Our commitment to data protection
Flicker Lab is committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR). This page outlines how we process personal data of individuals in the European Economic Area (EEA) and United Kingdom.
Flicker Lab acts as the data controller for personal data collected through our website and services. Our contact details are:
Flicker Lab
180 John Street, Suite 402
Toronto, ON M5T 1X5
Canada
Email: [email protected]
We process personal data based on one or more of the following legal grounds:
If you are located in the EEA or UK, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you and information about how we process it.
You have the right to request that we correct any inaccurate personal data or complete any incomplete personal data.
You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
As we are based in Canada, your personal data may be transferred to and processed in Canada. Canada has been recognized by the European Commission as providing an adequate level of data protection. For transfers to other countries without an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The retention period may vary depending on the context and our legal obligations.
We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
To exercise any of your rights under GDPR, please contact us at [email protected]. We will respond to your request within one month, though this period may be extended by two further months where necessary, taking into account the complexity and number of requests.
You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO). In other EEA countries, you may lodge a complaint with your local data protection authority.
We may update this GDPR notice from time to time. We will notify you of any significant changes by posting the new notice on this page and updating the effective date.
If you have any questions about this GDPR notice or our data protection practices, please contact us at:
Email: [email protected]