Privacy Policy
Thank you for your interest in this Privacy Policy, and welcome to www.fullyramped.io (our “website”). At Fully Ramped, we want you to feel comfortable on our website and not have to worry about the security of your data. In this Privacy Policy, you will find all the information about which Personal Data we collect and process and for what purpose. Equally, we will also inform you of your data protection rights and how you can assert them.

GENERAL PRINCIPLES 

What is Personal Data?

Personal Data is "any information relating to an identified or identifiable natural person. This includes, for example, name or address data, telephone number, mobile number, or online identifiers such as your device ID and your IP address.

What is Special Category Data?

Special category data is Personal Data that needs more protection because it is sensitive. This includes Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, and biometric data. As well as data concerning health, a person’s sex life; and a person’s sexual orientation. In order to lawfully process Special Category Data, it is necessary to consent to the processing.

What is processing?

"Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

Who is the data controller?

A “data controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. In this sense, Fully Ramped Consulting Ltd, 2913 Pilatus Run, Victoria, British Columbia, Canada, V9B 0R4 (“Fully Ramped”, “we”, “us”, “our”) is the data controller. If you have any questions about this policy, or about data protection at Fully Ramped in general, please email us using info@fullyramped.io with “Data Protection” in the subject line.

What law applies?

Our use of your Personal Data is subject to Canada's Personal Information Protection and Electronic Documents Act (“PIPEDA”), the UK's Data Protection Act (“DPA”), the EU's General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly.

What are the Legal Bases for processing Personal Data

We have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent; b) the data is necessary for the fulfilment of a contract / pre-contractual measures; c) the data is necessary for the fulfilment of a legal obligation; or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden. 

Who is the competent data protection authority?

You also have the right to complain about our processing of Personal Information to a supervisory authority responsible for data protection. The competent data protection authority in Canada is: The Office of the Privacy Commissioner of Canada, 30 Victoria Street, K1A 1H3, Gatineau, Quebec, Canada (www.priv.gc.ca)

How long will you keep my data?

We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists (in particular commercial and tax law in accordance with Canada`s Commercial and Fiscal Rules and Regulations for up to 8 years. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted. 

WHAT PERSONAL DATA DO WE PROCESS?

Technical Data

When you access our website, some access data is recorded automatically and stored in a log file on our website's server. This means if you browse and simply have a look at our website, we process a) the IP address of your computer, b) the date and time of your access, c) the name and URL of the accessed file, d) the browser used, e) the amount of bytes transferred, f) the status of the page request, g) the session ID and g) the referrer URL. The legal basis for processing is our legitimate interest.

Hosting of our website 

We use the hosting services of Squarespace for the purpose of hosting and displaying our website. Namecheap does so on the basis of processing on our behalf, and that also means that all data collected on our website is processed on Squarespace's servers. The basis for processing is our legitimate interest and the initiation and/or fulfilment of a contract. 

Content Management System

We use the Content Management System (CMS) of Squarespace to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to us are transferred to Squarespace and that your contact and contract data and your usage data are stored on Squarespace's servers. The legal basis for this processing is our legitimate interest.

Fonts

We use Google Fonts by Google on our website to display external fonts. To enable the display of certain fonts, a connection to a Google server is established when our website is accessed. The connection to Google is established when you visit our website, which enables Google to determine which website sent the request to display fonts and to which IP address the display of the font is to be transmitted. This represents a legitimate interest.

Canada’s Anti-Spam Law” (“CASL”), the UK`s Privacy and Electronic Communications Regulations (“PECR”), the EU`s Privacy and Electronic Communications Directive (“PECD”)

Cookies

We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. For further information on the cookies we use, please refer to our Cookie Policy. The legal basis for the use of cookies depends on the specific cookie used, our legitimate interest, and/or your consent.

Cookie consent 

In accordance with Canada’s Anti-Spam Law” (“CASL”), the UK`s Privacy and Electronic Communications Regulations (“PECR”), the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of technically non-essential cookies. For this purpose, we use a cookie consent tool, and when you enter our website for the first time, the following data is transferred to us via our cookie consent tool: i) Your consent(s) or revocation of your consent(s); ii) Your IP address; iii) Information about your browser; iv) Information about your device; v) Time of your visit to our website. The basis for processing is our legal obligation.

Economic analyses and market research

For business reasons, we analyze the data we have on web and server traffic patterns, website interactions, browsing behaviour, etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and/or anonymised values (“Aggregated Data”). Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy. For this purpose, we use Squarespace Analytics. The legal basis is our legitimate interest and your consent. For further information on our use of Squarespace Analytics, please refer to our Cookie Policy.

Personal Data that you give us

You can contact us in various ways, and data is always collected in the process. This is information about you that you give to us by filling in forms on our website (or other forms that we ask you to complete), or when you use our services, or corresponding with us by telephone, post, email, or otherwise. It may include, for example, your name, address, email address, and telephone number; information about your business relationship with us; and information about your requirements, background, and interests. The legal basis for processing is consent and the fulfilment of a contract. 

We process the Personal Data that arises when you use our services in order to provide our contractual services. Depending on how you use our services, whether you are a candidate or employer, the data we process may include the following as applicable:

  • Candidates

    • Name

    • Address

    • Email and other contact details

    • Date of birth

    • Job history (including information relating to placements through us)

    • Educational history, qualifications & skills

    • Visa and other right to work or identity information

    • Passport

    • Bank details

    • National insurance and tax (payroll) information

    • Next of kin and family details

    • Contact details of referees

    • Personal Data relating to hobbies, interests and pastimes

    • Information contained in references and pre-employment checks from third parties

    • Special Category Data, such as health records (We ask you not to provide us with any such information from the outset. If such information is relevant to the application process, we process it together with your other data.)

    • Your marketing preferences

  • Clients 

    • Names;

    • Job titles;

    • Telephone numbers;

    • Email addresses;

    • Identification number;

The purposes of processing include our support, correspondence with you, invoicing, and fulfilment of our contractual obligations. Accordingly, the data is processed on the basis of the fulfilment of our contractual obligations and our consent.

Please Note:

Special Category Data

Some of the data you choose to provide may be considered Special Category Data. By choosing to provide this data, you consent to our processing of that data. 

Availability and Visibility

You have choices about the information you provide. If you wish to use our services, some data you provide will be made public and may be viewed and otherwise accessed by others. It’s your choice whether to include information and to make that information public.

Personal Data of Third Parites

Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use, and disclosure of their Personal Data for these purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us. 

Access

We ensure that access by our staff members to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our staff members and enforce privacy and protection safeguards strictly.

For optimal customer support and data management, we use the same data that we process in the course of providing our contractual services and store it in our proprietary customer relationship management (“CRM”) supported by Microsoft 365. This data processing is based on our legitimate interest in providing our customer service.

Lastly, we process data in the context of administrative tasks as well as organisation of our operations, financial accounting, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The purpose and our interest in the processing lies in the administration, financial accounting, office organisation, archiving of data, and invoicing, i.e., tasks that serve the maintenance of our business activities, performance of our tasks, and provision of our services. The legal basis for processing is our legitimate interest, the provision or initiation of a contractual service, and your consent.

OTHER USES OF YOUR PERSONAL DATA

We may also collect, store, and use your Personal Data for the following purposes:

  • to operate, manage, develop, and promote our business and, in particular, our relationship with you and related transactions, including, for example: 

    • marketing purposes (when we have either gathered prior opt-in consent and/or have a legitimate interest to send you communications which we believe to be relevant and of use to you); 

    • to operate, administer, and improve our website and other aspects of the way in which we conduct our business;

    • to offer you our services;

    • to provide you with services or information that you may have requested; and

    • to keep you informed and updated on relevant topics or services you may be interested in.

  • to protect our business from fraud, money laundering, breach of confidence, theft of proprietary materials, and other financial or business crimes; 

  • to comply with our legal and regulatory obligations, bring and defend legal claims and assert legal rights; and

  • if the purpose is directly connected with an assigned purpose previously made known to you.

We will only process your Personal Data as necessary so that we can pursue the purposes described above and where we have a legal basis for such processing. Where our lawful basis for processing is that such processing is necessary to pursue our legitimate interests, we will only process your Personal Data where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest. In exceptional circumstances, we may also be required by law to disclose or otherwise process your Personal Data. 

CHANGE OF PURPOSE

We will only use your Personal Data for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.

ACCURACY OF INFORMATION

Personal Data is kept as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used. Individuals are encouraged to provide updates to their information as changes occur to enable us to continue to provide services to them. To help us keep your records current, please notify us of any material changes in the Personal Data you previously gave us.

DATA SHARING

In certain cases, it is necessary to transmit the processed Personal Data in the course of data processing. In this respect, there are different recipient bodies and categories of recipients.

Internal

If necessary, we transfer your Personal Data within Fully Ramped. Of course, we comply with the associated legal framework and ensure that your data is processed properly. Access to your Personal Data is only granted to authorised employees who need access to the data due to their job, e.g., to provide our services or to contact you in case of queries.

We may also share your Personal Data with our Business Partners (including staff members or entities with which we have an ongoing business relationship to provide our services or information) for the purposes described in this Privacy Policy, including (but not limited to) conducting the services you request or customising our business to better meet your needs. 

External bodies

Personal Data is transferred to our service providers in the following instances:

  • in the context of fulfilling our contract with you,

  • to use marketing services and to advertise our services online,

  • to communicate with you,

  • to provide our website, and 

  • to state authorities and institutions as far as this is required or necessary.

International transfers 

We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organisational measures to protect the Personal Data we transfer.

SECURITY OF YOUR DATA

We will use physical, organizational, and technological measures to safeguard Personal Data to only those employees or third parties who need to know this information for the purposes set out in this Privacy Policy. Employees and third parties are required to sign a confidentiality agreement binding them to maintaining the confidentiality of all Personal Data to which they have access. 

Active files are stored in locked filing cabinets when not in use. Access to work areas where active files may be in use is restricted to employees only and authorized third parties. All inactive files or Personal Data no longer required are shredded prior to disposal to prevent inadvertent disclosure to unauthorized persons. 

Personal information contained in computers and electronic databases are password protected in accordance with Information Security Standards. Access to any computers also is password protected. Our Internet router or server has firewall protection sufficient to protect personal and confidential business information against virus attacks and "sniffer" software arising from Internet activity. 

MARKETING

Insofar as you have given us your consent to process your Personal Data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to. Our marketing generally takes the form of email but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent by us or on our behalf will include a means by which you may unsubscribe or opt out.

LINKED SITES

For your convenience, our website may contain hyperlinks to other websites. We are not responsible for the privacy practices of linked websites or companies that are not owned or controlled by us, and this Privacy Policy does not apply to them. The links on our website may collect additional information in addition to the information we collect.

We do not endorse any of these linked websites, their products, services, or any content on their websites. We encourage you to read the privacy policies of each linked website you visit to understand how the information collected about you is used and protected.

SOCIAL MEDIA

We are present on social media based on our legitimate interest. If you contact or connect with us via social media, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint responsibility agreement. The Personal Data collected when you contact us is used to process your request, and the basis for this is both your consent and our legitimate interest.

YOUR RIGHTS AND PRIVILEGES 

Privacy rights 

Under the PIPEDA, you have the following rights:

  • Right to be informed

  • Right to access

  • Right to rectification

  • Right to erasure

  • Right to object/opt-out

  • Right to Consent

  • Right to Redressal

Under the DPA and GDPR, you can exercise the following rights:

  • The right to access;

  • The right to rectification;

  • The right to erasure;

  • The right to restrict processing;

  • The right to object to processing;

  • The right to data portability;

  • The right to complain to a supervisory authority

Update your information and withdraw your consent 

If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting us.

Access Request 

In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

Openness

We are committed to being open about our policies and practices with respect to the handling of Personal Data. Our Privacy Policy is available through our website. If a hard copy or additional information is required, please contact us.

Challenging Compliance

An individual can challenge compliance with the above policy by providing written details of the challenge to us using info@fullyramped.io with “challenge compliance” in the subject line.

 What we do not do

  • We do not request Personal Data from minors and children;

  • We do not use automated decision-making, including profiling; and

  • We do not sell your Personal Data.

Consent

Under the terms of the PIPEDA we are required to obtain your consent with respect to the collection, use, and disclosure of your Personal Data. By providing any Personal Data to us, you consent to the collection, use, disclosure, and transfer of such Personal Data in the manner and for the purposes set in this policy.

Please be advised you are not obligated to provide any Personal Data that we may request; however, failure to do so may result in the services we currently provide to you may be delayed or, in some cases, denied. 

Your consent is also required before we may provide your information to our affiliates and any third parties for the purposes described in this policy. 

We will not require you to consent to the collection, use, or disclosure of information beyond that required to provide our services to you. In certain situations, however, your Personal Data may be collected, used, or disclosed by us without your knowledge or consent. These situations include: 

  • collection and use of publicly available information specified by regulation; 

  • disclosure to legal counsel for the purposes of obtaining advice; 

  • collection or use that is clearly in your interests in situations that we cannot obtain your consent in a timely way; 

  • use and disclosure to investigate a breach of an agreement or a contravention of a law; 

  • disclosure for the collection of a debt that you owe us; the use and disclosure of such information in an emergency that threatens your life, health or security; 

  • disclosure to comply with a subpoena, warrant or court order, or to otherwise comply with applicable law, 

  • including the applicable securities regulatory authorities.

After having provided consent, an individual has the right to withdraw consent at any time by providing 30 days written notice to info@fullyramped.io with “Consent PIPEDA” in the subject line. If your request requires that we delete all of your Personal Data, we will no longer be able to provide you with the services you have requested or subscribed to. 

USA SPECIFIC PROVISIONS

The following applies to users located in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state's legislature and that no data protection framework similar to the PIPEDA, DPA or GDPR exists on a federal level, we are committed to follow and apply the for your state relevant privacy rules and regulations. 

As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your Personal Data.

Further, the following also apply

  1. “Shine the Light”

“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Data to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Data using the contact details provided.

  1. COPPA (Children Online Privacy Protection Act)

When it comes to the collection of Personal Data from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.

  1. CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.

  1. Telephone Consumer Protection Act (TCPA)

If we process your Personal Data for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.

  1. Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.

  1. Right to complain

Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of Personal Data with a supervisory authority responsible for data protection. Users based in the above-mentioned States may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.

HELP AND COMPLAINTS

If you have any questions about this policy or the information we hold about you, please email us using info@fullyramped.io with “Data Protection” in the subject line.

CHANGES

The first version of this policy was issued on Tuesday, November 5th, 2024, and is the current version. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.