Privacy Policy of family.one network

Family.one network collects some Personal Data from its Users.

Personal Data collected for the following purposes and using the following services:

    • Access to third party accounts

      • Facebook account access

        Permissions: About Me, Access Page CTA, Access private data, Access Requests, Activities, App Notifications, Birthday, Books Actions, Checkins, Contact email, Current City, Family Members and Relationship Status, Likes and List of Friends

      • Stripe account access and Twitter account access

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Advertising

      • Direct Email Marketing (DEM)

        Personal Data: email address

    • Analytics

      • Google Analytics

        Personal Data: Cookies and Usage Data

    • Contacting the User

      • Contact form

        Personal Data: email address, first name and last name

      • Mailing List or Newsletter

        Personal Data: address, city, Cookies, date of birth, email address, first name, gender, last name, phone number and Usage Data

      • Phone contact

        Personal Data: phone number

    • Handling payments

      • Stripe

        Personal Data: various types of Data as specified in the privacy policy of the service

    • Interaction with external social networks and platforms

      • Facebook Like button and social widgets

        Personal Data: Cookies and Usage Data

    • Managing contacts and sending messages

      • MailChimp

        Personal Data: email address

      • Sendgrid

        Personal Data: address, country, date of birth, email address, first name, gender, last name, phone number and Usage Data

      • Twilio

        Personal Data: phone number

Further information about Personal Data

    • Contacting Chief Privacy Officer

      A senior company officer has been appointed as the Privacy Officer at family.one. The Privacy Officer is accountable for all personal information at family.one. You may contact the Privacy Officer at:

      By Mail: Chief Privacy Officer
      family.One
      PO BOX 5082 RPO Major Mackenzie
      Richmond Hill, Ontario
      L4S 0B7

      Fax: (289) 475-5958

    • Compliance

      family.one's practices privacy in accordance with all federal and provincial laws and regulations as well as the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada's Anti-Spam Legislation (CASL) and communicates with independent industry experts as well as the Office of the Privacy Commissioner of Canada and Competition Bureau Canada.

    • Securing your data

      Passwords are never stored as clear text - they are always hashed (and salted) securely using bcrypt. Wherever possible, traditional passwords are replaced by third-party authentication methods such as auto-expiring one-time emailed login tokens which require access to your email account or third-party login via OAuth2 partners such as Google, Facebook and Twitter.

      Registration is always performed through a secure SHA2 2048bit encrypted SSL connection. All personally identifiable data is stored on AICPA SOC 2 Type II Compliant and PCI DSS Certified servers. Our servers are physically secured 24/7 with biometric scanners and other technical security measures and hold ISO27001 and ISO27018 certification status provided by a third party. All servers are DDOS mitigated and have documented "in case of nuclear attack on data centre" infrastructure continuity plans in place.

      Access to the database is restricted to a required access only basis and accessed only through a secure connection. Login to the database is secured against brute force and tested on a regular basis.

    • General Data Collection and Usage

      Collection
      family.one collects information such as full name, age, email address(s), mailing address(s), billing address, phone number, relationship to children, relationship to other users, socio-economic status, such as employment position level, annual household income, as well as requested information on shopping preferences, product experience, newborn feeding preference and other information from time to time based on specific offers.

      Requested Data Collection refers to any specific requests for information from the user. Requested data collection is broken down into three stages:
      “Initial Registration”. “My Family” and “Additional Data”.

      Initial Registration refers to data collected at the point of registration. This data includes at most the user’s full name, email address, mailing address, relationship to dependent children, dependent children including their date of birth.

      My Family refers to the building of a family network including inviting other members of their family to join family.one and connect with one another. Connections established through My Family enable members of a family to share contests, freebies and other programs with one another and increase their odds of winning contests through additional entry points, as well as, from time to time, receive other benefits for increased activity.

      Additional Data refers to instances where offers, contests, freebies or other programs require additional data as part of participation in them. By collecting data in this manner, family.one ensures that data is only collected with specifically relevant. In these instances, the user will be prompted to provide the requested data or choose not to participate in the program. Further, should the requested data require additional consent, specific terms and conditions will be presented along with the choice to participate or not.

      Understanding Requested Data Collection and Usage
      Each time data is requested, an "i" symbol provides an explanation of data collected at that point and how it will be used.

      Double Opt-in
      All registrants are required to complete a Double Opt-in Process wherein:
      1. The User submits their information.
      2. Information submitted is quarantine pending confirmation along with any account activity relevant to family.one's privacy policies and/or terms and conditions.
      3. The User is then required to log in via email token to verify their email address.
      4. Upon verification, data is removed from quarantine and transferred to active membership.

      Usage
      Data collected is used to provide additional services and aid in targeting marketing efforts by brands, including giveaways, baby starter packs and other boxes, exclusive items, other opportunities which family.one determines to be of benefit to specific members within its membership; and where relevant to aid in directing engagement towards those with whom they are most relevant. family.one prefers to engage only those who its services are relevant to, and only when they are relevant.

      From time to time, family.one may develop new services and make them available for general or restricted access to members of the program or collaborate with other organizations.

      family.one may contract a neutral party to perform redundancy tests on its membership to ensure that partnering brands, contributors, and others interacting with family.one are engaging its membership efficiently.

      family.one may contract or collaborate with a communications service partner to facilitate distribution of a communication on behalf of itself or a third party while protecting the confidentiality of your data from transfer directly to a third party.

    • Sharing of Personal Information

      We may share Personal Information:

      Pursuant to a court order, subpoena, warrant, or when otherwise permitted or required by law, or in response to a government inquiry or request, or with an organization in the case of a breach of an agreement or contravention of law, or to detect, suppress or prevent fraud;

      Where it is necessary for the establishment, exercise or defense of legal claims, and to investigate or prevent actual or suspected loss or harm to persons or property (including the Services);

      In connection with an actual or potential sale, merger, or acquisition, or other transfer of all or part of our assets, including as part of a bankruptcy proceeding or other corporate reorganization or change in corporate control;

      With affiliated companies, as permitted by law;

      With third party service providers to assist us with our Services, such as to process payments, distribute packages or other products or materials, send communications, or help operate the website and/or applications;

      With affiliated companies to provide you with cooperative or third-party products, services, promotions, offers, or any opportunity that we deem of potential benefit to you;

      With partners that offer educational and other additional features through our Services and with partners (such as hospitals) to operate our programs and respond to your requests, as permitted by law;

      If you consent, with selected third parties to provide information or offers that may interest you, such as with hospitals, community service centers, brand partners, and other organizations (please see other sections of this Privacy Policy for your choices regarding this sharing);

      In a limited manner in order to establish Family Share connections upon your consent; or

      With your consent.

    • Your choices

      From time to time, we may ask for your consent to share your Personal Information with selected third parties so that they can provide you with information or offers that may interest you. If you do not want your information shared in this way, you can choose not to engage with or can decline the option when it is presented.

      We may send you promotional email communications, with your consent. If you would like to stop receiving a specific type of promotional email communication, you can do so by clicking on the unsubscribe option in our emails or contact us at privacy@family.one. You will continue to receive other types of service messages from us to the extent permitted by law.

      We may contact you via phone or text message, including for marketing purposes, after obtaining your consent if required by applicable local law. If you would like to stop receiving marketing calls and text messages from us, you can text “STOP” via reply text or you can register your choice over the phone or by emailing privacy@family.one.

      For information on the choices available to you in connection with digital advertising and analytics, please see the Digital Advertising & Analytics section above.

    • Policy Changes

      We’re constantly working to improve our Services, so we may need to change this privacy policy from time to time as well. We will post these changes in this policy, and suggest that you revisit this policy periodically to stay informed of any changes. We may also notify you of any material changes to this Privacy Policy.

      Each time you log in, passwordless login emails and (in some situations) login screens will include a notice of when this privacy policy was lasted updated as well as a link to this policy. You will be instructed that logging in indicates your consent with this privacy policy and we will make a record of your renewed consent.

      family.one will, as necessary, obtain consent under applicable privacy laws if it seeks to collect, use or disclose your personal information for purposes materially different from those for which your Personal Information has been collected unless otherwise required or permitted by law.

    • Updating personal information and access

      We take reasonable steps to make sure that the information we hold is accurate, complete and up to date. If you wish to access to your Personal Information, make corrections or updates to your Personal Information, you may do so by logging in at https://family.one and accessing your profile. Should you wish to terminate your account, you may do so via your profile or by contacting support@family.one. We may continue to retain information in our records after your termination request, for example for legal or recordkeeping purposes as long as necessary for our operations.

    • Communications between users

      We also enable communications between you and others through our Services, including for example invitations, family sharing, families, friends and messages between connections.

    • Usage Analytics

      In order to improve our services, we may collect and retain analytical data of your usage for reasons such as developing and organizing products, services, programs and other offerings according to your past activity

    • Transferring of Data

      From time to time, opportunities for users may arise where benefits require the transfer of user data to a partner. In these instances, these programs including but not limited to freebies, samples and perks will require additional consent on a program by program basis and provide users with:
      Program specific terms, conditions and privacy data
      Details on what data is required to be transferred
      Who the data is transferred to
      How the data will be used
      Links to recipient partner’s privacy policy, terms and conditions
      Links and/or instructions on how to update and/or unsubscribe and/or contact the recipient partner, regarding the data they have received.

      All such instances will be presented to users on an opt-in only basis wherein only users that choose to participate will benefit from the specific program and have the relevant data transferred.

    • Family Sharing (My Family)

      Where family.one users are members of the same household or extended family, users can invite and connect with each other. Connected family.one user have the ability to share, gain access to and increase the odds of winning/receiving contests, freebies. Connections are only established when a receiving users accepts an invitation to connect.

    • family.one membership and communications

      family.one is a membership based organization. As a member you have access free, subsidized and discounted product, contests, perks (discounts) and more. Periodically, we’ll send you notifications on behalf of these programs, for login and other activity-based transactional emails. Where relevant, we will present you with the opportunity to unsubscribe with the exception of transactional emails which are sent based on account activity.

Contact information

    • Owner and Data Controller

      Baby Box Canada / Family.One
      PO BOX 5082 RPO MAJOR MACKENZIE
      RICHMOND HILL, ON
      L4S 0B7

      Owner contact email: privacy@family.one