fbpx

PRIVACY POLICY

Last Revised: June 1, 2021. 

GRIT CAPITAL CORPORATION (“Grit Capital”, “us”, “our” and/or “we”) thanks you for your interest in our written and digital publications and materials, websites (including, but not limited to, www.gritcapital.ca, www.gritcap.io, https://gritcapital.substack.com/welcome), mobile applications, social media accounts (including but not limited to Instagram, Twitter, TikTok, YouTube) and all other digital media platforms as may be made available from time to time (the “Platforms”), and all “Content” (as defined in our Terms of Use) displayed on or delivered through the Platforms, including any additional products, services, features and content that we may offer from time to time (collectively, the “Services”). 

We value the privacy of individuals who visit the Platforms and/or use the Services (individually, “you”, “your”, and/or “User”, and collectively, “Users”). We take your privacy seriously and make it a priority to protect “Personal Information” (as defined below) that we obtain from and about our Users.

This privacy policy (“Privacy Policy”) describes: 

  1. what Personal Information we collect from you;
  2. how and why we use your Personal Information;
  3. to whom your Personal Information may be disclosed;
  4. how we protect your Personal Information;
  5. updating, accessing, deleting and retaining your Personal Information, 
  6. transferring and additional disclosure of your Personal Information, and 
  7. providing or withdrawing your consent to our collection, use or disclosure of your Personal Information.

By accessing our Platforms, and/or using the Services, you expressly consent to the information collection and use practices described in this Privacy Policy. If you do not want your Personal Information to be used in the manner set forth in this Privacy Policy, you must not access the Platforms and/or use the Services.

Our collection and use of information that can identify an individual, or by which an individual’s identity could, alone or in combination with other information, be deduced (such as an individual’s name, gender, date of birth, mailing address, telephone number, fax number, e-mail address, and internet protocol address) (“Personal Information”) is subject to the terms and conditions of this Privacy Policy. 

1. What Personal Information We Collect

  • Personal Information that you provide. From time to time, we may ask you to provide us with Personal Information for the purpose of granting you access to certain Services. If you choose to provide such information, during “User Account(as defined in our Terms of Use) registration or otherwise, you are granting us the permission to use, store and process such information in accordance with the terms and conditions of this Privacy Policy.

  • Personal Information collected via internet cookies. When you access the Platforms and/or use the Services, we may use internet cookies to track information about your device and/or web browser’s activities and use this information to provide you with more personalized services and features on the Platforms and/or Services. The types of cookies that we may use are called “session cookies” and “persistent cookies”.

    • Session cookies:
      • Session cookies store information only for the length of time that you are connected to a Platform – they are not written onto your hard drive. Once you leave the Platform, they expire and are no longer active. We use session cookies to record certain information from your web browser including your Internet Protocol (IP) address, browser type, internet service provider (ISP), referring or exit pages, operating system and the dates and times that you use our Platforms. Additionally, we may record certain information regarding your use of features on our Platforms. Session cookies allow us to gather statistical data which provides insight into how we may improve our Services and to identify your current session to our web server.

      • Persistent cookies: Persistent cookies store information on your hard drive and can be re-read when you return to the Platform that placed them on your hard drive. We use persistent cookies to remember your preferences and to help block unauthorized attempts to access your Personal Information. 

    • Rejecting cookies: You may adjust your web browser settings to notify you when a cookie is about to be sent or you may configure your web browser to refuse cookies automatically. Please review your web browser’s internal settings to learn the proper way to modify your cookie settings. Please note that if you do not accept cookies you will not have access to certain services and features on our Platforms and/or Services that rely on cookies for their functionality.
       
    • Location information. When you access the Platforms and/or use the Services through a web browser or mobile device, we may track and/or collect your geographic location information on a real time basis only. We may also use this real-time geographic location information to address support, technical, or business issues that may arise in the course of your accessing of the Platforms and/or use of the Services. If you do not consent to the tracking of your geographic location, you may still be able to use some, but not all, of the features of the Services, however with limited or restricted functionality. 

  • Third-Party Web Beacons. We may also implement third-party content on our website that uses “clear gifs”, “web beacons” or other similar techniques, which allow third-party content providers to read and write cookies to your web browser, or implement similar tracking mechanisms, in connection with your viewing of that third-party content displayed on our website. This information is collected directly by the third-party, and we do not participate in that data transmission. Any information collected by third parties in this manner is subject to such third-party’s own data collection, use, and disclosure policies and is not subject to the terms and conditions of this Privacy Policy. 

  • Your relationship with us. We will collect information arising from your relationship with and through us, and your use of the Platforms and/or Services. For example, when you send us an e-mail, speak with one of our representatives, or communicate with us through any other means, we may monitor, record and retain those communications for our mutual protection and in order to process your inquiries, respond to your requests and improve our Platforms and/or Services.

  • Personal Information from Other Sources. We may also obtain Personal Information from our third parties partners and sources other than through the Platforms and/or Services, such as “Google”, “Facebook”, “Twitter”, “Instagram”, “TikTok”, “LinkedIn”, “Substack”, “Stripe”, “Swag.com” and “Growsurf”. If we combine or associate information obtained from other sources with Personal Information that we collect through our Platforms and/or Services, we will treat the combined information as Personal Information in accordance with this Privacy Policy.

 

2. How and Why Your Personal Information is Used.

  • To Serve you. We use the Personal Information that you provide or that we collect for legal and regulatory purposes, to manage business risks, to provide our Services to you and to establish and enhance our relationship with you. We generally use the Personal Information you provide or that we collect to operate, maintain, enhance, and provide our Services. For example, we may use your Personal Information to: respond to specific requests from you; to facilitate, complete and confirm an order for Services that you have placed with us; to send you messages relating to the delivery of the Services; to help us better understand your use of the Services; and to administer the Services and protect the security of the Platforms and/or the Services when necessary. The Services may allow you to submit “Feedback (as defined in our Terms of Use), and should you choose to submit “Feedback you consent to us contacting you by way of follow-up e-mail or phone call to discuss your feedback. 

  • Aggregate Information. We may generate non-identifying and aggregate profiles from the information you provide during User Account registration for our Services and through your use of our Services. Non-identifying and aggregate profiles are used to improve the quality of our Services and to develop new Services. Aggregated non-personally identifying information may be shared with our third party partners and advertisers. 

  • Marketing and Experience. We may use your Personal Information to provide you with information about our features, services and other offerings that may be of interest to you (including, but not limited to our merchandise referral program), to facilitate your participation in sweepstakes or contests, and to fulfill prizes. This information may be provided to you by mail or phone and/or, with your prior consent, by e-mail. We may also send information or offers to groups of Users on behalf of our third party partners and advertisers. We may share your Personal Information with certain other websites that we link to, to the extent that you click on such links, in order to enhance your experience in connection with our Platforms and/or Services.  

3. To Whom your Personal Information may be disclosed.

  • Our subsidiaries or affiliates. We may share your Personal Information with our subsidiaries or affiliates (the “Group”) for: fraud or crime prevention, suppression or detection; for legal and regulatory purposes and to meet regulatory, legal or reporting requirements; to manage business risks; to perform analytics; to ensure that we have correct and up to date information about you; and to the extent necessary if you have requested a Service that is jointly offered by more than one member of the Group. We may also share your Personal Information to better manage your total relationship with the Group and enable other members of the Group to bring suitable Services to your attention.

  • Our Service Providers. We may share your Personal Information with any natural or legal person who processes Personal Information on behalf of Grit Capital, including our third party partners or individuals employed by Grit Capital to facilitate the Services (the “Service Providers”). We may also share your Personal Information with Service Providers who provide the Services on behalf of Grit Capital, who perform services relates to the Services, or who assist Grit Capital in analyzing how the Services are used. We may share your Personal Information with Service Providers to provide the Services to you, to monitor and analyze the use of our Service, to advertise on third party websites to you after you visited our Platforms and/or used the Services, or to contact you. 

  • For Business transfers. We may share your Personal Information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by a third party. In the event that we are acquired by or merged with a third party entity, or if we sell a part of our business, we reserve the right to transfer or assign the Personal Information that we have collected from you as part of such merger, sale or other change of control.

  • With Business Partners. We may share your Personal Information with our business partners, suppliers, agents, advertisers and other third party organizations that perform services for us, or on our behalf, to the extent necessary to provide and administer the Services that you have requested from us, or to offer you certain products, services, advertisements or promotions where applicable (the “Business Partners”). Our Business Partners may perform activities outside of your jurisdiction, and as a result, your Personal Information may be securely used, stored or accessed in another country than our own, and may be subject to the laws of those jurisdictions. Our Business Partners may be required to disclose your Personal Information in response to valid demands or requests from governments, regulators, courts and law enforcement authorities in those jurisdictions or countries.

  • Payment Processing. Although you can submit credit card or other payment card information through the Platforms, we do not receive this information. All payment information is transmitted directly to our third party payment processors “Substack” and “Stripe”, through an internet connection secured by industry-standard encryption technology. “Substack” and “Stripe” then communicates to us whether your payment has cleared, but does not provide any credit card or other payment card information to us.

  • Where required by law. We may disclose your Personal Information if we have a good faith belief that access, use, preservation or disclosure of such Personal Information is reasonably necessary to satisfy any applicable law, regulation, self-regulation, legal process or enforceable governmental request. When we provide Personal Information in response to a legal inquiry or order that we believe to be valid, we disclose only the Personal Information that is legally required. Note that we may store or process your Personal Information outside of your jurisdiction, and physical storage of your Personal Information may span multiple jurisdictions or countries and we may disclose your Personal Information in response to valid demands or requests from governments, regulators, courts or law enforcement authorities in those jurisdictions or countries. 

  • Protection of our interests. We may also disclose your Personal Information if we believe, in good faith, that it is appropriate or necessary to take precautions against liability; to help us collect a debt or enforce an obligation owed to us by you; to protect against fraudulent, abusive, or unlawful uses; to investigate and defend ourselves against any third party claims or allegations; to assist government enforcement agencies; to protect the security or integrity of our Services; or to protect the rights, property, or personal safety of our Users, employees or others.

  • Consent. We may disclose your Personal Information where you have authorized us to do so. For example, if you have given us consent, we may share your Personal Information with other third party entities who would like to send you information about their products and services. 

 

4. How we protect your Personal Information.

  • Security processes. The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we use commercially reasonable means to protect your Personal Information, we cannot guarantee its absolute security. We follow generally accepted industry standards to safeguard your Personal Information from loss or theft, unauthorized access, disclosure, duplication, use or modification through security measures appropriate to the sensitivity of the information. These measures include internal reviews of our data collection, storage and processing practices and security measures which include appropriate encryption and physical security measures to guard against unauthorized access to systems where we store Personal Information. 

  • Passwords. Your User Account (on the Grit Capital websites) is protected by a password for your privacy and security. Your password and other access codes are private and confidential, and our employees cannot gain access to them and will not ask you to reveal them. It is your responsibility to use your best efforts to prevent unauthorized access to your User Account (on the Grit Capital websites) by selecting your password appropriately, and limiting unauthorized access to your computer, browser and mobile devices. The collection of any additional Personal Information that may be requested by our third party partners, including but not limited to login credentials, access codes and passwords, as may be required by our third party partners in order for you to access our Platforms and Websites (such as those required by “Substack”), will be governed by the terms of use and information collection policies of those third party partners, and you should consult the respective terms of use and privacy policies of these third party partners before disclosing your Personal Information to them in order to access our Platforms and Websites. 

  • Confidentiality obligations. We restrict access to your Personal Information to our employees, contractors and suppliers who need to know that information in order to process it on our behalf or to provide our Services to you. Our employees, contractors and suppliers are bound by confidentiality obligations and may not use the information for any unauthorized purpose. Our employees may be subject to discipline, including termination and criminal prosecution, if they fail to meet their obligations described in this Privacy Policy. Our suppliers and contractors are required to protect your Personal Information in a manner that is consistent with this Privacy Policy.  

 

5. Accessing, Deleting and Retaining your Personal Information. 

  • Accessing and deleting your Personal Information. We make good faith efforts to provide you with access to your Personal Information and to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual Users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup records), or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. We will advise you of any applicable fee prior to proceeding with your request. Upon your request, we will make reasonable efforts to delete your Personal Information from our database, however, it may be impossible to delete your information without retaining some residual information for a period of time due to backups and records of deletion.

  • Retention of your Personal Information. We retain your Personal Information only for as long as it is necessary for the purpose(s) for which it was collected. This length of time will vary depending on the Service and the nature of the information and may extend beyond the end of your relationship with us. When your information is no longer needed for the purpose for which it was collected, we will destroy, delete, erase or convert it to an anonymous form. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

 

6. Transferring and additional Disclosure of your Personal Information 

  • Transfer of your Personal Information. Your information, including Personal Information is processed at Grit Capital’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to, and maintained on, computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction and we may disclose your Personal Information in response to valid demands or requests from governments, regulators, courts or law enforcement authorities in those jurisdictions or countries.

  • Business Transactions. If Grit Capital is involved in a merger, acquisition or asset sale, your Personal Information may be transferred. We may, at our sole discretion, provide notice before your Personal Information is transferred as part of such transaction and becomes subject to a different privacy policy.

  • Legal Requirements. Grit Capital may disclose your Personal Information in the good faith belief that such action is necessary to:
    1. Comply with a legal obligation, for example, under certain circumstances, Grit Capital may be required to disclose your Personal Information required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). 
    2. Protect and defend the rights or property of Grit Capital. 
    3. Prevent or investigate possible wrongdoing in connection with the Platforms and/or Services.
    4. Protect the rights, property, or personal safety of our Users, employees or others.
    5. Protect against legal liability
    6. Protect the security or integrity of our Platforms and/or Services.
    7. To help us collect a debt or enforce an obligation owed to us by you.

7. Providing or Withdrawing your Consent. 

Depending on the situation and the sensitivity of the information requested, we may obtain your consent in different ways. Express consent may be obtained verbally, electronically or in writing from you or your authorized representative (such as a legal guardian or attorney appointed pursuant to a power of attorney) for stated purpose(s). Implied consent may be obtained through your use or continued use of the Platforms and/or Services when the purpose(s) for collecting, using or disclosing your Personal Information is indicated by the relevant circumstances or follows logically from purposes identified in this Privacy Policy (such as when you approach us to obtain information or inquire about or purchase Services from us). We will seek your consent before using your Personal Information for any purpose not previously identified in this Privacy Policy and will limit the collection of your Personal Information to that which is reasonably necessary for the relevant purpose(s). Note, however, that if you refuse to provide your consent or withdraw your consent, we may not be able to provide you with access to a particular Platform or provide you with a particular Service.  

You may withdraw your consent provided that: you provide reasonable notice; we are not legally required to collect, use or disclose your Personal Information; and withdrawing your consent does not impede our ability to fulfill our obligations to you. You may withdraw your consent by contacting us at help@gritcap.io. Our staff will be pleased to explain your options and any consequences of refusing or withdrawing your consent. We may monitor, record and retain those communications for our mutual protection and in order to process your inquiries, respond to your requests and improve our Services.

Several of the privacy preferences available to you, subject to legal, business or contractual requirements, are outlined below:

  • Direct marketing. The Services may provide an option for you to consent to receive information that may be of interest to you such us our newsletters and updates on our new products and services through various channels including direct mail, telephone, electronic mail or other means. You may opt-out of receiving such communications from us at any time by clicking on the “unsubscribe” link in any such electronic messages, modifying your communications preferences on your User Account preferences page, or by contacting us at help@gritcap.io.

  • Sharing with our Group, Service Providers and Business Partners. We may share your Personal Information with the Group, or our Service Providers and Business Partners as outlined in Section 3 above. If you withdraw your consent for this sharing, we may not be able to provide you with access to the Platforms or your requested Services.
     

8. Individuals residing in the European Economic Area

This part of our Privacy Policy sets out the additional information that is applicable to individuals residing in the European Economic Area (the “EEA”) pursuant to the European General Data Protection Regulation (the “GDPR”). We are a Canadian company with our head-office located in Toronto, Ontario, Canada. We comply with Canadian privacy laws. For the purposes of GDPR, Canada is recognized as a destination country with “adequate level of protection” for data privacy of individuals.

If you are an individual from the EEA, please note that our legal basis for collecting and using your Personal Information will depend on the Personal Information collected and the specific context in which we collect it. We normally will collect Personal Information from you only where: (a) we have your consent to do so, (b) where we need your Personal Information to perform the Services, or (c) where the processing is in our legitimate interests. Please note that in most cases, if you do not provide the requested information, we will not be able to provide the requested service to you. In some cases, we may also have a legal obligation to collect Personal Information from you, or may otherwise need the Personal Information to protect your vital interests or those of another person. Where we rely on your consent to process your Personal Information, you have the right to withdraw or decline consent at any time. Such withdrawal of your consent will not affect the lawfulness of our processing of your Personal Information before such withdrawal. Where we rely on our legitimate interests to process your personal data, you have the right to contact our privacy officer at help@gritcap.io to object.

We use service providers or other third parties to help us provide our products or services to you. Such service providers may have access to your Personal Information. Regardless of where these service providers or other third parties are located, we require that they also comply with the GDPR and the applicable data protection laws. 

Should your Personal Information be processed for purposes other than those outlined in this Privacy Policy or purposes not sufficiently similar to the ones your Personal Information has been originally been collected for, we will provide you with information on that other purpose and any other relevant information as referred to in this Privacy Policy. We don’t use your Personal Information for automated decision-making, including profiling.

If you are located in the EEA, you have certain rights under the GDPR with respect to your personal data, including the right to request access to, correct, amend, delete, port to another service provider, or object to certain uses of your personal data.

  • Right of Access. You may access your Personal Information in order to verify that it is being processed in accordance with law.
  • Right to Rectification. You may request the correction of inaccurate or incomplete Personal Information.
  • Right to Erasure (“Right to be Forgotten”). You have the right to request the deletion of your Personal Information from our systems without undue delay where there is no compelling reason for its continued processing (if, for example, your Personal Information is no longer needed for the purposes for which it was collected or if you withdraw consent on which processing is based and where there is no other legal ground for processing). In such circumstances, we will take reasonable steps to inform other controllers who have had access to your Personal Information of your request.
  • Right to Restriction of Processing. If you dispute the accuracy of your Personal Information or object to its processing you have the right to request us to restrict the processing of your Personal Information until your complaint has been resolved.
  • Right to Data Portability. You have the right to receive your Personal Information that you have provided us in a structured, commonly used and machine-readable format and you have the right to transmit that information to another controller.
  • Right to Object. You have the right to object to the processing of your Personal Information under certain circumstances, in particular if we process your Personal Information on the basis of legitimate interest or if we use your Personal Information for marketing purposes.

You can assert your abovementioned rights by contacting our privacy officer at help@gritcap.io

Our products and services are mainly provided from our offices in Canada. We use third party service providers to provide our products and services. These third party providers may process, or store, Personal Information on servers outside of the EEA, including in Canada or the United States of America. Whenever we transfer Personal Information from individuals residing in the EEA to a third-party service provider located in a country that has been deemed inadequate we do so with an approved legal adequacy mechanisms in place.  For any transfers of Personal Information to the United States of America, we rely on either the third-party’s registration in the EU-US Privacy Shield or on the implementation of the European Union’s Standard Contractual Clauses. By accessing or using our websites or services or otherwise providing information to us, you are agreeing to the transfer of your Personal Information to Canada and other jurisdictions in which we and our third party service providers operate. If you have concerns or complaints about this policy or our privacy practices that you do not feel you can resolve through contacting us you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction at any time.

9. Changes to this Privacy Policy

We reserve the right to change this Privacy Policy at any time at our sole discretion. We will inform you of any such change by posting a new Privacy Policy on our website and clearly marking the effective date of any such change or revision to the Privacy Policy. Your continued use of the Services after the posting of changes constitutes your binding acceptance of such changes.

10. Third-Party Sites

Our website may be linked to internet websites operated by other companies. You should consult the respective privacy policies of these third-party websites. Our Privacy Policy does not apply to, and we cannot control the activities of, such other third-party web sites. Please be aware that we do not warn you when you choose to follow a link through to another platform or service from our Platforms and/or Services. 

11. Other International Users

Please note that we use cloud storage services to store and process your Personal Information. In some cases, we store and process your Personal Information outside your own country. As a result, the physical storage of your Personal Information may span multiple jurisdictions or countries and the governments, regulators, courts or law enforcement authorities in those jurisdictions or countries may be able to obtain disclosure of your information through applicable laws. Your use of the Platforms and/or Services or your submission of any Personal Information to us will constitute your consent to the transfer of your Personal Information outside of your home country, which may provide for different data protection rules than those in your own country.

12. Minors

We do not knowingly collect any Personal Information of minors.  If you are an individual, by accessing or using the Platforms and/or Services you represent and warrant that you are of legal age to form a binding contract. If we learn that Personal Information of a minor has been inadvertently collected without parental or guardian consent, we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that a minor for which you are responsible has provided his or her Personal Information to us without your consent, then you may alert us by contacting us at help@gritcap.io, and request that we delete such person’s Personal Information from our systems.

13. Complaints and Questions

  1. We regularly review our compliance with this Privacy Policy. When we receive formal written complaints, it is our policy to contact the complaining User regarding their concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between us and you. 
  2. If you have any questions about this Privacy Policy, please feel free to contact us at: at help@gritcap.io
  3. If you are located in Canada and are not satisfied with our response to your inquiries, you may contact the Office of the Privacy Commissioner of Canada by mail at 30 Victoria Street Gatineau, Quebec K1A 1H3 or by calling 1-800-282-1376.