Privacy Policy

Cremco Labs > Privacy Policy

Privacy Policy

CREM Co Labs (“we,” “us,” or “our”) is committed to protecting the privacy of our clients, partners, and website users. This Privacy Policy explains what personal data we collect, how we use and share that information, and the measures we take to safeguard it. We provide laboratory services and perform tests globally, and while we strive to follow generally accepted data protection best practices, we do not specifically tailor our operations to comply with any single country’s privacy laws such as the EU GDPR or California CCPA. By engaging with our services or communicating with us, you agree to the terms of this Privacy Policy.

Data Collection

We collect personal information that you provide to us directly, primarily through business communications (such as email correspondence) or when you engage our testing services. The types of personal data we may collect include:

  • Contact Information: Identifying details like your name, email address, phone number, and mailing address.
  • Professional or Organizational Details: If you are affiliated with a company or institution, we may collect details such as your organization’s name, your job title/role, and department, as needed for service arrangements.
  • Service-Related Documentation: Information contained in contracts, service agreements, purchase orders, or related documents that you send to us or sign with us. This may include personal identifiers and signatures within those contracts.
  • Testing Reports and Results: If we perform tests or studies for you, we generate reports that may include your name or your organization’s details. We retain copies of these reports as part of our service records.
  • Communication Content: Any personal data you choose to include in your communications with us. For example, if you reach out via email or a contact form, we will collect the information in your message (which could include personal details or additional data you provide).

We limit our collection to information that is relevant and necessary for the purposes described in this policy. You have the choice not to provide certain personal data; however, not providing requested information may limit our ability to offer our services or respond to your inquiries.

Use of Information

We use the collected personal information for legitimate business purposes in order to effectively deliver our laboratory services and support our operations. Specifically, we may use your information to:

  • Provide and Administer Services: We use personal data to carry out the testing services or consulting work you have requested. For example, we will use your contact and contract details to set up and perform laboratory tests, generate test reports, and deliver results to you.
  • Communicate with You: Your contact information (such as email address and phone number) is used to send service-related communications. This includes responding to inquiries, confirming service requests, sending reports or certificates, issuing invoices, and notifying you of any updates or issues regarding your test projects. We may also communicate about scheduling, logistics, or follow-up for quality assurance.
  • Contract Management and Record-Keeping: We maintain copies of contracts, reports, and correspondence as part of our business records. Personal information in these documents is used to manage our relationship with you (such as remembering your service history or contract terms) and to comply with administrative or financial requirements (for instance, bookkeeping and audits).
  • Quality Assurance and Compliance: We may review and use personal data internally to ensure our laboratory meets all applicable quality standards and regulatory requirements. This includes using information in internal audits, accreditation assessments, and compliance checks. For example, details in test reports or communications may be referenced during quality control reviews or proficiency testing.
  • Service Improvement: We might analyze non-sensitive aspects of client interactions and feedback to improve our services. Personal identifiers are not the focus of such analysis, but understanding overall client needs (e.g. common questions or service usage trends) helps us refine our offerings and customer support.
  • Legal and Regulatory Purposes: Where necessary, we will use personal information to comply with applicable laws, regulations, court orders, or other legal obligations. For instance, we may use and preserve certain data to fulfill regulatory record-retention rules, to demonstrate our lab’s compliance during audits, or to address any disputes or legal claims.

We will not use your personal data for any purposes unrelated to our services without your consent. In particular, we do not use your information for third-party marketing, profiling, or advertising purposes. If we ever need to process your data for a new purpose not covered by this Privacy Policy, we will inform you and, if required, seek your consent.

Data Sharing

We value your privacy and handle your personal information with care. Accordingly, we do not sell, rent, or trade your personal data to third parties. We share personal information only in the following circumstances, and always to the minimum extent necessary:

  • Within CREM Co Labs: Personal data is accessible only to our staff members who need it to perform their job duties (for example, laboratory analysts preparing your test, quality managers, or administrative personnel handling billing). All employees are bound by confidentiality obligations to protect client information.
  • Accreditation and Compliance Auditors: We may disclose relevant personal data to external auditors or assessors from accreditation and regulatory bodies as required for compliance and quality assurance purposes. For example, we might provide necessary records or reports to auditors from the Standards Council of Canada (SCC) or other ISO/IEC 17025 accreditation assessors, as well as inspectors or auditors from the Public Health Agency of Canada (PHAC). These third-party auditors review our procedures, contracts, and test reports to ensure we meet national and international standards. Any data shared in this context is limited to what is required for demonstrating compliance, and such auditors are themselves obliged to maintain confidentiality.
  • Regulatory Bodies and Legal Requirements: If we are subject to oversight by other regulators or if we hold licenses that mandate inspections (for example, licenses from Health Canada or other authorities), we may have to grant those officials access to certain records that contain personal data. Additionally, we may disclose personal information in response to a lawful request by public authorities (such as a subpoena, court order, or government demand), or as otherwise required by law. In all cases, we will only release the information strictly necessary to comply with the obligation.
  • Service Providers (Data Processors): We use trusted third-party service providers to support our operations – for instance, providers of email hosting, cloud data storage/backup, or secure data management software. These service providers may process or store personal information on our behalf as part of the services they offer to us (e.g., our email server will host the emails you send us, which contain your personal data). When we share data with such providers, we ensure they are bound by contractual obligations to safeguard your information and to use it only for the purposes of providing their services to us.
  • Business Transfers: In the unlikely event that CREM Co Labs undergoes a business transaction such as a merger, acquisition, corporate reorganization, or asset sale, your personal data may be transferred to the successor or new owner as part of that deal. If such a transfer occurs, we will ensure the recipient is bound to respect your personal information in a manner consistent with this Privacy Policy.
  • With Your Consent: Aside from the cases above, we will share your personal information with third parties only if you have explicitly asked us to or given us consent. For example, if you request that we collaborate with another laboratory or consultant and share your test results with them, we will do so with your authorization.

In all sharing scenarios, we strive to disclose only the minimum necessary information and to ensure appropriate safeguards are in place. Any third party that receives personal data from us is expected to protect it and use it only for the reasons we provided it to them. If you have questions about third parties who may receive your data, you can contact us for more information.

International Users

CREM Co Labs is based in Canada, but we serve clients around the world. This means that your personal data, if collected outside of Canada, will be transferred to and processed in Canada (and potentially in other jurisdictions where our accredited auditors or service providers are located). By providing your information or using our services, you acknowledge and consent that your personal data may be stored and processed in Canada, which may have different data protection standards than your home country.

We do not specifically adjust our data practices to align with any particular foreign privacy laws such as the European Union’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). Our services and website are not directed toward compliance with those regimes. However, we care about user privacy and aim to uphold high standards of data protection through our internal policies and security practices. In practical terms, this means we implement many of the core principles found in major privacy laws (such as transparency about our data use, limiting data collection to what is necessary, and allowing individuals to exercise control over their data), even though we may not be legally bound by those specific frameworks.

Data Transfers: When transferring personal data internationally (for example, from your country to Canada), we take appropriate steps to ensure your information remains protected. These steps may include contractual agreements with service providers or partners that process data in other countries, requiring them to maintain confidentiality and security of your information. Nevertheless, once your data is in Canada, it will be subject to Canadian laws and may be accessible to Canadian courts, law enforcement, or regulatory authorities under certain lawful conditions.

If you are located in a jurisdiction with strict data protection laws (such as the EU or UK), please be aware that by continuing to use our services, you are consenting to the transfer of your personal data to Canada. You understand that the data protections in Canada, while robust, may not be equivalent to the legal protections in your country. We encourage you to contact us if you have any questions or concerns about how we protect your data in international contexts. We will do our best to address your concerns and accommodate any requests, within the limits of our operational capabilities and legal obligations.

Data Security

We take the security of your personal information very seriously. CREM Co Labs has implemented a variety of administrative, technical, and physical safeguards to protect the personal data in our custody from unauthorized access, disclosure, alteration, or destruction. These measures include, for example:

  • Physical Security: Our facilities and offices are secured to prevent unauthorized people from accessing documents or systems that contain personal data. This includes locked cabinets or rooms for paper records, controlled access to laboratory areas, and visitor protocols for any on-site audits or inspections.
  • Technical Security: We use up-to-date security technologies to protect electronic data. This includes firewall and network security systems, antivirus and anti-malware protection, and encryption where appropriate (such as encrypting sensitive files or using SSL/TLS encryption for data in transit). Access to databases or computers that store personal information is password-protected and restricted to authorized personnel only. We also regularly back up important data to prevent loss, and apply software updates and patches to maintain security.
  • Administrative Measures: Our team members are trained on data protection best practices and are required to follow internal policies regarding confidentiality and security. We limit access to personal data strictly on a need-to-know basis: employees and contractors only access the information necessary for their duties. We also have procedures in place for handling any suspected data security incidents, including steps for breach response and notification if needed. Additionally, as part of maintaining our ISO/IEC 17025 accreditation and other certifications, we periodically review our information security controls and update them as needed.

While we strive to protect your information using these rigorous measures, please note that no method of transmission over the internet or electronic storage is 100% secure. Absolute security can never be guaranteed. However, we continuously monitor our systems for vulnerabilities and attacks, and we will promptly inform affected individuals and take appropriate action in the event of any data breach or security incident involving personal data.

By entrusting us with your personal information, you acknowledge that there is always some risk in transmitting data electronically, but also that we are taking appropriate and industry-standard steps to minimize these risks. If you have reason to believe that your interaction with us is no longer secure (for example, if you suspect a security vulnerability in our systems or have received suspicious communication claiming to be from us), please notify us immediately using the contact information below.

User Rights

We respect your rights to control your personal information. Even though we are not expressly governed by laws like GDPR or CCPA, we want to ensure you have choices and access regarding the data you share with us. Subject to certain legal or contractual limitations, you have the following rights in relation to your personal data:

  • Access and Transparency: You have the right to request information about whether we hold any personal data about you, and to receive an explanation of how we have used it. Upon request, we can provide you with a copy of the personal information we maintain about you in our records.
  • Correction and Updates: If any of your personal information we have is incorrect or outdated, you have the right to ask us to correct or update it. We encourage you to keep your information with us current, and we will make reasonable efforts to accommodate correction requests promptly.
  • Deletion (“Right to be Forgotten”): You may request that we delete or anonymize the personal information we hold about you. Upon such a request, we will erase or de-identify the information, provided that it is information we are not required to retain for legal, regulatory, or business continuity purposes. For example, we might need to retain certain testing records for a minimum period due to laboratory accreditation rules or health regulations, which could supersede a deletion request. We will inform you if this is the case. Otherwise, to the extent feasible, we will honor valid requests to delete personal data.
  • Objection to Processing: You have the right to object to certain types of processing of your personal information, such as if you believe we are using your data beyond what is necessary for the stated purposes. In such cases, we will review your objection and stop (or limit) the processing in question unless we have a compelling legitimate reason or a legal obligation to continue.
  • Withdraw Consent (Opt-out): If we are processing your personal information based on your consent (for example, if you subscribed to an optional newsletter or agreed to receive promotional updates), you have the right to withdraw that consent at any time. You can opt out of marketing or non-essential communications by following any unsubscribe instructions provided in the message or by contacting us directly. Note that even if you opt out of marketing emails, we may still send you essential service-related communications (such as messages about an ongoing project or billing information).
  • Data Portability: If applicable, you can request a copy of personal data that you provided to us in a structured, commonly used, and machine-readable format. This is typically relevant if you want to transfer your data to another service provider. We will assist with such requests to the extent they apply to our services and are reasonable to fulfill.
  • Complaint Handling: We welcome the opportunity to address any concerns you have about your privacy. You have the right to lodge a complaint with us if you believe we have not handled your personal data properly or have violated your rights. We commit to investigating and responding to complaints. While we are not formally under the jurisdiction of overseas privacy regulators, if your local laws give you the right to complain to a data protection authority, you are free to do so. In Canada, individuals can contact the Office of the Privacy Commissioner (OPC) for guidance or to file a concern, but we encourage you to first reach out to us so we can attempt to resolve the issue directly.

Exercising Your Rights: To exercise any of the above rights or make an inquiry about your personal data, please contact us using the information in the Contact Information section below. For security and fraud-prevention reasons, we will need to verify your identity before fulfilling certain requests (such as providing access to your data or deleting it). Verification helps ensure that we do not disclose personal information to someone who does not have the right to receive it. Verification might involve confirming details we already have on file or asking for identification. We will respond to valid requests as soon as possible and at least within any timeframe required by applicable law.

Please note that these rights are not absolute – there may be situations where we cannot fulfill a request, such as if fulfilling it would conflict with our legal obligations, regulatory requirements, or the rights of another individual. In such cases, we will explain the reasons for our inability to accommodate the request. Rest assured, we do not discriminate against individuals for exercising their privacy rights. Our goal is to be transparent and helpful in addressing your concerns.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us. We are here to help and will respond as promptly as possible.

  • Email: info@cremco.ca (General privacy inquiries or to exercise your rights)
  • Phone: +1 (289) 315-3639 (Available during our business hours for privacy and customer service queries)
  • Mailing Address: CREM Co Labs, Units 1-2, 3403 American Drive, Mississauga, Ontario, Canada L4V 1T4

Privacy Officer: If your communication is sensitive or you would like to direct it to our Privacy Officer (or equivalent responsible person), please indicate this in your message or correspondence. We will ensure it reaches the appropriate individual in our organization.

We encourage you to reach out with any questions about this Privacy Policy or our data practices. By staying informed and engaged, you help us uphold our commitment to transparency and trust. Thank you for choosing CREM Co Labs for your laboratory and R&D needs. We value your business and your privacy.

Changes to this Policy: From time to time, we may update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will post the updated policy on our website with a new effective date and, if appropriate, provide a more prominent notice (such as a statement on our homepage or direct notification via email). We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any changes to this Privacy Policy will signify your acceptance of the revised terms.