Privacy Policy
Your privacy and data protection are our priority
Effective: August 9, 2025
Who We Are
Onward Security Ltd.
Victoria, BC, Canada
What This Policy Covers
This policy explains how we handle personal information collected through our website, contact forms, and marketing communications. It does not replace confidentiality or data-handling terms in our service contracts with clients. We follow BC'sPersonal Information Protection Act (PIPA) and federal privacy requirements.
Information We Collect
Personal Information You Provide
- •Contact Details: Name, email address, phone number, company name, and messages you submit through our forms
- •Quote Request Details: Event/site information, dates, location, staffing requirements, and service specifications
- •Communication Records: Email correspondence, phone call records, and meeting notes related to our services
Technical Information
- •Website Usage: IP address, pages viewed, time spent on pages, referral sources, device type, and browser information
- •Cookies & Analytics: Data collected through cookies and analytics tools to improve user experience
Collection Principles: We collect only what we need for legitimate business purposes and by fair means (e.g., your form submission or standard web browsing). Learn more aboutPIPA collection requirements.
How We Use Your Information
Primary Uses
- ✓Respond to inquiries and provide security quotes
- ✓Deliver and manage security services
- ✓Process payments and maintain records
- ✓Comply with legal and regulatory requirements
Secondary Uses
- •Website security and fraud prevention
- •Analytics and website improvement
- •Marketing communications (with consent)
- •Business development and service enhancement
Legal Basis and Consent
Under BC's PIPA and federal privacy laws, we must identify purposes and obtain consent before collecting, using, or disclosing personal information, except where exemptions apply. Your consent may be express (e.g., submitting a form) or implied (e.g., providing information for an obvious purpose).
Your Consent Rights
- • You may withdraw consent at any time
- • We will respect your withdrawal going forward
- • Some services may be unavailable without necessary information
- • Legal requirements may require us to retain certain data
Learn more: BC Privacy Commissioner
Cookies and Website Analytics
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Site operation, security, form functionality | Session/1 year |
| Analytics | Traffic analysis, page popularity, user experience | 2 years |
| Functional | Remember preferences, improve user experience | 1 year |
Cookie Management: You can control cookies through your browser settings. Disabling essential cookies may affect site functionality. For analytics and advertising technologies, we provide meaningful notice and respect your choices.
Information Sharing and Service Providers
Trusted Service Providers
We work with carefully selected service providers who may access personal information to deliver services on our behalf:
Technology Services
- • Website hosting and maintenance
- • Email delivery and marketing platforms
- • Analytics and performance monitoring
- • Security and backup services
Business Services
- • Payment processing and accounting
- • Legal and professional services
- • Insurance and risk management
- • Government and regulatory compliance
Cross-Border Data Transfer
Some service providers may be located outside Canada (including the United States). We ensure appropriate safeguards are in place and require contractual protection of personal information.
Reference: Privacy Commissioner of Canada - Cross-Border Guidelines
Data Retention and Disposal
Active Client Records
Maintained for the duration of our business relationship plus 7 years for legal and audit purposes
Quote and Inquiry Records
Kept for 3 years to follow up on potential business and maintain service history
Analytics and Technical Data
Anonymized data retained for website improvement; identifiable data deleted within 26 months
Marketing Communications
Consent records and communication history maintained until withdrawal plus 3 years for CASL compliance
Secure Disposal: When retention periods expire, we securely delete or anonymize personal information using industry-standard methods to prevent unauthorized recovery.
Reference: BC Government - PIPA Retention Requirements
Security Measures
Technical Safeguards
- SSL/TLS encryption
- Secure hosting infrastructure
- Regular security updates
- Firewall protection
Access Controls
- Role-based access
- Staff training
- Need-to-know basis
- Regular access reviews
Operational Safeguards
- Incident response plan
- Regular backups
- Vendor due diligence
- Privacy impact assessments
While we implement reasonable security measures, no system is completely secure. We continuously review and update our security practices in line with PIPA security requirements.
Your Privacy Rights
Right to Access
Request information about what personal data we hold about you and how it's being used
Right to Correction
Ask us to correct inaccurate or incomplete personal information
Right to Withdraw Consent
Withdraw your consent for certain uses of your personal information at any time
Right to Complain
File a complaint with us or with the BC Privacy Commissioner if you're not satisfied
Response Timeline
We will respond to your privacy requests within 30 days as required by PIPA, or explain if we need additional time. Some requests may require identity verification to protect your privacy.
Learn more about your rights: BC Office of the Information and Privacy Commissioner
Marketing Communications (CASL Compliance)
Under Canada's Anti-Spam Legislation (CASL), we follow strict rules for commercial electronic messages:
What We Send
- ✓Service updates related to your requests
- ✓Quote follow-ups and service information
- •Occasional security industry insights (with consent)
- •Company updates and service announcements
Your Controls
- ⚙️Unsubscribe link in every email
- ⚙️Contact us directly to opt out
- ⚙️Choose specific communication types
- ⚙️Update your preferences anytime
Consent Records: We maintain detailed records of consent as required by CASL, including when and how you provided consent and any subsequent changes to your preferences.
Children's Privacy
Business-Only Service
Our website and services are designed for business use and are not directed to children under 13. We do not knowingly collect personal information from children.
If you believe a child has provided personal information to us, please contact us immediately and we will:
- 1.Investigate the situation promptly
- 2.Delete the information if confirmed
- 3.Take steps to prevent future collection
Breach Notification
In the unlikely event of a data breach that poses a risk of significant harm, we will:
Immediate Response
Contain the breach and assess the risk within 24 hours
Authority Notification
Report to Privacy Commissioner within 72 hours if required
Individual Notification
Notify affected individuals without unreasonable delay
What We'll Tell You: The nature of the breach, what information was involved, what we're doing about it, and steps you can take to protect yourself.
International Data Transfers
Some of our service providers operate outside Canada. When your personal information is transferred internationally, it may be subject to the laws of other countries. We ensure appropriate safeguards are in place:
Contractual Protection
Service agreements require equivalent privacy protection regardless of location
Reputable Providers
We work only with established companies that demonstrate strong privacy practices
Limited Purpose
International transfers are limited to specific business purposes with your knowledge
For questions about international transfers: Privacy Commissioner of Canada - Cross-Border Guidelines
Policy Updates
We may update this privacy policy to reflect changes in our practices, technology, legal requirements, or business operations.
How We Notify You
- • Updated effective date at the top of this policy
- • Email notification for material changes (if we have your consent)
- • Website notice for significant updates
- • Annual review and republication
Your Continued Use: By continuing to use our website and services after changes take effect, you accept the updated privacy policy. If you don't agree with changes, please discontinue use and contact us about your personal information.
Contact Our Privacy Officer
Get in Touch
Response Commitment
- ✓ Privacy inquiries answered within 2 business days
- ✓ Formal requests processed within 30 days
- ✓ Complaints investigated thoroughly and fairly
- ✓ Direct resolution preferred over regulatory complaints
Not Satisfied? External Resources
Last Updated: August 9, 2025 • Next Review: August 2026
This privacy policy complies with BC's Personal Information Protection Act (PIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and Canada's Anti-Spam Legislation (CASL).