top of page

Privacy Policy

ST Rocks.ca Privacy Policy

Effective from December 19, 2024

Welcome to ST Rocks.ca’s Privacy Policy

1. Please read carefully

ST Rocks.ca cares deeply about the privacy of its visitors and users. To that end, this Privacy Policy (“Privacy Policy”) describes how ST Rocks.ca together with its affiliated companies worldwide (“ST Rocks”, “we”, “our”, or “us”), collect, use, and share your Personal Information, as well as an explanation of the data rights you may have in that Personal Information. This Privacy Policy applies to all ST Rocks users, including unregistered visitors, registered users, and premium users (collectively, “Users”, “you”, or “your”), and to all ST Rocks services, including our websites (including www.ST Rocks.ca and any of its subdomains, the “Website”), web applications (“ST Rocks Apps”), mobile applications (“Mobile Apps”), and related services (collectively, the “Services”). This Privacy Policy is not intended to override the terms of any contract you have with us, nor any rights you may have under other applicable data privacy laws.

Prior to accessing or using our Services, please read this policy and make sure you fully understand our practices in relation to your Personal Information.  If you read and fully understand this Privacy Policy, and remain opposed to our practices, you must immediately leave and discontinue all use of any of our Services.  If you have any questions or concerns regarding this policy, please contact us here info@STRocks.ca

 

By accessing or using any of our Services, you acknowledge that you have read this Privacy Policy.

 

2. What ‘Personal Information’ do we collect?

2.1. User information:

To provide you the Services, we must collect Personal Information relating to an identified or identifiable natural person (“Personal Information”). We collect Personal Information you provide us, from your use of the Services, and from other sources. Here are the types of Personal Information we collect about you:

  1. Information you provide us. When you register for our Services, sign up for any ST Rocks events, subscribe to our blog(s) or newsletter(s), purchase and/or use any of our Services; and/or when you contact us directly by any communication channel (e.g., ST Rocks’s support tickets, emails), you may provide us Personal Information, such as name, email address, phone number, payment information (for Users with Paid Services), information you include in your communications with us and with other users on our platform, and Personal Information contained in scanned identification documents (such as an ID card, driver’s license, passport, or official company registration documents).  

  2. Information we collect when you use the Services. When you visit, download, and/or use any of our Services, we may collect aggregated usage Personal Information, such as Visitors’ and Users’ browsing and ‘click-stream’ activity on the Services, session heatmaps and scrolls, non-identifying Personal Information regarding the Visitor’s or User’s device, operating system, internet browser, screen resolution, language and keyboard settings, internet service provider, referring/exit pages, date/time stamps, etc

  3. Information we collect from other sources. We may receive Personal Information about you from third-party sources, such as i) security providers , fraud detection and prevention providers for example to help us screen out users associated with fraud, ii) social media platforms, when you log-in or sign-up using your social media account, we may receive Personal Information from that service (e.g., your username, basic profile Personal Information) and in some cases, we may collect Personal Information from lead enhancement companies which help us to improve our service offering; iii) advertising and marketing partners in order to monitor, manage and measure our ad campaigns.

 

2.2. Users of users ‘Personal Information’

We may also collect Personal Information pertaining to visitors and users of our User’s websites or services (“Users-of-Users”), solely for and on our Users’ behalf (as further described in Section ‎6 below).

3. Why do we collect such ‘Personal Information’

We use your Personal Information for the following purposes:

  1. To provide and operate the Services;

  2. To further develop, customize, expand, and improve our Services, based on Users’ common or personal preferences, experiences and difficulties;

  3. To provide our Users with ongoing customer assistance and technical support;

  4. To be able to contact our Users with general or personalized service-related notices and promotional messages (as further detailed in Section 8 below);

  5. To help us to update, expand and analyze our records to identify new customers;

  6. To facilitate, sponsor, and offer certain contests, events, and promotions, determine participants’ eligibility, monitor performance, contact winners, and grant prizes and benefits;

  7. To analyze our performance and marketing activities;

  8. To create aggregated statistical data and other aggregated and/or inferred information, which we or our business partners may use to provide and improve our respective services;

  9. To provide you with professional assistance.

  10. To enhance our data security and fraud prevention capabilities; and

  11. To comply with any applicable laws and regulations.

    We may use techniques like “machine learning” (European law refers to this as “automated decision-making”) to help us improve our services. When we use machine learning, we either: (i) still have a human being involved in the process (and so are not fully automated); or (ii) use machine learning in ways that don’t have significant privacy implications (for example, reordering how applications might appear when you visit the ST Rocks App Market). We may also use machine learning to help us monitor, identify, and suspend accounts sending spam, or engaging in other abusive or fraudulent activity.
     

We use your Personal Information for the purposes set out in Section 3 where:

  1. Our use of your Personal Information is necessary to perform a contract or to take steps to enter into a contract with you (e.g. to provide you with a website builder, to provide you with our customer assistance and technical support);

  2. Our use of your Personal Information is necessary to comply with a relevant legal or regulatory obligation that we have; or

  3. Our use of your Personal Information is necessary to support legitimate interests and business purposes (for example, to maintain and improve our Services and the effectiveness of ST Rocks by identifying technical issues), provided it is conducted in a way that is proportionate and that respects your privacy rights.

 

4. How we share your ‘Personal Information’

We may share your Personal Information with service providers and others (or otherwise allow them access to it) in the following manners and instances:

Third Party Service Providers:  ST Rocks has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, domain name registrars, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, session recording and remote access services, performance measurement, data optimization and marketing services, content providers, and our legal and financial advisors (collectively, “Third Party Service Provider(s)”). 
 

In case that ST Rocks shares personal data with a Third Party Service Provider that provides AI services, ST Rocks will ensure that the Third Party Service Provider is under a contractual obligation not to use the data in order to train or improve its AI models.​

4.1.

Law Enforcement, Legal Requests and Duties: ST Rocks may disclose or otherwise allow access to any categories of your Personal Information described in this Privacy Policy pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if we have a good faith belief that the law requires us to do so, with or without notice to you.

4.2.

Protecting Rights and Safety:  ST Rocks may share any categories of your Personal Information described in this Privacy Policy if we believe in good faith that this will help protect the rights, property or personal safety of ST Rocks, any of our Users, any Users-of-Users, or any member of the general public, with or without notice to you.

4.3.

ST Rocks Subsidiaries and Affiliated Companies: We may share your Personal Information internally within our family of companies, for the purposes described in this Privacy Policy. For example, we may share your Personal Information with ST Rocks.ca Inc., our US-based subsidiary, in the course of facilitating and providing you (and your Users-of-Users) with our Services.
Sharing Personal Information by ST Rocks subsidiaries and affiliated companies in the European Union, the United Kingdom and Switzerland with ST Rocks’s subsidiaries located outside these regions will only take place under an approved transfer mechanism, such as the relevant Standard Contractual Clauses.

4.4.

In connection with a change in corporate control: In addition, should ST Rocks or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your Personal Information may be shared with the parties involved in such event.

4.5.

Upon Your Further Direction: The ST Rocks Services enable you, through different techniques, to engage and procure various third party services, products and tools for enhancing your web or mobile sites, including, without limitation, applications and widgets offered to you by third parties through the ST Rocks Website (including the ST Rocks App Market), eCommerce payment providers, third party designers who may assist you with your website, etc. (collectively, “Third Party Services”). If you choose to engage with such Third Party Services, they may have access to and process Personal Information of your Users-of-Users collected through your web or mobile sites. For example:

a) Framed Pages: our Services may enable you to integrate Third Party Services directly into your web or mobile sites, such as via page framing techniques to serve content to or from Third Party Services  or other parties (“Frames”). In these circumstances, the Third Party Services may collect Personal Information from your Users-of-Users.

 

b) App Market Developers: We allow third party developers (“Third Party Developer(s)”) to develop and offer their own applications via the ST Rocks App Market (“Third Party App(s)”) to Users, which you may integrate into your web or mobile sites. Each Third Party Developer is bound by the ST Rocks App Market Partner Agreement, which among other things, restricts the ways in which such developers may access, store, share, and use the Personal Information you and/or your Users-of-Users provide to them.

 

c) Social Media Features: Our Services may enable you to integrate certain Social Media features, widgets, and single sign on features, such as “Facebook Connect,” or “Google Sign-in” (“Social Media Features”) into your web or mobile sites. These Social Media Features may collect certain Personal Information from your Users-of-Users such as identifiers, including name, alias, unique personal identifier, online identifier, internet protocol address, email address, or other similar identifiers. Social Media Features are hosted either by a third party or directly on our Services.

 

Please note that in the examples listed above in this Section 4.6, ST Rocks merely acts as an intermediary platform allowing you to procure the services of such Third Party Services (including, but not limited to, Third Party Developers, Third Party Apps and Social Media Features) with which you are interacting directly, and at your discretion. In this respect, ST Rocks acts as a service provider to you, disclosing information to the Third Party Services on your behalf. ST Rocks will share your Users-of-Users’ Personal Information with Third Parties Services only upon your direction or with your permission and is not, and shall not be, in any way responsible for such Third Party Services processing of such Personal Information, or liable with respect thereto.

 

ST Rocks does not control and is not responsible for the actions or policies of any Third Party Service, and your use of any Third Party Service is at your own risk. We encourage you to review any privacy policy accompanying a Third Party Service and ask such Third Party Service for any clarifications you may need before deciding to install and/or use their services.

4.6.

5. Where do we Store/Process your ‘Personal Information’?

ST Rocks processes data about individuals across the world and may transfer your Personal Information outside of your country. Your security, privacy and confidentiality are our top priority and that's why ST Rocks conducts a vetting process that includes an assessment of the privacy laws in those countries to validate they have strong data protection laws.

5.1.

User's personal information is controlled by ST Rocks.ca . in Israel, which the European Commission considers as a country offering an adequate level of protection for the Personal Information of E.U. Member State residents (see here).

5.2.

If you are in Europe, the U.K., or Switzerland, when we transfer your Personal Information to a location outside of Europe, We will make sure that (i) there is a level of protection deemed adequate by the European Commission or (ii) that the relevant Standard Contractual Clauses are in place (i.e., the applicable module of the Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Regulation (E.U.) 2016/679 of the European Parliament and of the Council from June 4, 2021, as available here, and the ICO’s International Data Transfer Addendum to the E.U. Commission Standard Contractual Clauses version B1.0, in force from 21 March 2022, as it is revised under Section ‎‎18 of its Mandatory Clauses), or (iii) we comply with Data Privacy Framework as applicable to data transfers to the United States and specified in clause 5.4 below, or (iv) we use another legally recognized transfer mechanism in the applicable jurisdiction.

5.3.

When ST Rocks transfers E.U. Personal Information to a third country that the European Commission did not find will adequately protect your information, ST Rocks ensures that it has taken additional measures to comply with the European data protection laws.

 

To learn more about the Data Privacy Framework Program visit  https://www.dataprivacyframework.gov, and to view our certification, please click here.

 

ST Rocks may share personal information with third parties under certain circumstances described in this Policy, subject to obligations under the Data Privacy Framework Principles extend to third parties acting as agents who help us run our business and provide services, and ST Rocks remains liable should a third party acting as our agent process personal information subject to this Policy in a manner inconsistent with this Policy, except where ST Rocks is not responsible for the event giving rise to the damage. 

 

In compliance with the Data Privacy Framework Principles, ST Rocks.ca commits to resolve complaints about our collection or use of your personal information.  E.U., UK and Swiss individuals with inquiries or complaints regarding our  Data Privacy Framework policy should first contact us at: privacy@ST Rocks.ca.

ST Rocks.ca  commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

ST Rocks.ca has further committed to refer unresolved  Data Privacy Framework complaints to an alternative dispute resolution provider located in the United States. If you have an unresolved privacy, or data use, concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider TRUSTe at https://feedback-form.truste.com/watchdog/request for more information or to file a complaint.  The services are provided at no cost to you.

 

If you have such an unresolved complaint, under the recourse mechanism you may contact the applicable  EU Data Protection Authorities (free of charge). ST Rocks commits to cooperate with the DPAs and comply with the advice given by such authorities.

 

If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, you may - under certain conditions described on the Data Privacy Framework website - invoke binding arbitration when other dispute resolution procedures have been exhausted. For more information on this option, please see Annex I of the Data Privacy Framework Principles.

6. Users-of-users’ ‘Personal Information’

ST Rocks may collect, store and process certain Personal Information of Users-of-Users (“Users-of-Users Information”), solely on our Users’ behalf and at their direction. For example, each of our Users is able to import their email contacts from third-party services like Gmail, or otherwise collect and manage contacts via their User Website. Such contacts are then stored with ST Rocks, on the User’s behalf.

 For such purposes, ST Rocks serves and shall be considered as a “Processor” and not as the “Controller” (as both such capitalized terms are defined in the European Union General Data Protection Regulation (“GDPR”)) of such Users-of-Users Information.

The Users controlling and operating such User Websites shall be considered as the “Controllers” of such Users-of-Users Information, and are responsible for complying with all laws and regulations that may apply to the collection and control of such Users-of-Users Information, including all privacy and data protection laws of all relevant jurisdictions.

The Processing of the Users-of-users’ Personal Information shall take place within the territory of the European Union, Israel or a third country, territory or one or more specified sectors within that third country of which the European Commission has decided that it ensures an adequate level of protection and such processing and transfer will be in accordance to the Data Processing Addendum – Users (“DPA"). Any transfer to and Processing in a third country outside the European Union that does not ensure an adequate level of protection according to the European Commission, shall be conducted under an approved transfer mechanism, as detailed in the DPA.

You are responsible for the security, integrity and authorized usage of Personal Information about Users-of-Users’, and for obtaining consents, permissions and providing any required data subject rights and fair processing notices required for the collection and usage of such Personal Information.

ST Rocks cannot provide legal advice to Users or their Users-of-Users, however we do recommend that all Users publish and maintain clear and comprehensive privacy policies on their User Websites in accordance with any applicable laws and regulations, and that all Users-of-Users carefully read those policies and make sure that they understand and, to the extent required by applicable law, consent to them.

For more information on how Users-of-Users Personal Information may be handled by ST Rocks (which may be relevant for any specific notice you provide to and/or consent you obtain from your Users-of-Users), please see Sections 412 and 13.

 

If you are a visitor, user or customer of any of our Users, please read the following: ST Rocks has no direct relationship with Users-of-Users whose Personal Information it processes. If you are a visitor, user or customer of any of our Users, and would like to make any requests or queries regarding your Personal Information, please contact such User(s) directly. For example, if you wish to request to access, correct, amend, or delete inaccurate Personal Information processed by ST Rocks on behalf of its Users, please direct your query to the relevant User (who is the “Controller” of such data). If ST Rocks is requested by our Users to remove any Users-of-Users’ Personal Information, we will respond to such requests in a timely manner upon verification and in accordance with applicable law (for example, thirty (30) days under the GDPR). Unless otherwise instructed by our User, we will retain their Users-of-Users’ Personal Information for the period set forth in Section 12 below.

7. Use of cookies and other third-party technologies

We and our Third Party Service Providers use cookies and other similar technologies (“Cookies”) in order for us to provide our Service and ensure that it performs properly, to analyze our performance and marketing activities, and to personalize your experience.

You can learn more about how we use cookies and similar technologies and how you can exercise control over them in our Cookie Policy.

Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, however, most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser.

8. Communications from ST Rocks

8.1. Promotional messages

We may use your Personal Information to send you promotional content and messages by e-mail, text messages, notifications within our platform, marketing calls and similar forms of communication from ST Rocks or our partners (acting on ST Rocks’s behalf) through such means.

If you do not wish to receive such promotional messages or calls, you may notify ST Rocks at any time or follow the “unsubscribe” or STOP instructions contained in the promotional communications you receive.

8.2. Service and billing messages

ST Rocks may also contact you with important information regarding our Services, or your use thereof. For example, we may send you a notice (through any of the means available to us) if a certain Service is temporarily suspended for maintenance; reply to your support ticket or e-mail; send you reminders or warnings regarding upcoming or late payments for your current or upcoming subscriptions; forward abuse complaints regarding your User Website; or notify you of material changes in our Services.

It is important that you are always able to receive such messages. For this reason, you are unable to opt-out of receiving such Service and Billing Messages unless you are no longer a ST Rocks User (which can be done by deactivating your account).

9. Your rights in relation to your ‘Personal Information’

ST Rocks believes that it is imperative that all ST Rocks users have control over their Personal Information. Therefore, depending on the way you use the ST Rocks Services, you may have the right to request access to, receive a copy of, update, amend or delete, port certain Personal Information to another service, restrict, or object to certain uses of your Personal Information (for example, for direct marketing purposes). Further, when we rely on your consent for processing of your Personal Information (for instance, for direct marketing) you can withdraw your consent at any time, and such withdrawal will take effect from thereon.

ST Rocks will not charge you more if you exercise any of these rights and will continue to provide you with the same level of service.

If you are a ST Rocks user, you can access and correct a lot of your Personal Information directly through your account, or via online forms ST Rocks makes available to you (as detailed below). You can also exercise your rights by sending your request to info@STRocks.ca. When we receive your right request, we may take steps to verify your identity before complying with the request to protect your privacy and security.

Before fulfilling your request, we may ask you for additional information in order to confirm your identity and for security purposes. We reserve the right to charge a fee where permitted by law (e.g. if your request is unfounded or excessive).

You have the right to file a complaint with your local supervisory authority for data protection (but we still recommend that you contact us first).

If you are a ST Rocks User, and you wish to receive a copy, access and/or request us to make corrections to the Personal Information that you have stored with us (either yours or your Users-of-Users’), or wish to request a list of what Personal Information (if any) pertaining to you we disclosed to third parties for direct marketing purposes, please follow the instructions provided in these Help Center articles: “Retrieving Your ST Rocks Account Data” or "Permanently Deleting Your ST Rocks Account”. You can also mail your request to ST Rocks.ca , Yunitsman 5 St, Tel Aviv, Israel. We will make reasonable efforts to honor your request promptly (unless we require further information from you in order to fulfil your request), subject to legal and other permissible considerations.

Please note that permanently deleting your ST Rocks account erases all of your Personal Information from ST Rocks's databases. After completing this process, you can no longer use any of your ST Rocks Services, your account and all its data will be removed permanently, and ST Rocks will not be able to restore your account or retrieve your data in the future. If you contact our support channels in the future, the system will not recognize your account and support agents will not be able to locate the deleted account.

10. Questions and complaints

If you have any questions or concerns about our collection, use or disclosure of Personal Information, or if you believe that we have not complied with this Privacy Policy or applicable data protection laws, please contact us – our details are set out at the end of this Privacy Policy.

Our Data Protection Officer team will investigate the complaint and determine whether a breach has occurred and what action, if any, to take. We take every privacy complaint seriously and will make all reasonable efforts to resolve your complaint promptly and in accordance with applicable law.  

You can file a complaint with your local supervisory authority for data protection at any time, however we recommend that you contact us first so we can try to resolve it.

11. Data retention

We may retain your Personal Information (as well as your Users-of-Users’ Personal Information) for as long as your User Account is active, as indicated in this Privacy Policy, or as otherwise needed to provide you with our Services.

We may continue to retain your Personal Information after you deactivate your User Account and/or cease to use any particular Services, as reasonably necessary to comply with our legal obligations, to resolve disputes regarding our Users or their Users-of-Users, prevent fraud and abuse, enforce our agreements and/or protect our legitimate interests.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of such data, the potential risk of harm from unauthorized use or disclosure of such data, the purposes for which we process it, and the applicable legal requirements.

12. Security

ST Rocks has implemented security measures designed to protect the Personal Information you share with us, including physical, electronic and procedural measures. Among other things, we offer HTTPS secure access to most areas on our Services; the transmission of sensitive payment information (such as a credit card number) through our designated purchase forms is protected by an industry standard SSL/TLS encrypted connection; and we regularly maintain a PCI DSS (Payment Card Industry Data Security Standards) certification. We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and Third Party Services for further enhancing the security of our Services and protection of our Visitors’ and Users’ privacy.

Regardless of the measures and efforts taken by ST Rocks, we cannot and do not guarantee the absolute protection and security of your Personal Information, your Users-of-Users’ Personal Information or any other information you upload, publish or otherwise share with ST Rocks or anyone else. We encourage you to set strong passwords for your User Account and User Website, and avoid providing us or anyone with any sensitive Personal Information of which you believe its disclosure could cause you substantial or irreparable harm.

Furthermore, because certain areas on our Services are less secure than others (for example, if you set your Support forum ticket to be “Public” instead of “Private”, or if you browse to a non-SSL page), and since e-mail and instant messaging are not recognized as secure forms of communications, we request and encourage you not to share any Personal Information on any of these areas or via any of these methods.

If you have any questions regarding the security of our Services, you are welcome to contact us here.

13. Third-party websites

Our Services may contain links to other websites or services. We are not responsible for such websites’ or services’ privacy practices. We encourage you to be aware when you leave our Services and to read the privacy statements of each and every website and service you visit before providing your Personal Information. This Privacy Policy does not apply to such linked third party websites and services.

#ItsThatEasy

Our Services may contain links to other websites or services.

14. Public forums and user content

Our Services offer publicly accessible blogs, communities and support forums. Please be aware that any Personal Information you provide in any such areas may be read, collected, and used by others who access them. To request removal of your Personal Information from our blogs, communities or forums, feel free to contact us here. In some cases, we may not be able to remove your Personal Information from such areas. For example, if you use a third party application to post a comment (e.g., the Facebook social plugin application) while logged in to your related profile with such third party, you must login into such application or contact its provider if you want to remove the Personal Information you posted on that platform. 

In any event, we advise against posting any Personal Information (via any means) you don’t wish to publicize.

If you upload any user content to your User Account or post it on your User Website and provide it in any other way as part of the use of any Service, you do so at your own risk.

We have put adequate security measures in place to protect your Personal Information.  However, we cannot control the actions of other Users or members of the public who may access your User Content, and are not responsible for the circumvention of any privacy settings or security measures you or we may have placed on your User Website (including, for instance, password-protected areas on your User Website). You understand and acknowledge that, even after its removal by you or us, copies of User Content may remain viewable in cached and archived pages or if any third parties (including any of your Users-of-Users) have copied or stored such User Content. To clarify, we advise against uploading or posting any information you do not wish to be public.

#ItsThatEasy

Avoid posting any Personal Information to any of the public areas on our Services, or to your own website, if you don’t want it to become publicly available.

16. Updates and interpretation

We may update this Privacy Policy as required by applicable law, and to reflect changes to our Personal Information collection, usage and storage practices. If we make any changes that we deem as “material” (in our sole good faith discretion), we will notify you (using one of the notification methods set forth in Section 15.3 of the Terms of Use) prior to the change becoming effective. In relation to any updated Privacy Policy, we will, as required by applicable law, notify you, seek your consent and/or take any other measures. We encourage you to periodically review this page for the latest Information on our privacy practices. Unless stated otherwise, our most current Privacy Policy applies to all information that we have about you and your Users-of-Users, with respect to our Website, ST Rocks Apps, Mobile Apps and other Services. 

Any heading, caption or section title contained herein, and any explanation or summary under the right “#ItsThatEasy” column, is provided only for convenience, and in no way defines or explains any section or provision hereof, or legally binds any of us in any way.

This Privacy Policy was written in English, and may be translated into other languages for your convenience. You may access and view other language versions by changing your ST Rocks Website language settings. If a translated (non-English) version of this Privacy Policy conflicts in any way with its English version, the provisions of the English version shall prevail.

#ItsThatEasy

We may change this policy at any time. We will notify you of changes as required by applicable law.

17. Contacting us

If you have any questions about this Privacy Policy or wish to exercise any of your rights as described in Sections 9 or 10 please refer to those sections or contact the Data Protection Officer team via info@STRocks.ca email. We will attempt to resolve any complaints regarding the use of your Personal Information in accordance with this Privacy Policy.

For the purposes of GDPR (Article 27), you may contact our EU representative at info@STRocks.ca

Additional Information for U.S. State Residents

This section of our Privacy Policy details what Personal Information we collect about you under U.S. applicable privacy laws and regulations, the sources of the Personal Information, the purposes of use and disclosure, and the categories of third parties that may receive that Personal Information. The information in this section applies to you if you are a U.S. resident in a state with an applicable privacy law or regulation.

Please read this section in combination with the other sections of this Privacy Policy for a complete understanding of how we collect, use, and disclose your personal information.

PRIVACY POLICY
Last updated December 19, 2024
This Privacy Notice for Western Institute of Technology Inc. (doing business as ST Rocks) ('we', 'us', or 'our'), describes how and why we might access, collect, store, use, and/or share (’process') your personal information when you use our services ('Services'), including when you:
• Visit our website at STRocks.ca, or any website of ours that links to this Privacy Notice
• Engage with us in other related ways, including any sales, marketing, or events
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at info@STRocks.ca.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
Do we process any sensitive personal information? Some of the information may be considered 'special' or 'sensitive' in certain jurisdictions, for example your racial or ethnic origins, sexual orientation, and religious beliefs. We do not process sensitive personal information.
Do we collect any information from third parties? We do not collect any information from third parties.
How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.
How do we keep your information safe? We have adequate organisational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the Privacy Notice in full.
TABLE OF CONTENTS
1.    WHAT INFORMATION DO WE COLLECT?
2.    HOW DO WE PROCESS YOUR INFORMATION?
3.    WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
4.    WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
5.    DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
6.    HOW DO WE HANDLE YOUR SOCIAL LOGINS?
7.    HOW LONG DO WE KEEP YOUR INFORMATION?
8.    HOW DO WE KEEP YOUR INFORMATION SAFE?
9.    DO WE COLLECT INFORMATION FROM MINORS?
10.    WHAT ARE YOUR PRIVACY RIGHTS?
11.    CONTROLS FOR DO-NOT-TRACK FEATURES
12.    DO WE MAKE UPDATES TO THIS NOTICE?
13.    HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
14.    HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
1.    WHAT INFORMATION DO WE COLLECT?
Personal information you disclose to us
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make and the products and features you use. The personal information we collect may include the following:
• names
• phone numbers
• email addresses
• usernames
• passwords
• debit/credit card numbers
• billing addresses
• contact or authentication data
• contact preferences
Sensitive Information. We do not process sensitive information.
Payment Data. We may collect data necessary to process your payment if you choose to make purchases, such as your payment instrument number, and the security code associated with your payment instrument. All payment data is handled and stored by Wix. You may find their privacy notice link(s) here: https://www.wix.com/about/privacy.
Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, X, or other social media account. If you choose to register in this way, we will collect certain profile information about you from the social media provider, as described in the section called 'HOW DO WE HANDLE YOUR SOCIAL LOGINS?' below.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information automatically collected
In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs: device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
The information we collect includes:
• Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps'), and hardware settings).
• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
• Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
2.    HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service.
To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.
To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
To send you marketing and promotional communications. We may process the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see 'WHAT ARE YOUR PRIVACY RIGHTS?' below.
To protect our Services. We may process your information as part of our efforts to keep our Services safe and secure, including fraud monitoring and prevention.
To administer prize draws and competitions. We may process your information to administer prize draws and competitions.
To evaluate and improve our Services, products, marketing, and your experience. We may process your information when we believe it is necessary to identify usage trends, determine the effectiveness of our promotional campaigns, and to evaluate and improve our Services, products, marketing, and your experience.
To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them.
To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
To comply with our legal obligations. We may process your information to comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.
3.    WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate business interests.
We may process your information if you have given us specific permission (i.e. express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e. implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:
• If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
• For investigations and fraud detection and prevention
• For business transactions provided certain conditions are met
• If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
• For identifying injured, ill, or deceased persons and communicating with next of kin
• If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
• If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
• If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
• If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
• If the collection is solely for journalistic, artistic, or literary purposes
• If the information is publicly available and is specified by the regulations
4.    WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
In Short: We may share information in specific situations described in this section and/or with the following third parties.
We may need to share your personal information in the following situations:
• Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• When we use Google Maps Platform APIs. We may share your information with certain Google Maps Platform APIs (e.g. Google Maps API, Places API). Google Maps uses GPS, Wi-Fi, and cell towers to estimate your location. GPS is accurate to about 20 meters, while Wi-Fi and cell towers help improve accuracy when GPS signals are weak, like indoors. This data helps Google Maps provide directions, but it is not always perfectly precise.
5.    DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
In Short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
We also permit third parties and service providers to use online tracking technologies on our Services for analytics and advertising, including to help manage and display advertisements, to tailor advertisements to your interests, or to send abandoned shopping cart reminders (depending on your communication preferences). The third parties and service providers use their technology to provide advertising about products and services tailored to your interests which may appear either on our Services or on other websites.
Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.
Google Analytics
We may share your information with Google Analytics to track and analyse the use of the Services. The Google Analytics Advertising Features that we may use include: Google Analytics Demographics and Interests Reporting. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. You can opt out of Google Analytics Advertising Features through Ads Settings and Ad Settings for mobile apps. Other opt out means include http://optout.networkadvertising.org/ and http://www.networkadvertising.org/mobile-choice. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.
6.    HOW DO WE HANDLE YOUR SOCIAL LOGINS?
In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.
Our Services offer you the ability to register and log in using your third-party social media account details (like your Facebook or X logins). Where you choose to do this, we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, email address, friends list, and profile picture, as well as other information you choose to make public on such a social media platform.
We will use the information we receive only for the purposes that are described in this Privacy Notice or that are otherwise made clear to you on the relevant Services. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information, and how you can set your privacy preferences on their sites and apps.
7.    HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this Privacy Notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
8.    HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal Information through a system of organisational and technical security measures.
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
9.    DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly collect, solicit data from, or market to children under 18 years of age, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at ST@STRocks.ca.
10.    WHAT ARE YOUR PRIVACY RIGHTS?
In Short: In some regions, such as Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time, depending on your country, province, or state of residence.
In some regions (like Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section 'HOW CAN YOU CONTACT US ABOUT THIS NOTICE?' below.
We will consider and act upon any request in accordance with applicable data protection laws.
Withdrawing vour consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section 'HOW CAN YOU CONTACT US ABOUT THIS NOTICE?' below.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Opting out of marketing and promotional communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, replying 'STOP' or 'UNSUBSCRIBE' to the SMS messages that we send, or by contacting us using the details provided in the section 'HOW CAN YOU CONTACT US ABOUT THIS NOTICE?' below. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send you service-related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can:
• Log in to your account settings and update your user account.
• Contact us using the contact information provided.
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
Cookies and similar technologies: Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.
If you have questions or comments about your privacy rights, you may email us at info@STRocks.ca.
11.    CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.
12.    DO WE MAKE UPDATES TO THIS NOTICE?
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated 'Revised' date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
13.    HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO) by email at ST@STRocks.ca, or contact us by post at:
Western Institute of Technology Inc. Data Protection Officer 880- 320 Granville Street Vancouver, British Columbia V5B 0G5 Canada
14.    HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please fill out and submit a data subject access request.
;y Policy Terms Of Use Disclaimer Cookie Policy Support Limit the use of my sensitive personal information Do not sell or share my personal information Consent Preferences

bottom of page