Whisqr Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII, as used in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

What personal information do we collect from the businesses and customers who use Whisqr?

If a person, participating in the Loyalty Program provided by Whisqr, as the customer of a business, registers their card (i.e. creates an account); that customer will be asked some PII for the purposes of securing their account and customizing their user experience. However Whisqr will limit that information to only that which is necessary for these purposes. Such information will include; but not be limited to; the customer's first name and email address.

Customers are not required to register their cards; only features that require PII in order to work (e.g. Card Merging) require registration.

When do we collect information and How do we use it?

We collect information about customer punch activity in order to track how many punches a customer has collected and whether or not they qualify for punches when engaging in activities that the participating business has elected to award additional punches for. We also may collect information from customer visits to the website or, with permission, 3rd party websites for the purpose of awarding punches, redeeming rewards and/or improving the customer experience.

When unregistered customers use their cards; we track their punch and redemption history. This information is associated with the card only; and not the holder (i.e. we obtain no Personally Identifiable Information). Only when the customer explicitly registers the card, after having been provided with this Privacy Policy, does Whisqr request PII. Customers are not required to register their cards to use the "Mobile Punch Card" option.

All user requests to have their PII removed from the system will be satisfied within 24 hours. Customers or employees who make this request will be functionally unregistered and will no longer have access to features that require registration in order to function (e.g. employees will no longer be able to punch cards, customers will no longer be able to recover punches when their card is lost). Punch and redemption activity, however, will be retained as it is required to provide accurate satistical information to the business; although it will no longer be associated with the user's PII. Requests to remove PII should be made to privacy@whisqr.com.

We collect information about business activity to improve the functionality of our application, track employee punch activity, and provide other valuable information to businesses regarding the usage of this Loyalty Program.

How do we protect visitor information?

  • We use regular Malware Scanning.
  • Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
  • We limit the amount of information that we retain; especially from end users; who are not obligated to provide any PII. Passwords are never saved; only Encrypted Salted Hashes.
  • All transactions are processed through a gateway provider and additional information required to complete the transaction is not stored or processed on our servers.

How do we provide recourse?

Simply email privacy@whisqr.com with any complaints; we will investate your complaint within 24 hours and contact you with an explanation of the appropriate measures we will be taking to address your issue. If you do not feel we have addressed your issue fully; you are encouraged to forward your complaint to the Office of the Privacy Commissioner of Canada or the appropriate regulator.

Do we use 'cookies'?

Yes. We use cookies to maintain Sessions (Session cookies) and recognize users between visits (Persistent 1st Party Cookies). 3rd Party Cookies are not required to use our service.

Customers do not have to visit the website at all in order to participate in the Loyalty Program (and therefore are not required to enable cookies to participate in the Loyalty Program). However; users have the option of creating an account to access functions that can't be provided without one (e.g. Lost Card Recovery, Card Merging, and the Social Sharing of Business Specials and Business Review).

Businesses and employees are required to allow Session Cookies and Persistent 1st Party Cookies.

Third Party Disclosure

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.

Third party links

We do not include or offer third party products or services on our website.

Google Analytics and Google Website Optimizer

Google Analytics and Google Website Optimizer are services provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyze how users use our website, our mobile site and any Whisqr players embedded on third party sites. Google Web Optimzer uses the same cookies to measure how different users respond to different content. The information generated by these cookies (including your truncated IP address) is transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your, and other users’, use of our website, mobile site and SoundCloud® players, compiling reports for us on website activity and providing other services relating to website activity and Internet usage. Please note that Google only receives your truncated IP address. This is sufficient for Google to identify (approximately) the country from which you are visiting our sites or accessing our players, but is not sufficient to identify you, or your computer or mobile device, individually.

You can find more information here, including a link to Google’s privacy policy.

To opt-out of analysis by Google Analytics on our website and other websites, please visit http://tools.google.com/dlpage/gaoptout.

Facebook permissions

Whisqr provides the option to allow businesses to award punches to their customers for sharing Specials and Events in their Facebook feed. If customers decide to share these posts; Whisqr will ask for some Facebook permissions allowing it to perform actions with the User's Facebook account and to retrieve information, including Personal Data, from it.

For more information about the following permissions, refer to the Facebook permissions documentation and to the Facebook privacy policy.

The permissions asked are the following:

  • Basic information - By default, this includes certain User’s Data such as id, name, picture, gender, and their locale. Certain connections of the User, such as the Friends, are also available. If the user has made more of their data public, more information will be available.
  • news.read Actions - Used to verify whether the user has completed a share to determine if they should be rewarded punches; this action allows the app to retrieve the actions published by all applications using the built-in news.reads action.
  • Offline Access - Access the data when the user is not using the application.

Canada's Personal Information Protection and Electronic Documents Act

This Privacy Policy complies with each of the 10 Fair Information Pricipals enumerated in Canada's Personal Information Protection and Electronic Documents Act (Accountability, Identifying purposes, Consent, Limiting collection, Limiting use, disclosure, and retention, Accuracy, Safeguards, Openness, Individual access, Challenging compliance).

California Online Privacy Protection Act

CalOPPA is the first state law in the United States to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. - See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

According to CalOPPA we agree to the following:

  • Users can visit our site anonymously
  • Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.
  • Our Privacy Policy link includes the word 'Privacy', and can be easily be found on the page specified above.

Users will be notified of any privacy policy changes on our Privacy Page.

How does our site handle do not track signals?

We don't honor do not track signals. We don't honor them because our site requires cookies to maintain sessions.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under 13, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the consumer protection agency for the Unitied States, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under 13.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

  • We will notify registered users via email within 3 business days
  • We will notify all users via in site notification within 3 business days

We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non- compliance by data processors.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

To be in accordance with CAN-SPAM we agree that all email notifications are opt-in and users can opt-out of email notifications by editing their account information.

Contacting Us

If there are any questions regarding this privacy policy you may contact us using the information below.

Whisqr
33 Manzanita Rd.
Galiano Island, BC V0N 1P0
Canada
privacy@whisqr.com