PRIVACY POLICY

Last updated: September 9, 2023

  1. Introduction

The Queen’s York Rangers Regimental Council (“we/us/our”) is a Canadian not-for-profit corporation with its registered office at 660 Fleet Street West, Toronto, Ontario, Canada M5V 1A9. We operate the Websites qyrang.ca and qyrangmuseum.com. 

We use your personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this privacy policy.

We are committed to protecting your personal data. This privacy policy describes our policies and procedures on the collection, use and disclosure of your information when you use the Service and tells you about your privacy rights and how the law protects You. Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

2. Definitions 

For the purposes of this Privacy Policy, definitions and words in bold type have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear capitalized, in singular or in plural.

Controller: a person or organization who determines the purpose for which, and the manner in which, any personal data is processed.

Data Protection Legislation: The Personal Information Protection and Electronic Documents Act (Canada), and any other applicable laws relating to the processing of personal data, including where applicable the Act Respecting the Protection of Personal Information in the Private Sector (Quebec).

Device: means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Digital Products: the Website and any digital products or services offered via the Website

Events: an in-person event hosted by us or others where we may engage with members and prospective supporters.

People: all people providing services to or working for us, including but not limited to our employees, directors, members, and contractors.

Personal data: information which relates to an individual and from which he or she can be identified either directly or indirectly through other data which we have or are likely to have in our possession.

Personal data breach: is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by an organization electronically. A personal data breach may mean someone outside the organization gets unauthorized access to personal data, but a breach can occur if there is unauthorised access within the organization or if an employee accidentally alters or deletes personal data.

Principles: these core principles specify personal data should be: processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept for no longer than is necessary; processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

Process: the “processing” of personal data captures a wide range of activities, and includes obtaining, recording and holding personal data and performing any operation of the personal data (including erasure/destruction).

Processor: any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

Purpose: the purposes identified in section 5 of this privacy policy (Use of your personal data), as applicable.

Service: refers to the Website.

Third party: a person, organization or other body other than us, you, a controller or processor.

Websites: qyrang.ca, qyrangmuseum.com

3. Who we are

The Regimental Council’s primary aim is to promote, support and assist in the maintenance and development of the unit and the welfare of the soldiers of The Queen’s York Rangers (1st American Regiment) (Royal Canadian Armoured Corps), a Reserve armoured reconnaissance unit of the Canadian Armed Forces. 

Most of our IT systems are located in Canada and controlled by us or third party organizations who are contracted to deliver these services on our behalf. We are a data controller of the personal information we process and are therefore responsible for ensuring our systems, processes, suppliers, employees and partners comply with data protection laws in relation to the information we handle.

Depending on the location where our services are provided, another entity in the group may be the data controller in relation to your personal data. For example, information may be originally collected by us but then transferred to and processed by other entities within our group to enable us to operate the Website and Events in the manner we determine appropriate.

4. Our responsibilities

For the purpose of the applicable Data Protection Legislation, we are the data controller of any personal data we process. As a data controller, we are responsible for ensuring our systems, processes, suppliers and people comply with Data Protection Legislation in relation to the personal data we handle. We provide our people with training and require our people to comply with this privacy policy, our Cookie Policy  and our Data Retention Policy when dealing with personal data.

We take personal data breaches very seriously, and may be required to notify the relevant authorities in the event of such a breach.

When using, collecting and disclosing personal data, we follow the core data protection Principles underlying the Data Protection Legislation.

5. How we collect your personal data

Generally, we collect your personal data when you interact with us, through the Service, social media or at Events. However, from time to time we also need to collect personal data from other third parties in connection with our relationship with you.

Personal Data

While interacting with us, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

Email address

First name and last name

Phone number

Address, City, Province, Postal code

Usage Data

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.  Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website. The technologies we use may include:

  • Cookies or Browser Cookies. A cookie is a small file placed on your Device. you can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our service. Unless you have adjusted your browser setting so that it will refuse cookies, our service may use cookies.

  • Tracking technologies. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs, tags and scripts) which permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be "persistent" or "session" cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

We use both session and persistent cookies for the purposes set out below:

Strictly necessary cookies. These are cookies required for the operation of Our Website. They include, for example, cookies which enable you to log into secure areas of Our Website, use a shopping cart or make use of e-billing services. They help to authenticate users and prevent fraudulent use of user accounts. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.

Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around Our Website when they are using it. This helps us to improve the way Our Website works, for example, by ensuring users find what they are looking for easily.

Functionality cookies. These are used to recognize you when you return to Our Website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

Targeting cookies. These cookies record your visit to Our Website, the pages you have visited and the links you have followed. We will use this information to make Our Website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

6. Use of your Personal Data

We may use personal data for the following purposes:

To provide and maintain our Service, including to monitor the usage of our Service.

To manage your registration as a user of the Service. The personal data you provide can give you access to different functionalities of the Service that are available to you as a registered user.

For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services you have purchased or of any other contract with us through the Service.

To process a donation through one or more of our associated Third party service providers including payment processors.

To contact you: To contact you by email, telephone call’s, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.

To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.

To manage your requests: To attend and manage your requests to us.

For business transfers: We may use your information to conduct a merger, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about our Service users is among the assets transferred.

For other purposes: We may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.

7. Why do we process your personal data?

We process your personal data where:

• it is necessary for the performance of a contract with you (e.g., to attend an Event);

• you have provided us with your consent to use your personal information (e.g., in the course of subscribing via the Website);

• you have chosen to make a donation through the Website to support the work of the Regimental Council;

• we are required or authorized by law to do so; or

• it is necessary to pursue our legitimate interests in a way which is reasonably expected as part of the operation of our business, which is not detrimental to you and would have minimal impact on your privacy.

Examples of where our use of personal information is necessary to pursue our legitimate interests include:

• monitoring and recording information relating to your browsing behaviour on our Website to make personalized content available to you;

8. Disclosing your personal data

We may disclose your personal information in the following situations:

  • With Service providers: We may share your personal information with service providers to monitor and analyze the use of our Service, to process a donation, or to contact you.

  • With business partners: We may share your information with our business partners to fulfill or offer you certain products, services or promotions.

  • With other users: When you share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.

  • Attendees at Events: If you attend one of our Events, your information may be transferred, as part of an attendee list, to other attendees of the Event and trusted professional parties who we operate the Events with, including event operators, commercial partners and sponsors of Events, suppliers, and accreditation suppliers.

  • With Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honour this privacy policy. Affiliates include our joint venture partners and any subsidiaries or other companies that we or our joint venture partners control or that are under common control with us or our joint venture partners.

  • Law enforcement:  Under certain circumstances, we may be required to disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

  • Other legal requirements:  We may disclose your information in the good faith belief that such action is necessary to:

    • Comply with a legal obligation

    • Protect and defend our rights or property

    • Prevent or investigate possible wrongdoing in connection with the Service

    • Protect the personal safety of users of the Service or the public

    • Protect against legal liability

  • For business transactions: We may share or transfer your personal information in connection with, or during negotiations of, any merger, sale of our assets, financing, or acquisition of all or a portion of our business to another company.

  • With your consent: We may disclose your personal information for any other purpose with your consent.

    9. Updating and correcting information

You may update or correct your personal information online in relevant membership areas or by contacting us in writing or by email (see the section “Contacts” below). Please include your name, address and/or email address when you contact us as this helps us to ensure that we accept amendments only from the correct person. We encourage you to promptly update your personal information if it changes. If you are providing updates or corrections about another person, we may require you to provide us with proof that you are authorized to provide that information to us.

10. Retention of your Personal Data

We will retain your personal data only for as long as is necessary for the purposes set out in this privacy policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

11. Transfer of your Personal Data

Your information, including personal data, is processed at our operating locations and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of your province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Your consent to this privacy policy followed by your submission of such information represents your agreement to that transfer.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy and no transfer of your personal data will take place to an organization or a country unless we believe there are adequate controls in place including the security of your data and other personal information.

12. Your rights

You have a number of legal rights in respect of your personal data. These include:

• The right to receive a copy of the personal data that we hold about you. The same right applies to any other person whose personal data you provide to us. We will require proof of identity and proof of authority if the request comes from someone other than the person whose data we are asked to provide. This will ensure we only provide information to the correct person. We normally expect to respond to requests within 30 days of receiving them.

Withdraw consent to direct marketing. You can exercise this right at any time and can update your preferences by asking us to do it for you.

Withdraw consent to other processing. Where the only legal basis for our processing your personal data is that we have your consent to do so, you may withdraw your consent to that processing at any time and we will have to stop processing your personal data. Please note, this will only affect a new activity and does not mean that processing carried out before you withdrew your consent is unlawful.

• If you consider any of your personal data is inaccurate, you can correct it yourself or ask us to do it for you.

• In limited circumstances you may be able to require us to restrict our processing of your personal data. For example, if you consider what we hold is inaccurate and we disagree, the processing may be restricted until the accuracy has been verified.

• In some circumstances, for example, where we have no legal basis for retaining your personal data, you may be entitled to require us to delete your personal data.

• Where our processing is based on it being in our legitimate interests, your rights and freedoms, based on your particular situation, may enable you to object to our processing.

• Where you have provided personal data to us electronically, you may be entitled to require us to provide that data to you electronically or to transmit it to another organization.

Should you wish to make a request in line with your rights as an individual, please forward it to us using details provided in the contacts section at the end of this privacy policy.

13. Children’s Privacy

Your child's privacy is important to us. Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. 

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.

If you are aged 15 or under, we will require permission from your parent or guardian in order for you to register on our Website, unless otherwise stated at the point of registration. If you are required to provide permission from your parent or guardian, you will be asked to supply the name and email address of a parent or guardian to whom a confirmation email will be sent. Your account will only become active once your parent or guardian has clicked on the link within the confirmation email to provide their consent.

If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone aged 15 or under without verification of parental consent, we take steps to remove that information from our servers.

14. Security of your Personal Data

Information security is a key element of data protection. We take appropriate measures to ensure our systems, processes, suppliers and people secure personal data and protect it from loss or unauthorised disclosure or damage. The security of your personal data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

If you require further information regarding our policy and approach to information security, please contact us using details provided in the contacts section at the end of this privacy policy.

15. Links to other websites

We sometimes provide you with links to other websites. If you click on a Third party link, you will be directed to that Third party's site. 

We have no control over and assume no responsibility for the content, privacy policies or practices of any Third party sites or services. We strongly advise you to review the privacy policy of every site you visit.

16. Changes to our privacy policy

We may update our privacy policy from time to time. If we make changes to our privacy policy, we will notify you by posting the new privacy policy on this page and update the "Last updated" date on this page. You are advised to review this privacy policy periodically for any changes. Changes to this privacy policy are effective when they are posted on this page.

17. Contacts

Questions, comments and requests regarding this privacy policy are welcomed and should be made to info@qyrang.ca.