SOSCuisine’s Privacy Policy

This Privacy Policy describes how we – Sukha Technologies Inc. (“STI”, “we”, “our” or “us”), headquartered at 1470 Rue Peel, Suite 810, Montreal, QC, H3A 1T1, Quebec, Canada. –  collect, store, use and disclose personal data regarding individuals (“User(s)” or “you”) who visit, use or otherwise interact with our websites soscuisine.com, soscuisine.fr, soscuisine.it, soscuisine.ch, soscuisine.be, soscuisine.co.uk, or soscuisine.[other domain], or any other website, webpage, mobile application, e-mail, text message or online ad under our control (collectively – “Sites”), to receive online nutrition therapy, personalized meal planning and other services – (the “Services”), in accordance with our Terms of Service.

Specifically, this Privacy Policy describes our practices regarding:

Commitment to Privacy & Security

Privacy is important to us, and we are strongly committed to transparency and fairness in our data processing activities, as follows:

We abide by these 10 fair information principles

Principle 1 – Accountability

We are responsible and accountable for personal information under our control. We appointed a senior member of our staff to be responsible for our compliance with these fair information principles.

Principle 2 – Identifying Purposes

The purposes for which the personal information is being collected is identified in this Privacy Policy, before or at the time of collection.

Principle 3 – Consent

The knowledge and consent of the individual are required for our collection, use, or disclosure of personal information, except where inappropriate.

Principle 4 – Limiting Collection

The collection of personal information is limited to that which is needed for the purposes identified here below. Information is collected by fair and lawful means.

Principle 5 – Limiting Use, Disclosure, and Retention

Unless the individual consents otherwise or it is required by law, personal information is only used or disclosed for the purposes for which it was collected. Personal information is only kept as long as required to serve those purposes.

Principle 6 – Accuracy

Personal information is as accurate, complete, and up-to-date as possible in order to properly satisfy the purposes for which it is to be used.

Principle 7 – Safeguards

Personal information is protected by appropriate security relative to the sensitivity of the information. This involves administrative, physical and technical security safeguards to protect our data holdings against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.

Principle 8 – Openness

We make detailed information about our policies and practices relating to the management of personal information, publicly and readily available.

Principle 9 – Individual Access

Upon request, an individual is informed of the existence, use, and disclosure of their personal information and is given access to that information. An individual is able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Principle 10 – Challenging Compliance

An individual is able to challenge our compliance with the above principles. The challenge should be addressed to our Data Protection Officer, who is the person responsible for our compliance with Privacy regulations.

Privacy is enforced by our Corporate Governance

Privacy & Security, and more specifically Personal Information (“PI”) and Personal Health Information (“PHI”) privacy, are explicit priorities within our corporate governance framework. Accordingly, we have put in place a set of procedures, tools and processes aligned with the best practices in the field to ensure adequate PI/PHI protection.

Our President and CEO is ultimately accountable for the proper implementation,  administration and compliance of our Privacy & Security initiatives, and has appointed a Data Protection Officer with the specific responsibility to manage such initiatives on a day to day basis. The contact information for the Data protection Officer can be found here below.

The Privacy & Security initiatives include, but are not limited to, the following key activities:

  • Analyzing and applying relevant policies;
  • Administering an audit program;
  • Conducting a Privacy & Security training program aimed for our personnel, relevant to their roles and responsibilities.

We have also put in place a specific procedure to follow in the unlikely eventuality of a data breach. This Data Breach Reaction Procedure includes promptly notifying the authorities and data subjects, investigating the breach and the security flaw that enabled it, remediating the flaw and fixing the exploitable vulnerabilities.

You are free to accept or refuse

Please read this Privacy Policy carefully and make sure that you fully understand and agree to our practices. Remember: you are not legally required to provide us with any personal data, and may do so (or avoid doing so) at your own free will.

If you do not wish to provide us with your personal data, or to have it processed by us, please simply do not use our Services. You may also request to delete certain data or opt-out of certain processing activities, but please keep in mind that limiting our processing may also result in us not being able to provide you with the full range of our Services, or with the best user experience when using our Services.

Data collection

No personal data collected without your knowledge and consent

We do not collect any of your personal data when you navigate the Sites, unless you voluntarily supply this information by explicitly subscribing to a specific service inviting you to do so. You can always refuse to do this, or cancel a subscription to a customization service to which you are already a subscriber.

You can change your personal information at any time in the “My profile” section of the Sites. You can also ask us to delete your personal data via the Contact form accessible from the footer of each page on our Sites. We collect Personal Information by fair and lawful means and we limit the collection to what is needed for providing our Services. We periodically review the need for data collection and usage, and we delete and stop collecting any eventual data that is deemed unnecessary for providing our Services.

What data is collected and how?

By browsing our Sites, ourselves, our service providers or business partners may collect data subject to your prior consent. Some data is collected from forms that you fill in manually and some other data may be collected automatically as a result of your actions on the Sites through cookies or similar technologies. We collect the following categories of data (which, to the extent it relates to an identified or identifiable individual, will be deemed as “Personal Data”):

Data that you provide: You may provide us with Personal Data such as your name, e-mail address, password, phone number, address, payment method (e.g. credit card), comments or complaints, and any other data you choose to provide when you contact us or otherwise submit any forms on our Sites.

This information is provided when:

  • you create an account on the Sites,
  • you subscribe to our newsletter,
  • you write a comment on the content of our Sites (e.g. a recipe),
  • you write to us via the Contact form
    .

Data automatically collected or generated: When you interact with or use our Sites, we may collect certain technical data about you such as your operating system, IP address, device identifier, browser type (the software you use to browse the Internet) and, subject to your consent as may be required under applicable law. We collect or generate such data either independently or with the help of our Service Providers, including through the use of Cookies and other related technologies.

Data obtained through Analytics Tools: We use analytics tools (e.g. Google Analytics) to collect data about the use of our Sites and Services. Analytics tools collect data such as how often Users visit or use the Sites, which pages they visit and when, and which website, ad or e-mail message brought them there. You can find more information about how Google collects information and how you can control such use at:
https://policies.google.com/technologies/partner-sites.

Cookies and related technologies

What is a cookie?

A cookie is a small text file that can be saved, subject to the user’s choice, in a dedicated space on the hard drive of his device (computer, smartphone, tablet, etc.) when accessing the website through its navigation software. It allows you to activate website features such as user authentication, display preferences for your meal plan and shopping list, management of updates for wizards (Fodmap and others), etc. Its purpose is to collect and report information relating to the user’s navigation. When connecting to the Sites for the first time, a banner is displayed on the page. Subject to the user’s choice, cookies will be stored in the memory of your device. The information thus collected can be used by ourselves or by a duly authorized third party, such as an advertising agency or an official partner of ours. The maximum retention period for a cookie is one year from the day the user gave his/her consent to the use of said cookie. The user is free to delete cookies at any time on his/her device. The user also has the option, at any time, to refuse the recording of cookies on his device via the browser and according to the procedure described in “Accept or refuse cookies” in this document. However, the refusal of certain cookies can cause the degradation of a certain number of functionalities necessary for navigation on the website (display or saving issues, etc.). In such cases, our responsibility cannot be invoked for these dysfunctions. Furthermore, deactivating advertising cookies does not mean that the user will not receive advertising, but simply that such ads will no longer be relevant to his/her interests. The user can also choose to visit the Sites using the “private or incognito navigation” mode offered by his/her browser, the cookies being then automatically erased when the browser window is closed. This can be a good alternative if the user wishes to take advantage of all the features of the Sites without the risk of sharing his/her browsing information beyond the duration of the visit.

What are cookies and related technologies used for?

Our Services and some of our Service Providers utilize “cookies”, anonymous identifiers, container tags and other tracking technologies which help us provide, secure, analyze and improve our Services, personalize your experience and monitor and analyze the performance of our activities and campaigns. Such cookies and similar files or tags may also be temporarily placed on your device in the LocalStorage for example. Certain cookies and other technologies, such as an IP address, serve to recall Personal Data previously indicated by a User.

Accept or refuse cookies and related technologies

Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, however, the user can decide to delete cookies at any time. The browser can also be configured to signal the creation of new cookies which the user can decide to oppose or not. The user can accept or refuse cookies, either individually or globally. The user can express his/her choices, manage, deactivate or authorize cookies directly by modifying the settings of his/her web browser or his/her operating system as follows:

If you want to change your consent to the use of cookies, you must contact us via the Contact form accessible from the footer of each page on our Sites. If you refuse to save cookies on your device, you will no longer be able to benefit from certain features of the site, such as:

  • Removal of minimum cookies: the Sites’ pages would no longer display in your preferred language, your favorite views of the Recipe List and Shopping List pages would no longer be displayed, and other features would be impacted
  • Removal of social cookies: you will no longer be able to share articles and recipes on social networks
  • Removal of advertising cookies: Displaying advertisements on the site will not reflect your interests, preferences and will be less relevant, but removal will not stop the advertising

We decline all responsibility for the consequences related to the degraded operation of the Sites and / or services resulting from the refusal or deletion by the user of cookies necessary for the operation of the site.

Data Uses

The data collected on the Sites are primarily intended for us.

We use your Personal Data as necessary for the performance of our Services; for complying with applicable law; and based on our legitimate interests in maintaining and improving our Services and offerings, understanding how our Services are used, optimizing our marketing, customer service and support operations, and protecting and securing our Users, ourselves and members of the general public.

We do not sell your Personal Data. (also referred to as “Personal Information” in some regulations such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the California Consumer Privacy Act – CCPA).

Our personnel (customer service, dietitians and others) are properly trained in Privacy, follow our procedures and never ask for the user’s sign in credentials.

What are the purposes of the data collected about you?

Specifically, we use Personal Data for the following purposes:

  • To facilitate, operate, and provide the Services in a personalized way to users;
  • To authenticate the identity of our Users, and to allow them to access and use our Services;
  • To provide our Users with assistance and support;
  • To develop, customize and improve the Services and our Users’ experience, based on common or personal preferences, experiences, difficulties and feedback;
  • To contact our Users with general or personalized service-related messages (such as password-retrieval or billing); or with promotional messages (such as newsletters, special offers, new features etc.); and to facilitate, sponsor and offer certain events and promotions;
  • Advertise on our Sites content tailored to your interests;
  • To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity;
  • To create aggregated statistical data, inferred non-personal data or anonymized or pseudonymized data (rendered non-personal), which we or our business partners may use to provide and improve our respective services; and
  • To comply with any applicable laws and regulations.

Data Location

Sukha Technologies Inc. is headquartered in Canada, and the personal data that you provide is also stored in a data center located in Canada, a jurisdiction which is considered by the European Commission to be offering an adequate level of protection for the Personal Data of EU Member State residents.

While privacy laws may vary between jurisdictions, ourselves and our Service Providers are each committed to protect Personal Data in accordance with this Privacy Policy, customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction from which such data originated.

Data Transfer outside the European Union

We ensure that data transfer outside of the EU is secure and complies with the legal framework defined in the European Union’s General Data Protection Regulation (GDPR).

Data Protection / Security

In order to protect your Personal Data, we use industry-standard physical, procedural and electronic security measures (such internal policies, access control, secure servers, firewalls, encryption, database backups, etc.).

Specifically, we do the following : 

  • Protect personal data against malicious intrusion, any loss, alteration or disclosure to unauthorised third parties.
  • Ensure that the information system, servers and networks used to process and store personal data have security and protection systems (data encryption, firewall, redundancy, backup, etc.).
  • Guarantee the security of the information exchanged in transactions or payments.
  • Issue access permissions to our data servers only to those who need to perform their duties.
  • Have electronic audit logs, in accordance with Ontario’s PHIPA regulation, that log every employee’s access to users’ Personal Health Information.
  • Train our staff on the protection of the personal data made available to them as part of their duties and ensure that they comply with the rules in force and company’s policies.
  • Ensure that our suppliers adhere to these same principles of protection.

We conduct periodic reviews of our administrative, physical and technical security measures to ensure they stay efficient.

Despite all the precautions taken by STI to ensure that third parties do not access your personal information via our Sites, leaks can potentially occur. The Internet offers no intrinsic guarantee of security, so data transferred via the Internet can potentially be intercepted, lost or altered. We therefore cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any third-parties, and therefore do not accept responsibility for damage resulting from possible access by a third party via the Internet to the personal information of users, who therefore use the Services at their own risk. However, since the opening of the Sites in 2005, no security breach has affected the personal information of our users.

Data Sharing

Legal Compliance

We may disclose or allow government and law enforcement officials access to certain Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we believe that we are legally compelled to do so and solely to the extent that we believe is strictly necessary to comply, or that such disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.

Service Providers

We engage selected business partners, third-party companies and individuals, affiliates, subcontractor and sub-processors (collectively “Service Providers”) to perform services complementary to our own (e.g. payment processing, IT and system administration services, hosting, data backup, security and storage services, data analytics, email, marketing, nutrition counseling, etc.). These Service Providers may have access to some or all of your Personal Data processed by us, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and are authorised to use it for such purposes only.

Data Retention

We retain Personal Data solely as necessary for the purposes described in this Privacy Policy.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether those purposes can be achieved through other means, as well as applicable legal requirements.

We will also keep and use such Personal Data for as long as is required in order to comply with our legal and contractual obligations, or to protect ourselves from any potential disputes (i.e., as required by laws applicable to records and bookkeeping, and in order to have proof and evidence concerning our relationship or your use of our Services, should any legal issues arise in the future), in accordance with our data retention policy.

  • Personal data of users who are not subscribed to any of our newsletters and have never subscribed to any of our paid Services, are deleted 12 months after their last sign-in to any of our Sites.
  • Personal data of users who are not subscribed to any of our newsletters and have in the past subscribed to any of our paid Services, are deleted 60 months after their last sign-in to any of our Sites.

You may request that we delete your Personal Data, by contacting us via the Contact form accessible from the footer of each page on our Sites. We may delete any data from our systems, without notice to you, including once we deem it no longer necessary for the purposes set forth in this Privacy Policy. We may also retain your data in an anonymized form.

Please note that unless required by applicable law, we will not be obligated to retain your data for any particular period, and are free to securely delete it for any reason and at any time, with or without notice to you.

If you have any questions about our data retention policy, please contact us via the Contact form accessible from the footer of each page on our Sites.

Data Subject Rights

As a user of our Sites and Services, you are considered a ‘Data Subject’ in the context of privacy laws that may apply to you (for example, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA)) or others and, as such, have rights concerning your Personal Data, such as:

  • You can access, view and update your Personal Data at any time.
    • If you have an account with us, go to the My Profile page on our Sites, after signing in with your access credentials.
    • If you don’t have an account with us, use the Contact form accessible from the footer of each page on our Sites.
  • You can change your consent regarding the use of cookies, or request your Personal Data to be deleted completely, by contacting us via the Contact form accessible from the footer of each page on our Sites.

When you ask us to exercise any of your rights under this Privacy Policy or applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid disclosure or deletion of Personal Data related to other individuals, and to ask you to provide further information to better understand the nature and scope of data that you wish to access or have deleted etc. Such additional data will then be retained by us for legal purposes (e.g. as proof of the identity of the person submitting the request), in accordance with our Data Retention obligations. We may redact from the data which we will make available to you, any personal data related to others.

Please also note that some of your Personal Data may be processed by other parties acting as ‘Data Controllers’, such as Facebook and Google. For any requests to exercise such rights with respect to such parties’ processing activities, please contact the relevant party directly.

Data Controller/Processor

Certain data protection laws and regulations, such as the EU’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), typically distinguish between two main roles for parties processing Personal Data: the “data controller” (or under the CCPA, “business”), who determines the purposes and means of processing; and the “data processor” (or under the CCPA, “service provider”), who processes the data on behalf of the data controller (or business). Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.

We are the “data controller” of our Users’ data, and assume the responsibilities of data controller (solely to the extent applicable under law), as set forth in this Privacy Policy. In such instances, our Service Providers processing such data will assume the role of “data processor”.

We are a “co-controller” of certain portions of our Users’ data, alongside such Service Providers that process Personal Data for both our own analytics and marketing purposes – and the Service Providers’ own purposes. In such cases, such Service Providers (e.g. Facebook and Google) will in such circumstances be deemed as “co-controllers” of such data, which would typically relate to Users who also use the Service Provider’s own platforms. If you wish to limit such independent activities by these Service Providers, consider disabling third-party cookies as detailed above.

Data Protection Officer

We have appointed a Data Protection Officer, who is responsible for monitoring and advising us on privacy compliance and serving as a point of contact on privacy matters for data subjects and supervisory authorities.

Data Protection Officer Sukha Technologies Inc. | SOSCuisine
Postal address: 1470 Rue Peel, Suite 810, Montreal, QC, H3A 1T1, Quebec, Canada
Phone: +1 514 564-0971
Email: privacy@soscuisine.com

Communications

Service Communications: we may contact you with important information regarding our Services. For example, we may notify you (through any of the means available to us) of purchase order summaries, changes or updates to our Services, billing issues, etc. You will not be able to opt-out of receiving such service communications.

Promotional Communications: with your prior consent, we may send you messages and notifications about new features, offerings, events and special opportunities, and any other information we think our Users will find valuable. We may provide such notices through any of the contact means available to us (e.g. e-mail or mobile notifications), through our Sites or Services, or through our marketing campaigns on any other sites or platforms. If you wish to receive such promotional communications, give your consent when prompted during the sign-up process. You will be able to opt-out of receiving such promotional communications by clicking on the “unsubscribe” link contained in said communications.

Updates and Amendments to this Privacy Policy

We may update and amend this Privacy Policy from time to time by posting an amended version on our Sites. The amended version will be effective as of the published effective date. We will provide a 10-days’ prior notice if any substantial changes are involved, via any of the communication means available to us, or on the Services. After this notice period, all amendments shall be deemed accepted by you.

Children

Our Sites and Services are not designed to attract children under the age of 16: we do not knowingly collect Personal Data from children and do not wish to do so. If we learn that a child is using the Services, we will attempt to prohibit and block such use and to promptly delete any Personal Data stored with us which we deem to relate to such child. If you believe that we might have any such data, please contact our Data Protection Officer.

Links to other sites

While our Services may contain links to other websites or services, we are not responsible for their privacy practices, and encourage you to pay attention and to read the privacy policies of each and every website and service you visit. This Privacy Policy applies only to our Sites and Services.

Consent

By using our Sites and Services, you consent without any reserve whatsoever to this Privacy Policy in its entirety.

If you reside or are using the Services (i) in a territory governed by privacy laws which determine that “consent” is the only legal basis for the processing of personal data (in general, or specifically with respect to the types of Personal Data you choose to share via the Services) or (ii) in the European Economic Area and provide us with Personal Data, the processing of which requires “consent” under applicable law (e.g. ‘special categories’ of personal data under the GDPR), your acceptance of our Terms of Service and of this Privacy Policy will be deemed as your consent to the processing of your Personal Data for all purposes detailed in this Privacy Policy. If you wish to withdraw such consent, please contact us via the Contact form accessible from the footer of each page on our Sites.

Questions, Concerns or Complaints

If you have any comments or questions regarding this Privacy Policy, if you have any concern regarding your privacy, or if you wish to make a complaint about how we process your Personal Data, please contact our Data Protection Officer.

This website uses cookies to give the best user experience, monitor the site performance, offer social networks features, or display advertisements. By clicking "ACCEPT", you consent to the use of cookies in accordance to our privacy policy.