866-889-1906
mobile menu icon
866-889-1906

Stay Connected

Get marketing insights straight to your inbox.

Are you looking for a new agency?

866-889-1906
Skip to main content

Privacy Policy

1.0 Overview

Metric Marketing services require the collection of personal data to meet our business objectives and serve our clients needs. In order to do this, we must comply to laws, regulations, and best practices to ensure that we collect information in a manner that protects our clients’ and business partners’ privacy. 

This privacy policy has been carefully developed to ensure compliance with the data protection laws that govern our business activities. Specifically, it adheres to Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), the California Consumer Privacy Act (“CCPA”), and the General Data Protection Regulation (“GDPR”).

PIPEDA establishes the rules for collecting, using, and disclosing personal data in the course of commercial activities within Canada. On the other hand, the CCPA grants specific rights to California residents concerning their personal information collected by businesses, and the GDPR focuses on safeguarding the privacy and data rights of individuals within the European Union.

Our privacy policy aims to encompass all relevant legal requirements from these three data protection regulations to ensure the fair and lawful treatment of personal information and uphold the privacy rights of individuals. While it meets the standards set by PIPEDA, CCPA, and GDPR to ensure a comprehensive approach to data protection, we place particular emphasis on adhering to the Canadian standards and principles outlined in PIPEDA. This emphasis is due to our head office being located in Canada. 

This policy applies to all employees of Metric Marketing, contractors, and third-party business partners who handle confidential and sensitive information on behalf of Metric Marketing.

This policy will be reviewed on an annual basis by the respective owners of this policy.

1.1 The Ten Principles of PIPEDA

The ten principles of PIPEDA that form the basis of this Privacy Policy are as follows:

  1. Accountability: PIPEDA underscores an organization’s duty to safeguard personal information and appoint accountable individuals for adherence to its principles. These designated individuals remain responsible, even if data collection is delegated. Their identity is shareable upon request. Organizations must protect personal data, even when processed by third parties, ensuring equivalent safeguards. Compliance requires implementing policies, safeguarding information, handling complaints, staff training, and effective policy communication.
  2. Identifying Purpose: Organizations hold the crucial responsibility of purposefully collecting personal information, ensuring alignment with their objectives. Transparency is essential, as individuals must be informed about data collection reasons orally or in writing. Should new purposes emerge, obtaining renewed consent upholds privacy and autonomy. This unwavering commitment reflects ethical and responsible personal data handling.
  3. Consent: Organizations under PIPEDA must obtain meaningful consent for collecting, using, and disclosing personal information. Consent should be clear, understandable, and linked to specific purposes. Individuals have the right to withdraw consent, and organizations must inform them of the implications. Choice is provided for non-integral data activities, and sensitivity is considered in the consent process.
  4. Limiting Collection: Organizations must collect only necessary personal data for legitimate purposes, being transparent about the reasons. Data should be collected using fair and lawful means to prevent deception and ensure privacy protection.
  5. Limiting Use, Disclosure and Retention: Organizations must use or disclose personal information solely for the identified purposes, unless consented otherwise or required by law. Personal data should be retained only as long as necessary for serving those purposes. Maintaining awareness of collected personal information, its location, and usage is vital. Obtaining renewed consent for new purposes is crucial. Guidelines and procedures should be established for retaining and destroying personal information responsibly.
  6. Accuracy: Organizations are required to keep personal information in files accurate and up to date. 
  7. Safeguards: Organizations are required to protect personal information in a way that is appropriate to its sensitivity. However, all personal information (regardless of how its stored) is to be protected against loss, theft or any unauthorized access, disclosure, copying use or modification. 
  8. Openness: Organizations are to inform both customers and employees of their practices for handling personal information.
  9. Individual Access: Organizations are to provide individuals with information about their personal data, its sources, and how it is used or disclosed. Access to their information will be granted at minimal or no cost, with options for copies or viewing. We will promptly correct any inaccuracies and note disputes, ensuring transparency and accountability.
  10. Challenging Compliance: Organizations are to prioritize providing recourse by establishing simple complaint handling and investigation procedures. Complainants must be informed about available avenues, including internal complaint processes, industry associations, regulatory bodies, and the Office of the Privacy Commissioner of Canada. All complaints will be diligently investigated, ensuring transparency and accountability. Any problematic information-handling practices or policies will be promptly improved and rectified.

1.2 Definitions

The California Consumer Privacy Act (CCPA) is a comprehensive privacy law that grants California residents enhanced rights and control over their personal information. Enacted on January 1, 2020, the CCPA aims to improve transparency and accountability regarding the collection, use, and disclosure of personal data by businesses.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, and applies to all European Union (EU) member states. It is designed to enhance the protection of individuals’ personal data and provide them with greater control over how their information is processed by organizations.

“Personal Information” which is defined under PIPEDA as information that includes any factual or subjective information, recorded or not, about an identifiable individual. This includes information in any form, such as: age, name, ID numbers, income, ethnic origin, or blood type, opinions, evaluations, comments, social status, or disciplinary actions, employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, and intentions (for example, to acquire goods or services, or change jobs).

“Data” refers to raw facts, statistics, or information that are collected, stored, and processed in various formats. It can be in the form of numbers, text, images, or any other representation. Data is essential for decision-making, analysis, and gaining insights in various fields, including business, science, technology, and everyday life.

“Consent,” in the context of information collection, refers to the explicit permission or agreement given by an individual to an organization or entity to collect, use, and/or disclose their personal information for specific purposes. It involves individuals being fully informed about the nature, extent, and consequences of the data collection, and they must provide their consent voluntarily and without coercion. Consent is a fundamental principle in data protection and privacy laws, ensuring individuals have control over their personal data and how it is utilized by organizations.

“Disclosure” refers to the act of sharing an individual’s personal information with third parties outside our organization. This may occur for specific purposes such as meeting legal requirements, providing essential services, or collaborating with trusted partners. Prior to any disclosure, we ensure that individuals have given explicit consent or that such disclosure is permitted by applicable data protection laws.

“Retention” refers to the duration for which we retain an individual’s personal information in our records after its initial collection. We ensure that personal data is only stored for the necessary period required to fulfill the purposes for which it was collected or as required by applicable laws and regulations.

2.0 Purposes of Collecting Personal Information 

Metric Marketing collects personal information about our clients to provide them with our services and enable us to serve them better and continue developing our business and operations. Specifically Metric Marketing collects uses and discloses  personal information for the following purposes: 

  • To establish, maintain and manage our client relationships to provide services that have been requested.
  • To be able to comply with client requests or inquiries.
  • To establish and maintain commercial relationships including to issue invoices, administer accounts, collect, and process payments, and to fulfill contractual obligations.
  • To understand and respond to client needs and preferences, including to contact and communicate with clients and to conduct surveys, research, and evaluations.
  • To monitor quality control and respond to questions and concerns through correspondence with clients.
  • As permitted by and to comply with any legal or regulatory requirements or provisions, including in relation to adverse event reporting.
  • For any other purpose to which clients give consent.

3.0 Consent  

It is important that where we collect, use, or disclose your personal information we have your consent to do so. In general, we seek to obtain your express informed consent before collecting your information. 

Express consent can be given electronically or in writing.

Subject to legal or contractual restrictions and reasonable notice, you may change or withdraw your consent at any time by contacting us at the address indicated below.

In some circumstances, a change in or withdrawal of consent may severely limit our ability to provide our services or information that you requested or that could be offered to you. All communications with respect to such withdrawal or variation of consent must be in writing and addressed to us.

This Privacy Policy does not cover statistical data from which the identity of individuals cannot be determined. Metric Marketing retains the right to use and disclose statistical data as it determines appropriate.

4.0 Limited Collection of Personal Information 

Personal information collected will be limited to the purposes set out in this Privacy Policy, Metric Marketing applications, and/or other forms.

5.0 Limiting Use, Disclosure and Retention 

Personal information will be used for only those purposes to which the individual has consented with the following exceptions, as permitted under PIPEDA: 

  • The organization has reasonable grounds to believe the information could be useful when investigating a contravention of a federal, provincial, or foreign law and the information is used for that investigation. 
  • An emergency exists that threatens an individual’s life, health, or security. 
  • The information is for statistical study or research. 
  • The information is publicly available. 
  • The use is clearly in the individual’s interest, and consent is not available in a timely way. 
  • Knowledge and consent would compromise the availability or accuracy of the information; and  
  • Collection is required to investigate a breach of an agreement. 

6.0 Accuracy 

Metric Marketing endeavors to ensure that any personal information provided by the individual is accurate, current, and complete as is necessary to fulfill the purposes for which the information has been collected, used, retained, and disclosed. 

Individuals are requested to notify Metric Marketing of any change in personal or business information. 

7.0 Safeguards

Metric Marketing will use physical, organizational, and technological measures to safeguard personal information to only those Metric employees, contractors, or third parties who need to know this information for the purposes set out in this Privacy Policy. 

Physical Safeguards: Metric Marketing head office is not open to the public and has physical security protection to prevent unauthorized access. All client physical documents are also kept in secure locked filing systems. Metric Marketing entrust data hosting to reputable third-party providers with state-of-the-art data centers featuring strict physical access controls, surveillance, and environmental monitoring. These measures ensure robust physical security for your data, complementing our digital safeguards. 

Organizational Safeguards: Access to personal information will be limited to approved personnel. Members of Metric Marketing are not permitted to copy or retain any personal information on individuals or clients and must return for destruction all such information given to them to review once the purpose for being provided with this information has been fulfilled. 

All employees, contractors and third-party business partners and vendors are required to sign a confidentiality agreement binding them to maintaining the confidentiality of all personal information to which they have access.  

All personal information no longer required is shredded prior to disposal to prevent inadvertent disclosure to unauthorized persons.

Technological Safeguards: Personal information contained in Metric Marketing’s computers and electronic databases are password protected in accordance with Metric Marketing’s information security standards. Access to any of the Metric Marketing’s computers is also password protected. Metric Marketing’s internet router and servers have firewall protection sufficient to protect personal and confidential business information against virus attacks and “sniffer” software arising from internet activity. Metric Marketing entrusting data storage to third-party providers bound by privacy laws and strict security protocols. All data is encrypted for protection against unauthorized access, and secure data transmission is ensured through SSL encryption.

8.0 Individual Access

Upon written request, and subject to certain exceptions, Metric Marketing will inform our clients of the existence, use, and disclosure of their personal information and will give clients access to that information.

Access requests should be sent to Metric Marketing, using the contact information in the “Contact us” section of this Policy.

When a client requests access to their personal information, we will request specific information from the client to enable us to confirm their identity and right to access, as well as to search for and provide the personal information that we hold about the client.

Metric Marketing reserves the right to charge a fee to access a client’s personal information to cover Metric Marketing’s costs; we will advise clients of this fee in advance.

A client’s right to access personal information is not absolute. Applicable law or regulatory requirements may allow or require Metric Marketing to deny a client access where access would inhibit the ability of Metric Marketing to comply with a legal obligation; where it has already been destroyed due to legal requirements or because we no longer need it for our business purposes and where access would reveal personal information about a third party.

In the event that Metric Marketing cannot provide a client with access to their personal information, the client will be informed of the reasons, subject to any legal or regulatory restrictions.

9.0 Complaints and Recourse 

Clients are to advise Metric Marketing if they believe that their personal information is inaccurate. Clients have the right to ask for it to be corrected or updated. Metric Marketing will ask clients to provide documentation to support their request for correction or updating. 

An individual who has a concern about Metric Marketing’s personal information handling practices, a complaint, in writing, may be directed to Metric Marketing’s Privacy Officer. 

Upon verification of the individual’s identity, Metric Marketing’s Privacy Officer will act promptly to investigate the complaint and provide a written report of the investigation’s findings to the individual.

Where Metric Marketing’s Privacy Officer decides that the individual’s complaint is well founded, the Privacy Officer will take the necessary steps to correct the offending information handling practice and/or revise Metric Marketing ’s privacy policies and procedures. 

Where Metric Marketing ’s Privacy Officer determines that the individual’s complaint is not well founded, the individual will be notified in writing.  

If the individual is dissatisfied with the finding and corresponding action taken by Metric Marketing’s Privacy Officer, the individual may bring a complaint to the Federal Privacy Commissioner (OPC) at the address below: 

Office of the Privacy Commissioner of Canada
30, Victoria Street
Gatineau, Quebec
K1A 1H3

Additional information to contact the OPC can be found at: OPC – Office of the Privacy Commissioner of Canada

For CCPA and GDPR related concerns, Metric Marketing’s Privacy Officer will also review and address the issues in accordance with the relevant provisions of the California Consumer Privacy Act and the General Data Protection Regulation.

10.0 Changes to this Policy; Interpretations

Metric Marketing reserves the right to modify or supplement this Policy at any time. 

If any changes are made to Metric Marketing’s use, collection or disclosure of your personal information that require your consent, we will not implement such changes until consent has been obtained. This Policy does not create or confer upon any individual rights or impose upon Metric Marketing any rights or obligations outside of, or in addition to, any rights or obligations imposed by Canada’s federal and provincial privacy laws, as applicable. 

Should there be, in a specific case, any inconsistency between this Policy and Canada’s federal and provincial privacy laws, as applicable, the California Consumer Privacy Act (CCPA), or the General Data Protection Regulation (GDPR), this Policy shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy laws, CCPA, and GDPR. The goal is to ensure that the highest level of privacy protection is upheld, and any conflicts or discrepancies between this Policy and the mentioned privacy laws from different jurisdictions should be resolved in a manner that respects the rights and obligations set forth in each respective regulation.

11.0 Contact Us

Metric Marketing has a responsible compliance with this Policy. Should you have questions about this Policy or collection, use and disclosure practices of Metric Marketing, you may contact: 

Metric Marketing
Attention: Privacy Officer
Address: 291 Garry Street, Winnipeg, Canada R3C 1H9

Email: [email protected] 

12.0 Policy Review

This Policy is to be reviewed annually to ensure its effectiveness and alignment with legal, regulatory, and best practices. Any necessary updates or amendments will be communicated to all relevant stakeholders.