Welcome to our website at www.sps.marinethinking.com and thank you for your interest in our products, services and our company. We take the protection of your Personal Information very seriously and process your data in accordance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), the EU`s General Data Protection Regulation (“GDPR”), California`s Online Privacy Protection Act (“CalOPPA”) and the California Consumer Privacy Act (“CCPA”). 

 

With the help of this Privacy Policy, we inform you comprehensively about the processing of your Personal Information by us and the rights to which you are entitled. 

 

Personal Information is information that makes it possible to identify a natural person. This includes in particular, your name, date of birth, address, telephone number, e-mail address, but also your IP address. Anonymous data as such only exists if no personal reference to the user can be made. 

The Data Controller 

In accordance with the above-mentioned data protection laws, the person responsible for processing of Personal Information when using the website is: 

 

Marine Thinking Inc.  

NS Office: 

Suite 110, 1096 Marginal Road, 

Halifax, NS B3H 4N4 

 

NB Office: 

Annex 1, 40 Charlotte Street, 

Saint John, NB E2L 2H6

 

E-Mail: info@marinethinking.com 

Web: https://www.marinethinking.com/ 

Tel: +1 902 422-6888 

 

Facebook: https://www.facebook.com/Marine-Thinking-111772680621525 

Twitter: https://twitter.com/marinethinking  

LinkedIn: https://www.linkedin.com/company/marine-thinking/about/  

Categories of data subjects and types of data processed 

During the course of using our website and services, we process the following types of data from visitors and users: 

 

  • inventory data (e.g., names, addresses), 

  • contact data (e.g., e-mail, telephone numbers), 

  • content data (e.g., text entries, messages, testimonials), 

  • usage data (e.g., web pages visited, interest in content, access times), and 

  • meta/communication data (e.g., device information, IP addresses). 

Purpose of the processing 

The Purpose of processing personal information are: 

 

  • provision of the online offer, its functions and contents, 

  • responding to contact requests and communicating with users, 

  • security measures, and 

  • reach measurement/marketing. 

Relevant legal basis 

In accordance with the above-mentioned data protection laws, user data is only processed if the following legal permissions exist: 

 

  • in order to provide our contractual services and online services 

  • processing is required by law 

  • with your consent 

  • on the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic operation and security of our Platform within the meaning of Art. 6 para. 1 lit. f) GDPR, in particular in measuring reach, creating profiles for advertising and marketing purposes, and collecting access data and using third-party services). 

The above legal bases are set out as follows: 

 

  • Consent (Art. 6 para. 1 lit. a. and Art. 7 GDPR) 

  • Processing for the fulfilment of our services and implementation of contractual measures (Art. 6 para. 1 lit. b) GDPR) 

  • Processing for the fulfilment of our legal obligations (Art. 6 para. 1 lit. c) GDPR) 

  • Processing to protect our legitimate interests (Art. 6 para. 1 lit. f) GDPR) 

Security of your Personal Information 

We take appropriate technical and organizational measures, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk. 

 

The measures include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, deletion of data and response to data compromise. Furthermore, we already take the protection of Personal Information into account during the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings. 

Cooperation with processors and third parties 

If, in the course of our processing, we disclose data to other persons and companies, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract, you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called "order processing agreement". 

Transfers to third countries 

If we process data in a third country (i.e., outside Canada) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfill our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the in the above-mentioned data protection laws special requirements are met. This means, for example, that the processing is carried out on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of Canada or the European Union or compliance with officially recognised contractual obligations (so-called "standard contractual clauses"). 

Your privacy rights 

 

PIPEDA 

Under the PIPEDA, you can exercise the following rights: 

 

a) Right to withdraw consent  

You have the right to withdraw your consent at any time, subject to legal and contractual restrictions. Note that your withdrawal of such consent may limit your ability to obtain certain products and services.  

 

b) Right of access, correction or deletion  

You have the right to request access to and obtain a copy of any of your personal information that we may hold, to request correction of any inaccurate information relating to you and to request the deletion of your personal information under certain circumstances. 

 

c) Right to submit a privacy complaint  

You have the right to submit a complaint with the Privacy Commissioner in the jurisdiction of your residence if you consider that our management of your personal information infringes applicable laws (although we ask you to try resolve any complaint with us first). 

GDPR 

Under the GDPR, you can exercise the following rights: 

 

a) Right to information 

You have the right to request information and/or copies of the personal information stored about you. 

 

b) Right to rectification 

You have the right to request that personal information relating to you be corrected and/or completed without delay. 

 

c) Right to object to processing 

You have the right to request the restriction of the processing of your personal information, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have lodged an objection to the processing. 

 

d) Right to deletion 

You have the right to request the erasure of your personal information stored by us, unless the exercise of the right to freedom of expression and information, the processing is necessary for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise, or defense of legal claims. 

 

e) Right to information 

Where you have exercised the right to rectification, erasure, or restriction of processing, we will notify all recipients to whom personal information relating to you has been disclosed of such rectification or erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. 

 

f) Right to data portability 

You have the right to have personal information that you have provided to us handed over to you or to a third party in a structured, common, and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible. 

 

g) Right of objection 

Insofar as your personal information are processed on the basis of legitimate interests pursuant to Article 6 (1) (f) of the GDPR, you have the right to object to the processing at any time pursuant to Article 21 (1) of the GDPR. If we process your data for the purpose of direct marketing, you have the right to object at any time to the processing of personal information concerning you for the purpose of such marketing in accordance with Art. 21 (2) GDPR; this also applies to profiling insofar as it is related to such direct marketing. 

 

h) Right to withdraw consent 

You have the right to cancel your consent to the collection of data at any time with effect for the future. The data collected until the cancellation becomes legally effective will remain unaffected. Please understand that the implementation of your cancellation may take a little time for technical reasons and that you may still receive messages from us in the meantime. 

 

i) Right to complain to a supervisory authority 

If the processing of your personal information violates data protection law or if your data protection rights have otherwise been violated in any way, you may complain to the supervisory authority. 

 

j) Automated decision-making including profiling 

You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you. 

CCPA/ CalOPPA  

Under the CCPA/ CalOPPA, you can exercise the following rights: 

 

a) Right to Know 

You can request information about how we have collected, used, shared, sold, disclosed and otherwise processed your personal information during the past 12 months, including the right to request the specific pieces of personal information that we possess. 

 

b) Right of Deletion 

You can request that we delete any of the personal information that we have collected from you. We may deny your deletion request pursuant to certain exceptions, and the response we provide will explain any reason for denying your request. 

 

c) Right of Non-Discrimination 

You have the right to not receive discriminatory treatment by us for exercising any of your rights. 

 

d) Right to Opt-Out of Sale 

We do not sell your personal information. 

Exercising your rights 

Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.

Cookies  

Cookies" are small files that are stored on your device. Different information can be stored within the cookies. We may use temporary and permanent cookies and will explain this in our Cookie Policy. The legal basis for the use of cookies is either your consent or our legitimate interest. 

Deletion of data 

The data processed by us will be deleted or its processing restricted. Unless expressly stated in this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e., the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law. 

Business-related processing 

In addition, we process: 

 

  • Contract data (e.g., subject matter of the contract, term, category of customer), and 

  • Payment data (e.g., bank details, payment history). 

 

of our customers, prospective customers for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research. 

Contractual services 

We process the data of our customers within the scope of our contractual services. In doing so, we process: 

  • inventory data (e.g., customer master data, such as names or addresses), contact data (e.g., e-mail, telephone numbers),  

  • content data (e.g., text entries, and messages),  

  • contract data (e.g., subject matter of contract, term),  

  • payment data (e.g., bank details, payment history),  

  • usage data and metadata (e.g., in the context of evaluating and measuring the success of marketing measures).  

 

As a matter of principle, we do not process special categories of Personal Information, unless these are components of commissioned processing. The purpose of the processing is the provision of contractual services, billing, and our customer service. We process data that is necessary for the justification and fulfilment of contractual services and point out the necessity of their disclosure. Disclosure to external parties only takes place if it is necessary in the context of the service.  

 

When processing the data provided to us within the scope of providing our services, we act in accordance with the instructions of the client as well as the legal requirements of processing and do not process the data for any other purposes than those specified in the service. 

 

We delete the data after the expiry of statutory warranty and comparable obligations. The necessity of storing the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry.  

 

In the case of data disclosed to us by the user within the scope of a service, we delete the data in accordance with the specifications of the service, in principle after the end of the service. 

Administration, financial accounting, office organization, contact management 

We process data within the scope of administrative tasks as well as organization of our business, financial accounting, and compliance with legal obligations, such as archiving.  

 

In doing so, we process the same data that we process in the context of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services.  

 

The deletion of data with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities. 

 

In this context, we disclose or transmit data to the tax authorities, consultants such as tax advisors or auditors as well as other fee offices and payment service providers. 

 

Furthermore, we store information on suppliers and other business partners on the basis of our business interests, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is stored permanently. 

Contact 

When contacting us (e.g., via e-mail, phone, or social media), the user's details are processed for the purpose of handling the request and its processing. The user's details may be stored in a customer relationship management system or comparable inquiry organization. We delete the inquiries if they are no longer necessary. We review the necessity every two years; furthermore, the legal archiving obligations apply. 

Hosting  

The hosting services used by us for the purpose of operating this website is Google Inc. In doing so Google, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of our website on the basis of our legitimate interests in an efficient and secure provision of the website in conjunction with the provision of contractual services and the conclusion of the contract for our services). 

Collection of access data and log files 

We, or rather Google, collect data on every access to our website on the basis of our legitimate interest. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. 

 

Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted. Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the respective incident is finally clarified. 

Wix  

For our web development services we use the website builder Wix of the Israeli company Wix.com Ltd. In addition to the headquarters in Tel Aviv, there are other company headquarters such as in Berlin, Dublin, Vancouver or New York. By using Wix, personal data of you may also be collected, stored and processed. With this privacy policy we want to explain to you why we use Wix, which data is stored where and how you can prevent this data storage. 

 

The data may be stored on different servers that are distributed around the world. For example, data may be stored in the USA, Ireland, South Korea, Taiwan or Israel. Wix always stores data until it is no longer required for the service provided. We have not yet been able to find out more details about the duration of data storage.  

Data Breaches/Notification 

Databases or data sets that include Personal Information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered. 

Children’s Privacy 

Our services are restricted to users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. If you suspect that a user is under the age of 18, please contact us. 

Changes 

Because we’re always looking for new and innovative ways to improve our website and services, this policy may change over time. We will notify you before any material changes take effect so that you have time to review the changes. 

Who should I contact for more information? 

If you have any questions or comments about our Privacy Policy or wish to exercise your rights under applicable laws, please contact us using the following contact details: 

 

Marine Thinking Inc.  

NS Office: 

Suite 110, 1096 Marginal Road, 

Halifax, NS B3H 4N4 

 

NB Office: 

Annex 1, 40 Charlotte Street, 

Saint John, NB E2L 2H6

 

E-Mail: info@marinethinking.com 

Web: https://www.marinethinking.com/ 

Tel: +1 902 422-6888 

 

Facebook: https://www.facebook.com/Marine-Thinking-111772680621525 

Twitter: https://twitter.com/marinethinking  

LinkedIn: https://www.linkedin.com/company/marine-thinking/about/  

 

This Privacy Policy was last updated on Saturday, August 20, 2022 

Privacy Policy