The Mrs Clean are committed to safeguarding and preserving the privacy of all personal data which may be provided to our company in relation to:
- the ongoing running of and organization of our legitimate business activities or services;
- visits to our websites or mobile applications; or
- any other interaction with us.
- This may include personal data that you provide to us, or that we collect from you.
Mrs Clean is processing your personal data to provide cleaning services. The legal basis for processing your personal data is legitimate interests to meet our contractual obligations to customers in relating to providing cleaning and associated services; and to respond to potential customer enquiries.
Furthermore to promote the cleaning and associated services offered by Mrs Clean and/or to market the services offered by Mrs Clean to existing customers.
Your personal data is passed to our cleaning team in order for them to carry out their contract with Mrs Clean and clean your property.
Your personal data is passed to Jobber who manages our CRM system.
We will update this Policy from time to time to keep us in line with current CA Legislation, therefore you may wish to revisit this to view any up to data content.
Terms and Definitions
Personal Information Protection and Electronic Documents Act (PIPEDA) dated 13 April 2000, last amended 21 June 2019, is a regulation by the Office of the Privacy Commissioner of Canada to strengthen and unify data protection for all individuals within Canada. It also addresses the export of personal data outside Canada.
Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data Controller: the entity that determines the purposes, conditions and means of the processing of personal data.
Data Processing: any operation performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Processor: the entity that processes data on behalf of the Data Controller.
Data Protection Authority: national authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the Union.
Data Protection Officer (DPO): an expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the PIPEDA.
Data Subject: a natural person whose personal data is processed by a controller or processor.
Personal Data: any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person
Profiling: any automated processing of personal data intended to evaluate, analyze, or predict data subject behavior.
Regulation: a binding legislative act that must be applied in its entirety across the Union.
Subject Access Right: also known as the Right to Access, it entitles the data subject to have access to and information about the personal data that a controller has concerning them.
Who are we?
Where this Policy refers to `we`, `us`, `our` it refers to Mrs Clean. Our business provides domestic and commercial cleaning services.
We act as sole Data Controller only in our capacity as an employer and in relation to any data submitted via our website contact form which is separate from, and not in relation to direct instructions received from our existing customers. Our employees have been provided with further information on privacy via our Employee Handbook which is an internal document.
Contact Details for Data Controller
The Data controller is: Mrs Clean, Unit 112, 7710 5 St SE, Calgary AB, T2H 2L9.
Data protection enquiries should be directed to the above address or by emailing firstname.lastname@example.org or by telephone.
Our Data Protection Principles
Principle 1: Lawfulness, Fairness and Transparency
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. This means, Mrs Clean must tell the data subject what processing will occur (transparency), the processing must match the description given to the data subject (fairness), and it must be for one of the purposes specified in the applicable data protection regulation (lawfulness).
Principle 2: Purpose Limitation
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This means Mrs Clean must specify exactly what the personal data collected will be used for and limit the processing of that personal data to only what is necessary to meet the specified purpose.
Principle 3: Data Minimisation
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. This means Mrs Clean must not store any personal data beyond what is strictly required.
Principle 4: Accuracy
Personal data shall be accurate and kept up to date. This means Mrs Clean must have in place processes for identifying and addressing out-of-date, incorrect and redundant personal data.
Principle 5: Storage Limitation
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. This means Mrs Clean must, wherever possible, store personal data in a way that limits or prevents identification of the data subject.
Principle 6: Integrity & Confidentiality
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing, and against accidental loss, destruction or damage. Mrs Clean must use appropriate technical and organizational measures to ensure the integrity and confidentiality of personal data is maintained at all times.
Principle 7: Accountability
The Data Controller shall be responsible for, and be able to demonstrate compliance. This means Mrs Clean must demonstrate that the six data protection principles (outlined above) are met for all personal data for which it is responsible.
What Personal Data will we Collect
We will collect information from the data subject where one of the following apply:
The nature of the business necessitates collection of the personal data.
Collection of personal data may be carried out under emergency circumstances in order to protect the vital interests of the data subject; or to prevent serious loss or injury to another person.
How we will communicate
We will use the information collected to:
- provide legitimate documentation to employees and customers relating directly to the proper performance of our business services;
- process quotations, invoices and other financial information relating to the services provided to you;
- communicate via telephone and email regarding the services you receive, or advise of matters of safety in relation to services;
- discuss and provide information to legitimate suppliers or subcontractors of associated services in order that those services can be provided as per our service agreement;
- The use of such data is based on legitimate business interests in providing services to you. If you make initial contact with us, you consent to us maintaining a dialogue with you until you either opt out (which you can do at any stage) or until services are canceled by either party. We may also act on behalf of our customers in the capacity of a data processor. When working exclusively as a data processor, we will act on the instruction of our customer, and we will work hard to ensure that the customer remains fully PIPEDA compliant.
People accessing our website (ie Data Subjects) may visit our site anonymously. We will collect personal data from users only where it is voluntarily submitted and any such information provided to us is deemed part of taking part in the activity of the site.
Users contacting us via our website enquiry form do so at their own discretion. Personal details provided for the purposes of a website enquiry may include, but are not limited to:
- Phone number;
- email address;
- additional data which the enquirer may provide which may include an address or mobile phone number etc.
- Our website enquiry form does not store or retain information. Information is passed securely via email to the company’s Business Director. Personal data provided is kept private and stored securely until such time it is no longer required or has no further use. Whilst we have made every effort to ensure a safe and secure contact form to email submission process; we do advise users that in providing personal data that they do so at their own risk.
By using this site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our site. Your continued use of the site following the posting of changes to this policy will be deemed your acceptance of those changes.
No personal details from our website are passed on to third parties, nor shared with other companies or people outside of the company that operates the website. We use Google Analytics to gather data on our website visitors for marketing purposes. All data is anonymous, and no personally identifiable information is collected.
Although our website only looks to include quality, safe and relevant external links, users should always adopt a policy of caution before clicking any external web links mentioned throughout this website.
Disclosure of Information
We do not broker or pass on information to third parties for marketing purposes, or any other purpose not associated with our business needs, without your consent. However, we may disclose personal data to meet legal obligations, regulations or valid government department requests. We may also enforce our Terms and Conditions, including investigating potential violations of our Terms and Conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of our business, our customer.
How Long will we Retain Data For
Data will only be held for as long as necessary to fulfill the purpose of the processing of such data and for statutory or legal reasons.
We will store customer data for the duration of our contractual relationship and up to a period of three years after our contractual relationship has ended. This may be for financial requirements or if we believe it may be necessary to handle any future potential complaints or claims.
We will store customer contact data for as long as you wish to receive information and service communications from us.
Your Rights as a Data Subject
At any point whilst we are in possession of, or processing your personal data, all data subjects have the following rights:
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organization.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
In the event that we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
At your request we can confirm what information we hold about you and how it is processed.
You can request the following information:
- Identity and the contact details of the person or organization (Mrs Clean) that has determined how and why to process your data.
- Contact details of the data protection officer, where applicable.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of our business, or a third party such as one of our clients, information about those interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (PIPEDA).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
International Transfer of Data
We host applications and data on industry leading cloud-based servers, whose data centers are held within Canada using different (multiple) servers which have been thoroughly tested for security, availability and business continuity. The infrastructure for application servers is managed and maintained by each service provider. We have undertaken a check of each service provider’s security and privacy policies and have deemed that these are suitable and sufficient to meet requirements.
Any staff member who suspects that a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data might have occurred, must immediately notify the Data Controller and provide a description of the circumstances. Notification of the incident can be made via email, by telephone, or in person.