Privacy Policy

ECG Synergy Marketing & Networking Inc.
Last Updated: January 8, 2025
Effective Date: January 8, 2025

Table of Contents

1. Definitions
2. Scope and Application
3. Legal Framework
4. Information We Collect
5. How We Collect Information
6. How We Use Your Information
7. Legal Bases for Processing
8. Disclosure and Sharing of Information
9. Data Retention
10. Cookies and Tracking Technologies
11. Third-Party Services and Links
12. Data Security
13. Your Privacy Rights
14. Children’s Privacy
15. International Data Transfers
16. Additional Rights for California Residents
17. Changes to This Privacy Policy
18. Contact Information and Complaints

1. Definitions

“Personal Information” means information about an identifiable individual, including but not limited to name, email address, phone number, business information, IP address, and usage data. This aligns with definitions under BC PIPA and PIPEDA.

“Clients” means homeowners, property managers, and businesses seeking contractor referrals through ECG Synergy.

“Partners” means contractors, tradespeople, and service providers who join the ECG Synergy network to receive referrals.

“Processing” means any operation performed on personal information, including collection, use, disclosure, storage, and deletion.

“Consent” means voluntary agreement to the collection, use, or disclosure of personal information for specified purposes.

2. Scope and Application

This Privacy Policy applies to:

• All visitors to ecgsynergy.com
• Clients who submit referral requests or inquiries
• Partners (contractors) who apply to join or participate in the ECG Synergy network
• Individuals who interact with our marketing campaigns, emails, or advertisements
• Anyone who contacts us through forms, email, phone, or other channels

This Privacy Policy does not apply to:

• Information collected by Partners directly from Clients during service delivery (Partners are independent data controllers and must comply with applicable privacy laws)
• Third-party websites, services, or platforms linked from our Website (see Section 11)
• Employment applications or employee information (covered by separate policies)

3. Legal Framework

ECG Synergy operates in British Columbia, Canada, and complies with:

• Personal Information Protection Act (BC PIPA) — British Columbia’s private-sector privacy law
• Personal Information Protection and Electronic Documents Act (PIPEDA) — Canada’s federal privacy law for commercial activities
• Canada’s Anti-Spam Legislation (CASL) — governing commercial electronic messages
• Applicable international laws where we process information of residents outside Canada

We adhere to the internationally recognized Fair Information Principles, including accountability, transparency, consent, purpose limitation, accuracy, security, and individual access.

4. Information We Collect

We collect personal information in several categories:

4.1 Information You Provide Directly

For Clients (Homeowners and Businesses):

• Full name and contact information (email, phone number, address)
• Property or project location (city, municipality, postal code)
• Project details (type of work, scope, timeline, budget range)
• Communication preferences
• Any other information you choose to provide in forms, emails, or phone conversations

For Partners (Contractors and Tradespeople):

• Business name, trade name (DBA), and legal business structure
• Owner/operator name, title, and contact information
• Business address, service areas, and operating regions
• Business license number and issuing municipality
• WorkSafeBC registration number and clearance status
• Insurance details (liability coverage, expiry dates, policy numbers)
• Trade certifications, tickets, and professional credentials
• Professional references and past project information
• Banking information for payment processing (if applicable)
• Campaign tier selection, subscription details, and billing information
• Project photos, testimonials, and marketing materials (with consent)
• Communication preferences and availability

For All Users:

• Email address, phone number, and correspondence content
• Feedback, survey responses, and customer service inquiries
• Marketing preferences and communication opt-ins/opt-outs

4.2 Information Collected Automatically

When you visit our Website, we automatically collect:

Technical Information:

• IP address and approximate geographic location (city/region level)
• Browser type, version, and language settings
• Operating system and device type (desktop, mobile, tablet)
• Screen resolution and device identifiers
• Internet service provider (ISP)

Usage Information:

• Pages visited, time spent on each page, and navigation paths
• Referral source (e.g., Google search, Facebook ad, direct URL entry, referring website)
• Date and time of visits and session duration
• Clicks, form interactions, and scrolling behavior
• Download activity and file access
• Search queries entered on the Website

Advertising and Analytics Data:

• Ad campaign identifiers and conversion tracking data
• Click-through rates and engagement metrics
• A/B test participation and variant assignments
• Heatmaps and session recordings (anonymized where possible)

4.3 Information from Third-Party Sources

We may receive personal information from:

• Advertising platforms (Meta/Facebook, Google Ads) — demographics, interests, ad engagement
• Analytics providers (Google Analytics) — aggregated user behavior and traffic sources
• Data enrichment services — publicly available business information to verify Partner credentials
• Government registries — WorkSafeBC clearance status, business license verification (publicly accessible records)
• Professional references — information provided by references listed by Partners
• Social media platforms — publicly available business profiles and reviews

4.4 Aggregated and Anonymized Data

We may create aggregated, anonymized, or de-identified data from personal information. This data does not identify individuals and is not considered personal information under applicable law. We may use and share this data without restriction for analytics, research, benchmarking, and service improvement.

5. How We Collect Information

We collect personal information through:

5.1 Direct Interactions

• Website forms (client referral requests, partner applications, contact forms, newsletter sign-ups)
• Email correspondence (info@ecgsynergy.com, partners@ecgsynergy.com, support inquiries)
• Phone calls and text messages
• In-person meetings, trade shows, or networking events
• Social media messages and interactions

5.2 Automated Technologies

• Cookies — small text files stored on your device (see Section 10)
• Web beacons and pixels — invisible tags on web pages and emails that track opens and clicks
• Analytics tools — Google Analytics, Hotjar, or similar services
• Advertising pixels — Meta Pixel (Facebook), Google Ads conversion tracking, LinkedIn Insight Tag
• Session replay tools — screen recordings and heatmaps to understand user experience (anonymized where possible)
• Server logs — automatic recording of technical information by our web servers

5.3 Third Parties

• Advertising platforms that share conversion and audience data
• Analytics providers that aggregate cross-site user behavior
• Payment processors that confirm transaction details
• Public registries and databases (business licenses, WorkSafeBC, corporate registries)

6. How We Use Your Information

We use personal information only for identified purposes and with appropriate consent. Specific uses include:

6.1 Service Delivery and Operations

• Client Services: Process referral requests, match Clients with suitable Partners, facilitate introductions, and follow up on project outcomes
• Partner Services: Process applications, verify credentials (licenses, insurance, WorkSafeBC), onboard approved Partners, manage subscriptions and billing, distribute referrals, and provide network support
• Customer Support: Respond to inquiries, resolve issues, and provide technical assistance
• Quality Assurance: Monitor service quality, collect feedback, and improve matching accuracy

6.2 Communication and Marketing

• Transactional Communications: Send confirmations, updates, invoices, receipts, and service-related notifications (consent not required for these messages)
• Marketing Communications: Send newsletters, promotional offers, campaign updates, and service announcements (with express consent; you may unsubscribe anytime)
• Surveys and Feedback: Request reviews, testimonials, and satisfaction ratings (with consent)
• Advertising and Retargeting: Display targeted ads on Facebook, Google, and other platforms based on your interactions with our Website

6.3 Website and Service Improvement

• Analytics: Understand how users navigate the Website, which features are most popular, and where improvements are needed
• A/B Testing: Test different versions of pages, forms, or campaigns to optimize performance
• User Experience Research: Analyze session recordings, heatmaps, and click patterns to improve usability
• Performance Monitoring: Detect and fix technical issues, bugs, and downtime

6.4 Security and Fraud Prevention

• Detect and prevent fraudulent applications, spam, or malicious activity
• Verify the authenticity of Partner credentials and references
• Protect the integrity of the ECG Synergy network and prevent abuse
• Comply with security best practices and investigate security incidents

6.5 Legal and Regulatory Compliance

• Comply with BC PIPA, PIPEDA, CASL, and other applicable laws
• Respond to legal processes (subpoenas, court orders, regulatory inquiries)
• Enforce our Terms of Use, Partner Agreements, and Code of Conduct
• Maintain records as required by law (e.g., tax records, business licenses)
• Exercise or defend legal rights in disputes or litigation

6.6 Business Operations and Development

• Manage internal operations, accounting, and financial reporting
• Evaluate and improve business processes and service offerings
• Support mergers, acquisitions, or sale of business assets (with appropriate safeguards)
• Conduct strategic planning and market research

7. Legal Bases for Processing (PIPEDA Compliance)

Under PIPEDA and BC PIPA, we rely on the following legal bases for processing personal information:

7.1 Consent

We obtain express or implied consent for most collection, use, and disclosure of personal information. Consent may be:

• Express: You actively agree (e.g., checking a box, signing a form, clicking “I agree”)
• Implied: Consent is reasonably inferred from your actions (e.g., providing your email address in a “contact us” form implies consent to receive a reply)
• Opt-out: You are notified and given the opportunity to opt out (e.g., unsubscribe links in marketing emails)

You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal may limit our ability to provide certain Services.

7.2 Contractual Necessity

Processing is necessary to fulfill our contractual obligations to you, such as:

• Providing referral services to Clients
• Delivering subscription services and referrals to Partners
• Processing payments and managing accounts

7.3 Legal Obligation

Processing is required to comply with legal or regulatory obligations, such as:

• Responding to court orders or government requests
• Maintaining records for tax or audit purposes
• Verifying WorkSafeBC coverage and business licenses (regulatory compliance)

7.4 Legitimate Interests

Processing is necessary for our legitimate business interests or those of a third party, provided these interests are not overridden by your privacy rights. Legitimate interests include:

• Preventing fraud and ensuring network integrity
• Improving the Website and Services through analytics
• Marketing our Services (where permitted without express consent)
• Exercising or defending legal rights

8. Disclosure and Sharing of Information

We do not sell personal information to third parties. We may disclose personal information in the following circumstances:

8.1 Within the ECG Synergy Network

• Client-to-Partner Matching: When a Client submits a referral request, we share relevant project details (name, contact info, project scope, location) with matched Partners to facilitate service delivery. Clients consent to this sharing by submitting a referral request.
• Partner Directory (Limited): With consent, we may display Partner business names, trade types, service areas, certifications, and project photos on our Website or in marketing materials. Personal contact information is not publicly displayed without express consent.

8.2 Service Providers and Processors

We engage third-party service providers to perform functions on our behalf. These providers have access to personal information only as necessary to perform their services and are contractually obligated to protect it. Categories include:

• Website Hosting and Infrastructure: Web hosting providers, content delivery networks (CDNs), domain registrars
• Email and Communication Services: Email marketing platforms (Mailchimp, Constant Contact), transactional email services (SendGrid), SMS providers
• Payment Processing: Payment gateways, merchant services, and billing platforms (Stripe, PayPal, Square)
• Analytics and Advertising: Google Analytics, Meta Pixel, Google Ads, Hotjar, heatmap tools, session replay services
• Customer Relationship Management (CRM): CRM platforms to manage Client and Partner interactions
• Cloud Storage and Backup: Secure cloud storage providers for data backup and disaster recovery
• Legal and Professional Services: Lawyers, accountants, auditors, and consultants (under confidentiality obligations)

8.3 Legal and Regulatory Authorities

We may disclose personal information when required or permitted by law, including to:

• Comply with subpoenas, court orders, warrants, or legal processes
• Respond to requests from government agencies, regulators, or law enforcement
• Enforce our Terms of Use, Partner Agreements, or other contracts
• Protect the rights, property, or safety of ECG Synergy, our users, or the public
• Detect, prevent, or investigate fraud, security breaches, or illegal activity

8.4 Business Transfers

If ECG Synergy is involved in a merger, acquisition, sale of assets, bankruptcy, or similar business transaction, personal information may be transferred to the successor entity. We will notify you via email and/or prominent notice on our Website before your information is transferred and becomes subject to a different privacy policy.

8.5 With Your Consent

We may share personal information for purposes not described in this Privacy Policy with your express consent. For example:

• Sharing testimonials, reviews, or case studies publicly (with your permission)
• Providing references to third parties at your request
• Participating in joint marketing campaigns with Partners

8.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data (which does not identify individuals) with third parties for analytics, research, benchmarking, or marketing purposes. This data is not subject to the restrictions of this Privacy Policy.

9. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected or as required by law. Retention periods vary based on:

9.1 Retention Schedule

Client Information:

• Active Referral Requests: Retained while the referral is in progress and for 2 years after completion or closure to facilitate follow-up, feedback, and potential future requests
• Inactive Accounts: Deleted after 3 years of inactivity unless legal retention is required
• Marketing Consent: Retained until consent is withdrawn or 3 years of inactivity, whichever comes first

Partner Information:

• Active Partners: Retained for the duration of the partnership and for 7 years after termination for legal, tax, and regulatory compliance (e.g., WorkSafeBC records, invoices, contracts)
• Application Records (Declined Partners): Retained for 2 years in case of reapplication or dispute
• Compliance Documents: Business licenses, insurance certificates, and WorkSafeBC clearances retained for 7 years after expiry or termination

Website Usage Data:

• Analytics Data: Retained for up to 26 months (Google Analytics default) or as configured
• Server Logs: Retained for 90 days for security and troubleshooting purposes
• Cookies: Expire according to their individual settings (see Section 10)

Financial Records:

• Invoices, receipts, and payment records retained for 7 years to comply with Canadian tax laws (CRA requirements)

Legal and Compliance Records:

• Records related to legal disputes, investigations, or regulatory inquiries retained for the duration of the matter plus 7 years

9.2 Deletion and Anonymization

When personal information is no longer needed, we securely delete or anonymize it using industry-standard methods:

• Permanent deletion from databases and backup systems
• Anonymization or aggregation to remove personally identifiable elements
• Secure destruction of physical records (shredding, incineration)

Note: Some information may persist in backup systems for up to 90 days after deletion from production systems.

9.3 Legal Holds

If personal information is subject to a legal hold, investigation, or regulatory request, we will retain it beyond the standard retention period until the matter is resolved.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver targeted advertising.

10.1 What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They store information such as user preferences, login status, and tracking identifiers. Cookies can be:

• Session Cookies: Temporary cookies that expire when you close your browser
• Persistent Cookies: Remain on your device for a set period or until manually deleted
• First-Party Cookies: Set by ecgsynergy.com
• Third-Party Cookies: Set by external services (e.g., Google Analytics, Meta Pixel)

10.2 Types of Cookies We Use

Strictly Necessary Cookies:

• Enable core Website functionality (page navigation, secure areas, form submissions)
• Cannot be disabled without impairing Website performance
• Do not require consent under PIPEDA

Performance and Analytics Cookies:

• Track how visitors use the Website (pages visited, time spent, bounce rates)
• Help us improve usability and identify technical issues
• Examples: Google Analytics, Hotjar
• Require consent in most jurisdictions

Functional Cookies:

• Remember your preferences (language, region, form inputs)
• Enhance user experience with personalized features
• Require consent

Advertising and Targeting Cookies:

• Track your activity across websites to deliver relevant ads
• Measure ad campaign effectiveness and conversions
• Examples: Meta Pixel (Facebook), Google Ads, LinkedIn Insight Tag
• Require express consent

10.3 Managing Cookies

Browser Settings:

You can control cookies through your browser settings:

• Chrome: Settings > Privacy and Security > Cookies and other site data
• Firefox: Settings > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Manage Website Data
• Edge: Settings > Cookies and site permissions

Most browsers allow you to:

• Block all cookies
• Block third-party cookies only
• Delete cookies when you close the browser
• Receive notifications when cookies are set

Opt-Out Tools:

• Google Analytics: Google Analytics Opt-out Browser Add-on
• Network Advertising Initiative: NAI Opt-Out Tool
• Digital Advertising Alliance of Canada: DAAC Opt-Out Tool

Important: Disabling cookies may affect Website functionality, including the ability to submit forms, access certain features, or receive personalized content.

10.4 Do Not Track (DNT) Signals

Some browsers offer “Do Not Track” (DNT) settings. We do not currently respond to DNT signals, as there is no universal standard for how to interpret them. We will update this policy if standards are established.

10.5 Other Tracking Technologies

In addition to cookies, we use:

• Web Beacons (Pixels): Invisible images embedded in web pages or emails that track opens, clicks, and engagement
• Local Storage: HTML5 local storage for saving user preferences and session data
• UTM Parameters: URL tracking codes that identify traffic sources and campaign performance
• Device Fingerprinting: Analyzing device characteristics (screen size, browser version, plugins) to recognize returning visitors

11. Third-Party Services and Links

11.1 Third-Party Websites

Our Website may contain links to third-party websites, including:

• Partner business websites and social media profiles
• Industry associations and regulatory bodies (e.g., WorkSafeBC)
• Payment processors and service providers
• Social media platforms (Facebook, LinkedIn, Instagram)

We are not responsible for the privacy practices, content, or security of third-party websites. When you click a link and leave ecgsynergy.com, you are subject to the third party’s privacy policy and terms of use. We encourage you to review their policies before providing any personal information.

11.2 Third-Party Services We Use

We integrate third-party services that may collect information independently. Key services include:

Google Analytics:

• Tracks Website usage, traffic sources, and user behavior
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: Google Analytics Opt-out Browser Add-on

Meta Pixel (Facebook):

• Tracks conversions, enables retargeting ads, and measures campaign performance
• Privacy Policy: https://www.facebook.com/privacy/policy/
• Opt-out: Facebook Ad Preferences

Google Ads:

• Displays targeted ads based on search queries and Website visits
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: Google Ads Settings

Email Marketing Platforms (e.g., Mailchimp):

• Manage email campaigns, subscriber lists, and engagement tracking
• Privacy Policy varies by provider (we will disclose the specific provider upon request)

Payment Processors (e.g., Stripe, PayPal):

• Process payments securely; we do not store full credit card numbers
• Privacy policies: Stripe, PayPal

11.3 Social Media Integrations

Our Website may include social media buttons or widgets (e.g., “Share on Facebook,” “Follow on LinkedIn”). These features may collect your IP address, page visited, and set cookies. Social media integrations are governed by the privacy policies of the respective platforms:

• Facebook: https://www.facebook.com/privacy/policy/
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Instagram: https://privacycenter.instagram.com/policy

12. Data Security

We take the security of your personal information seriously and implement reasonable administrative, technical, and physical safeguards to protect it from unauthorized access, use, disclosure, alteration, or destruction.

12.1 Security Measures

Technical Safeguards:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL (Transport Layer Security)
• Secure Hosting: Website and databases hosted on secure, reputable cloud platforms with industry-standard security certifications
• Access Controls: Role-based access controls (RBAC) limit employee access to personal information on a need-to-know basis
• Firewalls and Intrusion Detection: Network-level firewalls and monitoring systems to detect and prevent unauthorized access
• Regular Security Updates: Software, plugins, and systems are updated and patched regularly to address vulnerabilities

Administrative Safeguards:

• Employee Training: Staff are trained on privacy obligations, data handling procedures, and security best practices
• Confidentiality Agreements: Employees and contractors sign confidentiality and non-disclosure agreements
• Vendor Management: Third-party service providers are vetted for security compliance and bound by data protection agreements
• Incident Response Plan: Documented procedures for detecting, responding to, and reporting security breaches

Physical Safeguards:

• Physical access to servers and data centers restricted to authorized personnel
• Secure disposal of physical records (shredding, incineration)
• Off-site backups stored in secure, encrypted locations

12.2 Limitations of Security

No system is 100% secure. Despite our best efforts, we cannot guarantee absolute security. Risks include:

• Unauthorized access by hackers or malicious actors
• Vulnerabilities in third-party software or services
• Human error or insider threats
• Loss of data due to technical failures or disasters

You acknowledge and accept these inherent risks when using the Website and Services. You transmit information at your own risk.

12.3 Your Responsibilities

You can help protect your information by:

• Using strong, unique passwords and changing them regularly
• Keeping your login credentials confidential
• Logging out of accounts when using shared or public devices
• Being cautious of phishing emails or suspicious requests for information
• Reporting suspected security issues to us immediately at info@ecgsynergy.com

12.4 Data Breach Notification

In the event of a data breach that poses a real risk of significant harm to individuals, we will:

• Notify affected individuals as soon as feasible (without undue delay)
• Report the breach to the Office of the Information and Privacy Commissioner for British Columbia (OIPC) and other relevant authorities as required by law
• Provide information about the nature of the breach, the personal information involved, steps we are taking to mitigate harm, and steps you can take to protect yourself

We maintain a breach response plan in compliance with PIPEDA’s mandatory breach reporting requirements.

13. Your Privacy Rights

Under BC PIPA and PIPEDA, you have the following rights regarding your personal information:

13.1 Right to Access

You have the right to request access to the personal information we hold about you. We will provide:

• A copy of your personal information in our records
• Information about how it is being used and to whom it has been disclosed
• The source of the information (if not collected directly from you)

How to request: Email info@ecgsynergy.com with the subject line “Access Request” and provide sufficient detail to identify you and the information you seek.

Response time: We will respond within 30 days of receiving a complete request. If we need more time, we will notify you and provide a reason.

Fees: Access requests are generally free. We may charge a reasonable fee if the request is excessive, repetitive, or requires significant resources. You will be notified of any fees before we process the request.

13.2 Right to Correction

If personal information we hold about you is inaccurate or incomplete, you may request correction. We will:

• Correct the information if we agree it is inaccurate
• Annotate the record if there is a dispute about accuracy
• Notify third parties who received the inaccurate information (if appropriate)

How to request: Email info@ecgsynergy.com with the subject line “Correction Request” and provide the correct information with supporting documentation if available.

13.3 Right to Withdraw Consent

You may withdraw consent for the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. Withdrawal may include:

• Marketing opt-out: Click “unsubscribe” in any marketing email or contact us to opt out of all marketing communications
• Cookies: Adjust browser settings or use opt-out tools (see Section 10)
• Service withdrawal: Request deletion of your account or closure of your referral request

Consequences of withdrawal: If you withdraw consent for essential processing (e.g., sharing your project details with Partners), we may be unable to provide the Services. We will inform you of the implications before processing your withdrawal.

How to withdraw: Email info@ecgsynergy.com with the subject line “Withdraw Consent” and specify which consent you are withdrawing.

13.4 Right to Deletion

You may request deletion of your personal information in certain circumstances:

• The information is no longer necessary for the purposes for which it was collected
• You have withdrawn consent and there is no other legal basis for processing
• The information was collected or processed unlawfully

Limitations: We may retain information if required by law, necessary for legal obligations, or to establish, exercise, or defend legal claims. We will anonymize or aggregate data where possible instead of deletion.

How to request: Email info@ecgsynergy.com with the subject line “Deletion Request.”

13.5 Right to Object or Restrict Processing

You may object to or request restriction of processing in certain situations, such as:

• Processing based on legitimate interests (you can object on grounds relating to your particular situation)
• Direct marketing (you can object at any time—we will stop immediately)
• Automated decision-making or profiling (if applicable)

How to request: Email info@ecgsynergy.com with the subject line “Objection/Restriction Request.”

13.6 Right to Portability

Where technically feasible, you may request that we provide your personal information in a structured, commonly used, and machine-readable format (e.g., CSV, JSON) so you can transmit it to another service provider.

How to request: Email info@ecgsynergy.com with the subject line “Portability Request.”

13.7 Right to Lodge a Complaint

If you believe we have violated your privacy rights or failed to comply with BC PIPA or PIPEDA, you have the right to file a complaint with:

Office of the Information and Privacy Commissioner for British Columbia (OIPC BC):
Website: https://www.oipc.bc.ca
Phone: 250-387-5629 (Victoria) or 1-800-663-7867 (toll-free in BC)
Email: info@oipc.bc.ca

Office of the Privacy Commissioner of Canada (OPC):
Website: https://www.priv.gc.ca
Phone: 1-800-282-1376 (toll-free in Canada)
Email: Via online complaint form

You may also contact us directly to resolve your concerns before filing a formal complaint.

13.8 Exercising Your Rights

Verification: To protect your privacy, we may require verification of your identity before responding to access, correction, deletion, or other requests. Acceptable forms of identification include government-issued ID, account credentials, or other information we have on file.

Authorized Representatives: You may designate an authorized representative (e.g., legal guardian, power of attorney) to exercise your rights on your behalf. We will require proof of authorization.

Response Time: We will respond to requests within 30 days unless an extension is needed. If we deny a request, we will provide a reason and inform you of your right to appeal or file a complaint.

14. Children’s Privacy

Our Services are directed to businesses, contractors, and adult consumers. We do not knowingly collect personal information from children under the age of 13 (or the applicable age of consent in their jurisdiction).

If we become aware that we have inadvertently collected personal information from a child under 13 without parental consent, we will take immediate steps to delete the information from our systems.

Parents and Guardians: If you believe your child has provided personal information to us without your consent, please contact us immediately at info@ecgsynergy.com with the subject line “Child Privacy Concern.” We will investigate and take appropriate action.

15. International Data Transfers

ECG Synergy is based in British Columbia, Canada. Personal information may be transferred to, stored, or processed in jurisdictions outside of Canada, including the United States, where data protection laws may differ from Canadian standards.

15.1 Cross-Border Transfers

We may transfer personal information internationally in the following circumstances:

• Cloud Hosting: Our Website and databases are hosted on servers located in Canada and/or the United States
• Third-Party Services: Service providers (e.g., Google, Meta, Stripe) may process data in the U.S. or other countries
• Business Operations: Data may be accessed by employees, contractors, or partners in other jurisdictions for support and service delivery

15.2 Safeguards for International Transfers

When transferring personal information outside Canada, we ensure appropriate safeguards are in place:

• Data Processing Agreements: Contracts with third-party processors include data protection clauses (e.g., Standard Contractual Clauses, PIPEDA-compliant terms)
• Adequacy Determinations: Where possible, we transfer data to jurisdictions with adequate data protection laws recognized by Canada
• Encryption and Security: Data in transit is encrypted using TLS/SSL; data at rest is encrypted where feasible
• Limited Access: Only authorized personnel have access to personal information

15.3 Foreign Legal Access

Personal information stored or processed outside Canada may be subject to foreign laws, including lawful access by courts, law enforcement, or national security authorities in those jurisdictions (e.g., the U.S. CLOUD Act). By using our Services, you acknowledge and consent to this possibility.

For more information about where your data is stored and processed, contact us at info@ecgsynergy.com.

16. Additional Rights for California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), even though ECG Synergy is a Canadian company.

16.1 CCPA/CPRA Rights

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.

Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.

Right to Opt-Out of Sale/Sharing: We do not “sell” personal information as defined by the CCPA. If we engage in “sharing” for cross-context behavioral advertising, you may opt out.

Right to Correct: You may request correction of inaccurate personal information.

Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes requiring an opt-out right under the CPRA.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

16.2 How to Exercise CCPA/CPRA Rights

California residents may submit requests by:

• Email: info@ecgsynergy.com with the subject line “California Privacy Request”
• Phone: (Contact number if available)

We will verify your identity and respond within 45 days (extendable by an additional 45 days if necessary).

16.3 Authorized Agents

California residents may designate an authorized agent to submit requests on their behalf. We require written authorization and verification of the agent’s authority.

16.4 Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes without your consent.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

• Update the “Last Updated” date at the top of this page
• Post a prominent notice on our Website homepage for 30 days
• Notify active Clients and Partners by email (if we have your consent to send non-transactional emails)
• For material changes affecting consent, obtain new consent where required by law

Your continued use of the Website or Services after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you must discontinue use and contact us to exercise your rights (e.g., withdraw consent, request deletion).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

18. Contact Information and Complaints

18.1 Privacy Officer and Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer:

We will acknowledge receipt of your inquiry within 5 business days and provide a substantive response within 30 days.

18.2 Complaint Process

If you believe we have violated your privacy rights or mishandled your personal information, we encourage you to contact us first so we can resolve the issue. Our internal complaint process includes:

1. Submit Your Complaint: Email info@ecgsynergy.com with the subject line “Privacy Complaint” and provide details of your concern, including dates, individuals involved, and desired resolution.
2. Acknowledgment: We will acknowledge receipt within 5 business days.
3. Investigation: We will investigate the complaint, which may include reviewing records, interviewing staff, and consulting legal counsel.
4. Resolution: We will provide a written response within 30 days (or notify you if more time is needed), including our findings, corrective actions taken, and any changes to policies or practices.
5. Appeal: If you are not satisfied with our response, you may escalate to senior management or file a complaint with the OIPC BC or OPC (see Section 13.7).

18.3 Regulatory Authorities

You may also file a complaint directly with privacy regulators without contacting us first:

Office of the Information and Privacy Commissioner for British Columbia (OIPC BC):
Website: https://www.oipc.bc.ca
Phone: 250-387-5629 (Victoria) or 1-800-663-7867 (toll-free in BC)
Email: info@oipc.bc.ca
Mail: PO Box 9038, Stn Prov Govt, Victoria, BC V8W 9A4

Office of the Privacy Commissioner of Canada (OPC):
Website: https://www.priv.gc.ca
Phone: 1-800-282-1376 (toll-free in Canada)
TTY: 1-800-267-0466
Online: Submit a complaint via the OPC website

---