Domain logo Domain
+1 (306) 763-0337 [email protected] Ottawa, ON, Canada

GDPR Privacy Policy

Last updated: October 9, 2024

This Privacy Policy describes how Domain ("we," "us," or "our") collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection legislation. By using our platform and services, you acknowledge that you have read and understood this policy.

1. Data Controller

Domain acts as the data controller for personal data collected through this website and associated services. We are responsible for ensuring that personal data is processed lawfully, fairly, and transparently. If you have any questions regarding how your data is handled, you may contact us at [email protected] or by writing to us at 199-1200 St. Laurent Blvd, Ottawa, ON K1K 3B8, Canada.

2. Personal Data We Collect

We collect personal data that you provide directly to us, as well as data generated through your use of our services. The categories of personal data we may collect include:

2.1 Data You Provide Directly

2.2 Data Collected Automatically

2.3 Data from Third Parties

We may receive personal data about you from third-party services such as authentication providers or payment processors, where you have granted them permission to share your information with us.

3. Legal Bases for Processing

We process your personal data only where we have a valid legal basis to do so. The legal bases we rely on include:

4. How We Use Your Personal Data

We use personal data for the following purposes:

5. Data Retention

We retain personal data for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal obligations, or to resolve disputes. When personal data is no longer required, it is securely deleted or anonymised.

Specific retention periods include:

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with third parties only in the following circumstances:

6.1 Service Providers

We engage trusted third-party service providers who process data on our behalf under binding data processing agreements. These include hosting providers, payment processors, email delivery services, and analytics platforms. All processors are required to implement appropriate security measures and may only process data according to our instructions.

6.2 Legal Requirements

We may disclose personal data where required by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 Business Transfers

In the event of a merger, acquisition, or transfer of assets, personal data may be transferred as part of that transaction. You will be notified of any such change and of your rights in relation to your data.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence. Where such transfers occur, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by relevant data protection authorities, to ensure your data receives an adequate level of protection.

8. Your Rights Under GDPR

Subject to applicable law, you have the following rights in relation to your personal data:

8.1 Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we use it.

8.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

8.3 Right to Erasure

You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where processing is unlawful, subject to certain exceptions.

8.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while a dispute about accuracy is resolved.

8.5 Right to Data Portability

Where processing is based on consent or contractual necessity and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to request its transfer to another controller where technically feasible.

8.6 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease such processing without delay.

8.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects, unless you have explicitly consented or such processing is necessary for a contract.

8.8 Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will respond within the timeframe required by applicable law, generally within 30 days. We may request verification of your identity before fulfilling any request.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our platform, remember your preferences, analyse usage patterns, and deliver relevant content. Cookies may be classified as:

You may manage your cookie preferences through your browser settings or through our consent management interface. Disabling certain cookies may affect the functionality of the platform.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and staff training on data protection obligations.

While we take all reasonable steps to protect your data, no method of transmission over the internet or electronic storage is completely secure. We encourage you to use strong, unique passwords and to notify us immediately if you suspect any unauthorised use of your account.

11. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that personal data has been collected from a child without appropriate consent, we will take steps to delete such data promptly. If you believe a child has submitted personal data to us, please contact us at [email protected].

12. Third-Party Links

Our platform may contain links to third-party websites or services. This Privacy Policy applies solely to data collected by us and does not govern the practices of third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our platform. Your continued use of our services after any such changes constitutes your acknowledgement of the updated policy.

14. Complaints

If you have concerns about how we handle your personal data and we have not resolved them to your satisfaction, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence or place of work. We would, however, appreciate the opportunity to address your concerns directly before you contact a supervisory authority.

15. Contact Us

If you have any questions, requests, or concerns regarding this Privacy Policy or our data protection practices, please contact us: