My Account
CAD Banner
My Account
Home

Last Updated: November 16, 2025

Privacy Policy for CTRL-ALT-DEFEAT.ca

1. Introduction

Welcome to CTRL-ALT-DEFEAT.ca (“we,” “us,” or “our”). We are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the General Data Protection Regulation (GDPR), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable privacy laws.

Data Controller:
CTRL-ALT-DEFEAT.ca
Email: privacy@ctrl-alt-defeat.ca

If you have any questions about this Privacy Policy or how we handle your data, please contact us at the email address above.

2. What Personal Data We Collect

We collect and process the following types of personal data:

2.1 Information You Provide Directly

  • Account Information: Name, email address, username, password (encrypted)
  • Billing and Shipping Information: Full name, billing address, shipping address, phone number
  • Payment Information: Payment details are processed securely by third-party payment processors (we do not store full credit card numbers)
  • Communication Data: Information you provide when contacting us, subscribing to newsletters, or leaving reviews

2.2 Information Collected Automatically

  • Technical Data: IP address (anonymized where possible), browser type and version, device information, operating system
  • Usage Data: Pages visited, time spent on pages, click-through patterns, referral sources
  • Cookies and Tracking Data: See our Cookie Policy section below

2.3 Information from Third-Party Services

We may receive information from third-party services you connect to your account, including:

  • Social media platforms (Pinterest)
  • Email marketing services (Kit)
  • Print-on-demand fulfillment (Printful)

3. Legal Basis for Processing Your Data

We process your personal data based on the following legal grounds:

  • Contractual Necessity: To fulfill orders, provide services, and manage your account
  • Consent: When you explicitly agree to receive marketing communications or use certain features
  • Legitimate Interests: To improve our services, prevent fraud, and ensure website security
  • Legal Obligation: To comply with tax, accounting, and legal requirements

4. How We Use Your Personal Data

We use your personal data for the following purposes:

4.1 Order Processing and Fulfillment

  • Processing and delivering your orders
  • Communicating order status and shipping updates
  • Handling returns, refunds, and customer service inquiries

4.2 Account Management

  • Creating and managing your user account
  • Providing access to member areas and personalized features
  • Authenticating your identity

4.3 Marketing Communications

  • Sending promotional emails and newsletters (with your consent)
  • Personalizing marketing content based on your interests
  • Notifying you of special offers and new products

You can unsubscribe from marketing emails at any time using the link in each email or by contacting us.

4.4 Website Improvement and Analytics

  • Analyzing website usage to improve user experience
  • Understanding customer preferences and behaviour
  • Testing new features and functionality

4.5 Security and Fraud Prevention

  • Protecting against fraudulent transactions
  • Ensuring the security of our website and services
  • Complying with legal and regulatory requirements

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. A cookie is a small text file that is placed on your device when you visit our website.

5.1 Types of Cookies We Use

Essential Cookies (Strictly Necessary)

  • Required for the website to function properly
  • Enable core features like shopping cart, checkout, and user authentication
  • Cannot be disabled

Performance and Analytics Cookies

  • Google Analytics (via Site Kit by Google) – tracks website usage and visitor statistics
  • Jetpack Stats – provides website analytics
  • Help us understand how visitors use our website

Functional Cookies

  • Remember your preferences and settings
  • Enable enhanced features and personalization
  • Ultimate Member plugin for user account functionality

Marketing and Advertising Cookies

  • Pinterest Tag – tracks conversions and enables retargeting
  • Google Ads – measures advertising effectiveness
  • Kit (formerly ConvertKit) – manages email marketing preferences

5.2 Managing Cookies

You can control and manage cookies through your browser settings. However, please note that disabling certain cookies may affect the functionality of our website.

Upon your first visit to our website, you will see a cookie consent banner. You can accept or reject non-essential cookies at any time.

6. Third-Party Services and Data Sharing

We work with trusted third-party service providers who process data on our behalf. We only share your personal data when necessary and ensure these providers comply with GDPR and applicable privacy laws.

6.1 E-Commerce and Store Management

WooCommerce

  • Purpose: E-commerce platform for order processing
  • Data Shared: Order details, customer information, transaction data
  • Privacy Policy: WordPress.org Privacy

6.2 Print-on-Demand Fulfillment

Printful

  • Purpose: Product printing and order fulfillment
  • Data Shared: Customer name, shipping address, order details
  • Location: United States (EU-US Standard Contractual Clauses in place)
  • Privacy Policy: Printful Privacy Policy
  • Data Processing Agreement: Printful DPA

6.3 Email Marketing

Kit (formerly ConvertKit)

  • Purpose: Email marketing and newsletter management
  • Data Shared: Email address, name, subscription preferences
  • Location: United States (compliant with GDPR via Standard Contractual Clauses)
  • Privacy Policy: Kit Privacy Policy
  • You can unsubscribe at any time using the link in our emails

6.4 Analytics and Performance

Google Site Kit (including Google Analytics)

  • Purpose: Website analytics and performance monitoring
  • Data Shared: Anonymized IP addresses, usage data, device information
  • Data Processing: Google Analytics IP anonymization enabled
  • Location: May be transferred outside the EU
  • Privacy Policy: Google Privacy Policy
  • Opt-Out: Google Analytics Opt-out

Jetpack (by Automattic)

  • Purpose: Website security, performance, and analytics
  • Data Shared: Usage statistics, security data
  • Location: Data may be stored on servers worldwide
  • Privacy Policy: Jetpack Privacy Policy
  • Data Transfer: Standard Contractual Clauses for EU data transfers

6.5 Social Media Integration

Pinterest for WooCommerce

  • Purpose: Product catalog integration and advertising
  • Data Shared: Product information, conversion data, user behavior
  • Privacy Policy: Pinterest Privacy Policy

6.6 User Management

Ultimate Member

  • Purpose: User registration and membership management
  • Data Shared: User profile information, account preferences
  • Data Storage: Stored in our WordPress database

6.7 Payment Processing

We do not store complete payment card details on our servers. Payment processing is handled by secure, PCI-DSS-compliant payment gateways. When you make a purchase, your payment information is encrypted and transmitted directly to the payment processor.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

7.1 Retention Periods

  • Account Data: Retained while your account is active, plus up to 3 years after account closure for legal and tax purposes
  • Order Data: Retained for 7 years to comply with tax and accounting regulations
  • Marketing Data: Retained until you unsubscribe or request deletion
  • Analytics Data: Anonymized and retained for statistical purposes (up to 26 months for Google Analytics)

7.2 Inactive Accounts

Accounts that have been inactive for more than 3 years may be deleted after we notify you by email.

8. Your Rights Under GDPR

If you are located in the European Union, European Economic Area, United Kingdom, or Switzerland, you have the following rights:

8.1 Right to Access

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can request that we correct inaccurate or incomplete personal data.

8.3 Right to Erasure (Right to Be Forgotten)

You can request deletion of your personal data, subject to certain legal exceptions (e.g., tax records we’re required to keep).

8.4 Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

8.5 Right to Data Portability

You can request a copy of your data in a machine-readable format to transfer to another service.

8.6 Right to Object

You can object to certain types of processing, including direct marketing.

8.7 Right to Withdraw Consent

Where we process data based on your consent, you can withdraw that consent at any time.

8.8 Right to Lodge a Complaint

You can file a complaint with your local data protection authority if you believe we have violated your privacy rights.

8.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

  • Email: privacy@ctrl-alt-defeat.ca
  • Include “GDPR Request” in the subject line
  • Provide sufficient information to verify your identity

We will respond to your request within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

9.1 Security Measures Include:

  • SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted
  • Secure Hosting: Website hosted on secure servers with regular security updates
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Regular Backups: Data backed up regularly to prevent loss
  • Security Monitoring: Jetpack security features monitor for threats and vulnerabilities
  • Password Protection: User passwords are encrypted and never stored in plain text

9.2 Data Breach Notification

In the unlikely event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR.

10. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved contracts for international data transfers
  • Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate protection
  • Privacy Shield Successor Frameworks: Compliance with updated US-EU data transfer mechanisms where applicable

11. Children’s Privacy

Our website and services are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will delete that information.

12. Links to Third-Party Websites

Our website may contain links to external websites not operated by us. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. We will notify you of significant changes by:

  • Posting a notice on our website
  • Sending an email to registered users
  • Updating the “Last Updated” date at the top of this policy

We encourage you to review this Privacy Policy periodically.

14. Cookie Consent Management

When you first visit our website, you will be presented with a cookie consent banner. You can:

  • Accept All Cookies: Allows all cookies, including analytics and marketing cookies
  • Reject Non-Essential Cookies: Only essential cookies will be used
  • Customize Settings: Choose which categories of cookies to accept

You can change your cookie preferences at any time by clicking the “Cookie Settings” link in the footer of our website.

15. Marketing and Communications Preferences

We respect your communication preferences:

15.1 Opt-In for Marketing

We will only send marketing emails if you have:

  • Explicitly opted in through a checkbox during account registration or checkout
  • Subscribed to our newsletter through a signup form
  • Given consent through other clear affirmative actions

15.2 Opt-Out Mechanisms

You can opt out of marketing communications at any time by:

  • Clicking the “Unsubscribe” link at the bottom of any marketing email
  • Logging into your account and updating your communication preferences
  • Contacting us directly at privacy@ctrl-alt-defeat.ca

Even if you opt out of marketing emails, we will still send you transactional emails related to your orders and account.

16. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that would have legal or similarly significant effects on you.

We may use analytics to understand general customer behaviour and preferences, but this does not result in automated decisions affecting your rights.

17. Contact Information

17.1 Data Protection Officer (DPO)

For all privacy-related inquiries, please contact:

Email: privacy@ctrl-alt-defeat.ca
Subject Line: Please include “Privacy Inquiry” or “GDPR Request”

17.2 Response Time

We aim to respond to all privacy inquiries within 5 business days and complete GDPR requests within 30 days.

18. Specific Plugin Data Processing Details

18.1 WooCommerce Data Collection

WooCommerce collects and processes:

  • Customer account information (username, email, password)
  • Order information (products purchased, order value, order date)
  • Billing and shipping addresses
  • IP addresses for fraud prevention
  • Customer reviews and ratings (from verified purchasers only)

18.2 Jetpack Data Collection

Jetpack collects:

  • Site statistics (page views, visitor numbers)
  • Comment data (for spam protection)
  • Security logs
  • Performance metrics

You can opt out of Jetpack data collection in your account settings.

18.3 Google Site Kit Data Collection

Google Site Kit connects to Google services and shares:

  • Anonymized IP addresses (last octet removed)
  • Browser and device information
  • Page URLs and referral information
  • User interaction data

Google Consent Mode is enabled to respect your cookie preferences.

18.4 Kit (ConvertKit) Data Processing

Kit processes:

  • Email addresses
  • First and last names
  • Subscription dates and sources
  • Email engagement data (opens, clicks)
  • Custom fields you provide

Kit acts as a data processor and complies with GDPR through Standard Contractual Clauses.

18.5 Pinterest for WooCommerce Data Processing

Pinterest may collect:

  • Product catalogue information
  • Purchase conversion data
  • User browsing behaviour
  • Device and browser information

Pinterest Tag is subject to your cookie consent preferences.

18.6 Printful Data Processing

Printful receives order fulfillment data, including:

  • Customer name
  • Shipping address
  • Order details
  • Product specifications

Printful acts as a data processor and maintains GDPR compliance with appropriate safeguards for international data transfers.

18.7 Ultimate Member Data Collection

Ultimate Member stores:

  • User profile information
  • Account preferences
  • User-generated content
  • Login history

You can export or delete your Ultimate Member profile data from your account privacy settings.

19. Canadian Privacy Compliance (PIPEDA)

For users in Canada, we also comply with the Personal Information Protection and Electronic Documents Act (PIPEDA):

  • We obtain meaningful consent for the collection, use, and disclosure of personal information
  • Personal information is used only for identified purposes
  • Information is retained only as long as necessary
  • You can access and correct your personal information
  • We protect personal information with appropriate security safeguards

20. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know: What personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: We do not sell personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@ctrl-alt-defeat.ca with “CCPA Request” in the subject line.

Your Consent

By using our website, you consent to this Privacy Policy and our Terms and Conditions.

Last Reviewed: November 16, 2025

Questions or Concerns?

If you have any questions about this Privacy Policy or how we handle your data, please don’t hesitate to contact us at privacy@ctrl-alt-defeat.ca. We’re committed to protecting your privacy and ensuring transparency in our data practices.

Facebook
X
Pinterest
Pinterest
fb-share-icon
LinkedIn
LinkedIn
Share
Tiktok
Copy link
URL has been copied successfully!