You don’t want your personal or business information to fall into the wrong hands, and neither does Picasso Fish Corporation. Most of our clients are businesses, so for this policy the words client and business are interchangeable.
Note that picassofish.net is owned and operated by Picasso Fish. We are a Canadian company, our servers are in Canada, your data resides in Canada, and our workers are Canadian. Relative to most other countries, Canada has conservative privacy laws that very much favour you.
Re. Personal Information
Examples of this are your name, e.g. Mrs. Jane Doe, and the IP address assigned to our your computer, e.g. 22.214.171.124.
Picasso Fish's policy regarding the collection, use and disclosure, if any, of personal information, can be broken down into the ten principles covered in Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA"). For clarity, key details may be listed, after the principles.
Picasso Fish is responsible for personal information under its control.
We have designated a Privacy Officer who is accountable for our compliance with this Policy and all applicable privacy laws.
All Picasso Fish employees are responsible for day-to-day compliance.
When we use trusted third parties to act on our behalf by performing such functions as fulfilling orders, delivering packages, processing credit card payments or providing customer service, contractual or other appropriate means are used to ensure compliance by such third parties with this Policy and all applicable privacy laws.
Every user retains ownership of the data they enter.
Picasso Fish is the steward of all data supplied.
2. Identifying Purposes
The purpose of collection will be disclosed before collection unless self-evident due to the nature of the transaction in question. Statements of intended use will be reasonably understandable.
An example of a self-evident purpose is requesting the name and address of the person placing an order to ensure proper delivery.
If you become a Registered User, then you choose what information you put in your profile, including contact and personal information.
We will collect, use or disclose your personal information only with your knowledge and consent, except where required or permitted by law.
Picasso Fish will not make your consent a requirement to the supply of a product or a service other than required to be able to supply the product or service.
Consent can be express or, in some circumstances, implied, and given in writing, by using or not using a check-off box, electronically, orally (in person or by telephone), or by your conduct, such as the use of a product or service.
In determining the type of consent to obtain, Picasso Fish will consider all relevant factors, including the sensitivity of the information and your reasonable expectations.
You may withdraw your consent at any time, on reasonable notice, subject to legal or contractual restrictions. Picasso Fish will inform you of the implications of doing so.
As per Comprehensive Anti-Spam Legislation (CASL), patients must double opt-in, to receive advertising.
4. Limiting Collection
The collection of personal information by Picasso Fish will be limited to what is necessary for the purposes which it identifies.
We will collect personal information by fair and lawful means.
5. Limiting Use, Disclosure, and Retention
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with your consent or as required or permitted by law.
It will be retained only as long as necessary for these purposes or as required by law.
If there is a breach, the person who entered the exposed data will be notified by email. Data consumers affected by corruption caused by a transgression will also be notified by email.
System logs storage is for at most two months. They are only accessible to our technical maintenance staff. Some logs contain the IP numbers of computers that interact with the server.
The government obliges Picasso Fish to retain accounting records for 7-years.
The IP numbers, browser type and operating system of each client using the system is logged in case needed for troubleshooting or security audit. After a month this information is automatically deleted.
Incomplete Credit Card information, just enough to make accounting reconciliation possible, for up to 7-year.
We will keep your personal information as accurate, complete and up-to-date as necessary for the purposes for which it is to be used.
Picasso Fish will protect personal information by security safeguards appropriate to the sensitivity of the information, including through the use of the following measures: physical (e.g., locked filing cabinets, restricted access, appropriate disposal of personal information), organizational (e.g., security clearances, access only on a "need to know" basis), technological (e.g., passwords, encryption) and training of employees.
A data centre in Ontario, Canada houses our servers.
Any traffic deemed suspicious is blocked by a firewall. The firewall does deep packet inspection, IP blacklisting and more.
SSL is used to protect all data sent to or from our servers. We recommend, but can not ensure, that email clients are configured to use SSL.
Data is backed up daily to secure facility that is kilometres away from the data centre.
Most software is Open Source.
Software and information such as virus signatures are updated daily.
For security details are limited.
Information about our policies and practices relating to the management of personal information will be made readily available to individuals.
9. Individual Access
Upon request, Picasso Fish will inform you of the existence, use and disclosure of personal information relating to you, and give you access to that information. You have the right to challenge the accuracy and completeness of your data and have it amended as appropriate.
However, in certain circumstances permitted by law, this information will not be disclosed to you. Some examples of these circumstances are information that contains references to other individuals, that cannot be revealed for legal, security or commercial proprietary reasons, or that is subject to solicitor-client or litigation privilege.
We do not knowingly collect or solicit personal information from anyone under the age of eighteen or knowingly allow such persons to register. If you are under the age of eighteen, please do not attempt to register or send any information about yourself to us, including your name, address, telephone number, or email address. If we learn that we have collected personal information from an individual under the age of eighteen, we will remove that information as quickly as possible. If you believe that we might have any information from or about a person under the age of eighteen, please contact us.
A parent or guardian is permitted to provide information about people under the age of 18 that are in their care.
10. Contacting us and Challenging Compliance
For anything to do with this Policy, including questions or comments, or to challenge our compliance with this Policy, please contact us as follows:
John Matecsa, President
Picasso Fish Corporation
62 Berkley Cr.
Simcoe, Ontario, Canada N3Y 2K5
Re. Business Working Data
Examples of this are email messages, website files, and website database. The system stores this data for clients and in most cases it is owned by the business.
Treatment is the same as personal information with the following exceptions.
The user of an email account has no right to privacy, the business that owns the data does.
Picasso Fish has no legal requirement or right to archive data; although data will be retained in backups for a short period, for the sole purpose of emergency recovery.
Re. Business Meta Data
Data about the business we serve. Examples of this are the name, e.g. Main Street Cleaning Inc., and street address.
Treatment is the same as personal information with the following exceptions.
Data retention is indefinite.
Data will be used by Picasso Fish to help provide excellent customer service and for promotion.
A 3rd party will never receive raw data.
A 3rd party may receive anonymized data. Typical users would be a consulting firm hired to help Picasso Fish or a researcher at an educational institution.
Data will never be sold, leased, traded or such.
When work is done by Picasso Fish, and then exposed to the public by a client, then Picasso Fish may include it in our portfolio. Portfolios may take the form of printed material, website pages, social media posts and other.