Who we are

NatureLabs.ca is the signature project of Ghost Bear Institute and is co-founded by D. Simon Jackson and Jill Cooper. We are a federally registered non-profit #1063793-9

What personal data we collect and why we collect it

At Nature Labs, we value your privacy and are committed to protecting your personal data. This Privacy Policy section outlines the types of personal data we may collect from users and site visitors, the reasons for collecting it, and how we handle and safeguard this information. Please read this section carefully to understand our practices regarding your personal data.

Types of Personal Data Collected:

When you interact with our website, we may collect the following types of personal data:

  1. Personal Information: This may include your name, email address, and personal account preferences that you provide to us when creating an account or subscribing to our newsletter.
  2. Transactional Data: We may collect transactional data, such as purchase information, when you make a purchase on our website.
  3. Technical Data: We may collect technical data, such as information about cookies, IP address, browser type, and device identifiers. This information is automatically collected through your interactions with our website and helps us enhance your browsing experience.

Collection and Retention of Sensitive Personal Data:

We do not intentionally collect or retain sensitive personal data concerning health or other special categories of personal information. Please refrain from providing such information through our website.

Purpose of Data Collection:

We collect personal data for the following purposes:

  1. To Provide Services: We collect personal data to fulfill orders, process payments, and deliver products or services you have requested.
  2. To Communicate with You: We may use your personal data to send you important updates, respond to your inquiries, and provide customer support.
  3. To Improve User Experience: We analyze technical data, such as cookies and analytics, to enhance our website’s functionality, tailor content to your preferences, and improve overall user experience.

Legal Basis for Data Collection:

We collect and retain personal data based on either the legal basis for data collection and retention or your active consent. The legal basis may include the necessity of processing for the performance of a contract, compliance with legal obligations, or our legitimate interests in providing and improving our services.

Third-Party Plugins and Services:

While WordPress does not collect personal data by default, certain plugins integrated into our website may collect personal data. Please refer to the information provided below for details on these plugins and their data collection practices.

Data Collected to Manage Your Membership

At checkout, we will collect your name, email address, username, and password. This information is used to setup your account for our site. If you are redirected to an offsite payment gateway to complete your payment, we may store this information in a temporary session variable to setup your account when you return to our site.

At checkout, we may also collect your billing address and phone number. This information is used to confirm your credit card. The billing address and phone number are saved by our site to prepopulate the checkout form for future purchases and so we can get in touch with you if needed to discuss your order.

At checkout, we may also collect your credit card number, expiration date, and security code. This information is passed to our payment gateway to process your purchase. The last 4 digits of your credit card number and the expiration date are saved by our site to use for reference and to send you an email if your credit card will expire before the next recurring payment.

When logged in, we use cookies to track some of your activity on our site including logins, visits, and page views.

Data Security:

We take appropriate measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. We restrict access to your personal data to authorized personnel only and maintain physical, electronic, and procedural safeguards to ensure its security.

Third-Party Websites:

Our website may contain links to third-party websites or embeds from external sources. Please note that we have no control over the privacy practices or content of these websites. We encourage you to review the privacy policies of those third-party websites before providing any personal data.

Updates to this Privacy Policy:

We may periodically update this Privacy Policy section to reflect changes in our practices or legal requirements. Any updates will be posted on this page, and the revised Privacy Policy will be effective upon posting.

By using our website, you acknowledge that you have read and understood this Privacy Policy section and agree to the collection and use of your personal data as described herein.

If you have any questions or concerns regarding our Privacy Policy, please contact us at hello@naturelabs.ca

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.

If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

SoundCloud

On our pages, plugins of the SoundCloud social network (SoundCloud Limited, Berners House, 47-48 Berners Street, London W1T 3NF, UK) may be integrated. The SoundCloud plugins can be recognized by the SoundCloud logo on our site.

When you visit our site, a direct connection between your browser and the SoundCloud server is established via the plugin. This enables SoundCloud to receive information that you have visited our site from your IP address. If you click on the “Like” or “Share” buttons while you are logged into your SoundCloud account, you can link the content of our pages to your SoundCloud profile. This means that SoundCloud can associate visits to our pages with your user account. We would like to point out that, as the provider of these pages, we have no knowledge of the content of the data transmitted or how it will be used by SoundCloud. For more information on SoundCloud’s privacy policy, please go to https://soundcloud.com/pages/privacy.

If you do not want SoundCloud to associate your visit to our site with your SoundCloud account, please log out of your SoundCloud account.

H5P

Suggested text (“We” and “our” mean “you”, not “us”!):

We may process and store personal data about your interactions using xAPI. We use the data to learn about how well the interactions are designed and how it could be adapted to improve the usability and your learning outcomes. The data is processed and stored [on our platform|on an external platform] until further notice.

We may store the results of your interactions on our platform until further notice. The results may contain your score, the maximum score possible, when you started, when you finished, and how much time you used. We use the results to learn about how well you performed and to help us give you feedback.

We may store interactive content that you create on our platform. We also may send anonymized reports about content creation without any personal data to the plugin creators. Please consult the H5P tracking information page for details.

If you use interactive content that contains a video that is hosted on YouTube, YouTube will set cookies on your computer. YouTube uses these cookies to help them and their partners to analyze the traffic to their websites. Please consult Google’s Privacy policy for details. It is our legitimate interest to use YouTube, because we we need their services for our interactive content and would not be able to provide you with their video content features otherwise.

If you use interactive content that contains a Twitter feed, Twitter will set a cookie on your computer. Twitter uses these cookies to help them and their partners to make their advertizing more relevant to you. Please consult Twitter’s Privacy policy for details. It is our legitimate interest to use Twitter, because we need their services for our interactive content and would not be able to provide you with it otherwise.

If you use interactive content that contains speech recognition, Google Cloud will process your voice for converting it to text. Please consult Google’s Privacy policy for details. It is our legitimate interest to use Google Cloud, because we we need their services for our interactive content and would not be able to provide you with speech recognition features otherwise.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

In this subsection you should note what information may be disclosed by users who can upload media files. All uploaded files are usually publicly accessible.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Who we share your data with

In this section you should name and list all third party providers with whom you share site data, including partners, cloud-based services, payment processors, and third party service providers, and note what data you share with them and why. Link to their own privacy policies if possible.

By default WordPress does not share any personal data with anyone.

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

In this section you should explain how long you retain personal data collected or processed by the web site. While it is your responsibility to come up with the schedule of how long you keep each dataset for and why you keep it, that information does need to be listed here. For example, you may want to say that you keep contact form entries for six months, analytics records for a year, and customer purchase records for ten years.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

In this section you should explain what rights your users have over their data and how they can invoke those rights.

Where we send your data

In this section you should list all transfers of your site data outside the European Union and describe the means by which that data is safeguarded to European data protection standards. This could include your web hosting, cloud storage, or other third party services.

European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. So in addition to listing where data goes, you should describe how you ensure that these standards are met either by yourself or by your third party providers, whether that is through an agreement such as Privacy Shield, model clauses in your contracts, or binding corporate rules.

Contact information

In this section you should provide a contact method for privacy-specific concerns. If you are required to have a Data Protection Officer, list their name and full contact details here as well.

Additional information

If you use your site for commercial purposes and you engage in more complex collection or processing of personal data, you should note the following information in your privacy policy in addition to the information we have already discussed.

How we protect your data

In this section you should explain what measures you have taken to protect your users’ data. This could include technical measures such as encryption; security measures such as two factor authentication; and measures such as staff training in data protection. If you have carried out a Privacy Impact Assessment, you can mention it here too.

What data breach procedures we have in place

In this section you should explain what procedures you have in place to deal with data breaches, either potential or real, such as internal reporting systems, contact mechanisms, or bug bounties.

What third parties we receive data from

If your web site receives data about users from third parties, including advertisers, this information must be included within the section of your privacy policy dealing with third party data.

Embedded content from other websites

Suggested text:

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

What automated decision making and/or profiling we do with user data

If your web site provides a service which includes automated decision making – for example, allowing customers to apply for credit, or aggregating their data into an advertising profile – you must note that this is taking place, and include information about how that information is used, what decisions are made with that aggregated data, and what rights users have over decisions made without human intervention.

Industry regulatory disclosure requirements

If you are a member of a regulated industry, or if you are subject to additional privacy laws, you may be required to disclose that information here.

Last updated on August 23, 2021. 

We are committed to maintaining the accuracy, confidentiality, and security of your personally identifiable information (“Personal Information”). As part of this commitment, our privacy policy governs our actions as they relate to the collection, use and disclosure of Personal Information. This privacy policy is based on the values set by the Canadian Standards Association’s Model Code for the Protection of Personal Information and Canada’s Personal Information Protection and Electronic Documents Act.

  1. Introduction

We are responsible for protecting the Personal Information under our control. We have designated individuals who are responsible for compliance with our privacy policy.

2. Identifying Purposes

We collect, use and disclose Personal Information to provide you with the product or service you have requested. The purposes for which we collect Personal Information will be identified before or at the time we collect the information. The purposes for which information is collected may be clear, and consent may be implied, such as where your name, address, educational institution and payment information is provided as part of the order process. 

Before forwarding us any personal information, please be advised that any information gathered on our Site may be used in the aggregate for research and development relating to our Site and/or for future site development and, if you ask us to, to send you promotional materials.

Unless otherwise noted, we do not automatically gather any specific personal information from you. We have forms on our site to help you interact with our office – for example, to send us an inquiry, to tell us about a privacy issue, or to make a formal complaint. We do use digital markers and web analytics to improve our site. We also use certain software to ensure the security of our website.

3. Consent

Knowledge and consent are required for the collection, use or disclosure of Personal Information except where required or permitted by law. Providing us with your Personal Information is always your choice. However, your decision not to provide certain information may limit our ability to provide you with our products or services. We will not require you to consent to the collection, use, or disclosure of information as a condition to the supply of a product or service, except as required to be able to supply the product or service.

4. Limiting Collection

The Personal Information collected will be limited to those details necessary for the purposes identified by us. With your consent, we may collect Personal Information from you in person, over the telephone or by corresponding with you via mail, email, or the Internet.

5. Limiting Use, Disclosure and Retention

Personal Information may only be used or disclosed for the purpose for which it was collected unless you have otherwise consented, or when it is required or permitted by law. Personal Information will only be retained for the period of time required to fulfill the purpose for which we collected it or as may be required by law. 

6. Accuracy

Personal Information will be maintained in as accurate, complete and up-to-date form as is necessary to fulfill the purposes for which it is to be used.

7. Protecting minors

The Company considers the protection of minor’s privacy, especially online, to be of the utmost importance. We do not knowingly collect or solicit personal information from minors. (See Social Media for more information)

8. Safeguarding Customer Information

Personal Information will be protected by security safeguards that are appropriate to the sensitivity level of the information. We take all reasonable precautions to protect your Personal Information from any loss or unauthorized use, access or disclosure.

We will not disclose your personal information without your consent unless it is allowed under section 8(2) of the Privacy Act. In this case, we will aim to disclose only the specific information that is needed under the circumstances and, wherever possible, will inform you about the disclosure.

Access to personal information will be restricted to those staff members who need the information in order to carry out their job duties. Those employees will maintain the information in the strictest of confidence and will not provide access to the information to anyone who is not authorized. The level of staff access to personal information will be granted on a need-to-know basis.  

All individuals we hire under contract or other means to conduct business on our behalf will be required to respect the provisions of the Privacy Act as well as this Policy and related internal procedures. Violations of any part of the contractual agreement may result in termination of the contract.

Please note that any of these disclosures may involve the storage or processing of personal information outside of Canada and may therefore be subject to different privacy laws than those applicable in Canada, including laws that require the disclosure of personal information to governmental authorities under circumstances that are different than those that apply in Canada.

9. Social Media

Our use of social media serves as an extension of our web presence. Social media accounts are public and are not hosted on our servers. Users, including minors, who choose to interact with us via social media should read the terms of use and privacy policies of these third-party service providers and those of any applications you use to access them.

Comments left by individuals on social media can be read by anyone. Therefore, we strongly advise you not to post any personal information – whether it is yours or not. We reserve the right to remove any comments that contain personal information or inappropriate content.

Personal information that you provide us via social media is collected to capture conversations between us. It may be used to respond to inquiries, or for statistical, evaluation and reporting purposes.

10. Understanding

We will make information available to you about our policies and practices with respect to the management of your Personal Information.

 

11. Access

Upon request, you will be informed of the existence, use and disclosure of your Personal Information, and will be given access to it. You may verify the accuracy and completeness of your Personal Information, and may request that it be amended, if appropriate. However, in certain circumstances permitted by law, we will not disclose certain information to you. For example, we may not disclose information relating to you if other individuals are referenced or if there are legal, security or commercial proprietary restrictions.

 

12. Handling Customer Complaints and Suggestions 

You may direct any questions or enquiries with respect to our privacy policy or our practices by

contacting: hello@naturelabs.ca

13. Cookies

A cookie is a small computer file or piece of information that may be stored in your computer’s hard drive when you visit our websites. We may use cookies to improve our website’s functionality and in some cases, to provide visitors with a customized online experience.

Cookies are widely used and most web browsers are configured initially to accept cookies automatically. You may change your Internet browser settings to prevent your computer from accepting cookies or to notify you when you receive a cookie so that you may decline its acceptance. Please note, however, if you disable cookies, you may not experience optimal performance of our website.

14. Third Party Websites

Our website contains links to other third party sites that are not governed by this privacy policy. Although we endeavour to only link to sites with high privacy standards, our privacy policy will no longer apply once you leave our website. We are not responsible for the accuracy or reliability of the content. We do not endorse these websites. Additionally, we are not responsible for the privacy practices employed by third party websites. Therefore, we suggest that you examine the privacy statements of those sites to learn how your information may be collected, used, shared and disclosed.