PRIVACY POLICY

FOR OTOTOI DESIGN LAB | MONO

Personal Information Protection Policy

Last updated: November 4th, 2024

At OTOTOI DESIGN LAB, we are committed to providing exceptional service while protecting our clients’ personal information. This commitment is rooted in adherence to British Columbia’s Personal Information Protection Act (PIPA), effective January 1, 2004, which outlines how businesses may collect, use, and disclose personal information.

We will inform our clients of why and how we collect, use, and disclose their personal information, obtain consent where required, and handle it reasonably and appropriately.

This Personal Information Protection Policy outlines the principles and practices we follow to ensure the accuracy, confidentiality, and security of client data, and to allow clients access to and correction of their information.

Definitions

  • Personal Information: Information about an identifiable individual, such as name, address, phone number, and employment information. Personal information does not include business contact information.
  • Contact Information: Information that enables an individual to be contacted at a place of business and is not covered by this policy or PIPA.
  • Privacy Officer: The individual responsible for ensuring compliance with this policy and PIPA.

Policy 1 – Collecting Personal Information

1.1 We will communicate the purposes for collecting personal information unless they are obvious and the client voluntarily provides their data.

1.2 We will only collect client information that is necessary to fulfill the following purposes:

  • To verify identity (e.g., name, home address, telephone number, birth date)
  • To identify client preferences
  • To open and manage an account
  • To deliver requested products and services
  • To ensure high service standards
  • To meet regulatory requirements
  • To collect and process payments

Policy 2 – Consent

2.1 We will obtain consent to collect, use, or disclose personal information unless authorized to do so without consent.

2.2 Consent can be provided in writing, electronically, or implied if the purpose is clear, and the client voluntarily provides their information.

2.3 Consent may be implied if a client does not opt out after being given reasonable notice.

2.4 Clients can withhold or withdraw their consent, with some exceptions related to legal obligations or service provisions.

2.5 We may collect, use, or disclose personal information without consent in limited cases (e.g., legal advice, emergencies, fraud prevention).

Policy 3 – Using and Disclosing Personal Information

3.1 Personal information will be used or disclosed only for the purposes identified at the time of collection or related purposes.

3.2 No additional use or disclosure will be made without consent.

3.3 We will not sell client lists or personal information.

Policy 4 – Retaining Personal Information

4.1 We will retain personal information for at least one year if used to make a decision that affects the client.

4.2 Information will only be kept as long as necessary for identified purposes or legal reasons.

Policy 5 – Ensuring Accuracy of Personal Information

5.1 We will take reasonable steps to ensure the accuracy of personal information.

5.2 Clients may request corrections to their information.

5.3 Corrections will be noted if changes are not made.

Policy 6 – Securing Personal Information

6.1 We are committed to protecting personal information from unauthorized access and risks.

6.2 Security measures include:

  • Data minimization
  • Encryption for data storage
  • Regular security audits
  • Firewall protection

6.3 Proper disposal methods will be used for data destruction.

6.4 Security policies will be updated regularly.

Policy 7 – Providing Clients Access to Personal Information

7.1 Clients have the right to access their information, with limited exceptions.

7.2 Requests must be made in writing.

7.3 We will provide information on how personal data is used and disclosed.

7.4 Information will be provided within 30 business days, or written notice of any delay will be given.

7.5 A minimal fee may be charged, with prior notice to the client.

7.6 If access is denied, the client will be informed in writing.

Policy 8 – Questions and Complaints

8.1 The Privacy Officer is responsible for compliance with PIPA.

8.2 Complaints should be directed in writing to the Privacy Officer:

  • Sandra Indira Castellanos – indi.ototoi@gmail.com
  • If unresolved, clients may contact the Information and Privacy Commissioner of British Columbia.

Policy 9 – Cookies and Digital Data Collection

9.1 Our website may use cookies to enhance the user experience. Cookies are small data files stored on the user’s device that help track website activity and preferences.

9.2 Types of cookies used:

  • Session Cookies: Temporary and deleted after the browser is closed.
  • Persistent Cookies: Remain on the device for a set period to remember user preferences.

9.3 Users can disable cookies through browser settings, but this may affect website functionality.

9.4 We may collect non-personal data, such as browser type and device information, to improve our digital services.

Policy 10 – Third-Party Services

10.1 We may share data with third-party service providers only as necessary to fulfill business operations (e.g., payment processing). Such providers are required to uphold equivalent privacy protection standards.

10.2 We do not share or sell personal data to third parties for marketing purposes without explicit client consent.

Policy 11 – Changes to This Policy

11.1 We reserve the right to update this policy. Clients will be informed of any significant changes through our website or direct communication.

Scroll to Top