Data Protection & Privacy Policy

Why This Matters

People's personal information deserves respect and protection. Whether client employees, contractors, or our own team, we handle personal data with the same care we'd expect for our own. Privacy isn't a checkbox exercise - it's fundamental to operating ethically in a digital world and essential to maintaining the trust our clients place in us.

What We're Committed To

1. Laws guide our baseline - We comply fully with PIPEDA, GDPR, and applicable privacy legislation in all jurisdictions where we operate
2. Purpose limits collection - We collect only personal information necessary for defined business purposes
3. Consent comes first - People understand what we're collecting, why, and how it will be used before we proceed
4. Access belongs to individuals - Data subjects can request access, correction, or deletion of their personal information within 30 days
5. Breaches get reported fast - Any personal data breach gets reported to affected individuals and authorities within 72 hours
6. Borders matter - Personal data doesn't cross international boundaries without proper safeguards and legal basis
7. Retention has limits - Personal information gets deleted when no longer needed for its original purpose

How We Work

Apply privacy-by-design thinking to your work. Minimize personal data in systems where possible. Use pseudonymization to balance operational needs with privacy protection. Question data collection requests - "do we really need this?" Document your privacy decisions when they involve interpretation. Your expertise determines the approach - our commitments define the boundaries.

When to Escalate

Contact CEO immediately if:

• A personal data breach occurs or is suspected
• Someone requests access to or deletion of their personal information
• You receive a regulatory inquiry or complaint
• Cross-border data transfer is needed
• You're uncertain about privacy implications of a decision