Table of Contents

1. IN GENERAL

Leanora & Co Corporation (“we” or “us”) values our customers and respects their privacy. This privacy policy (“Privacy Policy”) governs our collection and use of data connected to our Site or any Services. Terms capitalized but not defined in this Privacy Policy shall have the meaning ascribed to them in our Terms of Service, which may be made available from time to time at https://leanora.ca/terms-and-conditions/
This Privacy Policy sets forth the nature, purpose, use and sharing of any Personal Information. “Personal Information” or “Personal Data” and as used in this Privacy Policy, means information that can be used on its own or with other information to identify, contact, or locate you or to identify you in context. This includes your name, physical address, email address, telephone number, payment card information, account username, and other identifying information. It also provides additional information associated with your Personal Information, such as your location, IP address, preferences, or interests.

Importantly, we may collect Personal Information directly from you when you visit our Site or otherwise in connection with any Services. This Privacy Policy does not govern privacy practices associated with offline activities, websites other than ours, or practices of third parties that we do not own or control, such as our partners or third-party service providers featured on the Site in connection with any Services. We are not responsible for the content or privacy practices of third-party websites or integrated products to which the Site or any Services may link. You should review the privacy policies of such sites before using the associated sites.

The Site and Services are intended to be used by adults, and we do not knowingly collect any Personal Information from anyone under 13 years of age. If you are under age 13, please do not provide any Personal Information about yourself to us. If we learn that we have collected Personal Information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any Personal Information from a child under the age of 13, be sure to contact us immediately.

Please read this Privacy Notice carefully so that you have a clear understanding of how we collect, use, otherwise handle and protect your Personal Information.

IF YOU HAVE OBJECTIONS TO THE PRIVACY POLICY, YOU SHOULD IMMEDIATELY DISCONTINUE THE USE OF THE APPLICABLE SITE OR SERVICES AND FOLLOW THE PROCEDURE DESCRIBED IN THE SECTION ENTITLED “YOUR PRIVACY RIGHTS.”

2. CHANGES IN PRIVACY POLICY

Any Personal Information that we collect and maintain will be subject to this Privacy Policy, as amended from time to time. We may change the Privacy Policy at our sole discretion. However, if we make material changes to the Privacy Policy, we will notify you of those changes through the Site or otherwise through the publishing of a revised or updated Privacy Policy. If, as the result of such changes, you want to alter how we can use your Personal Information, you can do so by following the procedure described in the section entitled “Your Privacy Rights.”

3. COLLECTION OF INFORMATION

We may collect certain information from you when you use our Site or are otherwise connected with Services. We collect and obtain your data in a few ways: there is information that you choose to give to us, the information we obtain through your use of our Site or Services and information we obtain from third parties. Each of these is detailed below:
We collect the Personal Information you give us when you register with the Site or use the Services, including name, address, credit card or bank information, and other Personal Information requested or the data you choose to give us.

We automatically collect certain kinds of non-personal information from you when you use the Site, including device, browser type, operating system, CPU speed, referring or exit webpages, click patterns, session ID, and your computer’s IP address.

We may, on occasion, supplement or correct the Personal Information you submit to us and your IP address with information in our other databases or information from third-party sources in order to reduce errors in our database, authenticate our users, prevent fraud and prevent abuse ices, as well as to provide more consistent, relevant experiences to our users.
We may collect general information about use of the Site or Services, such as what pages visitors access, the number of visits, average time spent on the Site or Services, and other similar factors. This information is generally collected in aggregate form, without identifying any user individually, although IP addresses and Session ID in relation to downloads may be tracked as part of our fraud prevention efforts.

4. LOCATION-BASED SERVICES

Some services may contain functionality that can enable us to access your location and tailor your experience based on your location (“Location-based Services”). To use Location-based Services, you must enable certain features of your mobile device (e.g., GPS, WiFi, or Bluetooth) to allow us to identify your location. To the extent your location is collected through WiFi or Bluetooth sensors, such sensors, and the associated data services, may be provided by a third-party that may access such information for the purpose of providing such data services to us. You agree to such access by such third parties. You may enable or disable such Location-based Services at any time via a menu within the Site. If you choose to disable any Location-based Services on your device and/or opt-out of any Location-based Services through the menu, you will not be able to utilize certain features of the Site or Services. By enabling Location-based Services on your device, you agree and acknowledge that (i) device data we collect from you is directly relevant to your use of the Site or Services; (ii) we may provide Location-based Services related to and based on your then-current location; and (iii) we may use any such information collected in connection with the provision of Location-based Services in providing the Site or Services.

PLEASE NOTE THAT LOCATION DATA MAY NOT ALWAYS BE ACCURATE, AND WE DISCLAIM ANY AND ALL WARRANTIES RELATED TO LOCATION-BASED SERVICES. We may use your location to provide you with advertisements, offers, and other promotional content as part of the Site.

5. HOW YOUR INFORMATION IS USED

Except as provided herein, we collect and use your personal and non-personal information for internal purposes only or for gathering aggregate and anonymized data. We may use, store, and process your information in the following ways:
• To enable you to access and use the Site or Services.
• To conduct routine business operations such as billing, identification, authentication, contact purposes and general research. As part of our routine business operations, we may transfer your Personal Information to certain third parties with whom we contract for the limited purpose of providing services such as web hosting, email, and credit card processing. These service providers are obligated to protect your information, and they do not use your Personal Information for their commercial purposes.
• To employ internal marketing techniques such as tracking customer preferences to provide a customized experience and communicating with you about our services, special offers, and other services.
• To enhance the Site or Services.
• To gather generic product, location, and other contributed information to make reports based on aggregate anonymized data, which we may use internally or sell to others.
• To comply with the court, provincial and governmental orders.
• To fulfill another legitimate interest, when not overridden by your interests or, where applicable, your fundamental rights and freedoms that require personal information protection.
When you otherwise consent for us to do so. We may ask for your consent to process your Personal Information for a specific purpose that we communicate to you, for instance, to receive our newsletter and other such mailings you may be interested in. When you consent to our processing your Personal Information for a specified purpose, you may withdraw your consent at any time, and we will stop processing your data for that purpose.

You agree to provide us with correct information while placing the order, including billing & shipping address, email, telephone number, credit or debit card number.

6. TRACKING, USE OF COOKIES, WEB BEACONS AND SIMILAR DEVICES

To improve our services and provide more convenient, relevant experiences to our customers, we and our agents may use “cookies,” “web beacons,” and similar devices to track your activities. A cookie is a small amount of data that is transferred to your browser by a web server and can only be read by the server that gave it to you. It functions as your identification card and enables us to record your passwords and preferences. It cannot be executed as code or deliver viruses. A web beacon is a small transparent .gif image that is embedded in an HTML page or email used to track when the page or email has been viewed. Most browsers are initially set to accept cookies, and most services that include similar devices are typically initially activated to collect data. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. We do not support browsers’ Do Not Track features. You can enable or disable Do Not Track by visiting the preferences or settings page of your browser. If you disable cookies, you may lose some of the features and functionality of using our Site, as cookies may be necessary to track and enhance your use and access.

We may, either directly or indirectly, track your behavior on our Site or Services for purposes of our own customer support, analytics, research, product development, fraud prevention, risk assessment, regulatory compliance, or investigation, as well as to enable you to use and access the Site or Services and pay for your activities on the Site or Services. We may also track your behaviour on our Site or Services, either directly or through third parties we engage to provide services to us.

7. PROTECTING YOUR INFORMATION

We use various security measures, including SSL, encryption, and authentication tools, to help protect your information. We do not retain your Personal Information for longer than is necessary for our business purposes. When we no longer need your Personal Information, we dispose of it safely.

Our security measures include standard international data protection measures and those described in the EU GDPR implementing regulations. These measures may also include periodic system-wide password resets with high password strength requirements. We strongly discourage password sharing. Due to the nature of the information and related technology, we cannot be held responsible if you share your own login credentials with others. If we learn of a security breach, then we will immediately reset your account password and attempt to notify you as per GDPR guidelines to take appropriate steps.

We may, either directly or indirectly, track your behavior on our Site or Services for purposes of our own customer support, analytics, research, product development, fraud prevention, risk assessment, regulatory compliance, or investigation, as well as to enable you to use and access the Site or Services and pay for your activities on the Site or Services. We may also track your behaviour on our Site or Services, either directly or through third parties we engage to provide services to us.

8. DATA PROCESSING

Depending on the purpose for which we process your data from time to time, as explained below, we need to process one or other data, which will, in general, be, depending on each case, as follows:
• your identity data (for example, your name, surname, image, language and country from which you interact with us, contact data, etc.);
• economic and transactions information (for example, your payment or card data, information on your purchases, orders, returns, etc.);
• connection, geolocation and/or browsing data (for example, the location data, the device identification number or the advertising ID, etc.);
• commercial information (for example, if you have subscribed to our newsletter),
• information about your tastes and preferences.
Remember that when we ask you to fill in your data to give you access to any functionality or service of the Platform, we will mark specific fields as compulsory since this is information that we need to be able to provide the benefit or give you access to the functionality in question. Please take into account that, if you decide not to make such data available to us, you may be unable to complete your user registration or may not be able to enjoy those services or functionalities. In specific cases, a third party may have provided us with information about you by using a feature or service on the Platform, for example by sending you a gift card or shipping an order to your address. In these cases, we only process your data where relevant to this feature or service, as stated in this Privacy and, Cookies Policy located here https://leanora.ca/cookie-policy/. In other cases, we may collect information passively, as we may use tracking tools like browser cookies and other similar technology on our Platform and in communications we send you.

Depending on how you interact with our Platform, i.e., depending on the services, products or functionalities that you wish to enjoy, we will process your personal data for the following purposes:
• To manage your registration as a user of the Platform If you decide to become a registered user of our Platform, we need to process your data to identify you as a user of the Platform and grant you access to its various functionalities, products and services available to you as a registered user.
You may cancel your registered user account by contacting us through Customer Service. We hereby inform you that the data we gather regarding your activity, which have been collected through the different channels of the Platform and which include your purchases, shall remain linked to your account so that all the information can be accessed together.
For the development, performance and execution of the purchase or services contract that you executed with Us on the PlatformThis purpose includes processing your data, mainly:
• To contact you for updates or informative notices related to the contracted functionalities, products or services, including quality surveys and to be able to establish the degree of customer satisfaction with the provided service to manage payment of the products that you purchase, regardless of the payment procedure used. For example:
o If on purchasing any of our products through the Website, you opt to activate the functionality of saving your payment data and your shipment address for future purchases, where this functionality is available, we need to process the indicated data for activation and development of that functionality. Consent to the activation of this functionality enables your autocompleted payment data to appear in subsequent purchases so that you do not need to introduce them in each new process and these data will be deemed valid and effective for subsequent purchases. You may change or cancel your payment data at any time through the section on payment information, either of your Website registered user account.
• To activate the mechanisms necessary to prevent and detect unauthorized uses of the Platform (for example, during the purchase and returns process) as well as potential fraud being committed against you and/or against us. If we consider that the transaction may be fraudulent or we detect abnormal behaviour which indicates attempted fraudulent use of our features, products or services, this processing may result in consequences such as the blocking of the transaction or the deletion of your user account.
• To manage potential exchanges or returns after you have purchased and manage requests of availability information for articles, reservations of products through the Platform, depending on the availability of such options from time to time.
• For invoicing purposes and to make available to you the tickets and invoices of the purchases you have made through the Platform.
• To ensure that you are able to use other available functionalities or services, such as the purchase, receipt, management and use of the SITE.

Our security measures include standard international data protection measures and those described in the EU GDPR implementing regulations. These measures may also include periodic system-wide password resets with high password strength requirements. We strongly discourage password sharing. Due to the nature of the information and related technology, we cannot be held responsible if you share your own login credentials with others. If we learn of a security breach, then we will immediately reset your account password and attempt to notify you as per GDPR guidelines to take appropriate steps.

We may, either directly or indirectly, track your behavior on our Site or Services for purposes of our own customer support, analytics, research, product development, fraud prevention, risk assessment, regulatory compliance, or investigation, as well as to enable you to use and access the Site or Services and pay for your activities on the Site or Services. We may also track your behaviour on our Site or Services, either directly or through third parties we engage to provide services to us.

9. GIFT CARD OR OF THE GIFT VOUCHEr

For marketing purposes.
This purpose includes the processing of your data, mainly for:
• Personalize the services we offer you and enable us to give you recommendations based on your interactions with us on the Platform and an analysis of your user profile (for example, based on your purchase and browsing history).
• If and when you subscribe to our Newsletter, we will process your personal data to manage your subscription, including sending customized information on our products or services through various means (such as e-mail or SMS). We may also make available to you this information through push notifications in case you have activated them in your device.
• Accordingly, please take into account that this data processing implies analysis of your user or customer profile to establish your preferences and therefore which products and services are most fit to your style when sending you information. For example, based on your purchases and browsing history (i.e., depending on the articles that you clicked), we will make you suggestions on products that we believe may interest you and, if you are a registered user, we will provide you with the “recover cart ” functionality.
• Remember that you may unsubscribe from the Newsletter at any time without cost through the “Newsletter” section of the Platform, in addition to through the instructions that we provide you with in each notice. If you do not want to receive push notifications, you can deactivate this option in your device.
• Show you ads on the Internet which you may see when visiting websites and apps, for example, on social media. The ads you see may be random, but on other occasions, they may be ads related to your preferences or purchase and browsing history.
• If you use social media, we may provide the companies with which we collaborate certain information so that they, as joint controllers, info can show you our brand ads and, in general, offer you and users like you advertisements which take into account your profile on said social media sites. If you want information about the use of your data and how advertising works on social media, we recommend you review the privacy policies of the social media sites on which you have profiles.
• We also use your data to conduct measurements and segment analyses on the ads we show users on some of our collaborators’ platforms. To do this we collaborate with these third parties who offer us the necessary technology (for example, cookies, pixels, SDK) to use these services. Keep in mind that we may need to provide them with the certain information or some form of identifier each time (for example, the advertising ID associated with the device, an identifier associated with a cookie, etc.) If you would like more information in this respect, please review our Cookies Policy. Likewise, you can reset your advertising ID or disable personalized ads on your device, adjusting your preferences in the settings section of your device.
• Data enrichment: When we gather your personal data from a variety of sources, we may consolidate them under certain circumstances for the purpose of improving our understanding of your needs and preferences related to our products and services (including for the purposes of analyses, generating user profiles, marketing studies, quality surveys and improving our interactions with our customers). This refers, for example, to the way we may combine your information if you have a registered account and, using the same email linked to your account, you make a purchase as a guest, or to information which is automatically compiled (such as IP and MAC addresses or metadata) which we may link with the information you have provided us directly through your activity on the Platform or in our retailers (for example, information related to your purchases, whether in brick and mortar stores or online, your preferences, etc.).
• To perform promotional actions (for example, for the organization of competitions or to send the list of items stored to the e-mail you designate). On participating in any promotional action, you authorise us to process the personal data that you have shared with us depending on the promotional action and disclose them through different media such as social networks or the Platform itself. In each promotional action in which you participate you will have available the terms and conditions where we will be providing more detailed information about the processing of your personal data.
• To disseminate in the Platform or through our channels in the social networks photographs or pictures that you shared publicly, provided that you expressly give us your consent for the purpose.
Implement appropriate technical and organizational measures to safeguard the Third-Party Data against any unauthorized or unlawful access, loss, destruction, theft, use or disclosure. We implement basic level security in accordance with Canadian law. If higher levels of security are required, please contact us.

Limit access to the Third-Party Data only to those employees who need to know it to enable the Data Processor to perform our services and shall take appropriate steps to ensure the reliability of those of our employees or subcontractors who have access to such Third-Party Data.

Only process the personal data as specified by this Privacy Policy and in accordance with your instructions and will not use the Third-Party Data for any purposes other than those related to the performance of the Site or Services or pursuant to your written instructions.
Upon the expiry or termination of this Privacy Policy, or upon your request, cease any and all use of the Third-Party Data and destroy or return it to you.

Not disclose the Third-Party Data to any third-party without your prior written consent. Such consent is granted on, for example, your instruction to share a dashboard with third parties (public or within a restricted group).

We as Data Processor may provide access to a subcontractor processor to any such Third-Party Data if we reasonably consider such access and processing necessary to the performance of the Site or Services. In the event of such access and before the access takes place, we will ensure that an agreement with the third-party is in place which is sufficient to require it to treat personal data in accordance with the applicable provisions of this Privacy Policy and applicable law. You authorize us to subcontract the provision of technology and commercial services to us or our affiliates.

You represent and warrant that you have all the appropriate consents from data subjects whose personal data are submitted to us in the course of the provision of the Site or Services.

We will not share your Personal Information with third parties without your express consent, except in the limited circumstances described below:
We may share your Personal Information with third-party service providers for the limited purposes described in the section entitled “How Your Information is Used”.
We will share your Personal Information when required by law, regulation, or litigation and as necessary for purposes of national security, law enforcement, or other issues of public importance.

We may also engage third parties, including but not limited to technology services and services to help verify your identification, to conduct checks against databases such as, but not limited to, public government databases (where legally allowed), to otherwise assist us with fraud prevention and risk assessment, to assist us with customer service, to serve targeted ads, and to facilitate the payments or refunds. We may provide Personal Information about you to these third parties, or give them access to this Personal Information, for the limited purpose of allowing them to provide these services. We will ensure that such third parties have contractual obligations to protect this Personal Information and not to use it for unrelated purposes.

If we sell assets or are acquired by or merged with another entity, we may provide such entity customer information without obtaining your further consent. We may provide you with notice of such asset sales, acquisitions, or mergers.

10. ANALYSIS OF USABILITY AND QUALITY TO IMPROVE OUR SERVICES

If you access our Platform, we inform you that we will treat your browsing data for analytic and statistic purposes, i.e., to understand the manner in which users interact with our Platform and with the actions we implement on other websites and apps, so we can improve our services. In addition, we occasionally perform quality surveys and actions to know the degree of satisfaction of our customers and users and detect those areas in which we may improve.

11. INTERNATIONAL TRANSFERS

If you are visiting this Site or engaged in Services from a country other than Canada, the various communications you send and receive may result in the transfer of information across international boundaries. If you are located in the European Union, you should be aware that information you provide or which is otherwise collected on this Site or Services rendered may be transferred to countries (including Canada) which may not have data protection laws deemed as adequate as those in the EU.

Notwithstanding the foregoing, the Site or Services are intended for users in Canada and those not governed by privacy policies of other countries. Users outside Canada are advised not to disclose Personal Information to us.

12. YOUR PRIVACY RIGHTS

We will ensure that you can exercise your rights pertaining to your Personal Information, including rights as provided by various data protection laws. We, therefore, inform you that, where applicable under relevant law, you are entitled: to have access to your Personal Information upon simple request – that is, you may receive a copy of such data (if requested), unless such data is made directly available to you, for instance within your personal account; to have access upon simple request, and free of charge, the categories and names of addresses of third parties that have received Personal Information for direct marketing purposes; to obtain rectification of your Personal Information should it be inaccurate, incomplete or obsolete; to obtain the deletion of your Personal Information in the situations set forth by applicable data protection law (the “right to be forgotten”); to withdraw your consent to the data processing without affecting the lawfulness of processing, where your Personal Information has been collected and processed based on your consent. If at any time you wish to withdraw your consent to our processing of your data or opt-out of our use of your information for internal marketing purposes or for compiling aggregate risk reports, you may do so by sending a written notice to: privacy@leanora.ca. Note that your withdrawal of consent may prevent us from providing the Site or Services to you; to object to the processing of your Personal Information (where it has been collected and processed based on our legitimate interests) in which case we may ask you to justify your request by explaining to us your situation; to request a limitation of the data processing in the situations set forth by applicable law; to have your Personal Information directly transferred by us to a third-party processor of your choice (where technically feasible and when processing is based on your consent); and for non-discrimination, as defined under relevant law, in the Site or Services or quality of Site or Services you receive from us for exercising your rights.
Under certain laws, you may also have the right to “opt-out” of having your Personal Information sold to a third party. We do not, however, sell your Personal Information to any other party. Only in the case of a merger, sale, financing, acquisition, or other transaction involving all or part of us may your information be involved in a transaction.

For deletion/”right to be forgotten” requests, we will undertake a good faith effort to accommodate requests for access to or deletion of personal information. These requests may, however, be subject to the evaluation of additional factors, including disproportionate burden or expense, or the risk to the rights, including the privacy rights, of others.

We will strive and work to resolve any inquiry you may have regarding our privacy practices. EU residents may also file a complaint before a competent data protection authority regarding the processing of their Personal Data. While we suggest that you contact us beforehand, if you wish to exercise this right, you should contact the competent data protection authority directly.

If you have any questions, would like to exercise any of these rights, or if you need any assistance with privacy-related matters, please contact us as described in the “How to Contact Us” section below. We will take the necessary steps to respond to you as soon as possible.

Notwithstanding the foregoing, the Site or Services are intended for users in Canada and those not governed by privacy policies of other countries. Users outside Canada are advised not to disclose Personal Information to us.

13. YOUR CHOICES

If at any time you are uncomfortable with our use of your Personal Information for internal marketing purposes and for the purpose of creating aggregate reports, you may opt-out by email as described in “Your Privacy Rights.” Note that if you opt not to provide us with certain mandatory information, then our products and services may be unavailable to you.
You may similarly opt-out of receiving communications from us, although we may find it necessary to continue to communicate with you regarding your use of the Site or Services.
For our websites, you may set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this Site may then be inaccessible or not function properly.

Under certain laws, you may also have the right to “opt-out” of having your Personal Information sold to a third party. We do not, however, sell your Personal Information to any other party. Only in the case of a merger, sale, financing, acquisition, or other transaction involving all or part of us may your information be involved in a transaction.

For deletion/”right to be forgotten” requests, we will undertake a good faith effort to accommodate requests for access to or deletion of personal information. These requests may, however, be subject to the evaluation of additional factors, including disproportionate burden or expense, or the risk to the rights, including the privacy rights, of others.

We will strive and work to resolve any inquiry you may have regarding our privacy practices. EU residents may also file a complaint before a competent data protection authority regarding the processing of their Personal Data. While we suggest that you contact us beforehand, if you wish to exercise this right, you should contact the competent data protection authority directly.

If you have any questions, would like to exercise any of these rights, or if you need any assistance with privacy-related matters, please contact us as described in the “How to Contact Us” section below. We will take the necessary steps to respond to you as soon as possible.

Notwithstanding the foregoing, the Site or Services are intended for users in Canada and those not governed by privacy policies of other countries. Users outside Canada are advised not to disclose Personal Information to us.

14. GOVERNING LAW

The terms of this Privacy Policy are governed by and in accordance with the laws of the province of Ontario, and, where applicable, the laws of the countries where our servers are located. You should not provide us with any Personal Information unless you consent to the application of Canadian law and, where applicable, Ontario Provincial law, and to the use and disclosure of your information in accordance with the terms of this Privacy Policy.

Any minor accessing this site will be assumed to have taken the permission of his/her parents or guardian.

You may similarly opt-out of receiving communications from us, although we may find it necessary to continue to communicate with you regarding your use of the Site or Services.
For our websites, you may set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this Site may then be inaccessible or not function properly.

Under certain laws, you may also have the right to “opt-out” of having your Personal Information sold to a third party. We do not, however, sell your Personal Information to any other party. Only in the case of a merger, sale, financing, acquisition, or other transaction involving all or part of us may your information be involved in a transaction.

For deletion/”right to be forgotten” requests, we will undertake a good faith effort to accommodate requests for access to or deletion of personal information. These requests may, however, be subject to the evaluation of additional factors, including disproportionate burden or expense, or the risk to the rights, including the privacy rights, of others.

We will strive and work to resolve any inquiry you may have regarding our privacy practices. EU residents may also file a complaint before a competent data protection authority regarding the processing of their Personal Data. While we suggest that you contact us beforehand, if you wish to exercise this right, you should contact the competent data protection authority directly.

If you have any questions, would like to exercise any of these rights, or if you need any assistance with privacy-related matters, please contact us as described in the “How to Contact Us” section below. We will take the necessary steps to respond to you as soon as possible.

Notwithstanding the foregoing, the Site or Services are intended for users in Canada and those not governed by privacy policies of other countries. Users outside Canada are advised not to disclose Personal Information to us.