The purpose of this document is to inform you about the type of information we hold about you, how we use it and to let you know your rights. Reach exercises control over the processing of the data we hold about you and carries the data protection responsibility for it. In legal terms this is referred to as being the ‘data controller’.
Reach will not give, sell, rent or loan any personal Information to any third party.
We collect personal information to provide you with our Services. When we require certain personal information from users it is because such information is relevant for specified purposes. We ask for your name, address, phone number and email address as this is our primary mechanism to identify you. We also store information about your debit or credit card or other means of payment when you first provide it to us. From time to time, we may also request identity documents to help with our fraud screening and identification.
Your information will be used as per the following examples:
We will not use your personal information for purposes other than those purposes we have disclosed to you, without your permission. From time to time we may request your permission to allow us to share your personal information with third parties.
You may choose not to have your personal information shared with third parties where we rely on consent as the lawful basis for processing your personal information. You may also choose not to allow us to use your personal information for any purpose that is incompatible with the purposes for which we originally collected it or subsequently obtained your authorization.
If you choose to limit the use of your personal information, we may not be able to continue to offer you our services.
We receive and store certain types of information automatically. This information does not necessarily reveal your identity directly but may include information about the specific device you are using, such as the hardware model, operating system version, web-browser software (such as Firefox, Safari, or Internet Explorer), your Internet Protocol (IP) address/MAC address/device identifier and location country.
We use this information so we can protect your information from being used fraudulently, for example, from a different IP address unrelated to you or country.
We take care to allow your personal information to be accessed only by those who really need to in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it.
We will only share your data in the following circumstances:
We collect and use the data that we have, in line with and:
We understand how important your privacy is. This is why we take every precaution necessary to maintain security of your personal information.
We store your personal information so that it helps us prevent fraud and for ease of use.
We use computer safeguards such as firewalls and data encryption in order to keep all your personal information, including payment details secure.
We store data that identifies you until it is no longer necessary to provide our Services to you or our business relationship ceases. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. For example, we may retain certain purchase information for accounting and security purposes even after our business relationship ceases.
While Reach is based in Canada, our service providers may store, transfer, and otherwise process your personal information in countries outside of the country of your residence. We require that the third party agree to at least the same level of privacy safeguards as required under applicable data protection laws.
We do not knowingly request to collect personal information from any person under the age of 18.
You have the right to make a request to:
You can also complain about our processing of your personal information to the relevant data protection authority. You can complain in the EU member state where you live or work, or in the place where the alleged breach of data protection law has taken place. In the UK, the relevant data protection authority is the Information Commissioner’s Office (ICO).