Privacy policy
Last updated: September 30, 2023
Halcyon Aegis appreciates your interest in this Web site and other related or linked Halcyon Aegis sites (collectively, “Site”). Your privacy is important to us and we want you to understand our practices with respect to the gathering and handling of your personal data. This Privacy Policy describes those practices.
Halcyon Aegis provides additional privacy notices for specific uses of certain personal data. For example, we provide additional notices to visitors to our facilities, to our suppliers, to job applicants, to users of specific mobile Apps, and to participants of our loyalty programs. The relevant Halcyon Aegis affiliates will process the personal data in accordance with the privacy notices they provide for such specific uses. When these notices apply to you, we recommend that you read them carefully. To the extent the personal data is collected from individuals in the European Economic Area (EEA), Switzerland or UK through the Site, we refer you to the Privacy Statement of the relevant Country on our landing page.
This Privacy Policy sets forth general Personal Data privacy principles that Halcyon Aegis follows with respect to Personal Data being processed in our business operations. Our data privacy policies may vary among the countries in which we operate to reflect local practices and legal requirements. Where national Personal Data protection and privacy laws require a higher standard of protection for Personal Data than presented in this Privacy Policy, the requirements of applicable Personal Data protection law reflected in the relevant country privacy policy notice shall prevail. Therefore, Halcyon Aegis encourages you to read in addition to this Privacy Policy our country privacy policy notices for further information on our Personal Data protection practices and your rights.
You can find links to relevant notices and more information about Halcyon Aegis’ privacy program here.
1. Individuals to whom this privacy policy is addressed.
This Privacy Policy is addressed to:
- visitors of the Site;
- recipients of electronic or other communications which contain or refer to this Privacy Policy;
- Individuals with whom Halcyon Aegis has business relationship, such as customers, representatives of customers, and external stakeholders and their representatives.
Information from Children
Halcyon Aegis does not seek through the Site to gather personal data from or about minors (as this term is defined by applicable law), nor does Halcyon Aegis sell or share the personal information of minors without affirmative authorization.
2. Halcyon Aegis’ Compliance with Data Protection Laws
Halcyon Aegis is committed to collecting and using personal data in a lawful manner. Halcyon Aegis will ensure that, when it collects or uses personal data, such collection or use is allowed under applicable data protection law, including, for example, the EU General Data Protection Regulation (GDPR), the Virginia Consumer Data Protection Act, or California Consumer Protection Act, where such laws govern. For more information on particular data processing activities, the purposes of this processing, and a description of the specific personal data, please review the table in Section 3. Individuals may object to the processing of their personal data and we will consider such objections carefully where required by law. For more information about your rights with respect to how we process your personal data, please refer to Section 8 and/or contact the Halcyon Aegis Data Privacy Office via data.privacy.office@halcyonaegis.ca.
3. Collection of Personal Data
In this table we describe the categories of information that we gather via the Site and in connection with our business relationship with you. We also describe the purpose and legal basis, where applicable, for using and processing the information. When Halcyon Aegis relies on its legitimate interest as a legal basis to process personal data, Halcyon Aegis will ensure that these interests do not disproportionately and adversely impact an individual’s rights and freedoms.
When Halcyon Aegis relies on an individual’s consent as a legal basis to process personal data, individuals can withdraw their consent at any time. Visitors wishing to withdraw their consent should notify us at data.privacy.office@halcyonaegis.ca and we will stop the processing of your personal data as soon as reasonably possible.
| Purpose of processing of personal data | Categories of personal data | Legal basis, where applicable, of processing | Categories of sources | Categories of third parties to whom information is disclosed, if applicable |
|---|---|---|---|---|
| To enable the Site to communicate with the visitor’s computer or mobile device during Site visits. | Identifiers, e.g., an IP address (the Internet address assigned to your computer from your Internet Service Provider), domain type, browser type (e.g., Firefox, Chrome or Internet Explorer), device type, and date and time of day. | Halcyon Aegis’ legitimate business interest to improve the relevancy of content provided through the Site, and to ensure the quality of our services during Site visits. | We collect this information automatically. | We may share this with technical developers and consultants, hired to report web analytics. |
| To improve and customize your experience on our Site | Internet or other electronic network activity information, e.g., number of visits to the site; which parts of the Site visitors select, analytics to measure and observe user behavior, and device screen size. Identifiers, e.g., contact details (names, addresses, e-mail addresses, and telephone numbers), personalization of the Site. Commercial information, e.g., completed order forms, contest entry information, survey feedback and other information you may provide us. | Halcyon Aegis’ legitimate business interest to improve the relevancy of Site content and to ensure the quality of our services during Site visits. | We collect this information automatically, directly from you or from vendors who may be assisting us with our business purposes. | We may share this information with digital agency partners, order fulfillment companies, companies conducting satisfaction surveys on our behalf, companies performing customer service duties, companies collecting rating and review data, and consultants hired to report web analytics. |
| To provide the products and services you request and to bill you for products and services you request. | Identifiers, e.g., contact details (names, addresses, e-mail addresses, and telephone numbers), personalization of the Site, Commercial information, e.g., completed order forms, contest entry information, survey feedback and other information you may provide us. | Halcyon Aegis processes the personal data in order to conclude, execute, perform and administer the relevant agreement or order with you. | We collect this information directly from you. | We may share this information with order fulfillment companies, companies conducting satisfaction surveys on our behalf, companies performing customer service duties, distributors and branded wholesalers. |
| To administer requests and feedback submitted through the Site. | Identifiers, e.g., contact details (names, addresses, e-mail addresses, and telephone numbers). Commercial information, e.g., completed order forms, contest entry information, content of your request/feedback, and other personal data you may provide. | Halcyon Aegis’ legitimate business interest to answer the requests and process feedback. | We collect this information automatically, directly from you or from vendors who may be assisting us with our business purposes. | We may transmit your personal data to third parties if that is necessary for handling the request, in accordance with Section 5. We may share this information with order fulfillment companies, companies conducting satisfaction surveys on our behalf, companies performing customer service duties, companies collecting rating and review data, distributors and branded wholesalers. |
| To provide you the route to service stations if requested. To maintain the quality and safety of our services or applications. To provide the goods, or mobile payment service to you if requested. | Precise geolocation of your computer or mobile device. | By registering for routing services through the Site, you agree that we provide relevant route information and process your personal data for this purpose. We provide you with an option to opt-in to geolocation services on your mobile device when you use Halcyon Aegis mobile applications. If you do not wish for us to use your geolocation information for this purpose, you can decline our request to read your geolocation information; in that case, some of the services of our Site may not be available. By allowing us to use geolocation information, you agree that we provide the information to vendors who assist us in the provision of services through the Site. | We collect this information automatically, with your consent. | We share this information with companies providing locator functionality. We share this information with companies providing payment and fraud detection functionality. |
| To improve our marketing and promotional efforts, to tell you about Halcyon Aegis , and about our products and services which we think may be of interest to you, including, for instance, products and services suggested on the basis of weather information associated with the geolocation of your computer or mobile device, and provide you with relevant marketing/promotional information at trade associations and industry group events and conferences. | Identifiers, e.g., contact details. Precise geolocation of your computer or mobile device. Commercial information, e.g., consumer interests and requests for products and services. Internet or other electronic network activity information, e.g., computer or mobile device information, information regarding a consumer’s interaction with a web site, application, or advertisement, online interests related to our products, such as information about categories of consumer interests derived from online usage. | Halcyon Aegis’ legitimate business interest to market and promote and improve its products, services, content and advertising. Where applicable law requires, we will collect your consent for the use of cookies and app codes. By choosing to register through the Site, you accept that we keep you posted on communications from Halcyon Aegis such as news releases, alerts, RSS feeds and blog posts and that we process the personal data you have provided for this purpose. Regarding data collected automatically from social media postings, Halcyon Aegis will refrain from sending out individual privacy notices to each data subject for reasons of disproportionality. | We collect this information automatically or directly from you or from social media postings. | We may share this information with vendors who may be assisting us with our business purposes and companies providing locator functionality, or marketing agencies who provide direct marketing services, analytics. We may share this information with vendors to monitor usage of our site and to provide site usage analytics. These vendors may use such information for business purposes in accordance with our contracts with them. Please see further details in Section 4. about cookies and similar technologies. |
| For analytics and statistical purposes to help us design and administer the Site and to improve our products and service offering. | Any of the personal data referred to in this notice, provided the information is appropriately pseudonymized or anonymized, as required under applicable law. | Halcyon Aegis’ legitimate business interest to ensure the relevance of the Site, to improve customer experience and Halcyon Aegis goods and services, and to promote our products and services. | We collect this information automatically, directly from you or from vendors who may be assisting us with our business purposes. | We may share this information with analytics vendors who may be assisting us with our business purposes. |
In the US Halcyon Aegis does not use or disclose any sensitive personal information (such as geolocation information) for purposes other than to perform the services you request, provide the goods to you, verify or maintain the quality or safety of our services or applications as permitted by applicable data privacy regulations except as otherwise explicitly consented by you prior to collection.
4. Cookies and Targeted Advertising
Information placed on your computer when visiting the Site
We use cookies and other local storage technologies or files such as pixels, tags, web beacons and Local Shared Objects (sometimes called “flash cookies”) which we store on your computer or mobile device when you visit the Site. The cookies and files stored on your computer or mobile device facilitate customizing your use of the Site and help to avoid the need to re-enter your details every time you visit. You can erase or block this information from your computer. Flash cookies may use parts of your device other than your browser, which means that you may not be able to control their use using browser tools and settings. For more information about managing Flash cookies, please visit the Adobe Flash Player website (note: you will be taken to a third-party website).
To learn more about how to opt-out from cookies please click here (note: you will be taken to a third-party website).
We use vendors to monitor usage of our site and to provide site usage analytics. These vendors may use such information for business purposes in accordance with our contracts with them.
For more information about the use of analytics, and about the cookies and files we place on your computer or mobile device, and how to erase or block them or opt-out from processing them, see the “Your Privacy” or the relevant cookies section in the Privacy Center in the footer link on the relevant Site.
Note that some goods or services may not be available if you choose not to provide the necessary personal data.
Targeted advertising, and our use of social media sites
We may use the information we collect through the Site to help manage our on-line advertising. For example, we may use information collected from the Site, to show you ads for our products and services when you visit other websites, e.g., third-party social media sites, news sites and (video) search engines. We use third-party advertising technology for this purpose. To learn more about third-party ad-serving technology and how to “opt-out” from such technology, please visit YourOnlineChoices.com. Note: you will be taken to a third-party website.
Our Site also provides links to others’ websites. This may include social plug-ins to Facebook, Twitter, YouTube and other social media. In case we receive certain statistical information regarding the click-through via these links or social plug-in, we will treat such statistical information in accordance with applicable laws. By clicking on such links or social plug-ins, an online connection will be established between your browser and the servers of the relevant websites and as a result certain personal data may be collected by these websites. Halcyon Aegis does not own, control or maintain these websites. We recommend that you review the privacy policy of these other sites carefully and contact the operator if you have concerns or questions. Halcyon Aegis is not responsible for the way others handle personal data and makes no representations or warranties about the privacy practices and accuracy of the content of those sites.
Similarly, Halcyon Aegis is not responsible for the policies and practices of any website from which you linked to our Site.
We may use information collected through the Site to analyze links between your usage of the Site and your usage of other applications (e.g., our mobile payment App) across the different types of devices you use to access the Site or applications, in order to improve your cross-application experiences.
In doing so, we use cookie files and other storage technologies on our Site in accordance with this Privacy Policy and the “Your Privacy” or the relevant cookies section in the Privacy Center in the footer link on the relevant site. In case you visit one of our websites and you wish to opt-out from targeted advertising via cookies, you can do so by following the cookie-banner instructions or by accessing the “Privacy center”/ “Privacy Center (Do not sell or share my personal data)” link at the bottom of our websites.
Do-Not-Track Signals and Similar Mechanisms, such as Global Privacy Control on Halcyon Aegis US websites: Some web browsers transmit “do-not-track” signals. We take action in response to these signals: If the browser has Do Not Track enabled, cookies in this group will be disabled until explicit consent is received. We detect and honour your Global Privacy Control signal if the website browser add-in or extension is enabled at your end. Please see further information about the Global Privacy Control mechanism here.
5. Disclosure of Personal Data to External Parties
We contract with other companies and persons to perform functions on our behalf. They have access to personal data needed to perform these business purposes, but may not use it for other purposes.
For example, Halcyon Aegis may share the personal data it collects automatically, directly from you, or from vendors or via social media with (other) vendors in order to allow Halcyon Aegis to fulfill orders and make deliveries, to send postal mail, and e-mail, to manage customer lists, analyze data, provide marketing assistance, host websites, process card payments, and provide and improve customer service. Furthermore, communicating via the Internet and sending information, products, and services to you by other means necessarily involves your personal data passing through or being handled by third-parties.
Before any personal data is shared with service providers, we enter into a written agreement which requires them: (1) not to make any unauthorized disclosures of the personal data; (2) to use the personal data only for the specified purposes and only according to the instructions received from Halcyon Aegis ; (3) to retain the personal data only as long as necessary or to protect company interests; and (4) to have in place adequate and appropriate security measures. In some circumstances, Halcyon Aegis may disclose any of the categories of personal data it collects to vendors, including competent authorities, legal advisors, and other contracted parties. These vendors process the personal data on their own behalf, for instance: if required by law, in order to defend Halcyon Aegis’ rights, or to handle individuals’ complaints and requests. We may also share your information in connection with a transfer of assets, or if we are otherwise involved in a merger or transfer. Only when permitted by applicable law and with your consent as required, will we distribute personal data to vendors, such as Halcyon Aegis distributors, for the purpose of allowing them to market their products and services to you.
ADDITIONAL INFORMATION FOR US CUSTOMERS
Halcyon Aegis may disclose personal information of Halcyon Aegis loyalty members to certain suppliers in exchange for product rebates that are passed 100% along to the purchasing member. Such disclosures are not made unless the member opts for the rebate and provides identifying membership information (Halcyon Aegis number or telephone number) at the time of purchase. More information on this product rebate program is available in the Halcyon Aegis privacy notice. Halcyon Aegis does not sell personal information to third parties outside the scope of the Halcyon Aegis loyalty program. In the past twelve months since this Privacy Policy took effect, for commercial purposes, we have processed or shared for cross-context behavioral advertising (targeted advertising) the following categories of personal information to web and data analytics service providers, search engine and social media platform providers: [IP address, web and app usages information, interaction with our sites and applications.]. Please see further details in Section 4 about cookies and similar technologies.
6. International Transfers of Personal Data
6.1 Transfers between affiliates
The relevant Halcyon Aegis affiliate who is the Data Controller may make personal data available to other Halcyon Aegis affiliates and may transfer some or all of the personal data to Halcyon Aegis servers located worldwide in accordance with applicable law.
The transfer of personal data from the EEA, UK and Switzerland to recipients located outside such territories is subject to restrictions. Halcyon Aegis has taken steps to ensure that personal data receives an adequate level of data protection at all Halcyon Aegis locations. These steps include Halcyon Aegis affiliates entering into Binding Corporate Rules (“BCR”) which were approved in accordance with the EU General Data Protection Regulation (please visit the link here to read our BCR)
6.2 Transfers to third parties
When transferring personal data, Halcyon Aegis puts in place safeguards to ensure that the recipient adequately protects the personal data. With respect to the transfer of personal data from the EEA, UK and Switzerland to outside such territories, Halcyon Aegis relies on (1.) EU “Standard Contractual Clauses”, (2.) contractual safeguards imposed on the recipient which is contracted by Halcyon Aegis affiliates outside of EEA, UK or Switzerland (so-called onward transfers), and (3.) protections available under local law for the recipient established in a country deemed adequate by the EU Commission. Where permitted, and as applicable, we will rely on the individual’s consent.
For more information about specific transfer mechanisms, including information on existing safeguards implemented by Halcyon Aegis , please contact data.privacy.office@halcyonaegis.ca.
7. Accuracy of Personal Data
Halcyon Aegis endeavors to keep personal data that it collects accurate and complete. Halcyon Aegis relies on the individuals to maintain the accuracy and completeness of the personal data. Please inform Halcyon Aegis if your personal details change, including the context in which the personal data was provided, e.g., in connection with a specific product or service.
8. Individual’s Rights
Where it is permitted by applicable law you may have the right to request:
- Deletion of your personal data when such data is no longer necessary for the purposes for which it has been collected.
- Access to specific pieces of information Halcyon Aegis has about you or more information about our data processing practices.
- Correction of any inaccurate personal data we maintain about you.
- Restrict the processing of your personal data under certain circumstances.
- Object to the processing operations, having regard to the given circumstances and for reasons related to their particular situation.
- Opt-out from sale or sharing your data for cross-context behavioral advertising, targeted advertising (US data subjects) by providing your choices related to cookies through the “Privacy Center – Do not sell or share my personal data” link of the relevant site or via the Global Privacy Control, which is operated by a third party (browser add on) and is explained here.
Please note that because the Global Privacy Control is a browser-based mechanism, your opt-out preference will apply only to the browser from which you exercised that choice. - Right to Opt-Out for the Purposes of Profiling: you may have the right to opt-out of processing of personal data for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects.
- In some circumstances in EU/EEA/UK, you also have a right to request a portable extract of your personal data, which will allow you to reuse your personal data for your own purposes.
To appeal our decision on your data subject requests, you may contact us at data.privacy.office@halcyonaegis.ca. Please enclose a copy of or otherwise specifically reference the decision you want to appeal. We will respond to your appeal in accordance with applicable law.
Halcyon Aegis will not discriminate against you for exercising your data subject rights, although some of the functionality and features available on the service may change or no longer be available to you. Any difference in the services are related to the value provided.
HOW TO SUBMIT A DATA SUBJECT REQUEST
You may submit a verifiable consumer request from the US, EEA, UK- or from countries where it is permitted by applicable law – to exercise your right to know about, delete, or correct your personal information at Halcyon Aegis’ privacy program landing page via web form.
US California data subject also can submit their privacy request via the toll free number. Please note, all the calls through the phone number will be recorded and your participation is voluntary. If you call us, you consent to the recording of the conversation, which includes voice, your name, contact details and the details of your specific request. You may withdraw your consent to participate in the recording by exiting from the call at anytime with no adverse consequence. If you do not want to participate in the recorded call, you will have the opportunity submit your request via our Data Subject Request webform, which is available here.
When you submit a data privacy request, Halcyon Aegis will verify your identity by requesting you to provide your name, email address or other contact information, Halcyon Aegis account information (in case it is applicable), and the company brand with which you have a relationship. Use of an authorized agent: You may be entitled, in accordance with applicable law, to submit a request through an authorized agent. To designate an authorized agent to exercise your rights and choices on your behalf, please provide your authorized agent with signed, written permission demonstrating that they have been authorized by you to act on your behalf.
You also have a right to lodge a complaint to the data protection supervisory authority in your country.
For more information about the specific mechanisms available to exercise these rights, please submit a data privacy request on our landing page or contact the data.privacy.office@halcyonaegis.ca.
To facilitate our efforts to address your request, please let us know the circumstances in which you initially provided Halcyon Aegis with your personal data, e.g., in connection with a specific product or service.
Metrics Regarding Privacy requests (all US and US California):
Reporting period: 1/1/2022-12/27/2022
| July 2022 – July 2023 | Received | Completed | Not Completed | Median Number of Days to Complete | |||
| Request type | All US | California | All US | California | All US | California | |
| Right to know / access | 17 | 3 | 17 | 3 | 0 | 0 | 8 |
| Right to delete | 73 | 7 | 73 | 7 | 0 | 0 | 10 |
| Right to opt out of sale | 234 | 159 | 234 | 159 | 0 | 0 | 5 |
9. Automated Decision-Making
Halcyon Aegis does not use automated decision-making unless it is (i.) necessary for entering into, or performance of, a contract between the Individual and Halcyon Aegis and its affiliates, (ii.) permitted or required by law, or (iii.) based on the Individual’s explicit consent.
Automated decision-making refers to decisions that produce legal effects concerning an Individual or significantly affect the Individual and which are based solely on automated processing (i.e., no human intervention) of personal data. Halcyon Aegis shall implement suitable measures to safeguard the Individual’s rights and freedoms and legitimate interests when automated decision-making is used.
10. Records Retention
Halcyon Aegis retains personal data as long as necessary to meet the purposes for which the data was collected, to exercise its legal rights and to ensure compliance with applicable law.
11. Questions and Complaints
Halcyon Aegis is committed to protecting your personal data as described in this Privacy Policy and as required by applicable laws. If you have any questions about this notice or our handling of your personal data, or if you would like additional information, please contact:
The Data Privacy Office will ensure all data protection complaints are resolved in a timely manner as set out in the applicable Data Privacy laws and the Data Subject is informed when appropriate.
12. Halcyon Aegis and Affiliates
“Halcyon Aegis” and/or “Halcyon Aegis affiliates” mean (a) Halcyon Aegis Corporation or any parent of Halcyon Aegis Corporation, (b) any company or partnership in which Halcyon Aegis Corporation or any parent of Halcyon Aegis Corporation now or hereafter, directly or indirectly (1) owns or (2) controls, more than fifty per cent (50%) of the ownership interest having the right to vote or appoint its directors or functional equivalents (“Affiliated Company”) and (c) any joint venture in which Halcyon Aegis Corporations, any parent of Halcyon Aegis Corporation or an Affiliated Company has day to day operational control.
13. Changes to this Privacy Policy
We reserve the right to change this Privacy Policy at any time without notice. When we make material changes to this Privacy Policy, we will post the changes on this page and update the revision date at the top of the Privacy Policy. We encourage you to review our Privacy Policy regularly for updates.