling) for direct marketing purposes, such as when we use your Personal Data to inform you of our promotions.
- You also have the right to lodge a complaint with the privacy commissioner with jurisdiction over your place of residence, if you consider that the processing of your Personal Data infringes applicable law (although we ask you to try resolve any complaints with us first).
If you would like to exercise any of these rights, please contact us using the contact information provided in Section 15, below.
11. COOKIES AND OTHER TRACKING
Provided we have obtained necessary permissions and consents in accordance with local laws, we use these tools only to provide you with an improved user experience, to better understand your needs and preferences, to provide you with content (including marketing emails) that is most relevant to you, and to monitor trends respecting the usage of our website.
Do-Not-Track. Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies or opting out of ad networks as described further in this section).
Clear GIFs. Clear GIFs (a.k.a. web beacons, web bugs or pixel tags) are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies though, clear GIFs are embedded invisibly on web pages, not stored on your hard drive. These “images” are automatically loaded to your browser/device when you visit our website or open an html format email message from us, thereby letting us know if a certain page was visited or an email message was opened. Clear GIFs allow us to record simple user actions related to our websites and to email communications received from us, to help us determine the usage and effectiveness of our site and communications. We might use clear GIFs to track the activities of our website visitors, help us manage content, and compile statistics about usage. We and our third-party service providers also might use clear GIFs in html e-mails to our customers, to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded. These may be blocked either by using a third-party application (look for a browser extension for content filtering, including ad blocking) or, in the case of emails, by changing your settings to prevent images from being downloaded (where your email provider supports this functionality).
12. DIRECT MARKETING
Where we have necessary permissions and consents in accordance with local laws: (a) we will send you marketing information about our website and our Services, and about other products and services our affiliates and/or third parties offer where we legitimately believe this may be of interest to you; and, (b) this content will be personalized. Where you have specifically requested marketing information from us about our affiliates and/or third parties that we work with, or have expressly indicated that you would like to receive details from other entities, we also may send promotional offers.
Depending on your marketing preferences, marketing may be carried out by email, push notifications or other electronic channels (see our Cookie Notice at Annex A for further details). If you change your mind, you can always choose to unsubscribe from receiving these marketing communications. You can do this by clicking the ‘unsubscribe’ link on any of our emails, or by contacting us at [email protected].
We use Personal Data that you provide combined with certain algorithms and machine-based learning to improve our website. This does not amount to “automated decision making” which would have any significant impact on you.
14. ACCESS AND UPDATES
You have the opportunity to (i) opt-out of certain communications, (ii) modify/update Personal Data you have provided to us.
Please be aware that opting-out of email notifications from us, will only change or delete the data in our database for the purpose of future activities and communications.
15. CONTACT US
If you have any questions or concerns regarding our policies and practices related to your information, please contact our Data Protection Officer/Chief Privacy Officer at [email protected], or by writing to:
RL Publishing Inc.
Attention: Chief Privacy Officer
2300 Yonge Street, Suite 1400
Toronto, ON Canada M4P 1E4
Attention: Data Protection Officer
Strovolos, 2021, Nicosia, Cyprus
As noted in Section 14 above, subject to certain restrictions required or permitted by law, you have the right to access Personal Data we hold about you and to have any concerns you may have over our policies and practices addressed. In addition, you have the right to obtain information regarding our policies and practices as they relate to the collection, storage, access, use and disclosure of Personal Data, including with respect to the transfer and storage of your information outside your home jurisdiction, and to request updates to, or correction of, your Personal data.
We aim to resolve all complaints promptly. For residents of the European Union, if you are not satisfied with any resolutions proposed, or if you have concerns with processing of data, you may contact your local data protection authority, a list of which is found here. https://edpb.europa.eu/about-edpb/board/members_en.
16. IMPORTANT ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
This section provides information for California residents. Pursuant to California privacy laws, including the California Consumer Privacy Act (“CCPA”), we provide California residents information about how we collect and process your Personal Information.
Categories of Personal Information that We Collect, Disclose, and Sell
Personal Information of California Residents Categories Collected, Processed, Shared with Third Parties
|Categories of personal information||Do we collect?||Do we disclose for business purposes?||Do we sell?||Sold or Disclosed for a business or commercial purpose in the prior 12 months?|
|NAME, CONTACT INFORMATION AND IDENTIFIERS: Identifiers such as Internet Protocol (IP) address, and (where provided by resident), first name, gender, age and email address.||YES||YES||NO||NO|
|CUSTOMER RECORDS: Paper and electronic customer records containing personal information, such as name, physical characteristics or description, address, telephone number, bank account number, credit card number.||NO||NO||NO||NO|
|PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under California or federal law such as Race, sex, age.||YES||NO||NO||NO (any disclosures would be done in the aggregate, not at the individual level)|
|PURCHASE HISTORY AND TENDENCIES: Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||NO||NO||NO||NO|
|USAGE DATA: Internet or other electronic network activity information such as usage of services, and information regarding a resident’s interaction with an internet website, application, or advertisement.||YES||YES||NO||NO|
|GEOLOCATION DATA: City of residence.||YES||NO||NO||NO|
|AUDIO/VISUAL: Audio, electronic, visual, thermal, olfactory, or similar information.||NO||NO||NO||NO|
|EMPLOYMENT HISTORY: Professional or employment-related information.||NO||NO||NO||NO|
|PROFILES AND INFERENCES: Inferences drawn from any of the information identified above to create a profile about a resident reflecting the resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||NO||NO||NO||NO|
If you would like to exercise any of these rights, please contact us using the contact information provided in Section 15.
California Residents’ Rights
California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.
Do-Not-Sell. We do not sell your Personal Data.
Verifiable Requests for Copy, Deletion and Right to Know. Subject to certain exceptions, California residents have the right to make the following requests, at no charge, up to twice every 12 months:
Right of Deletion: California residents have the right to request deletion of their Personal Data that we have collected about them, subject to certain exemptions, and to have such Personal Data deleted, except where necessary for specific purposes exempt under the law.
Right to a Copy: California residents have the right to request a copy of the specific pieces of Personal Data that we have collected about them in the prior 12 months and to have this delivered, free of charge, either: (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.
Right to Know: California residents have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:
- categories of Personal Data collected;
- categories of sources of Personal Data;
- business and/or commercial purposes for collecting and/or selling their Personal Data;
- categories of third parties with whom we have disclosed or shared their Personal Data;
- categories of Personal Data that we have disclosed or shared with a third party for a business purpose; and
- categories of third parties to whom the resident’s Personal Data has been sold and the specific categories of Personal Data sold to each category of third party.
Submitting Requests. Requests to exercise the right of deletion, right to a copy, and / or the right to know may be submitted by contacting: [email protected]. We will respond to verifiable requests received from California consumers as required by law.
Incentives and Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their personal information. We respect your privacy rights. We do not discriminate against residents who exercise their rights under CCPA.
California Privacy Rights under California’s Shine-the-Light Law.
Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain Personal Data are entitled to request and obtain from us, free of charge, information about the Personal Data (if any) we have shared with third parties for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third-party sharing in the prior calendar year. California residents who would like to make such a request may submit a request in writing (see Section 15 “Contact Us” for ways to reach us).