1) Scope

This Policy applies to personal information we handle about:

• Customers and prospective customers (consumers and business contacts)
• Individuals who submit website forms, call, text, or email us
• Persons whose information may be accessible on devices we service

This Policy does not apply to our employees and job applicants (covered by our HR privacy notice).

2) What We Collect

We collect the minimum information reasonably required to provide our services:

• Identity & contact: name, company, job title, mailing address, email, phone/SMS.
• Service & device details: device make/model/serial/IMEI, OS version, error codes, warranty status, diagnostic logs, relevant IP/MAC addresses.
• Credentials (limited & optional): temporary device PINs or passwords only when strictly necessary to complete a service; stored encrypted and deleted promptly after service.
• Service records: repair tickets, estimates, approvals, signatures, correspondence, instructions, proof of identity when required.
• Billing & transactions: payment method tokens, invoices, refunds, RMA/shipping details. We do not store full payment card numbers; processing is via PCI-compliant providers.
• Web & forms: submissions, timestamps, technical data (browser, IP, device), and preferences.
• Communications: emails, SMS, chat logs, call notes/records, unsubscribe requests.
• B2B client data: business contact information and configuration details needed to deliver contracted services.
• Incidental data on devices: personal files may be visible during diagnostics or recovery; we do not review content beyond what’s necessary or as required by law.

3) Purposes

• Provide quotes, schedule, and deliver repairs and support (in-store, on-site, or remote)
• Diagnose issues, perform data recovery/migrations/backups with consent
• Communicate about jobs, approvals, pick-ups, RMAs, recalls, service advisories
• Billing, payments, fraud prevention, chargeback handling, taxes, and accounting
• Customer support, warranty facilitation, vendor/manufacturer escalations
• Maintain service history, quality assurance, safety, and training
• Send transactional updates and, with consent, marketing communications
• Operate and secure our websites and systems; manage preferences
• Meet legal and regulatory obligations and enforce agreements

We do not sell personal information.

4) Consent & Your Choices

We obtain meaningful consent appropriate to the context (express or implied). You may withdraw consent at any time, subject to legal or contractual limits and reasonable notice. For marketing emails/SMS, use the unsubscribe link or reply “STOP.” We will continue to send essential transactional messages about active services or accounts.

5) Limiting Collection, Use, Disclosure & Retention

• We collect only what we need for identified purposes and retain it only as long as necessary.
• Service records & invoices: kept to satisfy tax and accounting laws (typically six years from the end of the relevant tax year in Canada).
• Diagnostic logs & temporary credentials: deleted shortly after service completion.
• Backups created for service: securely wiped after delivery/verification, unless you request ongoing backup or longer retention.
• We may anonymize/de-identify data for statistical reporting and service improvement.

6) Accuracy

We rely on you to help keep your information accurate and up to date. Contact us to correct or update your details.

7) Safeguards

We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information, including staff confidentiality obligations, least-privilege access, encrypted storage of sensitive fields, secure credential handling, endpoint protection, network safeguards, and secure disposal (e-waste and media sanitization).

Under PIPEDA, we assess, and where required, report and notify privacy breaches that present a “real risk of significant harm,” and maintain breach records.

8) Cross-Border Transfers

We use reputable third-party service providers (e.g., payment processors, CRM, email/SMS gateways, shipping, cloud hosting). Some providers may process or store data outside Ontario/Canada (e.g., in the United States). We use contractual and technical measures to ensure a comparable level of protection and will identify relevant providers on request.

9) Access & Correction

On written request and after verifying your identity, we will provide access to your personal information under our control, explain how it has been used and to whom it has been disclosed (subject to permitted exceptions), and correct or annotate inaccuracies.

You may also challenge our compliance with this Policy by contacting our Privacy Officer. If we cannot resolve your concern, you may contact the Office of the Privacy Commissioner of Canada (OPC).

10) CASL — Emails, Texts & Automated Messages

If you opt in (or we otherwise have implied consent under CASL), we may send commercial electronic messages such as promotions or surveys. Every message will identify us and include a working unsubscribe mechanism that remains available for at least 60 days. We honor opt-outs within 10 business days. Implied consent from an inquiry generally lasts up to six months; consent from an existing business relationship generally lasts up to two years, unless withdrawn sooner.

Service-Specific Practices

A) In-Store & On-Site Repairs

• We request that you back up your device before service where possible.
• We only access files or applications necessary to diagnose and fix the issue.
• If a device is locked, we may ask for a temporary passcode; we store it securely, restrict access, and delete it after the job.

B) Remote Support

• Remote sessions require your consent and may generate session logs/screenshots strictly for troubleshooting and quality assurance; these are erased within our standard retention window unless needed for audit or legal reasons.

C) Data Recovery & Migrations

• We will explain options, limits, and risks before proceeding and obtain your authorization.
• Recovered data may be staged on encrypted media to deliver back to you; staging media is securely wiped after confirmation or after the stated holding period.

D) Manufacturer/Vendor Escalation & RMAs

• With your authorization, we may share necessary device identifiers, logs, and contact/billing information with vendors or couriers to process a warranty or repair.

E) E-Waste & Parts Retention

• We offer secure media destruction and certificates on request. Salvaged parts are handled in a way that does not expose personal information.

F) Health-Sector Work (Ontario PHIPA)

• When we perform services for a Health Information Custodian (HIC), we act as their agent/service provider and handle any Personal Health Information (PHI) only in accordance with PHIPA, the custodian’s instructions, and our services agreement (including confidentiality, safeguards, incident reporting, and return/secure destruction of PHI). Individuals may contact the relevant HIC for PHI access/corrections or the Information and Privacy Commissioner of Ontario (IPC) for complaints.

Children’s Privacy

Our services and site are intended for general audiences and are not directed to children under 16. If you are a parent/guardian and believe a child provided personal information, contact us to request deletion.

Third-Party Links

Our site may link to third-party websites/services with their own privacy practices. Review those policies; we are not responsible for their content or practices.

Changes to this Policy

We may update this Policy to reflect changes in our practices or legal requirements. We will post the updated version with a new effective date. Material changes will be highlighted for a reasonable period. We encourage you to review this Policy periodically.