Privacy Policy

Last Updated: August 16, 2024

At Deck.co, safeguarding your privacy is a top priority. This Privacy Policy outlines how we collect, use, protect, and share your personal information when you interact with our website and services. Whether you're located in Canada, the United States, Mexico, France, Brazil, the United Kingdom, Colombia, Spain, Germany, or any other region where we operate, we are committed to complying with all applicable privacy laws.

1. Our Commitment to Your Privacy

Deck.co values the trust you place in us. We take responsible measures to ensure that your personal information is treated with care. This Privacy Policy is intended to help you understand what data we collect, why we collect it, and how you can control your personal information.

2. Types of Information We Collect

Deck.co collects several types of information to provide and improve our services. The information we collect may include:

a. Personal Information
- Identification Information: Such as your name, email address, phone number, company name, and other contact details.
- Authentication Data: Information used to verify your identity, such as passwords, security questions, and similar credentials.
- Financial Information: If you use our payment services, we may collect payment card details, transaction information, and related billing data.


b. Data from Utility Accounts and Service Providers
- Utility and Service Data
: Deck.co may collect data from your utility accounts, including electricity, gas, water, and other service providers. This data may include account information, usage details, and billing history.
- Government Sources: We may collect relevant data from government databases and records that are necessary for providing our services.
- Supply Chain Data: Deck.co may collect and analyze data from your supply chain, including logistics, inventory, and vendor information.
- Gig & Freelancer Platforms: We may also connect to gig and freelancer platforms, collecting data related to work history, earnings, and other relevant details to provide you with our service.

c. Automatically Collected Information

-Usage Data
: Information about your interaction with our website and services, such as IP addresses, browser types, device identifiers, and pages visited.
- Cookies and Tracking Technologies: We use cookies and similar technologies to collect and store information about your visit to our website. This helps us improve our services and provide a better user experience.

3. Legal Basis for Processing (GDPR)
Depending on the purpose, we may process your personal data based on one or more of the following legal bases:

- Consent: Where you have given explicit consent to the processing of your personal data for specific purposes.
- Contractual Necessity: Where processing is necessary to fulfill a contract or pre-contractual steps you have requested.
- Legitimate Interests: Where we process your personal data for our legitimate business interests, provided that your rights do not override these interests.
- Legal Obligation: Where processing is necessary for compliance with a legal obligation.

4. How We Use Your Information
The information we collect serves several essential purposes, including:

- Service Delivery: To provide and maintain our services, including processing transactions, managing your account, and facilitating connections with utility and service providers.
- Analytics and Improvements: To analyze usage patterns and improve our website, services, and customer experience.
- Communication: To keep you informed about updates, new features, and relevant news.
- Customization: To tailor our services to your preferences and ensure a more personalized experience.
- Security Measures: To detect and prevent fraud, unauthorized access, or other security threats.
- Legal Compliance: To meet our legal obligations in various jurisdictions, including Canada, the U.S., Mexico, France, Brazil, the UK, Colombia, Spain, and Germany.

5. How We Share Your Information
Deck.co uses robust security practices to protect your personal information. However, in certain circumstances, we may need to share your data with trusted third parties:

- Service Providers: We work with external partners who assist in providing our services, such as hosting providers, payment processors, and data analytics services.
- Utility and Service Providers: We may share data with utility companies and service providers to enable them to deliver services to you effectively.
- Business Transactions: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
- Legal Requirements: If required by law, we may disclose your information to comply with legal processes or protect the rights and safety of our users.

6. International Compliance and Data Transfers
Given the global nature of our business, your data may be transferred and processed in countries other than your own, including countries where we operate or where our service providers are located. These transfers will only occur if accepted by applicable law. When transferring personal data outside of the European Economic Area (EEA) or other jurisdictions with similar data protection laws, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or other mechanisms that provide adequate protection under applicable law.Deck.co adheres to data protection regulations in the following regions:

- Canada: Compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws.
- United States: Adherence to federal and state privacy laws, including the California Consumer Privacy Act (CCPA).
- Mexico: Compliance with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP).
- France: Adherence to the General Data Protection Regulation (GDPR) and French data protection laws.
- Brazil: Compliance with the General Data Protection Law (LGPD).
- United Kingdom: Adherence to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
- Colombia: Compliance with the Statutory Law on Data Protection (Law 1581 of 2012).
- Spain: Adherence to the General Data Protection Regulation (GDPR) and applicable Spanish data protection laws.
- Germany: Compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).We ensure that any data transfers meet the necessary legal standards to safeguard your information in these and other jurisdictions where we operate.

7. Your Rights and Choices
At Deck.co, we respect your rights regarding your personal information. Depending on your location, you may have the following rights under applicable data protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA):

a. Access
You have the right to request access to the personal data we hold about you. This includes the right to obtain a copy of your personal information, as well as information about how we process it. Under GDPR, this is known as the right to access. Under CCPA, this is your right to know what personal data is being collected about you, and how it is being used, shared, or sold.

b. Correction (Rectification)
If your personal information is inaccurate or incomplete, you have the right to request its correction or update. GDPR refers to this as the right to rectification. Under CCPA, while there is no explicit correction right, companies are generally expected to provide accurate data when requested.

c. Deletion (Right to be Forgotten)
You may request the deletion of your personal data under certain circumstances. This is known as the right to be forgotten under GDPR. CCPA provides similar rights, allowing you to request the deletion of your personal information, subject to certain exceptions, such as where the data is necessary for completing transactions, detecting security incidents, or complying with legal obligations.

d. Data Portability
You have the right to request that your personal data be provided to you in a structured, commonly used, and machine-readable format. You may also request that we transfer your data directly to another data controller, where technically feasible. This right is provided under GDPR. While CCPA does not explicitly define data portability in the same way, it does grant you the right to receive your data in a readily usable format that allows you to transfer it to another entity.

e. Restriction of Processing
Under GDPR, you have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to its processing.

f. Objection to Processing
If we process your personal data based on legitimate interests or for direct marketing purposes, you have the right to object to such processing under GDPR. This includes the right to opt out of any automated decision-making or profiling activities that may impact you.

g. Opt-Out of Sale of Personal Information (CCPA)
If applicable, you have the right to opt out of the sale of your personal information to third parties, as defined under CCPA. Deck.co does not sell your personal data, but we provide this option to comply with CCPA requirements.

h. Communication Preferences
You may choose to opt out of receiving marketing communications from us at any time by following the instructions in our emails or contacting us directly. Even if you opt out of marketing communications, we may still send you transactional or administrative messages related to your account or services.

i. Non-Discrimination (CCPA)
Under CCPA, you have the right not to receive discriminatory treatment for exercising any of your privacy rights. We will not deny you goods or services, charge you different prices, or provide you with a different level of quality of service if you exercise your rights.

j. Right to Lodge a Complaint (GDPR)
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction. For example, in the European Union, you can contact your local Data Protection Authority.

How to Exercise Your Rights:
To exercise any of these rights, please contact us at privacy@deck.co with a clear description of your request. We may need to verify your identity before processing your request. Depending on your location, additional rights may apply, and we will respond to your request in accordance with the applicable laws.

8. Data Retention
We retain your personal information only for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy or as required by law in the following jurisdictions:

- Canada: Personal information is retained in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws. Generally, data is retained for a minimum of 7 years following the completion of the service or as required by provincial regulations.
- United States: We comply with federal and state regulations, including the California Consumer Privacy Act (CCPA). Personal data is typically retained for 7 years, but may vary based on state-specific laws or industry requirements.
- Mexico: In compliance with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP), personal data is generally retained for 5 years after the service is completed or as required by Mexican law.
- France: Under the General Data Protection Regulation (GDPR) and French data protection laws, personal data is retained for 3 years after the end of the business relationship, unless otherwise required by law.
- Brazil: We comply with the General Data Protection Law (LGPD), where personal data is typically retained for 5 years after the termination of services or as required by Brazilian law.
- United Kingdom: In accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, personal data is retained for 6 years following the end of the business relationship or as required by UK law.
- Colombia: Personal data is retained in compliance with the Statutory Law on Data Protection (Law 1581 of 2012) for 5 years or as otherwise mandated by Colombian law.
- Spain: In line with the GDPR and applicable Spanish data protection laws, personal data is retained for 5 years following the end of the business relationship unless otherwise required by Spanish law.
- Germany: Under the GDPR and the Federal Data Protection Act (BDSG), personal data is retained for 6 years for commercial documents and 10 years for tax-related documents, or as otherwise required by German law.For jurisdictions not explicitly listed above, Deck.co will retain your personal information for a period of 5 years following the completion of services or as required by local regulations. In all cases, data will be retained only as long as necessary to fulfill legal obligations, resolve disputes, and enforce our agreements.

9. Children’s Privacy
Our services are intended for adult users. We do not knowingly collect personal information from children under the age of 13 in the United States and Brazil, under 16 in the European Union, United Kingdom, and Colombia, or under 18 in Mexico. In regions where the age of consent for data processing is higher, we will comply with the applicable laws. If we become aware that we have inadvertently collected personal information from a child without the required consent, we will take steps to delete that information promptly. If you believe we have collected personal information from a minor without appropriate consent, please contact us.

10. Security of Your Data
Deck.co implements a variety of security measures to protect your personal data. We employ industry-standard encryption and security protocols to safeguard your data during transmission and storage. Additionally, we comply with and maintain the SOC2 audit process requirements, ensuring that we adhere to strict security controls and best practices. We conduct these audits annually to continuously assess and improve our security measures.However, it's important to note that no method of transmission over the internet or method of electronic storage is entirely secure, and we cannot guarantee absolute security. If you have any concerns about the security of your data, please contact us.

11. Data Breach Notification
In the event of a data breach that may pose a risk to your rights and freedoms, we will notify you and the appropriate supervisory authorities as required by law. We will outline the nature of the breach, the affected data, and the steps we are taking to mitigate its impact.

12. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Any updates will be posted on our website, and the "Last Updated" date will be revised accordingly.

13. Contact Information
For any questions or concerns about this Privacy Policy or your personal data, please contact us at:Deck.co
privacy@deck.co
180, Peel St.
Montréal, Qc
H3C 2E9