good to know
At Sprucestone Design Co. (https://sprucestone.design), we value the importance of protecting your privacy and personal data. We also appreciate your visit and interest in our company, products, and services. Our privacy statement below explains how we comply with the General Data Protection Regulation (GDPR). We also outline how we inform you about the nature, scope, and purpose of the personal data processed by us.
General Data Protection Regulation (GDPR)
This website complies with the GDPR which comes into effect as of 25 May 2018 and will be updated accordingly as required.
The website operator is responsible for any and all data processed by this website and websites associated with the studio.
Why we collect and process data
We aim to provide you with top-notch and secure services that you may be searching for via our website. Additionally, the information we collect is intended for purposes of continually building on and improving the quality of our services and information provided through our website. We also don’t like to throw fluff your way. We are only interested in providing you with useful, relevant information and services. By collecting and processing data you provide, we are able to better market and provide you with said relevant content. Should you additionally consent to it, we may contact you directly via our direct marketing (email) tools. Beyond any purposes noted above, your information and data will only be processed with your direct and expressly given consent.
We use the information we collect about you to continually better the goods and/or services that we are able to provide to you, to ensure optimal functioning of our website, as well as optimal user and visitor experience of our website and the information and content provided via our website. In order to ensure users and visitors have the best possible experience, information collected is used to analyze how you and other visitors use and experience our website.
How your data is collected
Data is collected automatically by our IT tools and systems when you visit our website. The type of data collected is primarily regarding, but not limited to, the type of device you use to access our website, the time of day you may have accessed our site and how long you have visited various pages on our site. Additionally, information such as your browser type and operating system are among the types of technical data that is primarily collected.
Protecting Your Data
Our website is hosted on servers that utilize the latest technology and security infrastructure.
The studio adheres to the Personal Information and Privacy Act (PIPA) of British Columbia, Canada. This legislation takes precedence over the 10 “fair information principles” of the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private-sector privacy law which is not explicitly applicable to businesses based in and/or operating in British Columbia, Canada. However, we respect the confidentiality of the information provided by you and therefore do our utmost to additionally adhere to these principles.
You may change your details at any time by advising us in writing via email. All of the customer data the studio collects is secured against unauthorized use or access. Personal information shall be protected by security safeguards appropriate to the sensitivity of the information. You recognize that there are always risks and in the unfortunate case that such risks may occur, the studio will notify you along with the appropriate authorities.
Any type of data that is communicated to us over the internet, for example via chat or through email communications, may be subject to breaches of security. We do our utmost to ensure your data is protected but absolute protection from third-party access is impossible and therefore not guaranteed. Your communication with us through such channels and the information you choose to share with us through said channels is at your own risk.
How you can reach us
Information provided here will enable you to contact us directly regarding the processing of your personal data on our website. You are welcome to contact us via email with any questions or concerns.
Business owner, Primary Contact + Data Controller: Andrea Liesting
If at any point you feel you want to revoke your consent for us to process your data, you are welcome to contact us directly by email with your request. The studio handles requests for revocation of consent in line with PIPA – Part 3 Section 9 and Article 7 of the GDPR. Any data that has been received by us, prior to your request, may still be legally processed. Many data processing operations, which are part of our website and its function, are only possible with your explicit consent. You understand that revoking your consent may impact the quality of our website performance, as well as access to content, provided via our website.
Right to information (Individual Rights – GDPR Art.12-13)
You can always contact us to request information about your stored data, how we obtained it, who has access to it, and why it has been collected. You will never be charged to receive this information. Feel free to get in touch with us directly via the contact information provided below should you have any questions regarding your privacy and data protection. You also have the right to file a complaint with the appropriate authority should you feel that your privacy and data protection are not being respected.
Right to be forgotten
You may also request, at any time via informal email communication, that it be updated, blocked, or completely removed. Upon our knowledge of your request, your request will be implemented and confirmed with you.
Right to restriction of processing
This applies in some specific circumstances including for example, for an interim period allowing the data controller to verify the accuracy of the personal data that is contested by the data subject, or when the controller no longer needs the personal data for the purposes of the processing but are required by the data subject for, for example, the establishment of legal claims.
Right to data portability
You have the right to receive personal data that you have provided to us, in a structured, commonly used and machine-readable format and to transmit that data to another data controller without hindrance. This right only applies to personal data that you have provided to the studio, where the processing is based on your consent or for the performance of a contract and where the processing is carried out by automated means. If you require that your data be transferred to another responsible party, this will only be completed to the extent that is technically feasible at the time of your request.
Right to file a complaint with the appropriate authorities
If there has been a breach of data protection legislation, you (the affected party) may file a complaint with the appropriate authorities. As our business is based out of British Columbia, Canada, the appropriate authorities for you to reach out to are:
- The Office of the Information and Privacy Commissioner for British Columbia. The Office of the Privacy Commissioner of Canada is not responsible for enforcing compliance with the GDPR.
- For EU-Based Clients: Please refer to the supervisory authority in your EU Member State.
Our website utilizes SSL (the predecessor to TLS) encryption. This cryptographic protocol is a security measure that provides authentication and data encryption between servers, machines and applications operating over a network (example: you connecting to your web server). It protects the transmission of confidential content via our website. In your browser address tab you will be able to recognize the encrypted connection when you see “https” in place of “http”. Some browsers may also display a lock icon in the address bar. Any data that is transferred to us by means of our SSL encryption cannot be viewed by third-parties.
We reserve the right to take legal action should we feel any violation to providing our direct contact information above. We strictly prohibit any and all unrequested solicitation of promotional materials to both our email and mailing address unless we have specifically made a direct request.
Collection of Data
Cookies & Tracking Pixels | What Are Cookies?
Cookies are small files saved to the user’s computer hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Upon visiting our website, information (such as the browser you are currently using, your IP address, any referral websites and/or social platforms you can to see us through) Is collected by our system automatically. Collection of such information may be done via the use and implementation with/of partners and/or vendors. More information on who and what we work with for data processing is listed below as well as links to respective privacy policies. Information and data collected from said partners and/or vendors may be in the form of general demographic or usage data. We will never collect, automatically, information from you without your prior given consent.
These are like the cogs in a well-oiled clock. They make our site work the way it should with the appearance it should have. They enable our navigation and basic website functionality to run like clockwork.
These cookies enable us to provide you with a tailored experience. Information provided via this type of cookie could range from your log-in details (for example via our client portal), your language, or your region of origin at the time of visiting our site. This information helps us better understand what parts of our website you have visited, what you have found useful and any specific selections that you have made with regards to types of services you found interesting and would potentially want to make use of.
We want to make sure our strategy of providing you with useful, helpful, and informative information and content is up to par! By utilizing advertising cookies, we can better assess the effectiveness of all of our efforts. Advertising cookies are provided via third-party vendors and/or partners that respectively analyze and track our site visits, downloads, any sign-ups you may choose to partake in. Any such external data processing is strictly governed by the existing privacy policies of our vendors and/or partners listed below. Please review their policies at your discretion.
Below you will find information on how the studio works with third-party applications that are implemented for our day-to-day workflow, communication, and project management. Where (*) is indicated prior to the processor/system name, the studio has entered into a Data Protection Agreement / Data Protection Addendum with said processor/system.
- Google LLC*
- Infinity Innovations, Inc.
- Siteground, Inc.*
- Stripe, Inc.*
- Wordfence [Defiant, Inc.] *
Stripe primarily powers our online store payment processing. In certain circumstances, we may utilize Stripe throughout our website and via direct links that may be communicated to you directly within project documentation (contracts, sub-agreements, etc.) or through email. If you enter into a contract with us, you may be required to process your payments using this payment processing system. You will be required to enter certain data (for example a credit card number) in order to process a payment successfully.
All of the payments processed are only made through securely encrypted SSL connections. This means that any payment information you submit through Stripe processing cannot be ready by third-parties.
Credit Card Processing
In certain circumstances the studio may be required to save your credit card information (for future payments and/or retainer programs). You will be required to enter your credit card information and the relevant information is sent to Stripe directly from your browser. Stripe then sends Quaderno a value that can be used to reference the saved credit card in the future. So, when Sprucestone Design Co. sends you an invoice, utilizing saved credit card information, Quaderno will then send that value back to Stripe along with the invoice value and Stripe will know which card to use based on the value provided to them from the Quaderno. This process is called “Tokenization”. The value is a type of code (ex. agfhsjk) in place of your actual credit card number. The only information that is visible in our accounting system, and in Quaderno is the last 4 digits of your credit card, the Name on the card and the type card it is (Visa, MasterCard, etc.).
Secure Data Transmission
When you load a page in your browser, or upload something to Wave, all that information is encrypted while it’s moving over the internet. We lock up your data with up to 256-bit TLS encryption, the strength of protection you get with online banking and shopping. We also support a wide variety of cyphers — another kind of code — for our communications, to ensure the highest level of encryption possible, based on your browser.
Wave doesn’t store credit card numbers, ever. Credit card information is sent directly from the app or browser to their payments processor (Stripe), and Wave receives a secure token back. This token is a code that authorizes Wave to complete the activity securely and efficiently, without storing or exposing your credit card information.
Social Media Policy & Usage
We adopt a Social Media Policy to ensure our business conducts itself accordingly online. While we may have official profiles on social media platforms users are advised to verify the authenticity of such profiles before engaging with, or sharing information with, such profiles. We will never ask for user passwords or personal details on social media platforms. Users are advised to conduct themselves appropriately when engaging with us on social media.
There may be instances where our website features social sharing buttons (“like” and “share”), which help share web content directly from (our) web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page.
As owners of our website, the studio does not receive data nor is knowledgeable of the data that is transmitted to Facebook, to Instagram, to Pinterest or to Twitter. Nor do we have any knowledge as to the content of any data that may be transmitted to, and thereby potentially used by, any of these social networks in accordance with your visiting our website.
You can find further information about some social media privacy and usage policies in the resources below.
When you visit our website, your internet browser makes a direct connection with Facebook’s server. This enables Facebook to receive information that you have visited our site from your IP address. If you click on the “like” button at any point while you are signed-in to your Facebook account, then you will be presented with the opportunity to link content that you like on our website directly with your Facebook profile. Please be aware that this is done at your own risk. If you do not want Facebook to make any association or connection between our website, or your visit to our website and your personal Facebook account, you must ensure you are logged out of your Facebook account.
Integrations for Instagram have been applied to our website. If you are logged in to your Instagram account, you will be able to directly associate your presence on our website with your Instagram user account by clicking on any of our Instagram links.
We also utilize Pinterest functions on our website. Any time you visit our website pages which contain a Pinterest button or plugin, your internet browser will make a direct connection with Pinterest servers in the USA. Your data (for example your IP address, when you visited our website, the browsers you used to access our website, log data, cookie data, and device data) is then transmitted to Pinterest.
Tracking & Analytics
Our website uses the website analytics service, Google Analytics. We have entered into a DPA with Google Analytics.
When you visit our website, cookies are placed on your computer that permits an analysis of how you use and experience our website. Information generated regarding how you use and experience our website is transmitted to a Google server in the United States of America. It is also stored there.
We have a legitimate interest in the information that Google Analytics provides to us regarding your use and experience of our website in order to ensure your experience is top-notch, as well as to ensure our chosen advertising methods are optimized.
Information we collect relates to demographics, device type, use, age, gender and general interest on the website related to content, pages visited, and other site visit interests. This enables us to optimize our website, services and goods we offer as a business, as well as our advertising and social media strategies.
We make use of Google Analytics/Adwords Remarketing. You may see certain ads on this website or other websites because we contract with Google and similar companies to target our ads based on collected information by us or them. Included here would be information that is collected automatically (such as via the cookies and web beacons we utilize).
You may, at any point, opt out of the automated collection of information by third-party ad networks (preventing delivery of tailored-to-you ads) and/or prevent Google Analytics from utilizing the cookies stored on your computer. There are a couple of ways you can do this. Please remember though, if you do disable any cookies it may affect the proper functioning of our website and have a negative effect on your use and experience of our website.
- Option 1 – Browser permissions: Adjust your cookie permissions in your browser settings.
- Option 2 – Opt-out browser plugin: Install the google analytics opt-out plugin available here.
- Option 3 – Google Display Network ads preferences: http://google.com/ads/preferences
IP Anonymization + IP Masking:
We are working towards implementing IP anonymization/IP masking into our website.
Advertisements & Sponsored Links
This website may contain sponsored links and advertisements. These will typically be served by our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.
SDCo. participates in select affiliate programs. Where affiliate links are included in distributed content on our website, through our email newsletter, or our blog posts, we will clearly note our affiliation. You are not obligated to participate or interact with our affiliate links, and in doing so is at your own risk as per our Terms.
Downloads & Media Files
Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third-party anti-virus software or similar applications.
We accept no responsibility for third-party downloads and downloads provided by external third-party websites and advise users to verify their authenticity using third-party anti-virus software or similar applications.
External Links & Third Parties
Although we only aim to include quality, safe, and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website.
We cannot guarantee or verify the contents of any externally linked website despite our best efforts. Users should, therefore, note they click on external links at their own risk and we cannot be held liable for any damages or implications caused by visiting any external links mentioned.