GDPR Compliance Statement

Last Updated: April 23, 2026

Our Commitment to GDPR

Although orgonrincu is a Canadian organization, we recognize the importance of the General Data Protection Regulation (GDPR) and are committed to protecting the personal data of individuals in the European Economic Area (EEA) who interact with our services.

Legal Basis for Processing

We process personal data only when we have a legal basis to do so under GDPR Article 6:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for a contract we have with you, or to take steps at your request before entering into a contract
• Legal Obligation: Processing is necessary for us to comply with legal obligations
• Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and interests

Your Rights Under GDPR

If you are an individual in the EEA, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure (Right to be Forgotten)

You have the right to request that we erase your personal data, under certain conditions.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Object

You have the right to object to our processing of your personal data, under certain conditions.

Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer:

Email: [email protected]
Subject Line: GDPR Rights Request
Response Time: We will respond to your request within 30 days

When submitting a request, please provide:

• Your full name
• Email address associated with your account
• Specific right you wish to exercise
• Any relevant details to help us locate your data

Data Protection Principles

We adhere to the following GDPR data protection principles:

• Lawfulness, Fairness, and Transparency: We process data lawfully, fairly, and in a transparent manner
• Purpose Limitation: We collect data for specified, explicit, and legitimate purposes only
• Data Minimization: We collect only the data that is adequate, relevant, and necessary
• Accuracy: We keep personal data accurate and up to date
• Storage Limitation: We retain personal data only as long as necessary
• Integrity and Confidentiality: We process data securely and protect against unauthorized access
• Accountability: We are responsible for and can demonstrate compliance with these principles

Data Transfers Outside the EEA

Your personal data may be transferred to and processed in Canada and other countries outside the EEA. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Other legally valid transfer mechanisms

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach poses a high risk
• Document all data breaches, regardless of whether notification is required

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You may contact our DPO with any questions or concerns about our data protection practices:

Email: [email protected]
Address: Data Protection Officer, orgonrincu, 427 Laurier Avenue West, Suite 840, Ottawa, ON K1R 7Y2, Canada

Third-Party Processors

When we engage third-party processors to handle personal data on our behalf, we ensure they:

• Provide sufficient guarantees of GDPR compliance
• Process data only on our documented instructions
• Maintain appropriate security measures
• Assist us in fulfilling data subject rights requests
• Delete or return personal data upon termination of services

Retention Periods

We retain personal data for different periods depending on the purpose:

• Active Clients: For the duration of the service relationship plus 7 years for legal and regulatory purposes
• Marketing Contacts: Until you withdraw consent or we determine the data is no longer relevant
• Website Visitors: Analytics data is typically retained for 26 months

Cookies and Tracking

For information about our use of cookies and how to manage your preferences, please see our Cookies Policy.

Complaints

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority in the EEA, particularly in the member state where you reside, work, or where the alleged infringement occurred.

Updates to This Statement

We may update this GDPR Compliance Statement from time to time. Any changes will be posted on this page with an updated revision date.

Contact Information

For questions about our GDPR compliance or to exercise your rights:

Email: [email protected]
Address: 427 Laurier Avenue West, Suite 840, Ottawa, ON K1R 7Y2, Canada