Privacy Policy

1. Introduction

Park N Play Design Inc. ("we," "us," or "our") is committed to protecting the privacy and personal information of our website visitors, clients, and business contacts. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at parknplaydesign.com (the "Site") or interact with us in the course of our business operations.

This policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law, as well as applicable provincial privacy legislation including the Alberta Personal Information Protection Act (PIPA) and the Ontario Freedom of Information and Protection of Privacy Act (FIPPA). Where provincial legislation has been declared substantially similar to PIPEDA, the provincial law applies to provincially regulated activities within that province.

By accessing our Site or providing your personal information to us, you consent to the collection, use, and disclosure of your information as described in this policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of our Site and do not provide your personal information to us.

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

• Complete a lead capture form to download our Playground Planning Guide, grant toolkits, or other resources
• Submit a contact form or request a project consultation
• Subscribe to our email newsletter or marketing communications
• Request a quote or proposal for playground, splash pad, or outdoor fitness projects
• Communicate with us via email, phone, or social media channels
• Participate in surveys, contests, or promotional events

The personal information we collect directly from you may include:

• Full name and professional title
• Email address and phone number
• Organization or municipality name and address
• Job title and department (for municipal and institutional contacts)
• Project type, budget range, and timeline preferences
• Any additional information you choose to include in your correspondence

2.2 Information Collected Automatically

When you visit our Site, certain information is collected automatically through cookies, web beacons, pixel tags, and similar tracking technologies. This technical data includes:

• IP address and approximate geographic location (city/province level)
• Browser type and version, operating system, and device type
• Pages visited, time spent on each page, and navigation path through the Site
• Referring URL (the website or search engine that directed you to our Site)
• Search terms used to find our Site
• Date, time, and frequency of visits
• Interaction with forms, buttons, and downloadable content

This automatically collected information is used to analyze site usage patterns, improve our website performance and content, and deliver personalized advertising. We rely on legitimate business interest and your implied consent (when you continue browsing after being presented with our cookie consent banner) as the lawful basis for this collection under PIPEDA Principle 4.3.

2.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

• Business directories and municipal contact databases
• Trade show and conference registration lists
• Referral partners within the parks and recreation industry
• Social media platforms when you interact with our content or use social login features
• Data enrichment services that provide publicly available professional information

When we combine information received from third parties with information we collect directly, it is treated in accordance with this Privacy Policy.

3. How We Use Your Information

We use your personal information for the following purposes, each of which is a reasonably expected and lawful business purpose under PIPEDA:

3.1 Core Business Operations

• Responding to your inquiries and providing information about our playground design, splash pad, outdoor fitness, and site furnishing services
• Processing project consultations, site assessments, and design proposals
• Managing client relationships, including project coordination and communication with municipalities, schools, and community organizations
• Fulfilling contractual obligations and delivering our services

3.2 Marketing and Communications

• Sending you our Playground Planning Guide, grant toolkits, case studies, and other educational resources you requested
• Delivering email newsletters, project updates, and industry insights (only with your CASL-compliant consent)
• Notifying you of relevant trade shows, webinars, or community events
• Providing information about new products, services, or seasonal promotions relevant to your project needs

3.3 Advertising and Retargeting

We use your information to deliver targeted advertising on third-party platforms. This is a transfer of your personal information (specifically, your IP address, cookie identifiers, and browsing behavior data) to advertising networks and social media platforms. The specific platforms we transfer data to include:

• Google Ads (including Google Display Network, YouTube, and Search Partners) — for search retargeting and display advertising
• Meta Platforms (Facebook and Instagram) — for social media advertising and custom audience matching
• LinkedIn (Microsoft Advertising) — for B2B advertising targeting municipal decision-makers
• HubSpot — for marketing automation, email sequencing, and lead scoring

These platforms operate their own privacy policies and data processing practices that are independent of ours. When we transfer your information to these platforms, the data is subject to their respective terms of service and privacy policies. You can opt out of personalized advertising through:

• Google Ads Settings: google.com/settings/ads
• Meta Ad Preferences: facebook.com/ads/preferences
• LinkedIn Ad Settings: linkedin.com/psettings/advertising
• Network Advertising Initiative opt-out: networkadvertising.org/choices
• Digital Advertising Alliance of Canada: youradchoices.ca

3.4 Analytics and Website Improvement

• Analyzing website traffic patterns and user behavior to improve site navigation, content, and functionality
• Measuring the effectiveness of our marketing campaigns and content
• Conducting A/B testing to optimize conversion rates on landing pages and forms
• Generating aggregated, anonymized reports about site usage trends

3.5 Legal and Compliance

• Complying with applicable laws, regulations, and legal processes
• Enforcing our terms of service and protecting our legal rights
• Detecting, preventing, and addressing fraud, security breaches, or other illegal activities
• Maintaining records as required by Canadian tax and business legislation

4. Legal Basis for Processing (PIPEDA Fair Information Principles)

Under PIPEDA, we must have a lawful basis for collecting, using, or disclosing your personal information. Our processing activities are grounded in the following PIPEDA principles:

Consent (Principle 4.3): We obtain your consent before collecting, using, or disclosing your personal information, except where exceptions under PIPEDA apply. Consent may be express (explicit opt-in) or implied (through your voluntary interaction with our Site and services). For commercial electronic messages, we obtain express opt-in consent as required by CASL.

Identifying Purposes (Principle 4.2): We identify the purposes for which personal information is collected at or before the time of collection, as detailed in Section 3 of this policy.

Limiting Collection (Principle 4.4): We collect only the personal information that is necessary for the identified purposes and do not collect information indiscriminately.

Limiting Use, Disclosure, and Retention (Principle 4.5): We do not use or disclose personal information for purposes other than those for which it was collected, except with your consent or as required by law. We retain information only as long as necessary for the fulfilment of those purposes.

Accuracy (Principle 4.6): We keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is to be used.

5. Canada's Anti-Spam Legislation (CASL) Compliance

Park N Play Design is committed to full compliance with Canada's Anti-Spam Legislation (CASL), S.C. 2010, c. 23. CASL requires that we obtain your consent before sending commercial electronic messages (CEMs), and that each CEM includes specific identification and unsubscribe mechanisms.

5.1 Consent Mechanisms

We collect consent for commercial electronic messages through the following methods:

• Express consent: When you check the CASL consent checkbox on our lead capture forms, you are providing express consent to receive CEMs from us. This checkbox is unchecked by default, and you must actively opt in.
• Implied consent (existing business relationship): We may send you CEMs related to a project or service you have inquired about or engaged us for, under CASL Section 10(10). This consent expires two years after your last purchase, inquiry, or transaction with us.
• Implied consent (published inquiry): If your contact information has been published on a municipal website, industry directory, or similar public forum without a statement restricting commercial messages, we may rely on implied consent under CASL Section 10(9) for a limited period.

5.2 Unsubscribe Mechanism

Every commercial electronic message we send includes a clearly identified unsubscribe mechanism that is:

• Prominently located and easy to access within the email
• Capable of being acted upon at no cost to you
• Processed within 10 business days of receipt (in compliance with CASL Section 11)

You may unsubscribe from all commercial electronic messages at any time by clicking the unsubscribe link in any email, or by contacting us directly at privacy@parknplaydesign.com. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

5.3 CASL Penalties Disclosure

We acknowledge that violations of CASL can result in administrative monetary penalties of up to CAD $10,000,000 per violation for organizations, and up to CAD $1,000,000 per violation for individuals. Our compliance program includes regular audits of our consent records, email practices, and third-party service provider agreements to ensure ongoing compliance.

6. Third-Party Service Providers and Data Transfers

We share your personal information with selected third-party service providers who perform services on our behalf. Each service provider is contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.

6.1 Marketing Automation and CRM

HubSpot Inc. (Cambridge, MA, USA) — Our primary CRM and marketing automation platform. When you submit a form on our Site, your information is transferred to HubSpot's servers in the United States to store contact records, manage email sequences, score leads based on engagement, track website interactions, and generate marketing analytics. HubSpot is certified under the EU-U.S. Data Privacy Framework and maintains SOC 2 Type II compliance.

6.2 Analytics

Google LLC (Mountain View, CA, USA) — We use Google Analytics and Google Tag Manager to collect and analyze website usage data. We have configured Google Analytics to anonymize IP addresses and to not share data with other Google services for advertising purposes.

6.3 Advertising Platforms

• Google Ads — search retargeting, display advertising across the Google Display Network, and conversion tracking
• Meta Platforms (Facebook/Instagram) — social media advertising, custom audience creation, and lookalike audience targeting
• LinkedIn Corporation (Microsoft) — B2B advertising targeting municipal decision-makers and parks/recreation professionals

6.4 Web Hosting and Infrastructure

• Vercel Inc. (San Francisco, CA, USA) — Website hosting and content delivery
• Cloudflare Inc. (San Francisco, CA, USA) — Content delivery network and DDoS protection

6.5 Cross-Border Data Transfers

Many of our service providers are located in the United States. When your personal information is transferred to the United States or other jurisdictions, it may be subject to the laws of those jurisdictions. We take the following measures to ensure adequate protection during cross-border transfers:

• We select service providers who maintain recognized privacy certifications (SOC 2, ISO 27001, EU-U.S. Data Privacy Framework)
• We enter into data processing agreements with each provider that include PIPEDA-compliant contractual safeguards
• We limit the personal information shared with each provider to only what is necessary for the specific service they provide
• We conduct periodic reviews of our service providers' privacy practices and security posture

7. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies. Under PIPEDA, we are required to inform you about our use of cookies and obtain your consent before deploying non-essential cookies. We present a cookie consent banner on your first visit to our Site that allows you to accept all cookies, reject non-essential cookies, or manage your preferences granularly.

7.1 Categories of Cookies We Use

Essential Cookies (Always Active)

• Cookie consent preference storage (pnp_cookie_consent_v1) — 12 months
• Session management cookies — required for form submissions and site functionality
• CSRF protection tokens — security measure to prevent cross-site request forgery attacks

Analytics Cookies (Opt-In)

• Google Analytics (_ga, _ga_*) — tracks page views, session duration, and user flow. Persists for 2 years. IP anonymization enabled.
• Google Tag Manager — manages deployment of analytics and marketing tags. Session-based.
• HubSpot tracking cookies (hubspotutk, __hstc, __hssc, __hsfp) — up to 13 months

Marketing/Advertising Cookies (Opt-In)

• Google Ads conversion tracking cookies (_gcl_au, gclaw) — 90 days
• Meta Pixel (fr, _fbp) — 90 days to 1 year
• LinkedIn Insight Tag (li_sugr, UserMatchHistory) — 30 days to 1 year
• HubSpot advertising cookies — up to 13 months

7.2 Managing Your Cookie Preferences

• Our cookie consent banner — click "Manage Preferences" at the bottom of any page
• Your browser settings — most browsers allow you to block or delete cookies
• Platform-specific opt-out tools — see the advertising opt-out links in Section 3.3

8. Data Retention

• Lead and contact information: 24 months after your last interaction, then anonymized or deleted unless you have an active project or ongoing business relationship.
• Client project records: 7 years after project completion, as required by Canadian tax legislation and warranty/liability obligations.
• Cookie and tracking data: Lifespan of the individual cookie (see Section 7.1).
• Marketing consent records: Retained indefinitely as evidence of consent under CASL.
• Website server logs: 90 days for security and troubleshooting.
• Email communication records: 3 years from the date of the last communication.

9. Your Rights Under PIPEDA

We will respond to your request within 30 days, as required by PIPEDA Principle 4.9, and there is no fee for making a request unless it is manifestly unfounded or excessive.

9.1 Right of Access

You have the right to request access to the personal information we hold about you. Upon receiving a written request and verifying your identity, we will provide you with a copy of your personal information, along with an explanation of how it has been used and to whom it has been disclosed.

9.2 Right to Correction

You have the right to request correction of any inaccurate or incomplete personal information we hold about you.

9.3 Right to Withdraw Consent

You may withdraw your consent for the collection, use, or disclosure of your personal information at any time, subject to legal and contractual restrictions. To withdraw consent, contact us at privacy@parknplaydesign.com.

9.4 Right to Complain

If you believe that we have not handled your personal information in accordance with PIPEDA, you have the right to file a complaint with us and, if the matter is not satisfactorily resolved, with the Office of the Privacy Commissioner of Canada:

• Office of the Privacy Commissioner of Canada
• 30 Victoria Street, Gatineau, QC K1A 1H3
• Phone: 1-800-282-1376
• Website: priv.gc.ca

9.5 How to Exercise Your Rights

• Email: privacy@parknplaydesign.com
• Mail: Park N Play Design Inc., Attn: Privacy Officer, Calgary, Alberta, Canada

10. Security Measures

• SSL/TLS encryption for all data transmitted between your browser and our servers (HTTPS)
• Encryption at rest for personal information stored in our CRM and marketing automation platforms
• Role-based access controls limiting employee access to personal information on a need-to-know basis
• Regular security assessments and penetration testing of our web applications
• Mandatory privacy and security awareness training for all employees who handle personal information
• Incident response procedures for data breaches, including notification to affected individuals and the Privacy Commissioner as required by PIPEDA Section 10.1

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data, but we are committed to maintaining industry-standard protections.

11. Children's Privacy

Our services are directed toward municipalities, schools, and organizations — not individual children. While our playground designs serve children, our website and marketing activities are business-to-business (B2B) and business-to-government (B2G) in nature. We do not knowingly collect personal information from children under the age of 16. If you believe we have collected information from a child, please contact us at privacy@parknplaydesign.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated policy on this page with a revised "Last Updated" date
• Send an email notification to contacts in our CRM who have provided express consent, at least 30 days before the change takes effect
• Present a refreshed cookie consent banner if our cookie practices change significantly

13. Contact Information

For questions, concerns, or requests related to this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:

We will acknowledge receipt of your inquiry within 5 business days and provide a substantive response within 30 days, in accordance with PIPEDA Principle 4.9.

Appendix A: PIPEDA Fair Information Principles Reference

• Principle 1 — Accountability: We are responsible for personal information under our control.
• Principle 2 — Identifying Purposes: We identify the purposes for which personal information is collected at or before the time of collection.
• Principle 3 — Consent: We obtain your knowledge and consent for the collection, use, or disclosure of your personal information.
• Principle 4 — Limiting Collection: We limit collection to information that is necessary for the identified purposes.
• Principle 5 — Limiting Use, Disclosure, and Retention: We do not use or disclose personal information for purposes other than those for which it was collected.
• Principle 6 — Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary.
• Principle 7 — Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information.
• Principle 8 — Openness: We make our privacy policies and practices readily available to you.
• Principle 9 — Individual Access: Upon request, we inform you of the existence, use, and disclosure of your personal information and give you access to it.
• Principle 10 — Challenging Compliance: You may challenge our compliance with these principles by contacting our Privacy Officer or the Privacy Commissioner of Canada.