GDPR Compliance

Our Commitment

We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights as a data subject.

Legal Basis for Processing

We process personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities
• Contract: When processing is necessary to fulfill our service agreement with you
• Legitimate interests: When we have a legitimate business interest that does not override your rights
• Legal obligation: When required by law

Data Subject Rights

Under GDPR, you have the following rights:

Right to Access

You have the right to obtain confirmation of whether we process your personal data and to access that data. We will provide a copy of your data in a commonly used electronic format.

Right to Rectification

You can request correction of inaccurate personal data and completion of incomplete data.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

Right to Restriction of Processing

You can request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal effects or significantly affects you. We do not currently employ automated decision-making processes.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Specific retention periods depend on the nature of the data and our legal obligations:

• Client consultation records: retained for seven years after the last service
• Marketing contact information: retained until consent is withdrawn
• Website analytics: anonymized after 26 months

Data Protection Officer

For questions regarding GDPR compliance or to exercise your data rights, please contact us at [email protected] with the subject line "GDPR Request."

International Data Transfers

When we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe our processing of your personal data violates GDPR.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]
Subject: GDPR Request
Address: 847 Granville Street, Vancouver, BC V6Z 1K3, Canada

We will respond to your request within one month. In complex cases, this may be extended by two additional months, and we will inform you of any such extension.

Updates to This Policy

We may update our GDPR compliance information to reflect changes in our practices or legal requirements. Any updates will be posted on this page with a revision date.