This policy applies to all employees, contractors, and third-party vendors who have access to our clients' data and are responsible for its protection. This policy is relevant to Canada and is compliant with the Personal Information Protection and Electronic Documents Act (PIPEDA).
Data Collection and Use
We only collect personal information that is necessary to provide our consulting services to our clients. We may collect personal information such as names, addresses, phone numbers, email addresses, and other information that is necessary to provide our services. We do not collect any sensitive information such as Social Insurance numbers or credit card information.
We will only use your personal information for the purpose for which it was collected. We will not share your personal information with any third party unless required by law or with your explicit consent.
We have implemented technical, physical, and administrative measures to protect our clients' data from unauthorized access, disclosure, or destruction. Our security controls include but are not limited to:
Encryption of all sensitive data in transit and at rest
Regular vulnerability assessments and penetration testing
Access controls and monitoring of access to our systems
Regular data backups and disaster recovery plans
We may use third-party vendors to provide certain services such as cloud storage or email communication. We will only use vendors that have been vetted for their security practices and are compliant with applicable data privacy regulations. We ensure that any vendors we use are also compliant with PIPEDA.
Access and Correction of Personal Information
Clients have the right to access and correct the personal information that we have collected. Clients may request to access, correct, or delete their personal information by contacting us. We will respond to such requests within a reasonable timeframe, as required by PIPEDA.
Training and Awareness
All employees, contractors, and third-party vendors who have access to our clients' data receive regular training on data privacy and security. We also conduct regular audits of our systems to ensure compliance with applicable regulations, including PIPEDA.