1
Privacy Policy
Effective Date: 23rd January, 2025
Last Updated: 23rd January, 2025
Table of Content
1. Information We Collect --------------------------------------------------------------------------------------- 5
2
1.1. Personal Information ------------------------------------------------------------------------------------- 5
1.1.1. Identification Data --------------------------------------------------------------------------------- 5
1.1.2. Account Information ------------------------------------------------------------------------------ 6
1.1.3. Profile Data ----------------------------------------------------------------------------------------- 6
1.1.4. User Content --------------------------------------------------------------------------------------- 6
1.1.5. Communications Data ---------------------------------------------------------------------------- 6
1.1.6. Payment Information------------------------------------------------------------------------------ 7
1.1.7. Metadata -------------------------------------------------------------------------------------------- 7
1.1.8. Device Information -------------------------------------------------------------------------------- 7
1.1.9. Interaction Data ------------------------------------------------------------------------------------ 7
1.1.10. Financial Data ------------------------------------------------------------------------------------ 8
1.1.11. Location Data ------------------------------------------------------------------------------------- 8
1.2. Automatically Collected Information ------------------------------------------------------------------ 8
1.2.1. Device Information -------------------------------------------------------------------------------- 8
1.2.2. Usage Data ----------------------------------------------------------------------------------------- 9
1.2.3. Log Data --------------------------------------------------------------------------------------------- 9
1.2.4. Location Data -------------------------------------------------------------------------------------- 9
1.3. Information from Third Parties ------------------------------------------------------------------------- 9
1.3.1. Social Media Accounts --------------------------------------------------------------------------- 9
1.3.2. Non-Listed Payment Processors------------------------------------------------------------- 10
1.3.3. Advertising Partners ---------------------------------------------------------------------------- 10
1.3.4. Analytics Providers ------------------------------------------------------------------------------ 10
1.3.5. Publicly Available Sources -------------------------------------------------------------------- 10
2. How We Use Your Information --------------------------------------------------------------------------- 10
2.1. Provision of Services ---------------------------------------------------------------------------------- 11
2.1.1. Media Sharing and Social Functionality ---------------------------------------------------- 11
2.2. Tailoring and Modifying ------------------------------------------------------------------------------- 11
2.3. Analytics and Improvement -------------------------------------------------------------------------- 12
2.4. Marketing and Communication ---------------------------------------------------------------------- 12
2.5. Compliance with Applicable Law -------------------------------------------------------------------- 12
3. Sharing Your Information ---------------------------------------------------------------------------------- 12
3.1. Service Contractors ------------------------------------------------------------------------------------ 13
3.2. Legal and Regulatory Disclosures ------------------------------------------------------------------ 13
3.3. Business Transfers ------------------------------------------------------------------------------------- 13
4. Data Retention and Deletion ------------------------------------------------------------------------------ 13
4.1. Retention Periods--------------------------------------------------------------------------------------- 14
4.2. Anonymization and Deletion ------------------------------------------------------------------------- 14
4.3. Legal and Regulatory Compliance ------------------------------------------------------------------ 15
5. Your Data Rights --------------------------------------------------------------------------------------------- 15
5.1. Right of Access ----------------------------------------------------------------------------------------- 15
5.2. Right of Correction ------------------------------------------------------------------------------------- 16
5.3. Right to Withdraw Consent --------------------------------------------------------------------------- 16
1.1. Personal Information ------------------------------------------------------------------------------------- 5
1.1.1. Identification Data --------------------------------------------------------------------------------- 5
1.1.2. Account Information ------------------------------------------------------------------------------ 6
1.1.3. Profile Data ----------------------------------------------------------------------------------------- 6
1.1.4. User Content --------------------------------------------------------------------------------------- 6
1.1.5. Communications Data ---------------------------------------------------------------------------- 6
1.1.6. Payment Information------------------------------------------------------------------------------ 7
1.1.7. Metadata -------------------------------------------------------------------------------------------- 7
1.1.8. Device Information -------------------------------------------------------------------------------- 7
1.1.9. Interaction Data ------------------------------------------------------------------------------------ 7
1.1.10. Financial Data ------------------------------------------------------------------------------------ 8
1.1.11. Location Data ------------------------------------------------------------------------------------- 8
1.2. Automatically Collected Information ------------------------------------------------------------------ 8
1.2.1. Device Information -------------------------------------------------------------------------------- 8
1.2.2. Usage Data ----------------------------------------------------------------------------------------- 9
1.2.3. Log Data --------------------------------------------------------------------------------------------- 9
1.2.4. Location Data -------------------------------------------------------------------------------------- 9
1.3. Information from Third Parties ------------------------------------------------------------------------- 9
1.3.1. Social Media Accounts --------------------------------------------------------------------------- 9
1.3.2. Non-Listed Payment Processors------------------------------------------------------------- 10
1.3.3. Advertising Partners ---------------------------------------------------------------------------- 10
1.3.4. Analytics Providers ------------------------------------------------------------------------------ 10
1.3.5. Publicly Available Sources -------------------------------------------------------------------- 10
2. How We Use Your Information --------------------------------------------------------------------------- 10
2.1. Provision of Services ---------------------------------------------------------------------------------- 11
2.1.1. Media Sharing and Social Functionality ---------------------------------------------------- 11
2.2. Tailoring and Modifying ------------------------------------------------------------------------------- 11
2.3. Analytics and Improvement -------------------------------------------------------------------------- 12
2.4. Marketing and Communication ---------------------------------------------------------------------- 12
2.5. Compliance with Applicable Law -------------------------------------------------------------------- 12
3. Sharing Your Information ---------------------------------------------------------------------------------- 12
3.1. Service Contractors ------------------------------------------------------------------------------------ 13
3.2. Legal and Regulatory Disclosures ------------------------------------------------------------------ 13
3.3. Business Transfers ------------------------------------------------------------------------------------- 13
4. Data Retention and Deletion ------------------------------------------------------------------------------ 13
4.1. Retention Periods--------------------------------------------------------------------------------------- 14
4.2. Anonymization and Deletion ------------------------------------------------------------------------- 14
4.3. Legal and Regulatory Compliance ------------------------------------------------------------------ 15
5. Your Data Rights --------------------------------------------------------------------------------------------- 15
5.1. Right of Access ----------------------------------------------------------------------------------------- 15
5.2. Right of Correction ------------------------------------------------------------------------------------- 16
5.3. Right to Withdraw Consent --------------------------------------------------------------------------- 16
3
5.4. Right to Request Deletion ---------------------------------------------------------------------------- 16
5.5. Right to Data Portability ------------------------------------------------------------------------------- 17
5.6. Right to Object to Processing ------------------------------------------------------------------------ 17
5.7. Exercising Your Rights -------------------------------------------------------------------------------- 17
6. Cookies and Other Tracking Technologies ---------------------------------------------------------- 17
6.1. Types of Cookies --------------------------------------------------------------------------------------- 18
6.2. Managing Cookies-------------------------------------------------------------------------------------- 18
7. International Data Transfers ------------------------------------------------------------------------------ 18
7.1. Legal Mechanisms for Data Transfers ------------------------------------------------------------- 19
7.2. Data Protection Safeguards -------------------------------------------------------------------------- 20
7.3. User Rights and Compliance ------------------------------------------------------------------------ 20
7.4. Third-Party Service Providers------------------------------------------------------------------------ 21
8. Data Security -------------------------------------------------------------------------------------------------- 21
8.1. Technical Safeguards --------------------------------------------------------------------------------- 21
8.1.1. Encryption ----------------------------------------------------------------------------------------- 21
8.1.2. Access Controls --------------------------------------------------------------------------------- 22
8.1.3. Network Security -------------------------------------------------------------------------------- 22
8.2. Administrative Safeguards---------------------------------------------------------------------------- 23
8.2.1. Security Policies and Procedures------------------------------------------------------------ 23
8.2.2. Training and Awareness ----------------------------------------------------------------------- 23
8.2.3. Risk Management ------------------------------------------------------------------------------- 24
8.3. Physical Safeguards ----------------------------------------------------------------------------------- 24
8.3.1. Data Center Security --------------------------------------------------------------------------- 24
8.3.2. Device Security ---------------------------------------------------------------------------------- 25
8.4. Security Audits ------------------------------------------------------------------------------------------ 25
8.4.1. Regular Assessments -------------------------------------------------------------------------- 25
8.4.2. Continuous Monitoring ------------------------------------------------------------------------- 25
8.4.3. Compliance Audits ------------------------------------------------------------------------------ 26
8.5. User Responsibilities ---------------------------------------------------------------------------------- 26
8.5.1. Account Security--------------------------------------------------------------------------------- 26
8.5.2. Security Best Practices ------------------------------------------------------------------------ 26
9. Children’s Privacy ------------------------------------------------------------------------------------------- 27
9.1. Age Restrictions ---------------------------------------------------------------------------------------- 27
9.1.1. Intended Audience ------------------------------------------------------------------------------ 27
9.2. Collection of Personal Information ------------------------------------------------------------------ 27
9.2.1. Inadvertent Collection -------------------------------------------------------------------------- 27
9.3. Data Deletion Procedures ---------------------------------------------------------------------------- 28
9.3.1. Identification of Data ---------------------------------------------------------------------------- 28
9.3.2. Secure Deletion ---------------------------------------------------------------------------------- 28
9.4. Compliance with Applicable Laws ------------------------------------------------------------------ 28
9.4.1. Children’s Online Privacy Protection Act (COPPA) -------------------------------------- 28
9.4.2. General Data Protection Regulation (GDPR) --------------------------------------------- 29
5.4. Right to Request Deletion ---------------------------------------------------------------------------- 16
5.5. Right to Data Portability ------------------------------------------------------------------------------- 17
5.6. Right to Object to Processing ------------------------------------------------------------------------ 17
5.7. Exercising Your Rights -------------------------------------------------------------------------------- 17
6. Cookies and Other Tracking Technologies ---------------------------------------------------------- 17
6.1. Types of Cookies --------------------------------------------------------------------------------------- 18
6.2. Managing Cookies-------------------------------------------------------------------------------------- 18
7. International Data Transfers ------------------------------------------------------------------------------ 18
7.1. Legal Mechanisms for Data Transfers ------------------------------------------------------------- 19
7.2. Data Protection Safeguards -------------------------------------------------------------------------- 20
7.3. User Rights and Compliance ------------------------------------------------------------------------ 20
7.4. Third-Party Service Providers------------------------------------------------------------------------ 21
8. Data Security -------------------------------------------------------------------------------------------------- 21
8.1. Technical Safeguards --------------------------------------------------------------------------------- 21
8.1.1. Encryption ----------------------------------------------------------------------------------------- 21
8.1.2. Access Controls --------------------------------------------------------------------------------- 22
8.1.3. Network Security -------------------------------------------------------------------------------- 22
8.2. Administrative Safeguards---------------------------------------------------------------------------- 23
8.2.1. Security Policies and Procedures------------------------------------------------------------ 23
8.2.2. Training and Awareness ----------------------------------------------------------------------- 23
8.2.3. Risk Management ------------------------------------------------------------------------------- 24
8.3. Physical Safeguards ----------------------------------------------------------------------------------- 24
8.3.1. Data Center Security --------------------------------------------------------------------------- 24
8.3.2. Device Security ---------------------------------------------------------------------------------- 25
8.4. Security Audits ------------------------------------------------------------------------------------------ 25
8.4.1. Regular Assessments -------------------------------------------------------------------------- 25
8.4.2. Continuous Monitoring ------------------------------------------------------------------------- 25
8.4.3. Compliance Audits ------------------------------------------------------------------------------ 26
8.5. User Responsibilities ---------------------------------------------------------------------------------- 26
8.5.1. Account Security--------------------------------------------------------------------------------- 26
8.5.2. Security Best Practices ------------------------------------------------------------------------ 26
9. Children’s Privacy ------------------------------------------------------------------------------------------- 27
9.1. Age Restrictions ---------------------------------------------------------------------------------------- 27
9.1.1. Intended Audience ------------------------------------------------------------------------------ 27
9.2. Collection of Personal Information ------------------------------------------------------------------ 27
9.2.1. Inadvertent Collection -------------------------------------------------------------------------- 27
9.3. Data Deletion Procedures ---------------------------------------------------------------------------- 28
9.3.1. Identification of Data ---------------------------------------------------------------------------- 28
9.3.2. Secure Deletion ---------------------------------------------------------------------------------- 28
9.4. Compliance with Applicable Laws ------------------------------------------------------------------ 28
9.4.1. Children’s Online Privacy Protection Act (COPPA) -------------------------------------- 28
9.4.2. General Data Protection Regulation (GDPR) --------------------------------------------- 29
4
9.5. Reporting and Addressing Concerns--------------------------------------------------------------- 29
9.5.1. Reporting Mechanism -------------------------------------------------------------------------- 29
9.5.2. Parental Rights and Controls ----------------------------------------------------------------- 30
9.6. Technical and Organizational Measures ---------------------------------------------------------- 30
9.6.1. Data Minimization ------------------------------------------------------------------------------- 30
9.6.2. Data Security Measures ----------------------------------------------------------------------- 30
10. Changes to This Privacy Policy ------------------------------------------------------------------------ 31
11. Contact Us ---------------------------------------------------------------------------------------------------- 31
9.5. Reporting and Addressing Concerns--------------------------------------------------------------- 29
9.5.1. Reporting Mechanism -------------------------------------------------------------------------- 29
9.5.2. Parental Rights and Controls ----------------------------------------------------------------- 30
9.6. Technical and Organizational Measures ---------------------------------------------------------- 30
9.6.1. Data Minimization ------------------------------------------------------------------------------- 30
9.6.2. Data Security Measures ----------------------------------------------------------------------- 30
10. Changes to This Privacy Policy ------------------------------------------------------------------------ 31
11. Contact Us ---------------------------------------------------------------------------------------------------- 31
5
StikBook Inc. ("we", "us," or "our") is dedicated to maintaining the privacy of our users
and treating their personal information in a secure manner when they access or interact
with our social media platform (the "App"). Our Privacy Policy sets out our approach to
the collection, use, disclosure, and retention of your personal information in accordance
with applicable Canadian privacy legislation, including the Personal Information
Protection and Electronic Documents Act (PIPEDA). By using or otherwise accessing the
App, you approve of the collection, use, disclosure, and processing of your personal
information in accordance with this Privacy Policy. This Privacy Policy is meant to help you
understand what information we collect, why we collect it, and how you can update,
manage, or delete that information.
1. Information We Collect
As you use our services, there are different ways we process it:
1.1. Personal Information
For the purpose of running and improving the App's functionality, StikBook Inc. gathers
and uses a variety of personal information from its users. The following lists the types of
personal data that are gathered and how they are used:
1.1.1. Identification Data
In order to register users and maintain their accounts, including identity verification and
customer support, personal identifiers like name, email address, phone number, date of
birth, and postal address are needed. Additionally, this data is used to respond to user
inquiries, updates, and problems pertaining to their accounts; customize user interfaces;
offer features and content that are specific to the interests of each user; and fulfill legal
requirements, including those pertaining to age verification and other regulations.
StikBook Inc. ("we", "us," or "our") is dedicated to maintaining the privacy of our users
and treating their personal information in a secure manner when they access or interact
with our social media platform (the "App"). Our Privacy Policy sets out our approach to
the collection, use, disclosure, and retention of your personal information in accordance
with applicable Canadian privacy legislation, including the Personal Information
Protection and Electronic Documents Act (PIPEDA). By using or otherwise accessing the
App, you approve of the collection, use, disclosure, and processing of your personal
information in accordance with this Privacy Policy. This Privacy Policy is meant to help you
understand what information we collect, why we collect it, and how you can update,
manage, or delete that information.
1. Information We Collect
As you use our services, there are different ways we process it:
1.1. Personal Information
For the purpose of running and improving the App's functionality, StikBook Inc. gathers
and uses a variety of personal information from its users. The following lists the types of
personal data that are gathered and how they are used:
1.1.1. Identification Data
In order to register users and maintain their accounts, including identity verification and
customer support, personal identifiers like name, email address, phone number, date of
birth, and postal address are needed. Additionally, this data is used to respond to user
inquiries, updates, and problems pertaining to their accounts; customize user interfaces;
offer features and content that are specific to the interests of each user; and fulfill legal
requirements, including those pertaining to age verification and other regulations.
6
1.1.2. Account Information
To provide safe access to users' accounts and to authenticate users during the login
process, login credentials, including passwords, usernames, and security questions, are
gathered. Additionally, by using multi-factor authentication and other security measures,
this information helps users restore their accounts in the event that they lose or forget
their login credentials.
1.1.3. Profile Data
In order to promote user interaction and engagement on the platform by showing profile
information to other users, users may choose to add bios, photographs, and other general
information to their profiles. This information is collected. Additionally, this data is utilized
to facilitate user connections and the sharing of interests and social media links, as well
as to offer personalized content recommendations based on user interests and profile
information.
1.1.4. User Content
In order for users to share content with others and take part in social interactions on the
platform, any media (pictures, videos, audio), comments, likes, messages, or other
content that users create and post via the App are gathered. This information is also
utilized to analyze and control user-generated content in order to make sure that it
complies with community standards, stop harmful or unlawful content from spreading,
and increase user engagement by letting users interact with content that has been shared
by others.
1.1.5. Communications Data
To offer messaging services and promote user communication, the content of messages
sent through the app is gathered, along with time and date meta tags. Additionally, this
information is utilized to comply with legal obligations, such as keeping communication
logs for regulatory purposes, and to respond to user questions and offer customer
assistance via the App's contact channels.
1.1.2. Account Information
To provide safe access to users' accounts and to authenticate users during the login
process, login credentials, including passwords, usernames, and security questions, are
gathered. Additionally, by using multi-factor authentication and other security measures,
this information helps users restore their accounts in the event that they lose or forget
their login credentials.
1.1.3. Profile Data
In order to promote user interaction and engagement on the platform by showing profile
information to other users, users may choose to add bios, photographs, and other general
information to their profiles. This information is collected. Additionally, this data is utilized
to facilitate user connections and the sharing of interests and social media links, as well
as to offer personalized content recommendations based on user interests and profile
information.
1.1.4. User Content
In order for users to share content with others and take part in social interactions on the
platform, any media (pictures, videos, audio), comments, likes, messages, or other
content that users create and post via the App are gathered. This information is also
utilized to analyze and control user-generated content in order to make sure that it
complies with community standards, stop harmful or unlawful content from spreading,
and increase user engagement by letting users interact with content that has been shared
by others.
1.1.5. Communications Data
To offer messaging services and promote user communication, the content of messages
sent through the app is gathered, along with time and date meta tags. Additionally, this
information is utilized to comply with legal obligations, such as keeping communication
logs for regulatory purposes, and to respond to user questions and offer customer
assistance via the App's contact channels.
7
1.1.6. Payment Information
To execute financial transactions, such subscription payments and in-app purchases,
information like credit card numbers, billing addresses, and transaction histories are
gathered. Along with these other uses, this data is also utilized to detect and stop financial
transaction fraud, create and deliver billing statements and invoices to users, and adhere
to record-keeping protocols and financial rules.
1.1.7. Metadata
Timestamped images, location information, and interaction statistics are just a few
examples of the information that is gathered about user content in order to index user-
generated content for search and retrieval, examine user interactions with content to
enhance user engagement tactics, and use interaction data to personalize content
recommendations that will improve user experiences.
1.1.8. Device Information
In order to improve platform security, technical information is gathered, including IP
addresses, browser types, operating systems, and device identifiers. This information is
used to monitor and identify potential security threats, provide technical support,
troubleshoot device compatibility issues, and optimize platform performance and
functionality across various devices and browsers.
1.1.9. Interaction Data
Information about how users interact with the platform—such as the pages they visit, the
features they use, and how long they stay on it—is gathered in order to assess how well
the platform is performing and pinpoint areas for development, improve user experience
overall by learning about user behavior and preferences, and create new features and
services based on patterns of user interaction.
1.1.6. Payment Information
To execute financial transactions, such subscription payments and in-app purchases,
information like credit card numbers, billing addresses, and transaction histories are
gathered. Along with these other uses, this data is also utilized to detect and stop financial
transaction fraud, create and deliver billing statements and invoices to users, and adhere
to record-keeping protocols and financial rules.
1.1.7. Metadata
Timestamped images, location information, and interaction statistics are just a few
examples of the information that is gathered about user content in order to index user-
generated content for search and retrieval, examine user interactions with content to
enhance user engagement tactics, and use interaction data to personalize content
recommendations that will improve user experiences.
1.1.8. Device Information
In order to improve platform security, technical information is gathered, including IP
addresses, browser types, operating systems, and device identifiers. This information is
used to monitor and identify potential security threats, provide technical support,
troubleshoot device compatibility issues, and optimize platform performance and
functionality across various devices and browsers.
1.1.9. Interaction Data
Information about how users interact with the platform—such as the pages they visit, the
features they use, and how long they stay on it—is gathered in order to assess how well
the platform is performing and pinpoint areas for development, improve user experience
overall by learning about user behavior and preferences, and create new features and
services based on patterns of user interaction.
8
1.1.10. Financial Data
To monitor and handle financial transactions, including purchases and subscriptions, data
is gathered pertaining to financial transactions, including payment methods, billing
details, transaction history, and subscription data. In addition, this information is needed
to maintain accurate records, adhere to financial requirements, administer user
subscriptions, and offer associated services.
1.1.11. Location Data
GPS data, or location data obtained from an IP address, is gathered to offer location-based
services and features, such as suggestions and localized content, whether the data is
particular (like coordinates) or general (like city). In addition, this data is utilized to meet
regulatory requirements for the collecting and use of location data, as well as to evaluate
user location data for market research and platform optimization.
1.2. Automatically Collected Information
When you engage with the App, StikBook Inc. may automatically gather certain
information about your device and usage habits. The purpose of collecting this data is to
enhance the platform's general security and functionality while also improving user
experience.
1.2.1. Device Information
The purpose of collecting device-specific information from users is to monitor and detect
potential security threats and unauthorized access, ensure compatibility, optimize the
performance of the application on various devices and operating systems, provide
technical support, and troubleshoot device-specific issues. Device-specific information
includes the model of the device, operating system version, unique device identifiers (like
IP address), and browser type.
1.1.10. Financial Data
To monitor and handle financial transactions, including purchases and subscriptions, data
is gathered pertaining to financial transactions, including payment methods, billing
details, transaction history, and subscription data. In addition, this information is needed
to maintain accurate records, adhere to financial requirements, administer user
subscriptions, and offer associated services.
1.1.11. Location Data
GPS data, or location data obtained from an IP address, is gathered to offer location-based
services and features, such as suggestions and localized content, whether the data is
particular (like coordinates) or general (like city). In addition, this data is utilized to meet
regulatory requirements for the collecting and use of location data, as well as to evaluate
user location data for market research and platform optimization.
1.2. Automatically Collected Information
When you engage with the App, StikBook Inc. may automatically gather certain
information about your device and usage habits. The purpose of collecting this data is to
enhance the platform's general security and functionality while also improving user
experience.
1.2.1. Device Information
The purpose of collecting device-specific information from users is to monitor and detect
potential security threats and unauthorized access, ensure compatibility, optimize the
performance of the application on various devices and operating systems, provide
technical support, and troubleshoot device-specific issues. Device-specific information
includes the model of the device, operating system version, unique device identifiers (like
IP address), and browser type.
9
1.2.2. Usage Data
The purpose of gathering data on user interactions with the app is to track its
effectiveness, find areas for development, comprehend user behavior and preferences,
and improve the overall user experience. This data includes the functionality used, pages
visited, and frequency of interactions.
1.2.3. Log Data
Log files that record system actions, which may contain error reports, crash information,
and other diagnostic data, are collected to diagnose and resolve technical issues and
system errors, perform regular maintenance and updates, and conduct security audits
and monitor for any suspicious activity.
1.2.4. Location Data
GPS data or location data derived from an IP address, whether specific (e.g., coordinates)
or general (e.g., city), is gathered in order to offer location-based services and content
tailored to the user's location, analyze location data for platform optimization and market
research, and improve security by monitoring on location data for any odd or suspicious
activity.
1.3. Information from Third Parties
From time to time, StikBook Inc. may obtain information about you from third-party
sources to enhance and provide our services. This information is collected to supplement
the data we already have and to provide a more comprehensive user experience.
1.3.1. Social Media Accounts
Information from your social media accounts (including Facebook and Instagram) when
you link third-party platform accounts with StikBook is collected to enrich your StikBook
profile with additional information from your social media accounts. This data is also used
to enable seamless integration with social media platforms, allowing users to share
content and interact with their social networks, as well as to provide personalized content
recommendations based on your social media activity and interests.
1.2.2. Usage Data
The purpose of gathering data on user interactions with the app is to track its
effectiveness, find areas for development, comprehend user behavior and preferences,
and improve the overall user experience. This data includes the functionality used, pages
visited, and frequency of interactions.
1.2.3. Log Data
Log files that record system actions, which may contain error reports, crash information,
and other diagnostic data, are collected to diagnose and resolve technical issues and
system errors, perform regular maintenance and updates, and conduct security audits
and monitor for any suspicious activity.
1.2.4. Location Data
GPS data or location data derived from an IP address, whether specific (e.g., coordinates)
or general (e.g., city), is gathered in order to offer location-based services and content
tailored to the user's location, analyze location data for platform optimization and market
research, and improve security by monitoring on location data for any odd or suspicious
activity.
1.3. Information from Third Parties
From time to time, StikBook Inc. may obtain information about you from third-party
sources to enhance and provide our services. This information is collected to supplement
the data we already have and to provide a more comprehensive user experience.
1.3.1. Social Media Accounts
Information from your social media accounts (including Facebook and Instagram) when
you link third-party platform accounts with StikBook is collected to enrich your StikBook
profile with additional information from your social media accounts. This data is also used
to enable seamless integration with social media platforms, allowing users to share
content and interact with their social networks, as well as to provide personalized content
recommendations based on your social media activity and interests.
10
1.3.2. Non-Listed Payment Processors
Information from third-party payment providers used for processing and validating your
payment transactions is collected to verify and validate payment transactions to ensure
accuracy and prevent fraud, generate and send accurate billing statements and invoices,
and comply with financial regulations and record-keeping requirements.
1.3.3. Advertising Partners
Information from advertising partners about your interactions with advertisements and
promotional content is collected to deliver personalized advertisements based on your
interests and interactions with ads, analyze the effectiveness of advertising campaigns,
and optimize ad strategies. This data is also used to gain insights into audience behavior
and preferences for targeted marketing efforts.
1.3.4. Analytics Providers
Information from third-party analytics providers about your usage and interaction with
the App is collected to analyze user behavior and interaction patterns to improve the
App's functionality and user experience, develop new features, optimize existing ones,
and monitor the performance of the App.
1.3.5. Publicly Available Sources
Information from publicly available sources, such as public profiles, websites, and online
directories, is collected to supplement user profiles with additional publicly available
information, conduct market research and analysis for business development purposes,
and verify the accuracy of user-provided information to ensure data integrity.
2. How We Use Your Information
StikBook Inc. uses the personal information collected from users for various purposes to
provide, maintain, and enhance the functionality of the App, as well as to comply with
legal obligations. The detailed uses are outlined below:
1.3.2. Non-Listed Payment Processors
Information from third-party payment providers used for processing and validating your
payment transactions is collected to verify and validate payment transactions to ensure
accuracy and prevent fraud, generate and send accurate billing statements and invoices,
and comply with financial regulations and record-keeping requirements.
1.3.3. Advertising Partners
Information from advertising partners about your interactions with advertisements and
promotional content is collected to deliver personalized advertisements based on your
interests and interactions with ads, analyze the effectiveness of advertising campaigns,
and optimize ad strategies. This data is also used to gain insights into audience behavior
and preferences for targeted marketing efforts.
1.3.4. Analytics Providers
Information from third-party analytics providers about your usage and interaction with
the App is collected to analyze user behavior and interaction patterns to improve the
App's functionality and user experience, develop new features, optimize existing ones,
and monitor the performance of the App.
1.3.5. Publicly Available Sources
Information from publicly available sources, such as public profiles, websites, and online
directories, is collected to supplement user profiles with additional publicly available
information, conduct market research and analysis for business development purposes,
and verify the accuracy of user-provided information to ensure data integrity.
2. How We Use Your Information
StikBook Inc. uses the personal information collected from users for various purposes to
provide, maintain, and enhance the functionality of the App, as well as to comply with
legal obligations. The detailed uses are outlined below:
11
2.1. Provision of Services
Personal information is used by StikBook Inc. to provide services including transaction
processing, customer assistance, account maintenance, and guaranteeing the App's
availability and operation. Personal data is used to give customer support services,
answer questions, troubleshoot problems, and handle complaints. It also aids in the
management of user accounts, including verification and authentication. Additionally, it
makes financial transactions possible, such as in-app purchases and subscription
payments. Personal information also facilitates system updates and maintenance, which
helps guarantee the App's availability.
2.1.1. Media Sharing and Social Functionality
StikBook Inc. collects personal information to enable media sharing and enhance social
interactions on the platform. This includes sharing content such as photos, videos, and
audio, and providing messaging services that facilitate user communication. Personal
information also supports social networking features, allowing users to connect with
others, follow profiles, and engage in interactions.
2.2. Tailoring and Modifying
Personal information allows StikBook Inc. to personalize user experiences, tailoring
content recommendations based on user interests, interactions, and profiles. It helps
customize user experiences by adjusting features and updates to individual preferences.
Personal data also allows for ad personalization, delivering tailored advertisements and
promotional content. Additionally, StikBook Inc. uses personal data to gather and analyze
user feedback for developing new features and improving existing ones. Usage data helps
identify opportunities for platform optimization.
2.1. Provision of Services
Personal information is used by StikBook Inc. to provide services including transaction
processing, customer assistance, account maintenance, and guaranteeing the App's
availability and operation. Personal data is used to give customer support services,
answer questions, troubleshoot problems, and handle complaints. It also aids in the
management of user accounts, including verification and authentication. Additionally, it
makes financial transactions possible, such as in-app purchases and subscription
payments. Personal information also facilitates system updates and maintenance, which
helps guarantee the App's availability.
2.1.1. Media Sharing and Social Functionality
StikBook Inc. collects personal information to enable media sharing and enhance social
interactions on the platform. This includes sharing content such as photos, videos, and
audio, and providing messaging services that facilitate user communication. Personal
information also supports social networking features, allowing users to connect with
others, follow profiles, and engage in interactions.
2.2. Tailoring and Modifying
Personal information allows StikBook Inc. to personalize user experiences, tailoring
content recommendations based on user interests, interactions, and profiles. It helps
customize user experiences by adjusting features and updates to individual preferences.
Personal data also allows for ad personalization, delivering tailored advertisements and
promotional content. Additionally, StikBook Inc. uses personal data to gather and analyze
user feedback for developing new features and improving existing ones. Usage data helps
identify opportunities for platform optimization.
12
2.3. Analytics and Improvement
StikBook Inc. uses personal information for performance monitoring, including
monitoring the App’s system performance to identify areas for improvement, diagnosing
errors, resolving technical issues, and conducting security audits. Personal data also helps
analyze user behavior to understand interaction patterns and preferences. It supports
engagement strategies and market research efforts to enhance user retention and inform
business development.
2.4. Marketing and Communication
StikBook Inc. uses personal information for marketing purposes, sending promotional
content, marketing communications, and updates about new features, in line with user
preferences and legal requirements. It also manages subscription preferences for
marketing communications. Furthermore, personal information is used for user
communications, including important service announcements, updates, and surveys to
collect user feedback.
2.5. Compliance with Applicable Law
In accordance with Canadian privacy laws such as PIPEDA and CASL, personal information
is processed to fulfill legal requirements. In addition, it facilitates the processing of legal
requests from courts, regulatory organizations, and law enforcement. By putting security
measures in place to safeguard user data and stop unwanted access, StikBook Inc. uses
personal data to identify and stop fraudulent activity.
3. Sharing Your Information
StikBook Inc. may share personal information with third parties to provide and enhance
the App’s functionality, comply with legal obligations, and protect the rights and safety of
users.
2.3. Analytics and Improvement
StikBook Inc. uses personal information for performance monitoring, including
monitoring the App’s system performance to identify areas for improvement, diagnosing
errors, resolving technical issues, and conducting security audits. Personal data also helps
analyze user behavior to understand interaction patterns and preferences. It supports
engagement strategies and market research efforts to enhance user retention and inform
business development.
2.4. Marketing and Communication
StikBook Inc. uses personal information for marketing purposes, sending promotional
content, marketing communications, and updates about new features, in line with user
preferences and legal requirements. It also manages subscription preferences for
marketing communications. Furthermore, personal information is used for user
communications, including important service announcements, updates, and surveys to
collect user feedback.
2.5. Compliance with Applicable Law
In accordance with Canadian privacy laws such as PIPEDA and CASL, personal information
is processed to fulfill legal requirements. In addition, it facilitates the processing of legal
requests from courts, regulatory organizations, and law enforcement. By putting security
measures in place to safeguard user data and stop unwanted access, StikBook Inc. uses
personal data to identify and stop fraudulent activity.
3. Sharing Your Information
StikBook Inc. may share personal information with third parties to provide and enhance
the App’s functionality, comply with legal obligations, and protect the rights and safety of
users.
13
3.1. Service Contractors
StikBook Inc. Third-party service providers to help with analytics, hosting, data storage,
and payment processing. While analytics providers assist in analyzing user behavior,
hosting providers supply the infrastructure required to host the application. Financial
transactions are managed by payment processors. Service providers are required by
StikBook Inc. to sign confidentiality agreements, guaranteeing that personal data is
utilized solely for its intended purpose and safeguarded by suitable security measures.
3.2. Legal and Regulatory Disclosures
Legal requirements, such as subpoenas, court orders, or other government demands, may
mandate the disclosure of personal information. In any investigation pertaining to fraud,
criminal activity, or other legal problems, StikBook Inc. may collaborate with law
enforcement and regulatory organizations. In addition to defending the company's legal
rights, personal information may also be provided to safeguard user safety and public
security.
3.3. Business Transfers
Personal data may be transferred along with corporate assets in the case of a merger,
acquisition, or business change. The requirements of this privacy policy and the
implementation of privacy measures will need to be adhered to by the new company.
Subject to legal and privacy safeguards, personal data may be transferred as part of asset
liquidation in bankruptcy or insolvency cases.
4. Data Retention and Deletion
StikBook Inc. is committed to retaining personal information only for as long as necessary
to fulfill the purposes for which it was collected, comply with legal obligations, resolve
disputes, and enforce agreements. The detailed data retention and deletion practices are
outlined below:
3.1. Service Contractors
StikBook Inc. Third-party service providers to help with analytics, hosting, data storage,
and payment processing. While analytics providers assist in analyzing user behavior,
hosting providers supply the infrastructure required to host the application. Financial
transactions are managed by payment processors. Service providers are required by
StikBook Inc. to sign confidentiality agreements, guaranteeing that personal data is
utilized solely for its intended purpose and safeguarded by suitable security measures.
3.2. Legal and Regulatory Disclosures
Legal requirements, such as subpoenas, court orders, or other government demands, may
mandate the disclosure of personal information. In any investigation pertaining to fraud,
criminal activity, or other legal problems, StikBook Inc. may collaborate with law
enforcement and regulatory organizations. In addition to defending the company's legal
rights, personal information may also be provided to safeguard user safety and public
security.
3.3. Business Transfers
Personal data may be transferred along with corporate assets in the case of a merger,
acquisition, or business change. The requirements of this privacy policy and the
implementation of privacy measures will need to be adhered to by the new company.
Subject to legal and privacy safeguards, personal data may be transferred as part of asset
liquidation in bankruptcy or insolvency cases.
4. Data Retention and Deletion
StikBook Inc. is committed to retaining personal information only for as long as necessary
to fulfill the purposes for which it was collected, comply with legal obligations, resolve
disputes, and enforce agreements. The detailed data retention and deletion practices are
outlined below:
14
4.1. Retention Periods
Personal data is retained only for the duration necessary to fulfill the purposes for which
it was collected, as outlined in this Privacy Policy. Retention periods may vary based on
legal requirements, industry standards, and regulatory obligations. Specifically, account
information is retained for as long as the user maintains an active account on the App,
and upon account deletion, personal information will be securely deleted or anonymized,
except where retention is required by law. Payment information is retained for the
duration necessary to complete transactions and maintain accurate financial records, as
required by financial regulations. User content is retained as long as necessary to provide
services and facilitate user interactions, and it will be deleted or anonymized upon user
request or account deletion, subject to legal retention obligations. Communications data
is retained for a period necessary to address user inquiries, provide customer support,
and comply with legal requirements. Log data is retained for security audits, error
diagnosis, and system maintenance.
4.2. Anonymization and Deletion
Anonymized personal data is used to enable statistical analysis and research without
identifying specific users when it is no longer required for its intended use. Anonymized
data can be utilized for analytics, research, and enhancing the usability and functioning
of the app. Users may request that StikBook Inc. remove their personal data, and the
company will consider and handle this request in compliance with relevant legal
requirements and data retention guidelines. To guarantee that it cannot be retrieved or
accessed, personal data will be safely erased from StikBook Inc.'s systems using industry-
standard techniques.
4.1. Retention Periods
Personal data is retained only for the duration necessary to fulfill the purposes for which
it was collected, as outlined in this Privacy Policy. Retention periods may vary based on
legal requirements, industry standards, and regulatory obligations. Specifically, account
information is retained for as long as the user maintains an active account on the App,
and upon account deletion, personal information will be securely deleted or anonymized,
except where retention is required by law. Payment information is retained for the
duration necessary to complete transactions and maintain accurate financial records, as
required by financial regulations. User content is retained as long as necessary to provide
services and facilitate user interactions, and it will be deleted or anonymized upon user
request or account deletion, subject to legal retention obligations. Communications data
is retained for a period necessary to address user inquiries, provide customer support,
and comply with legal requirements. Log data is retained for security audits, error
diagnosis, and system maintenance.
4.2. Anonymization and Deletion
Anonymized personal data is used to enable statistical analysis and research without
identifying specific users when it is no longer required for its intended use. Anonymized
data can be utilized for analytics, research, and enhancing the usability and functioning
of the app. Users may request that StikBook Inc. remove their personal data, and the
company will consider and handle this request in compliance with relevant legal
requirements and data retention guidelines. To guarantee that it cannot be retrieved or
accessed, personal data will be safely erased from StikBook Inc.'s systems using industry-
standard techniques.
15
4.3. Legal and Regulatory Compliance
StikBook Inc. keeps personal information for as long as is required to fulfill legal
requirements, including those pertaining to data protection, finance, and tax laws. In
order to comply with regulatory obligations, retention periods for records of transactions,
communications, and user interactions may be extended. In the event of legal actions or
investigations, personal data may be kept until the problem is resolved. It may also be
kept for the length of time required to settle disputes and uphold agreements.
5. Your Data Rights
Under applicable data protection laws, including the Personal Information Protection and
Electronic Documents Act (PIPEDA), users have certain rights regarding their personal
information. StikBook Inc. is committed to respecting and facilitating these rights.
5.1. Right of Access
Users have the right to request access to their personal information held by StikBook Inc.,
including information about the data collected, the purposes of processing, and any third
parties with whom the data has been shared. StikBook Inc. will respond to access requests
within the time frame specified by applicable laws and provide the requested information
in a structured, commonly used, and machine-readable format. Users may request a copy
of their personal information in a format that allows for easy review and transfer, and
StikBook Inc. is committed to transparency in data processing, providing users with clear
and understandable information about their data.
5.2. Right of Correction
Users have the right to request the correction or amendment of their personal data if it
is inaccurate or incomplete. StikBook Inc. will promptly update or correct any inaccuracies
in user data upon receiving a valid request. The company takes reasonable steps to ensure
that personal data is accurate, complete, and up-to-date, and users are encouraged to
keep their personal information up-to-date and accurate by notifying StikBook Inc. of any
changes.
4.3. Legal and Regulatory Compliance
StikBook Inc. keeps personal information for as long as is required to fulfill legal
requirements, including those pertaining to data protection, finance, and tax laws. In
order to comply with regulatory obligations, retention periods for records of transactions,
communications, and user interactions may be extended. In the event of legal actions or
investigations, personal data may be kept until the problem is resolved. It may also be
kept for the length of time required to settle disputes and uphold agreements.
5. Your Data Rights
Under applicable data protection laws, including the Personal Information Protection and
Electronic Documents Act (PIPEDA), users have certain rights regarding their personal
information. StikBook Inc. is committed to respecting and facilitating these rights.
5.1. Right of Access
Users have the right to request access to their personal information held by StikBook Inc.,
including information about the data collected, the purposes of processing, and any third
parties with whom the data has been shared. StikBook Inc. will respond to access requests
within the time frame specified by applicable laws and provide the requested information
in a structured, commonly used, and machine-readable format. Users may request a copy
of their personal information in a format that allows for easy review and transfer, and
StikBook Inc. is committed to transparency in data processing, providing users with clear
and understandable information about their data.
5.2. Right of Correction
Users have the right to request the correction or amendment of their personal data if it
is inaccurate or incomplete. StikBook Inc. will promptly update or correct any inaccuracies
in user data upon receiving a valid request. The company takes reasonable steps to ensure
that personal data is accurate, complete, and up-to-date, and users are encouraged to
keep their personal information up-to-date and accurate by notifying StikBook Inc. of any
changes.
16
5.3. Right to Withdraw Consent
Where StikBook Inc. relies on user consent to process personal data, users have the right
to withdraw that consent at any time. Withdrawal of consent may affect the functionality
of certain services offered by the App, and StikBook Inc. will inform users of any such
impact. Users can also opt out of receiving marketing communications by following the
unsubscribe instructions provided in each message, and they can manage their cookie
preferences through browser settings or the App's cookie management tools.
5.4. Right to Request Deletion
Users have the right to request the deletion of their personal data, and StikBook Inc. will
evaluate and process such requests in accordance with applicable laws and data retention
policies. Deletion requests may be subject to legal and regulatory restrictions, including
data retention obligations. Personal data will be securely deleted from StikBook Inc.'s
systems using industry-standard methods to ensure that it cannot be recovered or
accessed, and users will receive confirmation once their data has been deleted.
5.5. Right to Data Portability
Users have the right to request the transfer of their personal data to another service
provider in a structured, commonly used, and machine-readable format, and StikBook
Inc. will facilitate data transfer requests where technically feasible. Data portability allows
users to have greater control over their personal information and facilitates the transfer
of data between service providers. StikBook Inc. aims to ensure interoperability by
providing data in formats that are widely accepted and used.
5.6. Right to Object to Processing
Users have the right to object to the processing of their personal information on grounds
relating to their particular situation. Users can object to the processing of their data for
direct marketing purposes at any time. StikBook Inc. will evaluate and respond to
objections to processing in accordance with applicable laws. If a valid objection is raised,
StikBook Inc. will cease processing the personal data in question, unless there are
compelling legitimate grounds for the processing or it is required by law.
5.3. Right to Withdraw Consent
Where StikBook Inc. relies on user consent to process personal data, users have the right
to withdraw that consent at any time. Withdrawal of consent may affect the functionality
of certain services offered by the App, and StikBook Inc. will inform users of any such
impact. Users can also opt out of receiving marketing communications by following the
unsubscribe instructions provided in each message, and they can manage their cookie
preferences through browser settings or the App's cookie management tools.
5.4. Right to Request Deletion
Users have the right to request the deletion of their personal data, and StikBook Inc. will
evaluate and process such requests in accordance with applicable laws and data retention
policies. Deletion requests may be subject to legal and regulatory restrictions, including
data retention obligations. Personal data will be securely deleted from StikBook Inc.'s
systems using industry-standard methods to ensure that it cannot be recovered or
accessed, and users will receive confirmation once their data has been deleted.
5.5. Right to Data Portability
Users have the right to request the transfer of their personal data to another service
provider in a structured, commonly used, and machine-readable format, and StikBook
Inc. will facilitate data transfer requests where technically feasible. Data portability allows
users to have greater control over their personal information and facilitates the transfer
of data between service providers. StikBook Inc. aims to ensure interoperability by
providing data in formats that are widely accepted and used.
5.6. Right to Object to Processing
Users have the right to object to the processing of their personal information on grounds
relating to their particular situation. Users can object to the processing of their data for
direct marketing purposes at any time. StikBook Inc. will evaluate and respond to
objections to processing in accordance with applicable laws. If a valid objection is raised,
StikBook Inc. will cease processing the personal data in question, unless there are
compelling legitimate grounds for the processing or it is required by law.
17
5.7. Exercising Your Rights
Users can exercise their data rights by contacting StikBook Inc. at [Insert Contact
Information]. StikBook Inc. is committed to providing support and assistance to users in
exercising their data rights. The company will respond to user requests in accordance with
the legal deadlines specified by applicable data protection laws and is dedicated to
resolving any issues or concerns raised by users regarding their personal data.
6. Cookies and Other Tracking Technologies
Cookies, pixels, and other tracking technologies are used in connection with the App to
enhance your experience and gather information about usage of the App. With these
technologies, we are capable to:
6.1. Types of Cookies
Essential Cookies: Necessary for the operation of the App and enable you to use its core
features, such as account login and content posting. Analytical Cookies: Help us
understand how users interact with the App by collecting anonymized usage data.
Advertising Cookies: Used to deliver personalized advertisements based on your activity
within the App and across other websites.
6.2. Managing Cookies
Most web browsers automatically accept cookies, but you can modify your browser
settings to decline cookies or alert you when cookies are being sent. If you choose to
disable cookies, certain features of the App may not function properly. For further
information on managing cookies and other tracking technologies, please refer to your
browser’s help documentation.
5.7. Exercising Your Rights
Users can exercise their data rights by contacting StikBook Inc. at [Insert Contact
Information]. StikBook Inc. is committed to providing support and assistance to users in
exercising their data rights. The company will respond to user requests in accordance with
the legal deadlines specified by applicable data protection laws and is dedicated to
resolving any issues or concerns raised by users regarding their personal data.
6. Cookies and Other Tracking Technologies
Cookies, pixels, and other tracking technologies are used in connection with the App to
enhance your experience and gather information about usage of the App. With these
technologies, we are capable to:
6.1. Types of Cookies
Essential Cookies: Necessary for the operation of the App and enable you to use its core
features, such as account login and content posting. Analytical Cookies: Help us
understand how users interact with the App by collecting anonymized usage data.
Advertising Cookies: Used to deliver personalized advertisements based on your activity
within the App and across other websites.
6.2. Managing Cookies
Most web browsers automatically accept cookies, but you can modify your browser
settings to decline cookies or alert you when cookies are being sent. If you choose to
disable cookies, certain features of the App may not function properly. For further
information on managing cookies and other tracking technologies, please refer to your
browser’s help documentation.
18
7. International Data Transfers
StikBook Inc. recognizes that personal data may be transferred to and processed in
countries outside of Canada, including the United States and other jurisdictions where
our service providers are located. We take appropriate measures to ensure that
international data transfers comply with applicable data protection laws and provide
adequate protection for personal data. The detailed international data transfer practices
are outlined below:
7.1. Legal Mechanisms for Data Transfers
Standard Contractual Clauses (SCCs): Standard Contractual Clauses (SCCs) are legal
mechanisms approved by the European Commission to facilitate the transfer of personal
data from the European Economic Area (EEA) to third countries that do not provide an
adequate level of data protection. StikBook Inc. incorporates SCCs into data processing
agreements with service providers and partners located outside of Canada. This ensures
that personal data transferred to these entities is subject to contractual obligations that
provide an equivalent level of data protection. Adequacy Decisions: An adequacy decision
is a determination by the European Commission that a third country provides an adequate
level of data protection, allowing for the free flow of personal data between the EEA and
that country. StikBook Inc. relies on adequacy decisions for data transfers to countries
that have been recognized by the European Commission as providing adequate data
protection. This ensures that personal data transferred to these countries is protected in
accordance with EU data protection standards. Binding Corporate Rules (BCRs): Binding
Corporate Rules (BCRs) are internal rules adopted by multinational organizations to
ensure that personal data transferred within the group is protected in accordance with
EU data protection standards. StikBook Inc. may adopt BCRs to facilitate the transfer of
personal data between its affiliated entities located in different jurisdictions. BCRs are
subject to approval by data protection authorities and provide a consistent level of data
protection across the organization.
7. International Data Transfers
StikBook Inc. recognizes that personal data may be transferred to and processed in
countries outside of Canada, including the United States and other jurisdictions where
our service providers are located. We take appropriate measures to ensure that
international data transfers comply with applicable data protection laws and provide
adequate protection for personal data. The detailed international data transfer practices
are outlined below:
7.1. Legal Mechanisms for Data Transfers
Standard Contractual Clauses (SCCs): Standard Contractual Clauses (SCCs) are legal
mechanisms approved by the European Commission to facilitate the transfer of personal
data from the European Economic Area (EEA) to third countries that do not provide an
adequate level of data protection. StikBook Inc. incorporates SCCs into data processing
agreements with service providers and partners located outside of Canada. This ensures
that personal data transferred to these entities is subject to contractual obligations that
provide an equivalent level of data protection. Adequacy Decisions: An adequacy decision
is a determination by the European Commission that a third country provides an adequate
level of data protection, allowing for the free flow of personal data between the EEA and
that country. StikBook Inc. relies on adequacy decisions for data transfers to countries
that have been recognized by the European Commission as providing adequate data
protection. This ensures that personal data transferred to these countries is protected in
accordance with EU data protection standards. Binding Corporate Rules (BCRs): Binding
Corporate Rules (BCRs) are internal rules adopted by multinational organizations to
ensure that personal data transferred within the group is protected in accordance with
EU data protection standards. StikBook Inc. may adopt BCRs to facilitate the transfer of
personal data between its affiliated entities located in different jurisdictions. BCRs are
subject to approval by data protection authorities and provide a consistent level of data
protection across the organization.
19
7.2. Data Protection Safeguards
Data Minimization: Data minimization is the practice of collecting and processing only the
personal data necessary to achieve the intended purpose. StikBook Inc. applies data
minimization principles to all international data transfers, ensuring that only the
minimum amount of personal data necessary is transferred and processed. Data
Encryption: Data encryption is the process of converting data into a secure format that
cannot be easily accessed or understood by unauthorized parties. Personal data
transferred internationally is encrypted using industry-standard encryption protocols.
This ensures that data remains secure during transit and storage. Data Access Controls:
Data access controls are measures implemented to restrict access to personal data to
authorized personnel only. StikBook Inc. enforces strict access controls for personal data
transferred internationally. Access is granted based on the principle of least privilege and
is regularly reviewed to ensure compliance with security policies.
7.3. User Rights and Compliance
User Rights: When it comes to their personal data, users have certain rights. These rights
include the ability to access, edit, and remove their data as well as the ability to object to
processing and data transfers. StikBook Inc. is dedicated to upholding and promoting user
rights when transferring data internationally. By contacting StikBook Inc. at [Insert
Contact Information], users may make use of their rights. compliance Monitoring: To
make sure that data protection procedures are in compliance with relevant laws and
regulations, compliance monitoring entails routinely checking and evaluating data
protection processes. StikBook Inc. regularly analyzes and evaluates compliance to make
sure that data transfers across borders are compliant with data protection regulations.
Issues that are found are quickly addressed and fixed.
7.2. Data Protection Safeguards
Data Minimization: Data minimization is the practice of collecting and processing only the
personal data necessary to achieve the intended purpose. StikBook Inc. applies data
minimization principles to all international data transfers, ensuring that only the
minimum amount of personal data necessary is transferred and processed. Data
Encryption: Data encryption is the process of converting data into a secure format that
cannot be easily accessed or understood by unauthorized parties. Personal data
transferred internationally is encrypted using industry-standard encryption protocols.
This ensures that data remains secure during transit and storage. Data Access Controls:
Data access controls are measures implemented to restrict access to personal data to
authorized personnel only. StikBook Inc. enforces strict access controls for personal data
transferred internationally. Access is granted based on the principle of least privilege and
is regularly reviewed to ensure compliance with security policies.
7.3. User Rights and Compliance
User Rights: When it comes to their personal data, users have certain rights. These rights
include the ability to access, edit, and remove their data as well as the ability to object to
processing and data transfers. StikBook Inc. is dedicated to upholding and promoting user
rights when transferring data internationally. By contacting StikBook Inc. at [Insert
Contact Information], users may make use of their rights. compliance Monitoring: To
make sure that data protection procedures are in compliance with relevant laws and
regulations, compliance monitoring entails routinely checking and evaluating data
protection processes. StikBook Inc. regularly analyzes and evaluates compliance to make
sure that data transfers across borders are compliant with data protection regulations.
Issues that are found are quickly addressed and fixed.
20
7.4. Third-Party Service Providers
The process of assessing third-party service providers to make sure they abide by data
privacy laws and regulations is known as "due diligence." StikBook Inc. thoroughly
investigates outside service providers before transferring data internationally. This
includes assessing their security protocols, data protection policies, and legal compliance.
Data Processing Agreements: Contractual documents known as data processing
agreements (DPAs) specify the duties and obligations of data controllers and processors.
StikBook Inc. signs DPAs with outside service providers that handle cross-border data
transfers. DPAs contain clauses pertaining to security, data protection, and legal
compliance.
8. Data Security
StikBook Inc. is committed to protecting the security and integrity of your personal
information by implementing robust technical, administrative, and physical safeguards.
These measures are designed to prevent unauthorized access, disclosure, alteration, and
destruction of personal data. The detailed data security practices are outlined below:
8.1. Technical Safeguards
8.1.1. Encryption
Data in Transit: To secure sensitive data while it's being transmitted over public networks,
we employ industry-standard encryption methods like Secure Sockets Layer (SSL) and
Transport Layer Security (TLS). This guarantees that sensitive information, like credit card
numbers and personal IDs, is encrypted and impervious to interception or manipulation
by unapproved entities. Data at Rest: We use modern encryption standards (AES) to
secure personal data that is stored on our servers and databases. This guarantees that
the data is safe and unreadable by unauthorized parties even in the event that physical
security measures are breached.
7.4. Third-Party Service Providers
The process of assessing third-party service providers to make sure they abide by data
privacy laws and regulations is known as "due diligence." StikBook Inc. thoroughly
investigates outside service providers before transferring data internationally. This
includes assessing their security protocols, data protection policies, and legal compliance.
Data Processing Agreements: Contractual documents known as data processing
agreements (DPAs) specify the duties and obligations of data controllers and processors.
StikBook Inc. signs DPAs with outside service providers that handle cross-border data
transfers. DPAs contain clauses pertaining to security, data protection, and legal
compliance.
8. Data Security
StikBook Inc. is committed to protecting the security and integrity of your personal
information by implementing robust technical, administrative, and physical safeguards.
These measures are designed to prevent unauthorized access, disclosure, alteration, and
destruction of personal data. The detailed data security practices are outlined below:
8.1. Technical Safeguards
8.1.1. Encryption
Data in Transit: To secure sensitive data while it's being transmitted over public networks,
we employ industry-standard encryption methods like Secure Sockets Layer (SSL) and
Transport Layer Security (TLS). This guarantees that sensitive information, like credit card
numbers and personal IDs, is encrypted and impervious to interception or manipulation
by unapproved entities. Data at Rest: We use modern encryption standards (AES) to
secure personal data that is stored on our servers and databases. This guarantees that
the data is safe and unreadable by unauthorized parties even in the event that physical
security measures are breached.
21
8.1.2. Access Controls
Authentication: Access to personal information is restricted to authorized personnel only.
We implement multi-factor authentication (MFA) to ensure that only authorized users
can access sensitive data. This involves the use of two or more verification methods, such
as passwords, security tokens, or biometric scans. Role-Based Access Control (RBAC):
Access to personal information is granted based on the principle of least privilege. Users
are granted access only to the data and resources necessary to perform their job
functions. Access rights are regularly reviewed and updated to reflect changes in job roles
and responsibilities. Audit Logs: All access to personal information is logged and
monitored. Audit logs capture details such as the identity of the user accessing the data,
the date and time of access, and the actions performed. These logs are regularly reviewed
to detect any unauthorized access or suspicious activity.
8.1.3. Network Security
Firewalls: We use firewalls to defend our network infrastructure from hacker attacks and
illegal access. Firewalls are set up to only let through authorized traffic and to stop any
malicious attempts to access the network. Intrusion Detection and Prevention Systems
(IDPS) are designed to keep an eye on network traffic and look for any indications of
questionable activities or possible security breaches. Threats that are identified are
automatically prevented, and notifications are provided for more research. DDoS
Protection: To lessen the effects of DDoS assaults and guarantee the availability of our
services, we have put in place measures to prevent Distributed Denial of Service (DDoS).
8.1.2. Access Controls
Authentication: Access to personal information is restricted to authorized personnel only.
We implement multi-factor authentication (MFA) to ensure that only authorized users
can access sensitive data. This involves the use of two or more verification methods, such
as passwords, security tokens, or biometric scans. Role-Based Access Control (RBAC):
Access to personal information is granted based on the principle of least privilege. Users
are granted access only to the data and resources necessary to perform their job
functions. Access rights are regularly reviewed and updated to reflect changes in job roles
and responsibilities. Audit Logs: All access to personal information is logged and
monitored. Audit logs capture details such as the identity of the user accessing the data,
the date and time of access, and the actions performed. These logs are regularly reviewed
to detect any unauthorized access or suspicious activity.
8.1.3. Network Security
Firewalls: We use firewalls to defend our network infrastructure from hacker attacks and
illegal access. Firewalls are set up to only let through authorized traffic and to stop any
malicious attempts to access the network. Intrusion Detection and Prevention Systems
(IDPS) are designed to keep an eye on network traffic and look for any indications of
questionable activities or possible security breaches. Threats that are identified are
automatically prevented, and notifications are provided for more research. DDoS
Protection: To lessen the effects of DDoS assaults and guarantee the availability of our
services, we have put in place measures to prevent Distributed Denial of Service (DDoS).
22
8.2. Administrative Safeguards
8.2.1. Security Policies and Procedures
Information Security Policy: StikBook Inc. has established a comprehensive Information
Security Policy that outlines the security measures and practices to be followed by all
employees and contractors. This policy is regularly reviewed and updated to reflect
changes in security threats and technology. Data Protection Policy: A Data Protection
Policy is in place to ensure compliance with data protection laws and regulations. This
policy outlines the procedures for handling, processing, and storing personal data, as well
as the responsibilities of employees and contractors in protecting data. Incident Response
Plan: An Incident Response Plan (IRP) is established to provide a structured approach to
detecting, responding to, and recovering from security incidents. The IRP includes
communication strategies, containment procedures, and recovery protocols.
8.2.2. Training and Awareness
Employee Training: Regular training sessions are conducted to educate employees on
data security best practices, including how to identify and respond to security threats.
Training covers topics such as phishing, social engineering, secure data handling, and the
importance of maintaining strong passwords. Security Awareness Campaigns: Security
awareness campaigns are conducted to promote a culture of security within the
organization. Employees are regularly reminded of their responsibilities in protecting
personal data through emails, posters, and other communication channels.
8.2. Administrative Safeguards
8.2.1. Security Policies and Procedures
Information Security Policy: StikBook Inc. has established a comprehensive Information
Security Policy that outlines the security measures and practices to be followed by all
employees and contractors. This policy is regularly reviewed and updated to reflect
changes in security threats and technology. Data Protection Policy: A Data Protection
Policy is in place to ensure compliance with data protection laws and regulations. This
policy outlines the procedures for handling, processing, and storing personal data, as well
as the responsibilities of employees and contractors in protecting data. Incident Response
Plan: An Incident Response Plan (IRP) is established to provide a structured approach to
detecting, responding to, and recovering from security incidents. The IRP includes
communication strategies, containment procedures, and recovery protocols.
8.2.2. Training and Awareness
Employee Training: Regular training sessions are conducted to educate employees on
data security best practices, including how to identify and respond to security threats.
Training covers topics such as phishing, social engineering, secure data handling, and the
importance of maintaining strong passwords. Security Awareness Campaigns: Security
awareness campaigns are conducted to promote a culture of security within the
organization. Employees are regularly reminded of their responsibilities in protecting
personal data through emails, posters, and other communication channels.
23
8.2.3. Risk Management
Risk Assessments: To identify and assess possible security concerns, regular risk
assessments are carried out. Appropriate risk mitigation strategies are implemented
based on the findings of these assessments. Risk assessments take into account variables
including the possibility and consequence of security threats in addition to the efficiency
of current controls. Vulnerability Management: To find and fix security flaws in our
systems and apps, penetration tests and vulnerability assessments are carried out.
Vulnerabilities are remedied quickly and are ranked according to severity. Software and
systems are updated and patched on a regular basis to guard against known
vulnerabilities.
8.3. Physical Safeguards
8.3.1. Data Center Security
Physical access to data centers is limited to authorized people only due to access controls.
Surveillance cameras, security badges, and biometric authentication are used to control
access. Authorized personnel must accompany visitors to data centers and ensure they
sign in. Environmental Controls: To guarantee that servers and other equipment are
functioning at peak efficiency, data centers are outfitted with environmental controls,
including humidity and temperature monitoring. In order to ensure uninterrupted
electricity in the event of an outage, backup generators and uninterruptible power
supplies (UPS) are installed. Fire Suppression Systems: To guard against fire threats, data
centers employ fire suppression systems. Automatic fire extinguishing systems, smoke
detectors, and fire alarms are some examples of these systems. To guarantee their
effectiveness, fire suppression systems undergo routine testing and maintenance.
8.2.3. Risk Management
Risk Assessments: To identify and assess possible security concerns, regular risk
assessments are carried out. Appropriate risk mitigation strategies are implemented
based on the findings of these assessments. Risk assessments take into account variables
including the possibility and consequence of security threats in addition to the efficiency
of current controls. Vulnerability Management: To find and fix security flaws in our
systems and apps, penetration tests and vulnerability assessments are carried out.
Vulnerabilities are remedied quickly and are ranked according to severity. Software and
systems are updated and patched on a regular basis to guard against known
vulnerabilities.
8.3. Physical Safeguards
8.3.1. Data Center Security
Physical access to data centers is limited to authorized people only due to access controls.
Surveillance cameras, security badges, and biometric authentication are used to control
access. Authorized personnel must accompany visitors to data centers and ensure they
sign in. Environmental Controls: To guarantee that servers and other equipment are
functioning at peak efficiency, data centers are outfitted with environmental controls,
including humidity and temperature monitoring. In order to ensure uninterrupted
electricity in the event of an outage, backup generators and uninterruptible power
supplies (UPS) are installed. Fire Suppression Systems: To guard against fire threats, data
centers employ fire suppression systems. Automatic fire extinguishing systems, smoke
detectors, and fire alarms are some examples of these systems. To guarantee their
effectiveness, fire suppression systems undergo routine testing and maintenance.
24
8.3.2. Device Security
Secure Disposal: Devices and media containing personal data are securely disposed of
when no longer needed. Secure disposal methods include data wiping, degaussing, and
physical destruction. Devices are checked to ensure that all data has been irreversibly
erased before disposal. Mobile Device Management (MDM): MDM solutions are
implemented to manage and secure mobile devices used by employees. This includes
enforcing security policies, encrypting data, and remotely wiping data in case of loss or
theft. MDM solutions also allow for the monitoring and management of installed
applications to ensure compliance with security policies.
8.4. Security Audits
8.4.1. Regular Assessments
Security Assessments: StikBook Inc. regularly conducts security assessments to evaluate
the effectiveness of our security measures and identify potential risks. Assessments are
conducted by both internal teams and external security experts. Vulnerability Testing:
Regular vulnerability testing is performed to identify and address security weaknesses in
our systems and applications. Testing includes automated scans, manual testing, and
penetration testing to simulate real-world attack scenarios.
8.4.2. Continuous Monitoring
Security Monitoring: Continuous monitoring of our systems and networks is performed
to detect and respond to security incidents in real-time. Monitoring includes the use of
security information and event management (SIEM) systems, which aggregate and
analyze security data from multiple sources. Incident Response: In the event of a security
incident, our Incident Response Plan is activated to contain and mitigate the impact of
the incident. Incident response activities include identifying the cause of the incident,
isolating affected systems, and restoring normal operations.
8.3.2. Device Security
Secure Disposal: Devices and media containing personal data are securely disposed of
when no longer needed. Secure disposal methods include data wiping, degaussing, and
physical destruction. Devices are checked to ensure that all data has been irreversibly
erased before disposal. Mobile Device Management (MDM): MDM solutions are
implemented to manage and secure mobile devices used by employees. This includes
enforcing security policies, encrypting data, and remotely wiping data in case of loss or
theft. MDM solutions also allow for the monitoring and management of installed
applications to ensure compliance with security policies.
8.4. Security Audits
8.4.1. Regular Assessments
Security Assessments: StikBook Inc. regularly conducts security assessments to evaluate
the effectiveness of our security measures and identify potential risks. Assessments are
conducted by both internal teams and external security experts. Vulnerability Testing:
Regular vulnerability testing is performed to identify and address security weaknesses in
our systems and applications. Testing includes automated scans, manual testing, and
penetration testing to simulate real-world attack scenarios.
8.4.2. Continuous Monitoring
Security Monitoring: Continuous monitoring of our systems and networks is performed
to detect and respond to security incidents in real-time. Monitoring includes the use of
security information and event management (SIEM) systems, which aggregate and
analyze security data from multiple sources. Incident Response: In the event of a security
incident, our Incident Response Plan is activated to contain and mitigate the impact of
the incident. Incident response activities include identifying the cause of the incident,
isolating affected systems, and restoring normal operations.
25
8.4.3. Compliance Audits
Regulatory Audits: Compliance audits are conducted to ensure that our security practices
meet regulatory requirements and industry standards. Audits include reviews of our
policies, procedures, and technical controls. Third-Party Audits: Independent third-party
audits are performed to validate our security practices and provide assurance to our
customers and partners. Audit findings are used to identify areas for improvement and
enhance our security posture.
8.5. User Responsibilities
8.5.1. Account Security
Account Credentials: Users are in charge of safeguarding the confidentiality of their
usernames and passwords. It is recommended to use strong passwords and to change
them frequently. Unauthorized Access: If users believe there has been unauthorised
access to their accounts, they should contact StikBook Inc. right away. Reporting illegal
access as soon as possible enables us to take immediate action to safeguard user data
and stop additional security breaches.
8.5.2. Security Best Practices
Phishing Awareness: In order to protect themselves from becoming victims of phishing
attempts, users should be aware of these attacks and take appropriate safeguards. This
include avoiding unwanted emails, clicking on dubious links, and downloading
attachments from unidentified sources. Device Security: By installing firewalls, updating
software with the most recent security patches, and keeping antivirus software installed,
users may make sure that their devices are safe.
8.4.3. Compliance Audits
Regulatory Audits: Compliance audits are conducted to ensure that our security practices
meet regulatory requirements and industry standards. Audits include reviews of our
policies, procedures, and technical controls. Third-Party Audits: Independent third-party
audits are performed to validate our security practices and provide assurance to our
customers and partners. Audit findings are used to identify areas for improvement and
enhance our security posture.
8.5. User Responsibilities
8.5.1. Account Security
Account Credentials: Users are in charge of safeguarding the confidentiality of their
usernames and passwords. It is recommended to use strong passwords and to change
them frequently. Unauthorized Access: If users believe there has been unauthorised
access to their accounts, they should contact StikBook Inc. right away. Reporting illegal
access as soon as possible enables us to take immediate action to safeguard user data
and stop additional security breaches.
8.5.2. Security Best Practices
Phishing Awareness: In order to protect themselves from becoming victims of phishing
attempts, users should be aware of these attacks and take appropriate safeguards. This
include avoiding unwanted emails, clicking on dubious links, and downloading
attachments from unidentified sources. Device Security: By installing firewalls, updating
software with the most recent security patches, and keeping antivirus software installed,
users may make sure that their devices are safe.
26
9. Children’s Privacy
StikBook Inc. is committed to protecting the privacy of children and complying with
applicable laws and regulations concerning the protection of children's personal
information. Our App is not intended for children under the age of 13, and we do not
knowingly collect personal information from individuals under this age. The detailed
children's privacy practices are outlined below:
9.1. Age Restrictions
9.1.1. Intended Audience
App Usage: The App is designed for use by individuals aged 13 and older. We do not target
or market our services to children under the age of 13. Age Verification: During the
account registration process, users are required to provide their date of birth to verify
that they meet the minimum age requirement. If a user indicates that they are under the
age of 13, the registration process will be terminated, and no personal information will
be collected.
9.2. Collection of Personal Information
9.2.1. Inadvertent Collection
No Intentional Collection: We do not knowingly collect personal information from
children under the age of 13. If we become aware that we have inadvertently collected
personal information from a child under 13 without appropriate parental consent, we will
take immediate steps to delete such information from our systems. Parental Consent: In
cases where the App may be used by children under the age of 13 (e.g., educational
purposes), we will obtain verifiable parental consent before collecting any personal
information from the child. This process involves obtaining consent from a parent or
guardian through methods such as signed consent forms, credit card verification, or other
reliable mechanisms.
9. Children’s Privacy
StikBook Inc. is committed to protecting the privacy of children and complying with
applicable laws and regulations concerning the protection of children's personal
information. Our App is not intended for children under the age of 13, and we do not
knowingly collect personal information from individuals under this age. The detailed
children's privacy practices are outlined below:
9.1. Age Restrictions
9.1.1. Intended Audience
App Usage: The App is designed for use by individuals aged 13 and older. We do not target
or market our services to children under the age of 13. Age Verification: During the
account registration process, users are required to provide their date of birth to verify
that they meet the minimum age requirement. If a user indicates that they are under the
age of 13, the registration process will be terminated, and no personal information will
be collected.
9.2. Collection of Personal Information
9.2.1. Inadvertent Collection
No Intentional Collection: We do not knowingly collect personal information from
children under the age of 13. If we become aware that we have inadvertently collected
personal information from a child under 13 without appropriate parental consent, we will
take immediate steps to delete such information from our systems. Parental Consent: In
cases where the App may be used by children under the age of 13 (e.g., educational
purposes), we will obtain verifiable parental consent before collecting any personal
information from the child. This process involves obtaining consent from a parent or
guardian through methods such as signed consent forms, credit card verification, or other
reliable mechanisms.
27
9.3. Data Deletion Procedures
9.3.1. Identification of Data
Data Audit: If we become aware that personal information from a child under 13 has been
collected, we will conduct a thorough audit of our systems to identify all records and data
associated with the child. Data Deletion Request: Users or parents/guardians can request
the deletion of personal information collected from a child under 13 by contacting us at
[Insert Contact Information]. We will promptly respond to such requests and ensure that
the data is securely deleted in compliance with applicable laws.
9.3.2. Secure Deletion
Data Deletion: Personal information identified as being collected from a child under 13
will be securely deleted from our systems using industry-standard methods to ensure that
it cannot be recovered or accessed. This includes the deletion of data from active
databases, backup systems, and any other storage media. Confirmation: We will provide
confirmation to the parent or guardian once the data has been deleted. This confirmation
will include details of the actions taken to remove the data from our systems.
9.4. Compliance with Applicable Laws
9.4.1. Children’s Online Privacy Protection Act (COPPA)
Legal Framework: We comply with the Children’s Online Privacy Protection Act (COPPA),
which regulates the collection, use, and disclosure of personal information from children
under the age of 13. COPPA requires us to obtain verifiable parental consent before
collecting any personal information from children under 13. COPPA Requirements: In
accordance with COPPA, we provide parents with the right to review the personal
information collected from their child, request the deletion of such information, and
withdraw consent for further collection or use of the information.
9.3. Data Deletion Procedures
9.3.1. Identification of Data
Data Audit: If we become aware that personal information from a child under 13 has been
collected, we will conduct a thorough audit of our systems to identify all records and data
associated with the child. Data Deletion Request: Users or parents/guardians can request
the deletion of personal information collected from a child under 13 by contacting us at
[Insert Contact Information]. We will promptly respond to such requests and ensure that
the data is securely deleted in compliance with applicable laws.
9.3.2. Secure Deletion
Data Deletion: Personal information identified as being collected from a child under 13
will be securely deleted from our systems using industry-standard methods to ensure that
it cannot be recovered or accessed. This includes the deletion of data from active
databases, backup systems, and any other storage media. Confirmation: We will provide
confirmation to the parent or guardian once the data has been deleted. This confirmation
will include details of the actions taken to remove the data from our systems.
9.4. Compliance with Applicable Laws
9.4.1. Children’s Online Privacy Protection Act (COPPA)
Legal Framework: We comply with the Children’s Online Privacy Protection Act (COPPA),
which regulates the collection, use, and disclosure of personal information from children
under the age of 13. COPPA requires us to obtain verifiable parental consent before
collecting any personal information from children under 13. COPPA Requirements: In
accordance with COPPA, we provide parents with the right to review the personal
information collected from their child, request the deletion of such information, and
withdraw consent for further collection or use of the information.
28
9.4.2. General Data Protection Regulation (GDPR)
Legal Framework: For users located in the European Economic Area (EEA), we comply with
the General Data Protection Regulation (GDPR), which includes specific provisions for the
protection of children's personal data. Under the GDPR, the age of consent for data
processing is 16, but member states may set a lower age limit, provided it is not below
13. Parental Consent: Where required by the GDPR, we obtain parental consent before
collecting personal data from children under the applicable age of consent. We also
provide parents with the rights to access, rectify, and delete their child's personal data.
9.5. Reporting and Addressing Concerns
9.5.1. Reporting Mechanism
Contact Information: If you believe that we may have collected personal information from
a child under the age of 13 without appropriate parental consent, please contact us
immediately at [Insert Contact Information]. This includes providing details such as the
child's name, the nature of the information collected, and any other relevant information
to help us identify the data in question. Prompt Response: We are committed to promptly
addressing any concerns related to the collection of personal information from children.
Upon receiving a report, we will initiate an investigation to verify the claim and take
appropriate actions to delete the data.
9.5.2. Parental Rights and Controls
Parental Access: Parents or guardians have the right to access and review the personal
information collected from their child. They can request a copy of the information and
verify its accuracy. Data Deletion Requests: Parents or guardians can request the deletion
of their child's personal information at any time. We will comply with such requests in
accordance with applicable laws and our data deletion procedures. Consent Withdrawal:
Parents or guardians have the right to withdraw their consent for the collection and use
of their child's personal information. Upon withdrawal of consent, we will cease any
further collection and use of the data and securely delete the existing information.
9.4.2. General Data Protection Regulation (GDPR)
Legal Framework: For users located in the European Economic Area (EEA), we comply with
the General Data Protection Regulation (GDPR), which includes specific provisions for the
protection of children's personal data. Under the GDPR, the age of consent for data
processing is 16, but member states may set a lower age limit, provided it is not below
13. Parental Consent: Where required by the GDPR, we obtain parental consent before
collecting personal data from children under the applicable age of consent. We also
provide parents with the rights to access, rectify, and delete their child's personal data.
9.5. Reporting and Addressing Concerns
9.5.1. Reporting Mechanism
Contact Information: If you believe that we may have collected personal information from
a child under the age of 13 without appropriate parental consent, please contact us
immediately at [Insert Contact Information]. This includes providing details such as the
child's name, the nature of the information collected, and any other relevant information
to help us identify the data in question. Prompt Response: We are committed to promptly
addressing any concerns related to the collection of personal information from children.
Upon receiving a report, we will initiate an investigation to verify the claim and take
appropriate actions to delete the data.
9.5.2. Parental Rights and Controls
Parental Access: Parents or guardians have the right to access and review the personal
information collected from their child. They can request a copy of the information and
verify its accuracy. Data Deletion Requests: Parents or guardians can request the deletion
of their child's personal information at any time. We will comply with such requests in
accordance with applicable laws and our data deletion procedures. Consent Withdrawal:
Parents or guardians have the right to withdraw their consent for the collection and use
of their child's personal information. Upon withdrawal of consent, we will cease any
further collection and use of the data and securely delete the existing information.
29
9.6. Technical and Organizational Measures
9.6.1. Data Minimization
Collection Limitation: We apply data minimization principles to limit the collection of
personal information to what is necessary for the intended purposes. This reduces the
risk of inadvertently collecting data from children under 13. Purpose Specification: We
clearly define the purposes for which personal information is collected and ensure that
the data collected is relevant and limited to those purposes.
9.6.2. Data Security Measures
Encryption: Personal information is encrypted during transmission and storage to protect
it from unauthorized access and breaches. This includes the use of industry-standard
encryption protocols such as SSL/TLS and AES. Access Controls: Access to personal
information is restricted to authorized personnel only. We implement multi-factor
authentication (MFA) and role-based access control (RBAC) to ensure that only authorized
users can access sensitive data. Monitoring and Auditing: We regularly monitor and audit
our data processing activities to ensure compliance with our children's privacy policies
and applicable laws. Any identified issues are promptly addressed and remediated.
10. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time to reflect changes in our
practices, services, or applicable legal requirements. When we make significant updates
to this Privacy Policy, we will notify you by updating the “Last Updated” date at the top
of this page and, where appropriate, providing more prominent notification, such as via
in-app messages or email.
Your continued use of the App after such changes constitutes your acknowledgment and
acceptance of the revised Privacy Policy.
9.6. Technical and Organizational Measures
9.6.1. Data Minimization
Collection Limitation: We apply data minimization principles to limit the collection of
personal information to what is necessary for the intended purposes. This reduces the
risk of inadvertently collecting data from children under 13. Purpose Specification: We
clearly define the purposes for which personal information is collected and ensure that
the data collected is relevant and limited to those purposes.
9.6.2. Data Security Measures
Encryption: Personal information is encrypted during transmission and storage to protect
it from unauthorized access and breaches. This includes the use of industry-standard
encryption protocols such as SSL/TLS and AES. Access Controls: Access to personal
information is restricted to authorized personnel only. We implement multi-factor
authentication (MFA) and role-based access control (RBAC) to ensure that only authorized
users can access sensitive data. Monitoring and Auditing: We regularly monitor and audit
our data processing activities to ensure compliance with our children's privacy policies
and applicable laws. Any identified issues are promptly addressed and remediated.
10. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time to reflect changes in our
practices, services, or applicable legal requirements. When we make significant updates
to this Privacy Policy, we will notify you by updating the “Last Updated” date at the top
of this page and, where appropriate, providing more prominent notification, such as via
in-app messages or email.
Your continued use of the App after such changes constitutes your acknowledgment and
acceptance of the revised Privacy Policy.
30
11. Contact Us
We take privacy seriously and are committed to resolving any concerns you may have. If
you have any questions, concerns, or requests regarding this Privacy Policy or our data
protection practices, please feel free to contact us at:
StikBook Inc.
Email: info@stikbook.com
Phone: +1 (647) 201-4194
Address: 1939 Kennedy Rd, Scarborough, ON M1P 2L9
11. Contact Us
We take privacy seriously and are committed to resolving any concerns you may have. If
you have any questions, concerns, or requests regarding this Privacy Policy or our data
protection practices, please feel free to contact us at:
StikBook Inc.
Email: info@stikbook.com
Phone: +1 (647) 201-4194
Address: 1939 Kennedy Rd, Scarborough, ON M1P 2L9