VIVID MEDIA GROUP
COMPREHENSIVE PRIVACY POLICY
Vivid Media Group (“Organization,” “we,” “us,” or “our”) is committed to maintaining the accuracy, confidentiality, and security of Personal Information. This Privacy Policy is issued pursuant to the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private-sector privacy legislation, and other applicable federal and provincial laws and regulations.
1. SCOPE AND JURISDICTION
This Policy governs the collection, use, disclosure, and retention of Personal Information in the course of our commercial activities, including through our primary domain vividmediagroup.ca, the subsidiary domain vividweb.ca, and all associated web applications (collectively, the “Application”).
A. Governing Law: This policy shall be interpreted and enforced in accordance with the laws of the Province of Ontario and the applicable federal laws of Canada, including PIPEDA.
B. Data Source: This Policy specifically addresses the handling of information received via Third-Party Application Programming Interfaces (“APIs”), including but not limited to those provided by LinkedIn, X (formerly Twitter), Facebook, and Instagram (collectively, “Platform Data”).
2. ACCOUNTABILITY AND PRIVACY OFFICER
Vivid Media Group is responsible for all Personal Information under its control.
| Organization: | Vivid Media Group |
| Business Location: | Ontario, Canada |
| Privacy Officer/Designate: | [Title of Designated Privacy Officer/Compliance Officer] |
| Contact for Inquiries: | [A dedicated email address, e.g., legal@vividmediagroup.ca] |
| Mailing Address: | [Vivid Media Group Corporate Address, Ontario, Canada] |
The designated Privacy Officer is accountable for the Organization’s compliance with this Policy and PIPEDA’s Fair Information Principles.
3. IDENTIFICATION OF PURPOSES AND CONSENT
We shall only collect Personal Information for purposes that a reasonable person would consider appropriate in the circumstances. The purposes for which we collect Personal Information shall be identified at or before the time of collection.
A. Information Collected (Platform Data):
We collect Platform Data exclusively to [State the single, specific, and non-restricted purpose of your application, e.g., provide administrative management and analytical reporting for authorized brand Pages and Profiles]. This may include:
- Identifiers: Platform User ID, Page ID, Organizational ID.
- Engagement Metrics: Impressions, reach, clicks, and associated analytics.
- Limited Content Data: Posts and comments (excluding sensitive or unnecessary Member/User Data).
B. Consent (PIPEDA Requirement):
The knowledge and meaningful consent of the individual are required for the collection, use, or disclosure of Personal Information.
- By authorizing our Application through a Third-Party Platform’s API, the user provides express consent for the collection and processing of Platform Data solely for the specific purposes delineated herein.
- Should the purpose for processing Personal Information change, the Organization shall obtain new consent prior to such use or disclosure.
4. LIMITING COLLECTION, USE, AND DISCLOSURE
A. Limiting Collection:
The collection of Personal Information shall be limited to that which is necessary for the purposes identified by the Organization. We shall not collect, use, or disclose Platform Data in a manner that exceeds the scope of the consent provided or the requirements of the respective API Terms of Use.
B. Prohibited Uses (API Compliance – LinkedIn Minimum Standard):
The Organization shall not use, or allow any third party to use, Platform Data for any Restricted Use Cases, including but not limited to:
- Recruiting or Sales Activity: Using Platform Data to generate leads, identify sales prospects, or source talent for employment.
- Data Enhancement: Combining Platform Data with any other data (our data, other third-party data, or other Platform Data) to enrich, supplement, or create unauthorized user profiles, reference tables, or leads.
- Export/Transfer: Exporting, distributing, or transferring Platform Data to any external system, including Customer Relationship Management (CRM) tools or marketing automation platforms, other than for authorized internal display within the Application.
C. Disclosure:
We shall not disclose Personal Information to any third parties without express consent, except where required by law (e.g., pursuant to a warrant, court order, or regulatory request).
5. DATA RETENTION AND STORAGE LIMITATION
Personal Information shall be retained only as long as necessary to fulfill the purposes for which it was collected, or as required by the stringent terms of the underlying API, whichever is shorter.
A. Platform-Specific Retention:
We strictly adhere to all Third-Party Platform Data retention requirements. For instance, in compliance with the most stringent API terms (such as LinkedIn’s):
- Member Social Activity Data shall be stored for a maximum period of forty-eight (48) hours from the time of collection.
- Most Member Profile Data shall be stored for a maximum period of twenty-four (24) hours from the time of collection.
Upon expiry of the retention period, the Personal Information shall be securely destroyed, erased, or rendered irrevocably anonymous.
6. SAFEGUARDS AND ACCURACY
A. Safeguards:
Personal Information shall be protected by security safeguards appropriate to the sensitivity of the information. We maintain physical, organizational, and technological security measures to protect against loss, theft, unauthorized access, disclosure, copying, use, or modification.
B. Accuracy:
Personal Information shall be kept as accurate, complete, and up-to-date as is necessary to fulfill the purposes for which it is to be used. We shall rely on the information provided directly by the individual or the respective Third-Party Platform APIs.
7. OPENNESS AND INDIVIDUAL ACCESS
A. Openness:
We shall make information about our policies and practices relating to the management of Personal Information readily available and clearly understandable to individuals. This Privacy Policy is published and maintained on our primary domain, vividmediagroup.ca.
B. Individual Access (PIPEDA Right):
Upon written request to the Privacy Officer, an individual shall be informed of the existence, use, and disclosure of their Personal Information and shall be given access to that information. A response shall be provided within thirty (30) days of receipt of the request.
C. Correction and Withdrawal of Consent:
Individuals shall be able to challenge the accuracy and completeness of their Personal Information and have it amended as appropriate. An individual may also withdraw their consent to the use and disclosure of their Personal Information at any time, subject to legal or contractual restrictions and reasonable notice.
8. CHALLENGING COMPLIANCE AND DATA BREACH NOTIFICATION
An individual shall be able to challenge the Organization’s compliance with the aforementioned principles. Challenges should be addressed to the Privacy Officer.
Data Breach Notification: Pursuant to PIPEDA, in the event of a breach of security safeguards involving Personal Information under our control where it is reasonable to believe that the breach creates a real risk of significant harm to an individual, we shall notify the Office of the Privacy Commissioner of Canada (OPC) and the affected individuals as soon as feasible.
9. POLICY REVIEW AND AMENDMENT
This Policy shall be reviewed and updated periodically to ensure ongoing compliance with Canadian law, including any future private-sector privacy legislation in Ontario, and the evolving terms and conditions of Third-Party Platform APIs. All amendments shall be deemed effective immediately upon publication of the revised Policy.
END OF POLICY