Privacy Policy

1. Introduction

Vibellion Events Inc. ("we", "our", "us", or "Vibellion") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, register for events, workshops, or sprints, and interact with our services. This policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws.

By using our website or services, you consent to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

Note: This policy is not intended to provide legal advice. If you have specific questions about your privacy rights, please consult with a legal professional.

2. Information We Collect

We collect information that you provide directly to us, as well as information collected automatically when you interact with our services:

2.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, mailing address
• Account Information: Email address, password (hashed and encrypted), preferences
• Registration Information: Role, company name, city, professional interests, event preferences
• Event Information: Event registrations, attendance records, dietary restrictions, accessibility needs
• Inquiry Information: Messages, questions, feedback submitted through contact forms, corporate inquiries, or partnership requests
• Payment Information: Billing address, payment method details (processed securely through third-party payment processors - we do not store full credit card numbers)
• Membership Information: Waitlist submissions, membership applications, role, city, building/company information

2.2 Information Collected Automatically

• Device Information: IP address, browser type and version, device type, operating system
• Usage Information: Pages visited, time spent on pages, click patterns, referring URLs, search terms
• Location Information: General geographic location based on IP address (city/country level)
• Cookies and Tracking Technologies: See Section 10 for detailed information about cookies

2.3 Information from Third Parties

• Social Media: If you connect your social media accounts, we may receive information from those platforms
• Event Partners: Information shared by event registration platforms or partners (e.g., Eventbrite, Luma)
• Service Providers: Analytics providers, payment processors, email service providers

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: Process event registrations, manage memberships, provide customer support, facilitate event participation
• Communication: Send event confirmations, updates, newsletters (with your consent), respond to inquiries, provide important service notifications
• Payment Processing: Process payments, prevent fraud, manage billing and refunds
• Event Management: Coordinate events, manage attendee lists, ensure safety and security, provide accessibility accommodations
• Improvement: Analyze usage patterns, improve website functionality, enhance user experience, develop new services
• Legal Compliance: Comply with applicable laws, respond to legal requests, protect our rights and interests, enforce our terms and policies
• Marketing: Send promotional communications about events, workshops, and services (only with your explicit consent, which you can withdraw at any time)
• Security: Detect and prevent fraud, abuse, security threats, and other harmful activities

4. Legal Basis for Processing (PIPEDA Compliance)

Under PIPEDA, we process your personal information based on the following legal bases:

• Consent: You have provided explicit consent for specific purposes (e.g., marketing emails, newsletter subscriptions)
• Contractual Necessity: Processing is necessary to fulfill our contract with you (e.g., processing event registrations, providing services you've paid for)
• Legal Obligation: Processing is required to comply with legal obligations (e.g., tax reporting, record-keeping)
• Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving services, ensuring security, and preventing fraud (balanced against your privacy rights)

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

• Payment Processors: To process payments securely (e.g., Stripe, PayPal)
• Email Services: To send emails and notifications (e.g., Resend)
• Analytics Providers: To understand website usage (e.g., Plausible Analytics - privacy-respecting analytics)
• Event Platforms: When you register through third-party platforms (e.g., Eventbrite, Luma)
• Cloud Hosting: To store and process data (e.g., Vercel, AWS)
• Database Services: To store and manage data securely

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users or others.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5.4 With Your Consent

We may share information with other parties when you have given us explicit consent to do so.

6. International Data Transfers

Your information may be transferred to and processed in countries other than Canada, including the United States and other jurisdictions where our service providers operate. These countries may have different data protection laws than Canada.

When we transfer your information internationally, we take appropriate safeguards to ensure your information receives adequate protection, including:

• Contractual clauses requiring protection equivalent to PIPEDA
• Service providers certified under appropriate data protection frameworks
• Regular audits and assessments of our service providers

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data transmitted over the internet is encrypted using SSL/TLS protocols
• Secure Storage: Data stored in secure databases with access controls and encryption at rest
• Access Controls: Limited access to personal information on a need-to-know basis
• Regular Security Audits: Periodic assessments of our security practices and infrastructure
• Password Protection: Passwords are hashed and encrypted (we cannot view your password)
• Payment Security: Payment information is processed through PCI-DSS compliant processors

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Active Accounts: Information retained while your account is active or while you continue to use our services
• Event Records: Registration and attendance records retained for at least 7 years for accounting and legal purposes
• Marketing Lists: Retained until you unsubscribe or withdraw consent
• Legal Requirements: Some information may be retained longer if required by law (e.g., tax records, financial transactions)
• Inquiries: Contact form submissions retained for up to 3 years unless you request deletion

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

9. Your Rights and Choices

Under PIPEDA and other applicable privacy laws, you have the following rights regarding your personal information:

9.1 Right to Access

You have the right to request access to your personal information and receive a copy of the data we hold about you.

9.2 Right to Rectification

You can request correction of inaccurate or incomplete information. We will update your information promptly.

9.3 Right to Deletion

You can request deletion of your personal information, subject to legal obligations that may require us to retain certain data.

9.4 Right to Withdraw Consent

You can withdraw consent for processing based on consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

9.5 Right to Object

You can object to processing based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.

9.6 Right to Data Portability

You can request a copy of your data in a structured, machine-readable format.

9.7 Marketing Opt-Out

You can unsubscribe from marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

To exercise any of these rights, please contact us. We will respond to your request within 30 days.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your use of our website:

10.1 Types of Cookies

• Essential Cookies: Required for the website to function (cannot be disabled)
• Analytics Cookies: Help us understand how visitors use our website (we use privacy-respecting Plausible Analytics)
• Preference Cookies: Remember your settings and preferences

10.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies or alert you when cookies are being sent. However, disabling cookies may affect website functionality.

11. Third-Party Services

Our website and services may contain links to third-party websites or integrate third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies:

• Plausible Analytics: Privacy-respecting web analytics (Privacy Policy)
• Resend: Email delivery service (Privacy Policy)
• Payment Processors: Check respective privacy policies for Stripe, PayPal, or other payment providers
• Event Platforms: Check privacy policies for Eventbrite, Luma, or other registration platforms

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete that information promptly.

13. Data Breach Notification

In the event of a data breach that poses a real risk of significant harm to individuals, we will:

• Notify affected individuals as soon as reasonably possible
• Report the breach to the Privacy Commissioner of Canada if required by law
• Provide information about the breach, the data involved, and steps being taken
• Recommend steps individuals can take to protect themselves

14. Complaints Process

If you have concerns about how we handle your personal information, please contact us first. We will investigate and respond to your concerns.

If you are not satisfied with our response, you may file a complaint with the Privacy Commissioner of Canada or your provincial privacy commissioner, as applicable.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date. We encourage you to review this policy periodically to stay informed about how we protect your information.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.