top of page

PRIVACY POLICY

Introduction

Rocky Mountain Timber Co. ("RMTC," "we," "our," or "us") is dedicated to respecting the privacy of our clients, business partners, and website visitors. This  Privacy Policy outlines how we collect, use, store, protect, and share personal data received through our business operations. RMTC complies with applicable privacy laws and regulations, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA),  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, and the Personal Data Protection Act of 10 May 2018, and Ukrainian data protection standards.

Scope of Policy

This Privacy Policy applies to all personal data collected by RMTC, including data gathered through our website, communications with clients, and service provision. It also covers data collected from business partners and suppliers involved in our international operations.

PURPOSE OF PROCESSING AND LEGAL BASIS

Rocky Mountain Timber Co. (“Administrator”) processes personal data via the rockymountaintimber.com website in the following cases:

  • When a user submits an inquiry through the contact form. Personal data is processed based on Article 6(1)(f) of the GDPR and Canadian privacy law (PIPEDA) as the Administrator’s legitimate interest.

  • When a user subscribes to the Newsletter to receive commercial information electronically. Personal data is processed with the user’s consent, based on Article 6(1)(a) of the GDPR.

TYPES OF PERSONAL DATA PROCESSED

The Administrator processes the following categories of user personal data:

  • Name,

  • Email address,

  • Phone number.

PERIOD OF DATA RETENTION

Personal data is retained by the Administrator:

  • When the basis for data processing is the performance of a contract, data is retained for as long as necessary to fulfill the contract. After that period, it is kept for the period corresponding to the statute of limitations for claims. Unless otherwise specified by law, this limitation period is six years or three years for periodic claims and claims related to business activities.

  • When the basis for data processing is consent, data is retained until consent is withdrawn. After withdrawal of consent, data is stored for a period corresponding to the statute of limitations for any claims the Administrator may make or that may be made against the Administrator. Unless otherwise specified, the limitation period is six years, and three years for periodic claims and claims related to business activities.

ADDITIONAL INFORMATION COLLECTED

While using the website, additional information may be collected, including the user’s IP address (assigned to their computer or by their Internet provider), domain name, browser type, access time, and operating system type.

Navigation data may also be collected from users, including information about links and references they decide to click or other activities performed on the website. The legal basis for this data processing is the Administrator’s legitimate interest (Article 6(1)(f) GDPR and PIPEDA), which aims to facilitate the use of electronic services and improve their functionality.

VOLUNTARY PROVISION OF PERSONAL DATA

Providing personal data by the user is voluntary.

AUTOMATED PROCESSING AND PROFILING

Personal data may also be processed automatically in the form of profiling if the user consents based on Article 6(1)(a) GDPR. Profiling may result in assigning a specific profile to a person to make decisions about them or to analyze or predict their preferences, behaviors, and attitudes.

DATA PROTECTION MEASURES

The Administrator takes particular care to protect the interests of individuals whose data is processed, ensuring that data:

  • Is processed in compliance with the law,

  • Is collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes,

  • Is accurate, relevant, and adequate in relation to the purposes for which it is processed,

  • Is stored in a form that permits identification of data subjects for no longer than is necessary for the purposes for which it is processed.

Use of Personal Data

RMTC uses personal data to fulfill contractual obligations, communicate with clients, provide technical support, conduct market analysis, and comply with regulatory requirements. Specifically, data is used to process orders, manage contracts, coordinate logistics, and provide related customer support; respond to inquiries, notify clients of service updates, and manage administrative communications; send marketing materials where legally permitted or with consent; analyze usage patterns on our website to enhance functionality and improve the user experience; and meet legal, tax, and regulatory requirements.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality, analyze usage patterns, and support targeted advertising. Upon visiting the website for the first time, EU users will see a cookie consent banner, allowing them to manage preferences. More details about our use of cookies can be found in our Cookie Policy.

Legal Basis for Processing (for EU and Ukrainian Residents)

For individuals in the EU and Ukraine, RMTC processes personal data based on several legal grounds. Data processing may be necessary to perform a contract with the user or to respond to pre-contractual inquiries. We may also process data based on legitimate interests, such as fraud prevention and service improvement, provided these interests do not override user rights. Where required, we seek consent for activities such as marketing. RMTC also complies with legal obligations by processing data for regulatory, tax, and audit purposes.

International Data Transfers

RMTC may transfer personal data across borders, including to non-EU countries. For data transferred from the EU or Ukraine to other jurisdictions, we implement safeguards, such as Standard Contractual Clauses (SCCs) to ensure compliance with EU regulations. Additionally, RMTC relies on Canada’s adequacy decision by the European Commission, which recognizes Canada’s data protection standards as equivalent to EU standards. Where necessary, we apply further security measures to maintain data integrity and security.

Sharing Personal Data with Third Parties

We share personal data with third parties only as needed for our operations and to meet legal obligations. RMTC works with external service providers, such as those handling hosting, payment processing, IT support, marketing, and data storage, who are contractually bound to protect your data. We also share data with trusted partners in our supply chain, such as transport companies and logistics providers, to support service delivery. Data may also be shared with regulatory or legal authorities when required by law or to protect RMTC’s legal interests. In the event of a corporate transaction, such as a merger or acquisition, personal data may be transferred under terms that ensure continued protection.

Data Retention and Disposal

Personal data is retained only as long as necessary to achieve the purposes for which it was collected or as required by law. Transactional records are kept for the duration of any contract and for any legally mandated retention period, while marketing data is retained until consent is withdrawn or a deletion request is received. Website usage data is retained for up to 24 months for analytical purposes, after which it is anonymized or securely deleted. Upon the expiration of the applicable retention period, RMTC securely disposes of or anonymizes personal data to prevent unauthorized access or disclosure.

RIGHT TO CONTROL, ACCESS, AND CORRECT PERSONAL DATA

Individuals whose data is processed by Rocky Mountain Timber Co. (“Administrator”) have the following rights concerning their personal data:

  • Right of Access: You have the right to access your personal data and receive information about how it is being processed.

  • Right to Rectification: You may request that any inaccurate or incomplete personal data be corrected.

  • Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data under certain conditions.

  • Right to Restriction of Processing: You may request that the processing of your personal data be restricted in specific circumstances.

  • Right to Data Portability: You have the right to receive your data in a structured, commonly used format and to transfer it to another controller.

  • Right to Object: You may object to the processing of your data based on legitimate interests, direct marketing, or profiling.

  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw this consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Legal Basis for User Requests


Requests to exercise these rights under GDPR are grounded in the following articles:

  • Access to Data – Article 15 GDPR

  • Rectification of Data – Article 16 GDPR

  • Data Erasure (Right to be Forgotten) – Article 17 GDPR

  • Restriction of Processing – Article 18 GDPR

  • Data Portability – Article 20 GDPR

  • Objection – Article 21 GDPR

  • Withdrawal of Consent – Article 7(3) GDPR

In Canada, these rights are protected under the Personal Information Protection and Electronic Documents Act (PIPEDA), which grants individuals the right to access and correct personal information held by an organization.

Exercising Your Rights

To exercise any of the above rights, you may send a request via email to legal@rockymountaintimber.co. Upon receiving such a request, the Administrator will fulfill or deny the request as soon as possible, but no later than within one month of receipt.

If the request is complex or if numerous requests are received, RMTC may extend this deadline by an additional two months. Should this occur, we will inform you within one month of receiving your request, along with an explanation of the reasons for the extension.

Right to Lodge a Complaint

If you believe that the processing of your personal data violates GDPR, you have the right to file a complaint with the relevant data protection authority in your jurisdiction. In the EU, this is typically the supervisory authority of the EU member state where you reside, work, or where the alleged infringement occurred. For Canadian residents, you may contact the Office of the Privacy Commissioner of Canada regarding PIPEDA compliance.

Security Measures

RMTC is committed to ensuring the security of personal data through various measures. These include encryption, access controls, and periodic security assessments to protect data from unauthorized access, disclosure, or loss. While RMTC endeavors to provide maximum protection, no online system can guarantee complete security, and users are encouraged to take precautions such as maintaining secure devices and protecting login credentials.

Links to External Websites

RMTC’s website may contain links to external websites for user convenience. We are not responsible for the content or privacy practices of these third-party sites. Accessing linked websites is at the user’s discretion, and users are encouraged to review each site’s privacy. policy

Updates to this Privacy Policy

RMTC reserves the right to update this Privacy Policy as necessary to reflect changes in our data practices, legal requirements, or operations. Updates will be posted on our website with a revised “Effective Date.” Users are encouraged to periodically review this policy to stay informed about how RMTC protects personal data.

Contact Information

If you have questions or require further clarification regarding Privacy Policy, please contact us at:


legal@rockymountaintimber.co

bottom of page