Privacy Policy

Shop Haida Gwaii Privacy Policy

This privacy policy tells you about how we use, protect and disclose personal data that we have collected using both offline means (e.g. via phone, mail, in-person meetings and other correspondence) and online means, such as when our website is accessed or applications owned or operated by Misty Isles Economic Development Society (doing business as “Shop Haida Gwaii”) (“MIEDS”, “we”, “us”) are used, including and its local sub-domains and mobile applications (collectively, the “Site”).

The Site may contain links to other third-party websites or applications. Please be aware that these websites and applications may collect personal data. These websites and applications may have their own privacy notices or policies. 

To the extent any linked websites or applications visited are not owned or operated by MIEDS please be aware that we are not responsible or liable for the websites’ or applications’ content, any use of the websites or applications, or the privacy and security practices and policies of those websites or applications.

Who collects personal data on our behalf?

Our services, including when you register for an account or when you place and order and transact through the Site, are facilitated through processors, such as the Shopify and Marketcube applications, who collect personal data on our behalf for the purposes outlined in this policy. 

These organizations have their own terms of services and privacy policies, which can be found on their websites (Shopify Privacy Policy) (Privacy Policy - (Stripe Privacy Policy).      

What personal data do we collect?

We may collect the following personal data. Please note that we may combine personal data collected from one source with personal data that we have collected from other sources.

  1. Personal data provided voluntarily

We collect personal data voluntarily provided to us directly or through our processors, such as when you register for an account on our Site, or when you place an order and transact through the Site (including tracking orders and managing returns). This personal data may include: 

  • Account details, such as user name, unique user ID, password;
  • Basic personal information, such as name, country of residence;
  • Contact information, such as email address, phone number;
  • Delivery information, such as shipping address, telephone number and payment and invoicing information;
  • Financial information, such as credit card details, bank details; and
  • Any other materials you submit to us, such as articles, images, feedback.


We collect personal data when we engage in correspondence, and we will typically keep a record of such correspondence. This correspondence may include contacting us for support. This personal data may include name and contact information, service information, queries, and other personal data provided to us. 

Credit and anti-fraud information

We may collect personal data relating to your financial situation, your credit worthiness or any criminal or fraudulent activities provided to us by you or third parties, including information which establishes your identity, information about transactions, credit ratings from credit reference agencies, fraud, offences, and suspicious transactions, where your details are included.

Social media information

We maintain presences on social media platforms including, but not limited to Facebook, Instagram, etc. We collect personal data when individuals interact with us on social media. Please note that these social media platforms may set cookies and other tracking technologies on a device when their pages are visited. The output of such information may be provided to us (usually for statistical purposes to see how users interact with our content on social media platforms). Information about how the social media platforms collect and use personal data can usually be found in their respective privacy policies and cookies policies on their websites.

Survey and contest information

We collect personal data where you complete surveys that we may use for research purposes, and where you choose to enter into contests / sweepstakes that we run. This personal data may include your name and contact information and other personal data you may choose to provide us. 


When applying for employment with MIEDS, we are provided with contact information, questions or comments about the job posting, as well as personal data set out in a resume, including educational and employment history. We use this information to review the application and suitability for current employment opportunities, as well as to contact individuals with respect to employment opportunities. We may also be provided with additional personal data through communications as part of the job application process. 

  1. Collection and use of public information

We may also collect, use, store, transfer, share, and disclose personal data that is publicly available for the purposes set out in this privacy policy.

Age of Majority

MIEDS does not provide services intended for individuals under the age of majority in their place of residence and does not therefore knowingly or intentionally collect personal data from these individuals.

Why do we use personal data? 

We may use your personal data for a variety of business purposes, which we have set out below. 

  1. To conduct our business and provide our services and access to our Site
  2. To conduct our business, including to enable use of our services and Site, to respond to queries, to carry out our obligations arising from any agreements entered into and to contact customers or potential customers in connection with the foregoing. This includes processing and fulfilling your orders, returns and exchanges and providing you with information and updates relating to your orders and your account.
  3. To manage your account and / or subscriptions
  4. To determine whether to register you as a user of our Site, to manage your account and subscriptions and to fulfill your benefits that are associated with your use of our services.
  5. To provide communications (about updates and changes) and provide customer support
  6. To communicate about updates to our terms, services and Site and to provide customer support and to respond to requests, comments, questions, or concerns, and to contact customers or potential customers if we have any issues with respect to the same. Such communications are provided by various means, including emails, telephone and SMS. Calls may be recorded for training and monitoring purposes.
    Where you subscribe to an online service, the accompanying emails similarly include a pixel. We track your interaction with these emails and our online services to validate attendance for accreditation purposes, to help determine which information is of interest to you and to customise the advertisements you see on our Sites. If you do not wish the pixel to be downloaded to your device, you should opt-out of email marketing or review emails in plain text format. This information may be connected to your personal identity.
  7. To facilitate payments
  8. To take payment from you when you sign-up for certain features, when you order from us, to provide you with refunds and to process payments when you transact on our Site.
  9. In relation to fraud prevention
  10. To prevent fraud as may be required by applicable law and regulation and best practice at any given time. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or them.
  11. To enable transactions through our Site
  12. To facilitate interactions between users, including listing and promotion of products, shipping and payment. This will require disclosure of data about each party to one another.
  13. To allow you to use interactive features of the Site
  14. To allow you to post a testimonial, review or comment. Please note that such testimonial, review or comment may be read, collected and used by anyone.
  15. To ensure our Site content is relevant and to maintain the security of our Site
  16. To ensure that content from our Site is presented in the most effective and secure manner.
  17. For research and development purposes
  18. To analyze personal data in order to better understand our services and our customers’ services and marketing requirements, and to better understand our business and develop our services and Site. In order to do this, we may apply profiles based on personal data and behavioural information. Such profiles may be used as part of our advertising, analytics, security and provision of support and we may also anonymize and aggregate such personal data.
  19. To administer contests: should we hold contests: where you have entered into contests we will use your personal data to manage and administer such contests, including to award you with any applicable prizes.
  20. To provide marketing materials
  21. To provide updates and offers, where customers or potential customers have chosen to receive these. We may also use personal data for marketing our own and our selected business partners’ products and services by mail, email, SMS and phone and fax. We may also use personal data to market via social media. Where required by law, we will ask for consent at the time we collect the personal data to conduct these types of marketing. Where required by law, we will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent or you may opt-out/change your marketing settings by emailing with a request to be removed.
    *Please also note that our marketing related emails may contain a campaign-unique “web beacon pixel” to tell us how you interact with our communications. We may use this information for purposes including determining which of our emails are more interesting to you and to query if you should continue receiving emails if you do not open them. The pixel will be deleted when you delete the email. If you do not wish the pixel to be downloaded to your device, you should opt-out of email marketing or review emails in plain text format. This information may be connected to your personal identity.
  22. Mobile applications and website analytics
    To understand and analyze online experiences and to determine what events, products and services are likely to be of interest, we may combine visitor session information or other information collected through tracking technologies with personal data.
  23. To enforce our terms and in connection with legal or regulatory obligations
    We may process personal data to enforce our terms and to comply with our legal and regulatory requirements or dialogue with regulators/judicial proceedings/court orders as applicable which may include disclosing personal data to third parties, the court service and/or regulators or law enforcement agencies  in  connection  with  enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.  
  24. To reorganize or make changes to our business
    In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a reorganisation, we may need to transfer personal data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer personal data to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.

Cookies and similar technologies

We use cookies and similar technologies. Cookies are a small amount of information (text files) generated when a website is visited and saved by a web browser in order to remember information. Cookies can be deleted or adjusted using browser settings.

Who do we share personal data with and why?

We may collect, share or disclose personal data for the purposes set out above via or to third parties. These third parties include:

Service providers and processors

Such third parties may include:

  • third-party companies to perform functions on our behalf, including:
    • communication and collaboration; 
    • order fulfilment; 
    • package delivery;
    • postal and email delivery;
    • customer service;
    • product engineering and design; 
    • user authentication; and 
    • sales and marketing services;
  • governmental agencies;
  • hosts of MIEDS’ website, applications and data;
  • financial services providers and payment processors; and
  • data storage, data analytics, data processing, and performance monitoring providers.


Such advisors may include legal, financial, business or other advisors.

Site sellers/users

Third party sellers offer products for sale through our Site, and we will share your personal data with such sellers when you use the Site. 

Other users of the Site

Any personal data you make available publicly, such as by your reviews, comments or testimonials will be shared with other users of the Site. 

Affiliated companies

We may share your personal data we collect with MIEDS subsidiaries and affiliates. 

As our business continues to evolve, we may acquire, establish or sell business units or subsidiaries. Personal data is one of the business assets that would be transferred in these types of transactions. In such a situation, your personal data would only be used in a manner consistent with this privacy policy. 

Third parties as required by law or regulation

We may disclose personal data as required by law or regulation, and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process served on MIEDS.

How do we protect personal data?

MIEDS takes commercially reasonable efforts to protect the personal data under its control. MIEDS utilizes physical, electronic and administrative measures to secure personal data from accidental loss and from unauthorized access, use, alteration and disclosure. The nature of the safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution and format of the information, and the method of storage.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect personal data, we cannot guarantee the security of it transmitted to our Site or through communications. 

If you have any questions or concerns about MIEDS’ security practices, you can send us an email at 

Safeguarding account information

To ensure your username and password remain confidential, do not share this information with anyone. 

International transfers of personal data

General overseas transfers

Our servers, offices and service providers/processors are located in Canada, United States, the United Kingdom and India, and as a result, we may collect, process, store, share, and transfer your personal data in Canada, the United States, the United Kingdom and India.

As such, personal data may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the country or province (including Quebec) in which an individual is located, including in Canada, United States, the United Kingdom and India. As a result, your personal data may be accessible to law enforcement and national security authorities of Canada, the United States, the United Kingdom and India.  

These countries may not provide the same level of data protection as a home country; however, we will take steps to ensure that personal data that is transferred outside a home country is safeguarded as in line with this privacy policy and applicable laws. MIEDS shall require third party service providers to keep your personal data secure, and that it may only be used in connection with providing services to MIEDS.

How long do we keep your personal data?

Our retention periods for personal data are based on business needs and legal requirements. 

We will retain personal data while we are using it, for purposes described above. We may continue to retain it after we have ceased such uses for certain legitimate business purposes. We may also continue to retain personal data to meet our legal requirements or to defend or exercise our legal rights.  

The length of time for which we will retain personal data will depend on the purposes for which we need to retain it. After we no longer need to retain personal data, we will delete it or securely destroy it.  

What are your rights?

MIEDS operates in jurisdictions with data protection laws which may provide different rights to individuals in respect of access, deletion, rectification and limiting processing of personal data. When a request to exercise certain rights in relation to personal data is made, we will need to check the entitlement prior to answering a request.

In general, the following rights are available: 

  • the right to be provided with details about what personal data we hold about you and whether your personal data has been transferred to a third party, and to be provided with a copy of your personal data; 
  • the right to withdraw your consent;
  • the right to stop receiving marketing communication; and
  • the right to require us to update any inaccuracies in the personal data we hold. In order to assist us with this, please keep the relevant information up to date.

Your exercise of these rights may be subject to certain exemptions.
To submit a request regarding personal data by email, please use the contact information outlined below. 

Contacting us 

If you have any queries or complaints about our use of personal data, please contact us directly at

Updates to this privacy policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. 

We will update the date of this document each time it is changed.

Last update: The privacy policy contained herein became officially effective on July 4th, 2022.