At Baggins Shoes, we are committed to providing our customers with exceptional service. As providing this service involves the collection, use and disclosure of some personal information about our customers, protecting their personal information is one of our highest priorities.
While we have always respected our customer’s privacy and safeguarded their personal information, we have strengthened our commitment to protecting personal information as a result of British Columbia’s Personal Information Protection Act (PIPA). PIPA, which came into effect on January 1, 2004, sets out the ground rules for how B.C. businesses and not-for-profit organizations may collect, use and disclose personal information.
We will inform our customers of why and how we collect, use and disclose their personal information, obtain their consent where required, and only handle their personal information in a manner that a reasonable person would consider appropriate in the circumstances.
This Personal Information Protection Policy, in compliance with PIPA, outlines the principles and practices we will follow in protecting customers’ personal information. Our privacy commitment includes ensuring the accuracy, confidentiality, and security of our customers’ personal information and allowing our customers to request access to, and correction of, their personal information.
This Personal Information Protection Policy applies to Baggins Shoes.
This policy also applies to any service providers collecting, using or disclosing personal information on behalf of Baggins Shoes.
Personal Information –means information about an identifiable individual. Included below are the various types of personal information Baggins Shoes collects:
- Contact PI such as name, postal or email address, or phone number. For example, we'll ask for an address if you create an account on our website; a phone number to notify contest winners or to help authenticate you; your cell number if you sign up for SMS alerts; and your gender to help us anticipate your shopping needs or to make suggestions
- Registration & Account PI such as PI you provide, or that we otherwise collect, when opening an account with us. Such PI includes things like your name, email, postal address, telephone, fax, order history, and birthday. You may also provide additional PI if you choose to personalize your account, for example, by adding items to a wish list
- Transactional PI for all purchases & returns. This includes things like credit, debit or gift card data, postal & email addresses, phone & fax numbers, IP or device addresses or identifiers, and other related information such as receipts, confirmations, shipping, billing, adjustments, loyalty programs and so on. This PI can be about you or others (such as a gift recipient's data)
- Activity or Qualification PI includes supplying PI to meet an age or experience limit, or indicating your likes or dislikes by clicking a "thumbs up/down" type of icon. Please note that if one of your activities is posting PI in publicly available areas (with us or with others), that information becomes public. So please think before you post (because anyone may be able to see or copy it)
- PI you give us that we didn't request, such as PI that you voluntarily put into a message to us or that happens to be in a picture or video that you provide to us
- Community PI, such as PI that you post in areas of our websites or applications, or in interactive areas or communities that we or others maintain, such as social media sites, when the information you post is accessible to other users or the public (for example, posting a product review or creating a tag)
- Sensitive Data: This may consist of what you consider sensitive PI, such as financial related information, certain geo-location data or other stored information such as contacts, photos, and videos
- Promotional PI & Surveys. This is PI such as information relating to a survey or poll, contest, sweepstake, or other activity or promotion sponsored or presented by us alone or with others. This PI varies, but tends to include things like name, gender, email, postal code, birthday and mailing address (e.g., if a prize or catalog will be shipped)
We may also collect personal information from other sources, such as:
- PI from our previous records such as PI you gave us for one activity that we use for another (e.g., re-using data from one transaction to pre-populate fields in a subsequent transaction to decrease ordering hassle)
- PI we obtain from public or other sources, to the extent permitted by law, such as from phone books, websites, mobile applications, and other information that others may have about you
- Indirect Transactional PI. When directly collecting "Transactional PI" we also indirectly collect information that is used for things such as fraud prevention or for authentication (e.g., time, date, store location, items purchased)
- Indirect PI. If you participate in an event or visit one of our retail locations, PI such as your image may be captured on surveillance cameras, which we use for safety, security and fraud prevention purposes. If you deal with us (or those who help us) over the phone or in a "live" meeting we may record the conversation for quality, training and record keeping purposes
- PI we may lawfully obtain from commercial providers of information such as a data broker, ad network, marketing participant etc.
Privacy Officer – means the individual designated responsibility for ensuring that Baggins Shoes complies with this policy and PIPA. [See end of document]
Policy 1 – Collecting Personal Information
1.1 Unless the purposes for collecting personal information are obvious and the customer voluntarily provides his or her personal information for those purposes, we will communicate the purposes for which personal information is being collected, either orally or in writing, before or at the time of collection.
1.2 We will only collect customer information that is necessary to fulfill the following purposes:
- To verify identity;
- To verify creditworthiness;
- To identify customer preferences;
- To open and manage an account;
- To deliver requested products and services;
- To enrol the client in a program;
- To send out association membership information;
- To ensure a high standard of service to our customers;
- To meet regulatory requirements
Policy 2 – Consent
2.1 We will obtain customer consent to collect, use or disclose personal information (except where, as noted below, we are authorized to do so without consent).
2.2 Consent can be provided orally, in writing, electronically, through an authorized representative, or it can be implied where the purpose for collecting using or disclosing the personal information would be considered obvious and the customer voluntarily provides personal information for that purpose.
2.3 Consent may also be implied where a customer is given notice and a reasonable opportunity to opt-out of his or her personal information being used for mail-outs, the marketing of new products, fundraising and the customer does not opt-out.
2.4 Subject to certain exceptions (e.g., the personal information is necessary to provide the service or product, or the withdrawal of consent would frustrate the performance of a legal obligation), customers can withhold or withdraw their consent for Baggins Shoes to use their personal information in certain ways. A customer’s decision to withhold or withdraw their consent to certain uses of personal information may restrict our ability to provide a particular service or product. If so, we will explain the situation to assist the customer in making the decision.
2.5 We may collect, use or disclose personal information without the customers’ knowledge or consent in the following limited circumstances:
- When the collection, use or disclosure of personal information is permitted or required by law;
- Collection is clearly in the interests of the individual and consent cannot be obtained in a timely way;
- The collection is required or authorized by law;
- In an emergency that threatens an individual's life, health, or personal security;
- When the personal information is available from a public source (e.g., a telephone directory);
- When we require legal advice from a lawyer;
- To protect ourselves from fraud;
- To investigate an anticipated breach of an agreement or a contravention of law
Policy 3 – Using and Disclosing Personal Information
3.1 We will only use or disclose customer personal information where necessary to fulfill the purposes identified at the time of collection [or for a purpose reasonably related to those purposes such as:
- To conduct customer surveys in order to enhance the provision of our services;
- To contact our customers directly about products and services that may be of interest;
3.2 We will not use or disclose customer personal information for any additional purpose unless we obtain consent to do so.
3.3 We will not sell customer lists or personal information to other parties [unless we have consent to do so].
Policy 4 – Retaining Personal Information
4.1 If we use customer personal information to make a decision that directly affects the customer, we will retain that personal information for at least one year so that the customer has a reasonable opportunity to request access to it.
4.2 Subject to policy 4.1, we will retain customer personal information only as long as necessary to fulfill the identified purposes or a legal or business purpose.
Policy 5 – Ensuring Accuracy of Personal Information
5.1 We will make reasonable efforts to ensure that customer personal information is accurate and complete where it may be used to make a decision about the customer or disclosed to another organization.
5.2 Customers may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought.
A request to correct personal information should be forwarded to the Privacy Officer [or designated individual].
5.3 If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information in the previous year. If the correction is not made, we will note the customers’ correction request in the file.
Policy 6 – Securing Personal Information
6.1 We are committed to ensuring the security of customer personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.
6.2 The following security measures will be followed to ensure that customer personal information is appropriately protected:
- Physical security measures at applicable physical locations
- The use of user identification methods, passwords, encryption, firewalls etc.
- Restricting employee access to personal information as appropriate
6.3 We will use appropriate security measures when destroying customers’ personal information such as
- Shredding documents
- Deleting electronically stored information
6.4 We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security.
Policy 7 – Providing Customers Access to Personal Information
7.1 Customers have a right to access their personal information, subject to limited exceptions such as:
- The information is protected by solicitor-client privilege;
- The disclosure of the information would reveal confidential commercial information that if disclosed, could, in the opinion of a reasonable person, harm the competitive position of the organization;
- The information was collected or disclosed without consent, as allowed under section 12 or 18 of the Personal Information Protection Act, for the purposes of an investigation and the investigation and associated proceedings and appeals have not been completed;
- The information was collected or created by a mediator or arbitrator in the conduct of a mediation or arbitration for which he or she was appointed to act
- The information is in a document that is subject to a solicitor's lien
7.2 A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought.
7.3 Upon request, we will also tell customers how we use their personal information and to whom it has been disclosed if applicable.
7.4 We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request.
7.5 A minimal fee may be charged for providing access to personal information. Where a fee may apply, we will inform the customer of the cost and request further direction from the customer on whether or not we should proceed with the request.
7.6 If a request is refused in full or in part, we will notify the customer in writing, providing the reasons for refusal and the recourse available to the customer.
Policy 8- Cookies
8.1 A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
8.2 The table below lists the cookies we collect and what information they store.
|COOKIE name||COOKIE Description|
|CART||The association with your shopping cart.|
|CATEGORY_INFO||Stores the category info on the page, that allows to display pages more quickly.|
|COMPARE||The items that you have in the Compare Products list.|
|CURRENCY||Your preferred currency|
|CUSTOMER||An encrypted version of your customer id with the store.|
|CUSTOMER_AUTH||An indicator if you are currently logged into the store.|
|CUSTOMER_INFO||An encrypted version of the customer group you belong to.|
|CUSTOMER_SEGMENT_IDS||Stores the Customer Segment ID|
|EXTERNAL_NO_CACHE||A flag, which indicates whether caching is disabled or not.|
|FRONTEND||You sesssion ID on the server.|
|GUEST-VIEW||Allows guests to edit their orders.|
|LAST_CATEGORY||The last category you visited.|
|LAST_PRODUCT||The most recent product you have viewed.|
|NEWMESSAGE||Indicates whether a new message has been received.|
|NO_CACHE||Indicates whether it is allowed to use cache.|
|PERSISTENT_SHOPPING_CART||A link to information about your cart and viewing history if you have asked the site.|
|POLL||The ID of any polls you have recently voted in.|
|POLLN||Information on what polls you have voted on.|
|RECENTLYCOMPARED||The items that you have recently compared.|
|STF||Information on products you have emailed to friends.|
|STORE||The store view or language you have selected.|
|VIEWED_PRODUCT_IDS||The products that you have recently viewed.|
|WISHLIST||An encrypted list of products added to your Wishlist.|
|WISHLIST_CNT||The number of items in your Wishlist.|
Policy 9- Links to other websites
9.1 Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Policy 10– Questions and Complaints: The Role of the Privacy Officer or designated individual
10.1 The Privacy Officer is responsible for ensuring Baggins Shoes compliance with this policy and the Personal Information Protection Act.
10.2 Customers should direct any complaints, concerns or questions regarding Baggins Shoes compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the customer may also write to the Information and Privacy Commissioner of British Columbia.
Contact information for Baggins Shoesdesignated individual:
Tara Savrtka: [email protected] (250) 388-7022