- Importance of your Privacy
- Who We Are and Getting in Touch
EU residents may also exercise their data subject rights by contacting our Privacy Officer, who is also MaxLocal’s Data Protection Officer (see Section 10 of this policy: GDPR Compliance at MaxLocal).
- What Personal Information does MaxLocal Collect about Me?
‘Personal information’ is any information about an identifiable individual. MaxLocal collects personal information provided to us using fair and lawful means, and for the following specific purposes:
To log in to MaxLocal on our Website or app, you must select a username and password or use Facebook for social sign in. However, the password you select is stored hashed such that it remains unknown even to MaxLocal, and if using social sign in, none of your Facebook profile information is collected by MaxLocal;
To register for MaxLocal, you will be asked to provide your name, mobile phone number, e-mail address, birthday and any specific information requested by MaxLocal merchants such as the products or services you may be interested in. Merchants decide what data fields are mandatory and optional for participating in their loyalty programs;
To respond to and learn from our users: Any information you voluntarily provide is also collected by MaxLocal, such as if you provide personal information using the ‘Contact Us’ page on MaxLocal’s Website or if you choose to complete a MaxLocal or merchant survey through our Applications;
In addition, when you use MaxLocal’s Website or app, we automatically receive and record information on our server logs from your browser or mobile platform, including your IP address, unique device identifier, and other device information (such as your operating system version and mobile network provider). MaxLocal also automatically collects and uses additional information from users such as location, purchase activity, Application open date and time, idle time, and all clicks and/or swipes within the Application (together with time and order). We collect such information to assess user experience and improve our Applications. MaxLocal may also collect information posted by users on social media sites for users that have opted to connect to or otherwise link MaxLocal with social media accounts, including Facebook and Twitter.
- How is My Personal Information Used?
MaxLocal uses personal information responsibly in order to ensure we are meeting your expectations of MaxLocal Services. For example, we use personal information to:
Administer loyalty/rewards programs on behalf of merchants we have a business relationship with;
Engage in proximity marketing using geofencing technology on behalf of our merchants;
Give MaxLocal and its merchants a clear picture of its users’ purchasing activities;
Provide MaxLocal users with merchant benefits;
Contact you from time to time as requested by merchants; to provide critical information about service updates, technical issues or other information important to know regarding MaxLocal Services; or to provide support and answer any questions you may have;
Customize, measure and improve our services and content;
Analyze our user database to review preferences and trends for statistical and analytical purposes, marketing initiatives and for operations and development; and
Note that automated data collection does not lead to profiling that significantly affects MaxLocal users, but is simply used to give MaxLocal a clear picture of its users and to provide special offers to MaxLocal users.
- Who is My Personal Information Shared With?
MaxLocal only shares personal information as authorized by you or as follows:
With the merchant who has entered into a business relationship with MaxLocal to provide you with their own rewards/loyalty program and other incentives;
With service providers who directly or indirectly assist us in providing MaxLocal Services to you. In working with our service providers, your personal information may be transferred to a foreign jurisdiction to be processed or stored. Such information may be provided to law enforcement or national security authorities of that jurisdiction upon request, in order to comply with foreign laws; and
In response to a subpoena, regulatory investigation or court order, or your personal information may be shared with law enforcement authorities who have demonstrated their lawful authority.
- How is My Personal Information Kept Secure?
MaxLocal has implemented critical physical, organizational and technical measures to guard against unauthorized or unlawful processing of the data we collect. We have also taken steps to avoid accidental loss or destruction of, or damage to, your personal information. While no system is completely secure, the measures implemented by MaxLocal significantly reduce the likelihood of a data security breach.
In addition, we recommend that you do your part in protecting yourself from unauthorized access to your MaxLocal account by ensuring no one else uses your computer or device when you are logged in, by logging off when MaxLocal Services are not in use and by keeping your password confidential. MaxLocal is not liable for any unauthorized use of your personal information that is beyond our reasonable control.
Here are some examples of the data security controls in place at MaxLocal (this is not an exhaustive list):
The use of encryption when personal information is transferred to and stored on MaxLocal’s servers. Transmission between your browser and our web server is implemented using Secure Sockets Layer (SSL) technology;
Limited access to personal information by MaxLocal staff on a need-to-know basis, and the use of robust authentication processes (e.g. complex passwords are required);
The use of data centers with effective physical and logical data security controls, and the use of reputable third parties who have demonstrated security consciousness; and Secure office premises and staff that are keenly aware of their data protection responsibilities.
No method of transmitting or storing data is 100% secure. As a result, although we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us. If you have reason to believe that your MaxLocal account is no longer secure (for example, if you feel that the security of your account has been compromised), you must immediately notify us of the problem at support@MaxLocal.com in order for MaxLocal to resolve the issue in a timely manner. Also keep in mind that e-mail is not a secure form of communication so never send sensitive personal information to us via e-mail. Examples of sensitive information include social insurance numbers or credit card numbers.
- Not for Children under Thirteen
MaxLocal Services are neither designed nor intended to collect personal information from children who are under the age of thirteen (13).
In order to ensure compliance with the provisions of the U.S. Children’s Online Privacy Protection Act and other data protection laws around the world aimed at protecting children, children under the age of thirteen (13) are not permitted to access or use MaxLocal Applications, and children under the age of thirteen (13) should not provide any personal information to MaxLocal. You may reside in a country where local laws fix the digital age of consent to be older than 13. You may only use MaxLocal if you have reached this age of consent, in accordance with applicable local laws. If you do not meet the digital age of consent of your country, you must immediately cease using MaxLocal Services.
- Cookies and Usage Tracking
A cookie will be used here to mean a Web cookie, being a small text file stored on your computer hard drive, or a token or “mobile cookie” placed in the MaxLocal app’s local storage, in order to tailor the environment based on your preferences, and track user behavior. This unique code identifies your device to MaxLocal. Since cookies are only text files, they cannot run on your device, search your device for other information or transmit any information to anyone.
MaxLocal uses the following types of cookies for the purposes set out below:
These cookies are essential to provide you with MaxLocal Services. For example, they allow you to log in to our Website or app and help the content of the pages you request load quickly.
These cookies allow our Website and/or app to remember choices you make when you use the MaxLocal Application, such as remembering your login details. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-login every time you visit us or navigate within the Application.
Analytics and Performance Cookies
These cookies are used to collect information about traffic and how MaxLocal Services are being used. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. It includes the number of visitors, the websites that referred them, the MaxLocal pages visited, what time of day they visited, etc. We use this information to help improve MaxLocal Services, to gather broad demographic information and to monitor the level of activity on the MaxLocal Website and app. We use Google Analytics and other third party analytics services for this purpose to capture page and screen views.
Social Media Cookies
These cookies are used when you share information using a social media sharing button or “like” button on our app and/or Website or you link your account or engage with our content on or through a social networking website such as Facebook, Twitter, or Google+. The social network will record that you have done this.
- How Long is my Personal Information Retained?
Personal information this is no longer required for administrative or business purposes, and that does not need to be archived by MaxLocal, will be overwritten or scrambled such that it no longer identifies the MaxLocal user. Keep in mind however that third parties who store data on our behalf have their own retention rules.
- GDPR Compliance at MaxLocal
EU data subjects permanently residing in the European Union may have supplementary statutory rights with respect to their personal data as outlined in the General Data Protection Regulation EU/2016/679. This includes the right to access their personal data, have it deleted, have it corrected, or object to/restrict processing of such data. If you would like to make such a request, please e-mail privacy@MaxLocal.com (Attn: Privacy Officer). In the context of a request for erasure, MaxLocal will scramble or pseudonymize the data subject’s information to make it anonymous.
MaxLocal has required our service providers who we entrust with MaxLocal user data to commit in writing to the continued protection of such data as a data processor. If at any time in the future we plan to share personal data with additional third parties to deliver MaxLocal Services, we will ensure that they too maintain a high standard of care for such data.
MaxLocal is a Canadian organization. Canada was the first country outside of Europe deemed adequate by the EU Commission in 2001, under the EU Data Protection Directive 95/46/EC (the GDPR’s predecessor). An adequacy finding allows the flow of data from the EU to Canada as a trusted country in data protection.
MaxLocal uses data hosting providers who have made GDPR commitments of their own. Where data is stored in the U.S. by MaxLocal’s service providers, these entities comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the processing of personal data transferred from the EU to the United States.
- External Links and MaxLocal Social Media
We may offer links from our Applications to the sites or apps of our service providers, affiliates or unrelated companies that may be of interest to you. MaxLocal makes no representations as to such third parties’ practices for dealing with your personal information.
MaxLocal’s use of social media serves as an extension of our presence on the Internet. Social media account(s) are public and are not hosted on MaxLocal’s servers. Users who choose to interact with MaxLocal via social media should read the terms of service and privacy policies of these third party services/platforms.