Last Updated: October 26, 2025

At Bath O’Clock, we value the trust you place in us. We are committed to protecting your personal information and upholding the principles of transparency and accountability mandated by Canadian federal law (Personal Information Protection and Electronic Documents Act – PIPEDA), Canada’s Anti-Spam Legislation (CASL), and provincial privacy laws, including Quebec’s Law 25.

1. Accountability & Privacy Officer
   We are responsible for the personal information under our control. We have designated a Privacy Officer to ensure our compliance with this policy and applicable laws.
   • Contact: Privacy Officer at privacy@bathoclock.com.
     
     
2. Information We Collect
   We collect information that you voluntarily provide to us or that is generated by your use of our services:
   • Identity & Contact Data: Name, shipping/billing address, email address, and telephone number.
   • Profile Data: Skin concerns, product preferences, and age range (if provided via quizzes/surveys).
   • Financial Data: Payment card details (processed securely by our PCI-DSS compliant payment processors; we do not store full credit card numbers).
   • Technical Data: IP address, browser type, cookies, and usage data.
     
     
3. How We Use Your Information
   We use your data for the following purposes:
   • Fulfillment: To process and deliver your orders (performance of a contract).
   • Communication: To manage our relationship with you, including order updates and customer support.
   • Marketing (CASL Compliance): We only send Commercial Electronic Messages (newsletters, promotions) with your express consent. You may withdraw this consent at any time by clicking the “unsubscribe” link in any email.
   • Improvement: To analyze usage trends and improve our website and product offerings.
     
     
4. Consent
   • Express Consent: Required for marketing and collection of sensitive data.
   • Implied Consent: When you make a purchase, we rely on implied consent to process your data for that specific transaction and delivery.
   • Withdrawal: You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.
     
     
5. Disclosure and Cross-Border Transfers
   We do not sell your personal information. We share data only with trusted third-party service providers necessary for our operations (e.g. Canada Post).
   • International Transfers: Some of our service providers are located outside of Canada, primarily in the United States. Accordingly, your personal information may be transferred to, stored, and processed in a foreign jurisdiction. While outside Canada, your information is subject to the laws of that jurisdiction and may be accessible to its law enforcement and national security authorities.
   • Quebec Residents: In compliance with Law 25, we have conducted a Privacy Impact Assessment regarding these transfers to ensure adequate protective measures are in place.
     
     
6. Data Security
   We implement physical, organizational, and technological safeguards appropriate to the sensitivity of your information to protect it against loss, theft, and unauthorized access. This includes encryption (SSL) and restricted staff access.
   
   
7. Your Rights
   Under Canadian privacy laws, you have the right to:
   • Access: Request access to the personal information we hold about you.
   • Rectification: Request correction of inaccurate or incomplete information.
   • De-indexing/Erasure: Request the deletion of your information (subject to retention requirements for tax/legal purposes).
   • Data Portability (Quebec): Receive your computerized personal information in a structured, commonly used technological format.

   To exercise these rights, please contact our Privacy Officer. We will respond to all requests within 30 days.