Privacy Policy

(Effective January 19, 2018)
Welcome!


Welcome to the Yente Over the Rainbow website located at https://yenteovertherainbow.com (the “Website”) which includes all subdomains present and future. We hope you enjoy your visit and / or use of the Website. We want you to know we take your privacy and protection of personal data very seriously. We are providing this Privacy Policy (the “Policy”) to tell you about who we are, what personal data we collect from you and about you, how we protect your personal data, and what we do with your personal data, all while you use the Website or otherwise interact with us. The Policy also explains your rights under the law, and how you can contact us and the necessary authorities to enforce those rights. Please read it carefully.


Key Elements of this Policy


Here are the key elements of this Policy so you can know the important parts right away to make an informed decision about your consent for our collection and use of your personal data. You can find the details in the rest of the Policy.


Personal data we collect from you

What we do with it

Third parties we share it with

Contact information, such as your email address

Communicate with you

Companies who provide our communications services, such as MailChimp

Account information - your username and email address

Manage your account

Companies that provided the infrastructure for the Website

Profile information

Find you the best matches

Companies that provided the infrastructure for the Website, and our matchmakers


Some Terms


Before we get started with the details, here are a few terms we think you should know as you read this Policy.


Data Protection Laws” refers to the laws that are designed to protect your personal data and privacy in the place where you live. This includes the “GDPR”, the European data protection law which stands for “General Data Protection Regulation”, with the official name Regulation (EU) 2016/679 of the European Parliament and of the Council. It also includes “PIPEDA” (Personal Information Protection and Electronic Documents Act), which is the Canadian Data Protection Law that applies to our activities in Canada, as Yente Over the Rainbow is a Canadian business.


Personal data” – this is information we collect from you or about you and which is defined in the GDPR as “any information relating to an identified or identifiable natural person.” It can be as simple as your name or your email, or something more complicated like an online identifier (usually a string of letters and / or numbers) that gets attached to you. Under PIPEDA, the equivalent concept is “personal information”, which is roughly the same. Any mention of “personal data” in this Policy shall also mean personal information.


About Us and Contacting Us


Yente Over the Rainbow is the business owned and operated by 10359831 Canada Inc. Where this Policy refers to “Yente Over the Rainbow”, it may refer to 10359831 Canada Inc. and / or its shareholders, officers, directors, employees, agents, partners, principals, representatives, successors and assigns, depending on the context.


Under the GDPR, Yente Over the Rainbow is a “Data Controller”. That means we collect personal data directly from you and determine the purpose and means of “processing” that data. “Processing” is a broad term that means collection, use, storage, transfer or any other action related to your personal data; it is used in this Policy in that way.

If you want to ask us anything about what’s in this Policy, or anything else privacy- or data- related, you can email:


Yente Over the Rainbow Data Protection and Privacy Officer

privacy@yenteovertherainbow.com


Here is the mailing address for you as well:


Yente Over the Rainbow Data Protection and Privacy Officer

1015, 926 - 5th Avenue S.W.

Calgary, AB

Canada

T2P 0N7


Your Rights


You have the following rights regarding your personal data held by Yente Over the Rainbow, and other rights:


  • The right to withdraw at any time your consent for Yente Over the Rainbow to process your personal data;

  • The right to have your personal data erased from Yente Over the Rainbow’s records;

  • The right to access your personal data and any relevant information around its processing and use;

  • The right to have a copy of your personal data given to you in an easy to read format so that you can transfer it to another data processor;

  • The right to have your personal data corrected if you believe it is inaccurate;

  • The right to restrict the processing of your personal data if it is inaccurate or if our processing or use of it is against the law; and

  • The right to refuse any marketing targeted at you by Yente Over the Rainbow.


If you wish to exercise any of these rights, please contact our Data Protection and Privacy Officer at the contact information above. You may also withdraw your consent for our processing of your personal data by clicking the “Permanently Delete Account” button on your profile page when you are logged-in to your account.


Sensitive Personal Data


We collect what the GDPR considers sensitive personal data from you, for example information concerning your religion and sexual orientation. You explicitly consent to our collection and processing of such data.


Personal Data Collected from You and What We Use It For


In the table below, please find the personal data we may collect from you directly, what we use it for, and the legal basis under the GDPR for us having and processing this personal data. Under PIPEDA, the legal basis is your informed consent, and by submitting this personal data you acknowledge having granted this consent to Yente Over the Rainbow.


Personal data category

Personal data collected / processed

What we use it for

(the “purpose” of processing)

Legal basis for processing under the GDPR

Contact information

Your email address

To communicate with you

Your consent in giving us this information

Account information

Username and email address

To create an account for you, manage the account, and communicate with you

Your consent and performance of a contract between you and us

Mandatory profile information

Your first and last names, age, location and gender

To find you the best matches

Your consent and performance of a contract between you and us

Optional profile information

Other information about you and your preferences

To find you the best matches

Your consent and performance of a contract between you and us

Visible profile information

Mandatory profile information (less your last name) and certain other profile information; may optionally include a photo

To show to your matches

Your consent and performance of a contract between you and us


Where you have provided personal data further to the contract between you and us, or if you fail to provide such data or withdraw your consent to use such data, we will no longer be able to match you with potential matches.


Personal Data Collected About You from Third Parties


We do not currently collect any personal data about you from third parties.


Who We Transfer Your Personal Data To


We routinely share some of your personal data with certain third parties who are identified in the table below along with what they do with it. All of the third parties are bound by contractual relationships with us not to do anything with your personal data except what is identified in the table.


Some of those third-party recipients may be based outside your home jurisdiction. If you are in the European Economic Area — please see the “Transfer of Your Personal Data Outside of the European Economic Area” further down in this Policy for more information including on how we safeguard your personal data when this occurs.


We will share personal data with law enforcement or other authorities if: (1) we are required by applicable law, to meet national security or law enforcement requirements; (2) if we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, fraud, or situations involving potential threats to the safety of any person, or any violation of Yente Over the Rainbow’s Terms of Use; or (3) if we believe it is necessary to investigate, prevent, or take action regarding situations that involve abuse of the Website infrastructure or the Internet in general (such as voluminous spamming, denial of service attacks. We may also share personal data: (1) to a parent company, subsidiaries, joint ventures, or other companies under common control with Yente Over the Rainbow (in which case we will require such entities to honour this Policy); (2) if Yente Over the Rainbow merges with another entity, is subject to a corporate reorganization, sells or transfers all or part of its business, assets or shares (in which case we will require such entity to assume our obligations under this Policy, or inform you that you are covered by a new privacy policy).


We will never share your personal data with third parties except under these circumstances.


Personal data category

Who we transfer it to

What they do with it

Contact information

Companies that provide email services, currently MailChimp and Amazon AWS

Send you emails

Account information

Companies that provided the infrastructure for the Website, specifically DigitalOcean

Store it so that you can log into your account

Profile Information

DigitalOcean

Store it so it can be transferred to matchmakers

Profile Information

Matchmakers

Find you the best match

Analytics identifiers

Companies that provide data analytics, specifically Google Analytics

Provide us with analytics as to how the Website is used, and to trace fraudulent activities


Tracking Technology (“Cookies” and Related Technologies)


Yente Over the Rainbow uses tracking technology (“cookies” and related technology such as tags, pixels and web beacons) on the Website and by visiting or using the Website you agree to their use. Cookies are small text files placed on your computer or device when you visit a website, in order to track use of the site and to improve the user experience by storing certain data on your computer or device.


Specifically, we use cookies for the following functions:


  • to facilitate your signing-in to the Website;

  • to provide general internal and user analytics and to conduct research to improve the content of the Website using analytics programs as described above in this Policy; and

  • to assist in identifying possible fraudulent activities.


Your browser can be set to refuse cookies or delete them after they have been stored. Please refer to your browser’s help section for instructions.


How We Protect Your Personal Data


We have implemented very strict technical and organisational procedures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed by us. These procedures prevent your personal data from being lost; or used or accessed in any unauthorised way.


We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable supervisory authority of a suspected data security breach where the Data Protection Laws requires us to do so, and within the time frame required by the applicable Data Protection Law.


Yente Over the Rainbow uses only industry best practices (physical, electronic and procedural) in keeping any data collected (including personal data) secure. In addition, we use third-party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to operate the Website, and these third parties have been selected for their high standards of security, both electronic and physical. For example, Yente Over the Rainbow uses DigitalOcean, a recognized leader in secure data, for hosting of the Website, and storage of user data including personal data.


Finally, all information, including personal data, is transferred with encryption using Secure Sockets Layer (“SSL”), a robust security standard for Internet data transfer and transactions. You can use your browser to check Yente Over the Rainbow’s valid SSL security certificate.


Transfer of Your Personal Data Outside of the European Economic Area (EEA)


For our European users, we endeavour to keep your personal data inside the EEA. However, certain of our data processors are in countries outside the EEA where your personal data may be transferred. These countries, however, are limited to countries with particular circumstances that protect your data, specifically:


  • Canada. Canada has been determined to have an “adequate level of protection” for your personal data under European data protection law.

  • The United States. Your personal data is only transferred to companies in the United States that: (1) participate in the Privacy Shield; and (2) have signed agreements with us or have informed us that they are GDPR-compliant.


That’s it! You have the right, however, to refuse to have your data transferred outside the EEA. Please contact our Data Protection and Privacy Officer to make that request.


Supervisory Authorities and Complaints


If you are in the EEA, under the GDPR you have the right to make a complaint to the appropriate supervisory authority. If you are not satisfied with the response received or the actions taken by our Data Protection and Privacy Officer, or if you would like to make a complaint directly about Yente Over the Rainbow’s data practises, we invite you to contact the supervisory authority in your country. If you are in the U.K. for example, you should contact the Information Commissioner’s Office who is the supervisory authority. You can reach them in a variety of ways, including by phone (0303 123 1113 in the UK) and mail (Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF).


The full listing of all Data Protection Authorities (the supervisory authorities) across the EEA and their contact information can be found here.


If you are in Canada and you are not satisfied with the response received or the actions taken by our Data Protection and Privacy Officer, you can make a complaint to the Office of the Privacy Commissioner of Canada. Instructions to do so can be found on their website.


Data Retention


Your personal data will only be kept for as long as it is necessary for the purpose needed for that processing. For example, we will retain your account information for as long as you have an account with us.


Sometimes we have to keep your data for a longer period of time to satisfy our requirements under the law, so we may retain your personal data for a longer time based on this factor.


Automated Decision-Making


Yente Over the Rainbow uses certain automated decision-making processes, taking some of your personal data to find you the best matches.


Changes to This Privacy Notice


The date at the top of this page indicates when this Policy was last updated. Every now and then, we will have to update this Policy. You can always find the most updated version at this URL, and we will always post a notice on the Website if we make big changes. If you have a Yente Over the Rainbow account, we will also email you to tell you the Policy has been updated, and what the important changes are.

© 2020 Yente Over the Rainbow