PRIVACY POLICY

  1. Introduction
  2. Your Arbor, Inc. (“Arbor”, “we”, “us” or “our”) is committed to maintaining the accuracy, confidentiality, and security of your personal information. This Privacy Policy describes what types of personal information we collect, and how we use that personal information, when you visit our website (https://www.arbor.eco/) (the “Site”), or when you use any of our other proprietary software applications or services (collectively, the “Services”). This Privacy Policy explains how Arbor processes the personal data of visitors to and users of the Site and the Services (“Users”, “you”, “your”).

    Your Arbor Inc. (a private corporation registered in Calgary, Alberta, Canada) is the 'data controller' of your personal data and is subject to the EU General Data Protection Regulation and the UK General Data Protection Regulation, as applicable (the "GDPR"). Arbor is a 'data controller' subject to the GDPR only insofar as we are offering goods or services to individuals in the EU / UK or where the Site or the Services may be used to monitor individuals' behavior as far as it takes place in the EU / UK. Nevertheless, this Privacy Policy is a general description of how we process Users’ personal data, regardless of where those Users are from.

    Unless you are based in the European Economic Area (EEA) or the United Kingdom (UK), by accessing or using our website or Services, you agree to accept this Privacy Policy, including the terms and conditions of this Privacy Policy that relate to the ways that we collect, use, disclose, and otherwise process your personal information.

    What is personal information?

    Personal information is any information about, relating to, or that identifies a specific individual. This may include information that identifies a specific household or device (including by reference to online identifiers such as IP addresses).

  3. Personal information that we collect
  4. No obligation to provide information

    You are not required to create a user account or provide any personal information to us in order to visit the Site. However, please note that your decision not to provide us with certain personal information that we request may result in us not being able to provide our Services to you (or not in the same form and quality).

    Creating an account

    You may create a user account in connection with your use of our Services. If you choose to create an account, during the registration process you will be asked to provide us with your name, a valid email address, and a password. We may collect your IP address in connection with your registration.

    Communications, feedback, and support

    We also collect your personal information when you contact us for support, provide us with feedback, or otherwise communicate with us. The types of personal information that we collect will depend on what personal information that you choose to provide to us.

    Other information that we collect

    In addition to the personal information that you provide to us, we collect information about your visit to the Site and your use of the Services, including the IP address and device domain used to access our Site and use our Services, the operating system on your device, your device settings, application IDs, the type and version of your browser, crash data, your time zone and the country you are from, your language, other unique device identifiers, and other information related to the manner in which you access and use the Services. We may also collect information about the websites you come from and go to, the pages that you visit on those websites, the amount of time that you spend on those pages and websites, etc. We use this information to monitor the performance of our Site, our Services and for our other business purposes, including to improve and upgrade the functionality of the Site and the Services.

    We use cookies and tracking technologies that are similar to cookies. A cookie is a small file of letters and numbers that we may set on your device to store and sometimes track information about you. Cookies and similar technologies we use are designed for analytics. This allows us to distinguish you from other users of the Services. This also helps us to provide you with a good experience when you use our Site and our Services.

    Please see our more detailed Cookies Notice for details of the cookies we use on the Site and in providing certain Services.

    Payment Processing & Third Party Vendors

    If you choose to make a purchase on or through the third party vendors linked through our Site and our Services, those third party vendors and/or third party payment processors will collect and use your personal information, such as your credit card number, name, billing address, and other related payment information to process the transaction. The collection and use of your personal information by these third parties is subject to their respective privacy policies. We encourage you to review their privacy policies before providing such third parties with your payment information and completing the transaction.

  5. How we use personal information
  6. We use the personal information that we collect to (i) provide you with the information, functionality and communications that are available through our Site and our Services; and (ii) enable us to manage, maintain,and develop our operations. In particular, we use your personal information to:

    • establish, maintain, and manage our relationship with you, including by assisting you to create an account, communicate with us, and provide you with the Services that you request;

    • allow you to participate in, subscribe to, and receive information, news, updates, and promotional materials from us and third parties;

    • comply with your requests and preferences regarding your use of our Services and the manner in which we communicate with you;

    • understand your preferences and values so that we can tailor our Services and communications to you;

    • protect us against error, fraud, theft, and damage to our Services, business, and property;

    • conduct analysis and evaluations to understand the way our Services are used and to improve our Services and general operations, including with respect to the development of new products, services, and opportunities; and

    • enable us to comply with applicable laws and regulatory purposes.

  7. Our legal bases for using personal information
  8. Data controllers need a lawful basis to collect and use your personal information under applicable legislation. In respect of the data processing undertaking by Arbor, the relevant lawful bases on which we rely to process your personal information include:

    • performing a contract with you – principally, where the processing of your personal information is necessary to supply the Services to you in accordance with our User Terms of Service. Please note that some of your personal information is necessary for the performance of our obligations under our User Terms of Service, and without this personal information we may not be able to provide you with the communications and/or Services you request;

    • our legitimate interests, including our commercial interests in operating our business responsibly and sustainably – for example, where we send you administrative information, including information regarding the Services and changes to our terms or policies;

    • a person’s consent – for example, if we send you marketing materials / promotional messages by email, this will be because you consented to this (please see the next section below); and

    • processing that is necessary for compliance with a legal obligation – for example, where we need to comply with statutory or financial reporting or other regulatory compliance obligations.

  9. Promotional and transactional messages
  10. Promotional messages

    We will collect your consent prior to sending you promotional emails and other electronic messages (e.g., texts, direct messages), unless an exception to obtaining your consent applies under applicable laws. You will have an opportunity to opt-out or unsubscribe from receiving promotional messages from us at any time. Promotional messages include, but are not limited to, our newsletter and updates about our and our partners’ businesses, products, and services.

    Transactional messages

    By using our Services, you agree to receive transactional communications about your account and activities. For example, when you create an account or reset your password you may receive an email confirming the details of such activity. You may not opt-out of receiving these transactional communications, and we do not need your consent to send you such messages. If you object to receiving transactional messages, we may have to cease providing Services to you.

  11. Disclosure of personal information to third parties
  12. We disclose your personal information and other information in the manner and for the purposes that are described in the sections below.

    Working with third parties

    We may work with third parties that provide services to us that help us facilitate one or more aspects of the products, services, communications, or features that we offer to you on and through our Site and our Services. We may provide these third parties with your personal information directly or they may collect your personal information from you on our behalf. For example, we may use a third party payment processor to process payments made on or in connection with our Services. These service providers may also send you communications on our behalf.

    Business transactions

    Your personal information may also be disclosed or transferred to a third party in connection with a business transaction, including a change of ownership of Arbor, the sale of all or certain of our assets, or the grant of a security interest. We will take reasonable steps to ensure that the third party that receives your personal information is bound by appropriate agreements that require that your personal information is handled in a manner that is consistent with this Privacy Policy.

    Legal requirements and emergency situations

    Your personal information may also be disclosed:

    • as permitted or required by applicable law or regulatory requirements;

    • to comply with valid legal processes such as a search warrant, subpoena, or court order; and/or

    • during emergency situations or where necessary to protect the safety of a person or a group of persons.

  13. International transfers of personal information
  14. Since we may share your personal information with third parties (including our service providers) as described in this Privacy Policy, your personal information may be collected, used, processed, stored or disclosed outside of your jurisdiction of residence, including in Canada. As such, your personal information may potentially be accessible to law enforcement and national security authorities of another jurisdiction where local laws provide for a different level of protection for personal information. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security agencies in those other countries may be entitled to access your personal information.

    If you are based in the UK or the European Economic Area (EEA), in the course of providing the Services to you, we may transfer your personal information outside of the UK / EEA, principally to Arbor’s offices in Canada and servers in Canada; this means that your personal information will not have the automatic protection of European / UK data protection laws (including the GDPR) which apply in the UK and EEA. In these circumstances, in order to ensure that your personal information continues to have adequate protection when it is transferred outside the UK and/or EEA, your personal information will only be transferred on one of the following bases:

    • a European Commission or UK government decision provides that the country or territory to which the transfer is made ensures an adequate level of protection (which is the case for Canada, under the European Commission’s decision of 20 December 2001 in respect of PIPEDA) and adopted by the UK following its exit from the European Union;
    • where the transfer is subject to one or more of the "appropriate safeguards" for international transfers prescribed by applicable law (for example, standard data protection clauses adopted by the European Commission and, in the case of the UK, by the Information Commissioner’s Office);
    • there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).

    You can obtain more details of the protection given to your personal data when it is transferred internationally (including outside the UK / EEA) by contacting us using the details set out below.

  15. Disclosure of aggregated data
  16. We may disclose aggregated, non-personal information and related usage information, which does not contain any personal information that can identify you, with third parties, including our customers, clients, partners, advertisers, service providers, vendors, suppliers, and content providers. For example, we may share data with an advertiser regarding the number of views that their advertisements received, the amount of time that users spent looking at their products or services on a web page, or the number of times a link we made available was used.

  17. How long we keep personal information
  18. We will keep your personal information for no longer than is necessary for the purposes for which it is processed, in accordance with our internal policies. The length of time that data will be kept may depend on the reasons for which we are processing the data and on the applicable laws or regulations that the information falls under such as financial regulations, statutory limitation periods or any contractual obligation we might have.

    If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.

  19. Security and protection of personal information
  20. We endeavour to maintain commercially reasonable physical, technological, and procedural safeguards that are appropriate based on the sensitivity of the personal information in question. These safeguards are designed to prevent your personal information from loss and unauthorized access, collection, use, disclosure, copying, modification, disposal, or destruction.

    Please advise us immediately of any incident involving the loss of or unauthorized access to or disclosure of your personal information that is relevant to your use of our Services.

  21. Your rights in relation to personal information
  22. Under applicable legislation, including the GDPR, you have the following rights in relation to our processing of your personal information. Please note that these rights are not absolute, and we may be entitled or obliged to refuse requests where exceptions or exemptions apply:

    • to obtain access to, and copies of, the personal information that we hold about you;

    • to require us to correct the personal information we hold about you if it is incorrect;

    • to require us to erase your personal information in certain circumstances;

    • to require us to restrict our data processing activities in certain circumstances;

    • to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you;

    • to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and

    • where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.

    Note: If you have given your consent and you wish to withdraw it, please contact us using the contact details set out below. Please note that where our processing of your personal information relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those Services.

    If you are not satisfied with how we are processing your personal information, you can make a complaint to a data protection supervisory authority in the UK (namely, the Information Commissioner’s Office, whose website is here: https://ico.org.uk) or in the EU, including the data protection regulator in the EU country where you are located. A list of data protection authorities in the EU is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

  23. Links to third party websites
  24. Our Site and our Services may contain links to other websites that may be subject to less stringent privacy standards. These links are provided for your convenience only and you assume all risk for clicking these links to other websites. We cannot assume any responsibility for the privacy practices, policies or actions of the third parties that operate these websites. We are not responsible for how such third parties collect, use or disclose your personal information. You should review the privacy policies of these websites before providing them with personal information.

  25. Changes to this Privacy Policy
  26. We may make changes to this Privacy Policy from time to time. These changes may be made as a result of changes to our legal obligations or the ways in which we collect, use, disclose, or otherwise process your personal information.

    We will post an updated version of our Privacy Policy on our Site when we make material changes and may also notify you of the changes we have made if we are required to do so by applicable law. We encourage you to check this Privacy Policy for updates on a regular basis.

    You agree that by continuing to use the Site or the Services after an update to our Privacy Policy, you acknowledge and agree to the collection, use, disclosure of your personal information as described in the updated version of the Privacy Policy.

    This Privacy Policy was last updated on January 6, 2023.

  27. Contact
  28. If you have questions or concerns regarding this Privacy Policy, you should contact us at support@arbor.eco. **If you choose to communicate with us via email, please be aware that email is not a 100% secure medium for sending any personal or confidential information to us.**