privacy Policy

Current as of 26 May 2025

1. Controller Information

Data Controller: The Wagon & Co. Inc

Address: 10565 111TH Street #100, Edmonton, Alberta T5H 3E8

Email: support@thewagonandco.com

2. Information We Collect

Personal Data Categories

Identity Data: First Name and Last Name

Contact Data: Email address, telephone numbers, billing and delivery addresses

Financial Data: Bank account and payment card details

Transaction Data: Details about payments and services you have purchased

Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, device information

Profile Data: Username, password, purchases, preferences, feedback, survey responses

Usage Data: Information about how you use our website and services, including but not limited to responses to the Recipe Generator.

Marketing Data: Your preferences for receiving marketing communications

Special Categories of Personal Data

We do not intentionally collect special categories of personal data (including details about your race, ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health information, or genetic/biometric data) unless legally required or with your explicit consent.

3. How We Collect Your Personal Data

We collect personal data through:

- Direct interactions (forms, correspondence, phone calls)

- Automated technologies (cookies, server logs, web beacons)

- Third parties (analytics providers, advertising networks, search information providers, social media platforms)

4. Legal Basis for Processing

We process your personal data under the following lawful bases:

Consent (Article 6(1)(a) GDPR)

For marketing communications, cookies (where required), and special categories of data.

Contract Performance (Article 6(1)(b) GDPR)

To provide services, process payments, and manage your account.

Legal Obligation (Article 6(1)(c) GDPR)

To comply with legal and regulatory requirements.

Legitimate Interests (Article 6(1)(f) GDPR)

For business administration, fraud prevention, network security, and improving our services. We have assessed that our legitimate interests do not override your fundamental rights and freedoms.

Vital Interests (Article 6(1)(d) GDPR)

In rare cases where processing is necessary to protect someone's life.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

Service Delivery

- Providing and managing your account

- Processing orders and payments

- Delivering products and services

- Customer support and communication

Business Operations

- Administering our business operations

- Managing supplier and partner relationships

- Financial management and planning

- Quality assurance and staff training

Legal Compliance

- Complying with legal and regulatory obligations

- Establishing, exercising, or defending legal claims

- Preventing fraud and criminal activity

Marketing (with appropriate consent)

- Sending promotional communications (where you have consented)

- Market research and analytics

- Personalized advertising (where consented)

6. Data Sharing and Recipients

We may share your personal data with:

Service Providers

Third-party service providers who process data on our behalf under data processing agreements, including:

- Payment processors

- IT service providers

- Customer service platforms

- Marketing and analytics providers

Legal Requirements

- Courts, law enforcement agencies, and regulatory bodies

- Legal and professional advisors

- Government agencies when required by law

Business Transfers

In connection with mergers, acquisitions, or asset sales, subject to appropriate safeguards for your personal data.

Your Consent

Any other recipients with your specific consent.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

Retention Periods

- Customer Data: For the duration of our relationship

- Marketing Data: Until you withdraw consent or we no longer have a legitimate interest

- Financial Records: For the duration of our relationship

- Legal Claims: Until the statute of limitations expires

Deletion Criteria

We delete personal data when:

- It is no longer necessary for the original purpose

- You withdraw consent (where consent was the legal basis)

- You successfully exercise your right to erasure

- Processing becomes unlawful

- Legal obligations require deletion

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access (Article 15)

You can request confirmation of processing and copies of your personal data.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances.

Right to Restrict Processing (Article 18)

You can request restriction of processing in specific situations.

Right to Data Portability (Article 20)

You can request your data in a structured, commonly used format.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated decision-making and profiling.

Right to Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

How to Exercise Your Rights

Contact us. We will respond within one month (extendable by two months for complex requests). We may request identification verification and charge reasonable fees for excessive requests.

9. Cookies and Similar Technologies

We use cookies and similar technologies, and we obtain non-essential cookies.

10. Automated Decision-Making and Profiling

We may use automated decision-making for:

- Fraud prevention and security

- Credit scoring (where applicable)

- Personalized marketing (with consent)

You have the right to:

- Request human intervention

- Express your point of view

- Contest automated decisions

11. Data Breach Notification

We will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach. If the breach poses a high risk to your rights and freedoms, we will also notify you without undue delay.

12. Children's Privacy

We do not knowingly process personal data of children under 16 without parental consent. If we become aware of such processing, we will delete the data immediately.

13. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority. In Canada, this is:

Office of the Privacy Commissioner of Canada

  • Address: 30 Victoria Street, Gatineau, Québec K1A 1H3

  • Toll-free phone: 1-800-282-1376

  • Direct phone: 819-994-5444

  • TTY: 819-994-6591

  • Website: https://www.priv.gc.ca/en/

  • Hours: Monday to Friday from 9 am to 4 pm (ET)

14. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will:

- Notify you of material changes via email or prominent website notice

- Obtain fresh consent where required by law

- Provide the effective date of changes

15. Contact Us

For any questions about this privacy policy or to exercise your rights:

Data Protection Contact: support@thewagonandco.com

This privacy policy complies with the General Data Protection Regulation (GDPR) and applicable national data protection laws.