Privacy Policy

1. Introduction

This Privacy Policy (the "Privacy Policy") applies to the Catered Designs website located at https://catereddesigns.ca, and all associated sites linked to catereddesigns.ca by Catered Designs, its subsidiaries and affiliates, including any subdomains or related websites (collectively, the "Site"). The Site is the property of Catered Designs Inc. ("Catered Designs", "we", "us", or "our") and its licensors.

BY USING THE SITE, PRODUCTS, OR SERVICES, YOU AGREE TO THIS PRIVACY POLICY; IF YOU DO NOT AGREE, DO NOT USE THE SITE, PRODUCTS, OR SERVICES, OR PROVIDE US WITH YOUR PERSONAL INFORMATION.

Catered Designs respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our Site, use our products or services, or interact with us in any way.

This Privacy Policy is designed to comply with applicable privacy laws in the jurisdictions where we operate, including but not limited to: the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws; the General Data Protection Regulation (GDPR) and other applicable European Union privacy laws; the California Consumer Privacy Act (CCPA) and other applicable United States privacy laws; and other applicable privacy laws in jurisdictions where we provide our products or services.

If you are located outside of Canada, please be aware that we may transfer your personal information to Canada, the United States, or other countries where our service providers operate. By using our Site, products, or services, you consent to the collection and use of your personal information as described in this Privacy Policy, and to the transfer of your information to these jurisdictions.

Catered Designs reserves the right, at its sole discretion, to change, modify, add or remove portions of this Privacy Policy, at any time. It is your responsibility to check this Privacy Policy periodically for changes. Your continued use of the Site, products, or services following the posting of changes will mean that you accept and agree to the changes.

2. What Information We Collect

We collect personal information that you provide to us directly, as well as information that we collect automatically when you use our Website, products, or services. We also collect information from third-party sources in certain circumstances. The types of personal information we collect include:

2.1 Information You Provide to Us

Contact Form Information: When you use our contact form, we collect:

• First name and last name
• Email address
• Phone number (optional)
• Company name (optional)
• Inquiry type
• Subject line (if applicable)
• Message content
• Preferred contact method

Service Agreement Information: When you enter into a service agreement with us, we may collect:

• Business information and contact details
• Project specifications and requirements
• Billing and payment information
• Any other information necessary to provide our services

CoolMonitor Product Information: When you use our CoolMonitor temperature monitoring system, we collect:

• WiFi network information (SSID, network credentials for device connectivity)
• Temperature logs and sensor readings
• Device identification information
• Alert preferences and notification settings
• Account and subscription information
• Compliance report data

Account Information: When you create an account with us, we may collect:

• Username and password
• Profile information you choose to provide
• Account preferences and settings
• Any other information you provide during account creation or use

2.2 Information We Collect Automatically

When you visit our Website, we may automatically collect certain information, including:

• Internet Protocol (IP) address
• Browser type and version
• Device information (device type, operating system)
• Pages visited and time spent on pages
• Referring website addresses
• Date and time of visits
• Cookies and similar tracking technologies (see Section 7 for more information)

We collect personal information only by fair and lawful means, and only to the extent necessary for the purposes identified in this Privacy Policy, in accordance with PIPEDA's limiting collection principle and the data minimization requirements of GDPR and other applicable privacy laws.

2.3 Information from Third Parties

We may receive personal information about you from third-party sources, including:

• Payment processors: When you make a payment, we may receive transaction information from payment processors
• Analytics providers: We may receive aggregated usage data from analytics service providers
• Business partners: If you are referred to us by a business partner, we may receive basic contact information
• Public sources: We may collect information from publicly available sources, such as business directories or professional networking sites, when relevant to providing our services

We only collect personal information from third parties when you have consented to such collection, when it is necessary for providing our services, or when permitted by applicable law.

2.4 Anonymous Data

We also collect anonymous data that is not associated with or linked to your personal information ("Anonymous Data"). Anonymous Data does not permit the identification of individual persons. This may include aggregated usage statistics, general demographic information, and other non-personally identifiable information.

We use Anonymous Data to improve our Website and services, conduct market research, analyze trends, and understand how visitors use our Website. We may share Anonymous Data with third parties for these purposes, but we will not share any Anonymous Data if such information is, contains, or will be linked to your Personal Data, unless we have given you notice and you have provided your consent.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

• To provide and improve our services: To respond to your inquiries, provide customer support, deliver our products and services, and fulfill our contractual obligations
• To process transactions: To process payments, manage subscriptions, and handle billing matters
• To communicate with you: To send you service-related communications, respond to your requests, provide technical support, and send you important updates about our products and services
• To operate CoolMonitor: To monitor temperatures, send alerts, generate compliance reports, and maintain the functionality of the temperature monitoring system
• To improve our Website and services: To analyze usage patterns, understand user preferences, and enhance the user experience
• To comply with legal obligations: To comply with applicable laws, regulations, and legal processes, and to respond to lawful requests from government authorities
• To protect our rights and interests: To detect, prevent, and address fraud, security issues, and other illegal activities
• For marketing purposes: With your consent, to send you promotional communications about our products, services, and events (you may opt out at any time)

3.1 Legal Basis for Processing (GDPR)

For individuals located in the European Economic Area (EEA) or United Kingdom (UK), we process your personal information based on the following legal grounds:

• Consent: When you have provided your explicit consent for specific processing activities (e.g., marketing communications)
• Contractual necessity: When processing is necessary to fulfill a contract with you or to take steps at your request before entering into a contract (e.g., providing our services, processing payments)
• Legal obligation: When processing is necessary to comply with applicable legal obligations (e.g., tax reporting, responding to legal requests)
• Legitimate interests: When processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, ensuring security, and analyzing usage patterns, provided that such interests are not overridden by your privacy rights. We balance our legitimate interests against your privacy rights and only process personal information when our interests are not overridden by your fundamental rights and freedoms
• Vital interests: When processing is necessary to protect your vital interests or those of another person (e.g., in emergency situations)

If you have questions about the legal basis for any specific processing activity, please contact us using the information provided in Section 16 below.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We do not share your personal information for cross-context behavioral advertising or for any commercial purpose other than providing our services to you. We have never sold personal information, and we do not intend to sell personal information in the future.

California Residents: Under CCPA, "selling" personal information means disclosing it to a third party for monetary or other valuable consideration. We do not engage in such activities. We do not have a "Do Not Sell My Personal Information" link because we do not sell personal information.

We may share your personal information in the following circumstances:

4.1 Service Providers

We may share your personal information with third-party service providers who perform services on our behalf, such as:

• Web hosting and cloud storage providers
• Payment processors
• Email service providers
• Analytics and marketing service providers
• Customer support service providers
• Traffic monitoring and optimization service providers

These service providers are contractually obligated to protect your personal information and may only use it for the purposes for which it was disclosed. We ensure that the same privacy criteria as defined in this Privacy Policy are in place with such service providers.

Third-Party Technology and Services: Our Website or products may contain certain software technologies and services licensed from third-party providers. These third-party providers have separate privacy and data collection practices and policies, and we are not responsible or liable for their practices. We do not endorse, nor are we responsible for the accuracy of, the privacy policies of such third-party providers. These third-party entities are independent third parties and are not affiliated with Catered Designs unless otherwise stated.

4.2 Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). When legally required to share your personal information, we will tell you in advance, unless we are legally forbidden from doing so.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.4 With Your Consent

We may share your personal information with third parties when you have provided your explicit consent to such sharing.

4.5 Enforcement and Protection

We may use your personal information, including IP addresses, to identify users of our Website, products, or services if we believe it is necessary to enforce compliance with our Terms of Use or this Privacy Policy, or to protect our products, services, Website, or other users. We may also use, retain, or disclose your personal information when we have reason to believe that doing so is necessary to identify, contact, or bring legal action against someone who may be causing injury to you, us, or other users, or who may be interfering with our rights, property, or operations.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.4 With Your Consent

We may share your personal information with third parties when you have provided your explicit consent to such sharing.

5. Data Storage and Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure server infrastructure and access controls
• Regular security assessments and updates
• Limited access to personal information on a need-to-know basis
• Employee training on data protection and privacy
• Multi-factor authentication for accessing sensitive systems
• Regular backups and disaster recovery procedures
• Monitoring and logging of system access and activities

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the unlikely event of a data breach where your personal information has been compromised, we will promptly notify you, the applicable authorities, and supervisory authorities or data protection authorities, in accordance with applicable breach notification requirements.

Your personal information may be stored and processed in Canada, the United States, or other countries where our service providers operate. By using our services, you consent to the transfer of your information to these locations. We take appropriate measures to ensure that your personal information receives an adequate level of protection in accordance with this Privacy Policy and applicable privacy laws.

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of your personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, as well as applicable legal requirements.

Specific Retention Periods:

• Contact form submissions: Retained for up to 7 years for business record-keeping purposes
• CoolMonitor temperature logs: Retained for the duration of your subscription plus a reasonable period thereafter (typically 90 days) for service continuity and support purposes
• Service agreement information: Retained as required by law or for the duration of any applicable warranty or support period, plus any additional period required for legal or business purposes
• Account information: Retained for as long as your account is active and for a reasonable period after account closure for business and legal purposes
• Marketing data: Retained until you opt out or withdraw consent, after which we will remove you from our marketing lists

When personal information is no longer needed, we will securely delete, destroy, or anonymize it in accordance with our data retention policies. Any personal information that is no longer required by Catered Designs will be destroyed. If you stop using our services or delete your account with us, we will delete your information or store your information in an aggregated and anonymized format, except where we are required by law to retain it.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your use of our Website. Cookies are small text files that are placed on your device when you visit a website.

We use cookies for the following purposes:

• Essential cookies: Required for the Website to function properly (e.g., authentication, security)
• Analytics cookies: To understand how visitors use our Website and improve its performance
• Functional cookies: To remember your preferences and provide enhanced features
• Marketing cookies: To deliver relevant advertisements and track the effectiveness of our marketing campaigns (with your consent)

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our Website.

8. Your Rights and Choices

Under Canadian privacy laws, including PIPEDA, you have the following rights regarding your personal information:

8.1 Access

You have the right to request access to the personal information we hold about you. We will provide you with a copy of your personal information, subject to certain limitations and exceptions permitted by law.

8.2 Correction

You have the right to request correction of inaccurate, incomplete, or outdated personal information. We will make reasonable efforts to correct your information upon request. If we determine that a correction is warranted, we will correct the information and, where appropriate, send the corrected information to any third parties to whom we have previously disclosed the incorrect information.

We take reasonable steps to ensure that personal information is accurate, complete, and up-to-date for the purposes for which it is used, in accordance with PIPEDA's accuracy principle and GDPR requirements.

8.3 Withdrawal of Consent

You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. However, withdrawing consent may affect our ability to provide you with certain products or services.

8.4 Deletion

You may request deletion of your personal information, subject to our legal obligations to retain certain information and our legitimate business interests. We will delete your personal information when it is no longer necessary for the purposes for which it was collected, unless we are required by law to retain it.

EU/EEA Residents: Under GDPR, you have the right to erasure (the "right to be forgotten") in certain circumstances, such as when the personal data is no longer necessary for the original purpose, you withdraw consent, or the data has been unlawfully processed.

8.5 Opt-Out of Marketing Communications

You may opt out of receiving promotional communications from us at any time by following the unsubscribe instructions in our emails or by contacting us directly. You cannot opt out of service-related communications that are necessary for the provision of our services.

8.7 Additional Rights (GDPR)

Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Object: You have the right to object to processing of your personal information based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.

Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.

8.8 How to Exercise Your Rights

To exercise any of these rights, please contact us using the contact information provided in Section 16 below. We will respond to your request within the time frame required by applicable privacy laws (typically within 30 days, or as otherwise required by applicable law), or inform you if additional time is needed. In certain circumstances, we may be permitted to refuse access to some information, in which case we will explain the reasons for the refusal.

Verification: To protect your privacy and security, we may need to verify your identity before processing your request. We may request additional information, such as a government-issued ID or other documentation, to verify your identity.

Authorized Agents: If you are located in a jurisdiction that permits authorized agents to make requests on your behalf (such as California under CCPA), you may designate an authorized agent to exercise your rights. We may require proof of authorization and verification of your identity before processing such requests.

Non-Discrimination: We will not discriminate against you for exercising your privacy rights. You will receive the same level of service and pricing regardless of whether you exercise your rights. We will not deny you goods or services, charge you different prices, provide you with a different level or quality of services, or suggest that we might do any of these things because you exercised your privacy rights.

Appeals: In certain jurisdictions, you may have the right to appeal our decision regarding a request related to your privacy rights. If you wish to appeal a decision, please contact us using the information provided in Section 16 below, and we will review your appeal.

9. Children's Privacy

Our Website and services are not intended for individuals under the age of majority in their jurisdiction (18 years of age in most jurisdictions, including British Columbia, Canada; 13 years of age in the United States under COPPA). We do not knowingly collect personal information from minors or children.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately, and we will take steps to delete such information from our systems.

If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information as soon as possible, in accordance with applicable laws.

10. Third-Party Links and Services

Our Website may contain links to third-party websites or services that are not owned or controlled by Catered Designs. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of any third-party websites or services you visit.

These third-party websites have separate privacy and data collection practices, and Catered Designs has no responsibility or liability relating to them. We do not endorse, nor are we responsible for the accuracy of, the privacy policies and/or terms and conditions of such websites. These third-party entities are independent third parties and are not affiliated with Catered Designs unless otherwise stated.

In some cases, you may be required to provide certain information to register or complete a transaction at a third-party website. When you click on a link to a third-party website, you are leaving our Website and contacting another website. We are not responsible for the privacy practices or content of third-party websites or services.

11. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence, including Canada, the United States, and other jurisdictions where our service providers operate. These countries may have different data protection laws than your country of residence.

By using our Site, products, or services, you consent to the transfer of your personal information to these countries. We take appropriate measures to ensure that your personal information receives an adequate level of protection in accordance with this Privacy Policy and applicable privacy laws.

European Union/European Economic Area (EU/EEA) Residents: If you are located in the EU/EEA and we transfer your personal information outside of the EU/EEA, we will ensure that such transfers are protected under appropriate safeguards, such as standard contractual clauses approved by the European Commission, or other mechanisms recognized under applicable data protection laws.

United States Residents: If you are located in the United States, your personal information may be subject to state-specific privacy laws, including but not limited to the California Consumer Privacy Act (CCPA). We will comply with applicable state privacy laws where we operate.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other reasons. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also notify you by email or through other means.

If we plan to use your personal information for a purpose that was not previously identified, we will seek your consent before using it for the new purpose, unless the new purpose is required by law.

Your continued use of our Website, products, or services after any changes to this Privacy Policy constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using our Website, products, or services and contact us to discuss your concerns.

This Privacy Policy is easily accessible on our Website, in accordance with PIPEDA's openness principle. We make our privacy policies and practices readily available to you in a form that is generally understandable. You may request a copy of this Privacy Policy in an alternative format by contacting us. We also make this Privacy Policy available orally upon request to ensure comprehension and to aid accessibility.

13. Privacy Breach Notification

In the event of a privacy breach involving your personal information, we will comply with applicable breach notification requirements in your jurisdiction. Depending on the nature and scope of the breach and applicable laws, we will:

• Canada: Notify the Office of the Privacy Commissioner of Canada as soon as feasible after determining that the breach poses a real risk of significant harm
• European Union/European Economic Area: Notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach, unless the breach is unlikely to result in a risk to your rights and freedoms
• United States: Comply with applicable state breach notification laws, which may require notification within specific time frames (e.g., California requires notification as soon as practicable and without unreasonable delay)
• Notify affected individuals as soon as feasible, providing clear information about the breach and steps they can take to reduce the risk of harm, in accordance with applicable legal requirements
• Notify any third-party organizations (such as financial institutions or government agencies) that may be able to mitigate the risk of harm
• Maintain records of all privacy breaches, regardless of whether they meet the notification threshold

Canada: A "real risk of significant harm" includes, but is not limited to, bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on credit records, and damage to or loss of property.

14. Complaints and Challenging Compliance

You have the right to challenge our compliance with applicable privacy laws and this Privacy Policy. If you have concerns about how we have handled your personal information, you may file a complaint with us using the contact information provided in Section 16 below. We will investigate all complaints and respond to you within a reasonable time frame.

We have implemented simple complaint handling and investigation procedures to address privacy concerns. If you are not satisfied with our response, you may also file a complaint with the relevant supervisory authority in your jurisdiction:

Canada: Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Phone: 1-800-282-1376
Website: https://www.priv.gc.ca
You may also apply to the Federal Court for a hearing if you are not satisfied with the Privacy Commissioner's findings or recommendations. PIPEDA contains whistleblower protection provisions that make it illegal for us to retaliate against you for filing a complaint.

European Union/European Economic Area: If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection authority. A list of data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en.

United States: If you are located in the United States, you may file a complaint with your state's attorney general or other relevant regulatory authority, depending on the nature of your complaint and applicable state laws.

15. Consent

Under PIPEDA and other applicable privacy laws, we are required to obtain your meaningful consent before collecting, using, or disclosing your personal information. Meaningful consent means that you understand what you are consenting to, and your consent is voluntary and informed.

Express Consent: We obtain express consent (e.g., by checking a box or clicking a button) for sensitive personal information or when the collection, use, or disclosure is outside what a reasonable person would expect. For example, we obtain express consent for marketing communications and for sharing personal information with third parties for purposes other than service delivery.

Implied Consent: We may rely on implied consent in circumstances where the purpose for collecting, using, or disclosing personal information would be obvious to a reasonable person and you have voluntarily provided the information. For example, when you provide your contact information through our contact form, we assume you consent to us using that information to respond to your inquiry.

Withdrawing Consent: You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by contacting us using the information provided in Section 16 below. However, withdrawing consent may affect our ability to provide you with certain products or services. We will inform you of the implications of withdrawing consent.

Business Contact Information: PIPEDA does not apply to business contact information (name, title, business address, business telephone number, or business email address) that is collected, used, or disclosed solely for the purpose of communicating with that person in relation to their employment or profession.

Voluntary vs. Mandatory Data: Some personal information is required for us to provide our services (e.g., contact information for service delivery, payment information for transactions). Other information is optional (e.g., company name in contact forms). We will clearly indicate which fields are required and which are optional when collecting your information.

16. Privacy Officer and Contact Us

In accordance with PIPEDA's accountability principle, we have designated a Privacy Officer responsible for our privacy compliance program. The Privacy Officer is responsible for ensuring that our personal information management practices comply with PIPEDA and this Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, including requests to access or correct your personal information, or to review, update, or remove your personal data, please contact our Privacy Officer:

Catered Designs Inc.
Attn: Privacy Officer
Victoria, BC, Canada
Phone: +1 (250) 800-0760
Email: privacy@catereddesigns.ca
General inquiries: info@catereddesigns.ca
Website: https://catereddesigns.ca