Our Philosophy and Intentions
We attempt to run an honest, above-board business. We value our own personal privacy. As we believe in the "do unto others as you would have them do unto you" doctrine, we will strive to help protect your personal privacy, as well.
Unfortunately, personal and corporate greed seems to overcome integrity all too often, these days. As such, we'll understand when you believe only our actions, not what we say. We wish it could be otherwise.
For us, those actions start with the defaults we normally set—defaults that allow you to give us a minimal amount of personal information and defaults that have you "opt in" (rather than have to "opt out") of visibility and connectedness options (e.g., the "Send Me" tab and "Contact settings" for user accounts).
We collect and retain information that is necessary to effectively run our business. We strive to protect that information with the same degree of rigor with which we protect our own proprietary and confidential information.
An important part of information privacy is information security. We, and our e-store agents, employ current industry-standard strategies and technologies to help achieve information security. In addition, we also use strong encryption to help physically secure all confidential and proprietary information that resides on our systems and our system backups. This helps protect your information (and ours) in the unlikely event that a system or backup is stolen or lost during off-site transportation.
When required, industry-standard secure communications protocols are utilized to help ensure information privacy.
We also use industry-standard logging on various system components (e.g., firewall and web server) to support normal system administration, troubleshooting and security requirements. Logs may be retained in backups as a normal course of business, but no on-going attempt is made to correlate any logged information with customer information except as may be required to support specific objectives (e.g., identifying security issues or troubleshooting efforts).
For Site Membership purchases, our e-store "hands you off" to PayPal to complete payment. We use PayPal to provide you with the best payment security the industry has to offer (only PayPal handles your credit card information). See PayPal's privacy page for more information.
We are not in the business of selling information about our customers. We have no plans to enter such a business in the future. Furthermore, Canadian privacy laws would prevent us, or anyone else, from doing so without your permission. We think these are good laws.
Our Principals and Obligations
We think that the Canadian Standards Association’s Model Code for the Protection of Personal Information is an excellent piece of work and provides a good and workable set of principles by which to run a business. The Standard addresses the ways in which organizations collect, use and disclose personal information. It also addresses the rights of individuals to have access to their personal information and to have it corrected, if necessary. This is also the basis for Canada's privacy laws by which we are bound (and we believe these are good laws).
The code’s 10 principles are:
Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization's compliance with the following principles.
Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
Consent: The knowledge and consent of the individual are required for the collection, use or disclosure of personal information, except when inappropriate [e.g., criminal investigation].
Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by the law. Personal information shall be retained only as long as necessary for fulfillment of those purposes.
Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
Individual Access: Upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals for the organization's compliance.
Communicate With Us