Privacy Policy

Privacy Policy

Effective Date: 01 October 2024
Last Updated: 19 August 2025

1. Introduction

Strategic Solutions Consulting Inc. ("we," "our," or "us") is committed to protecting the privacy and personal information of our clients, website visitors, and business contacts. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in accordance with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act respecting the protection of personal information in the private sector (Law 25).

2. What Personal Information We Collect

We may collect the following types of personal information:

From Clients and Prospective Clients:

• Name, title, and contact information (email, phone, address)

• Company information and business details

• Financial information for billing purposes

• Information about your business needs and objectives

• Communications and correspondence

From Website Visitors:

• Contact information submitted through forms

• Technical information (IP address, browser type, pages visited)

• Cookies and similar tracking technologies

From Business Contacts:

• Professional contact information

• Business communications

Special Notice for Minors

Important: We do not knowingly provide services directly to individuals under 14 years of age. If personal information of a minor under 14 is collected (for example, through a family business), we require explicit parental or guardian consent before processing such information.

Profiling and Automated Decision-Making

We may use profiling techniques to analyze client needs and recommend appropriate consulting services. You have the right to opt out of profiling activities. We do not make automated decisions that significantly affect you without human review. If automated decision-making is used, you will be informed and can request human intervention.

3. How We Collect Personal Information

We collect personal information through:

• Direct communication (meetings, emails, phone calls)

• Our website and contact forms

• Business cards and networking events

• Publicly available sources (professional networks, company websites)

• Third-party referrals

4. Why We Use Your Personal Information

We use personal information for the following purposes:

Primary Purposes:

• Providing consulting services and project management

• Communicating with clients about projects and services

• Processing invoices and payments

• Managing client relationships

Secondary Purposes:

• Improving our services and website functionality

• Marketing our services (with consent where required)

• Complying with legal and regulatory requirements

• Maintaining business records

5. Legal Basis for Processing (Quebec Law 25 Compliance)

We process personal information based on:

• Contractual necessity: To fulfill our consulting agreements

• Legitimate business interests: For client relationship management and business operations

• Consent: For marketing communications and non-essential uses

• Legal obligations: To comply with tax, accounting, and other legal requirements

6. How We Share Personal Information

We may share personal information with:

Service Providers:

• IT support and cloud storage providers

• Accounting and legal professionals

• Payment processors

• Subcontractors (with client consent)

Legal Requirements:

• Government agencies when required by law

• Law enforcement when legally compelled

• Courts and tribunals as required

We do not sell personal information to third parties.

7. Data Retention

We retain personal information for as long as necessary to:

• Fulfill the purposes for which it was collected

• Comply with legal and regulatory requirements

• Resolve disputes and enforce agreements

Generally, we retain:

• Client records: 7 years after project completion

• Financial records: 7 years as required by tax laws

• Marketing contacts: Until consent is withdrawn

• Website data: 2 years unless longer retention is required

8. Your Privacy Rights

Under applicable privacy laws, you have the right to:

• Access: Request information about personal information we hold about you

• Correction: Request correction of inaccurate personal information

• Deletion: Request deletion of personal information (subject to legal requirements)

• Portability: Request transfer of your personal information in a structured format

• Consent Withdrawal: Withdraw consent for non-essential uses

• Opt-out of Profiling: Refuse or cease profiling activities

• De-indexation: Request removal of your information from search results (Quebec residents)

• Cessation of Dissemination: Request we stop sharing your information with third parties (Quebec residents)

• Complaint: File a complaint with privacy authorities

Request Processing

• Timeline: We will respond to privacy requests within 30 days of receipt

• Identity Verification: We may request identification documents to verify your identity before processing requests

• Fees: Most requests are processed free of charge. We may charge reasonable fees for excessive or repetitive requests

• Complex Requests: We may extend the response time by an additional 30 days for complex requests and will notify you of any extension

To exercise these rights, contact our Privacy Officer using the information above.

9. International Transfers

Personal information may be transferred to and processed in the following jurisdictions:

Service Provider Locations:

• Cloud Storage: Microsoft Azure (Canada and United States data centers)

• Email Services: Microsoft 365 (Canada data centers with U.S. backup)

• Payment Processing: Stripe (United States and Canada)

• Project Management Tools: Monday.com (United States and European Union)

• Accounting Software: QuickBooks (Canada and United States)

When we transfer information outside Canada, we ensure adequate protection through:

• Adequacy decisions by privacy authorities

• Standard contractual clauses with service providers

• Your explicit consent where required

• Other legally recognized safeguards such as Privacy Shield successor frameworks

Your Rights: You can request information about specific international transfers affecting your personal information by contacting our us.

10. Security Measures

We implement appropriate technical and organizational measures to protect personal information, including:

• Encryption of sensitive data in transit and at rest

• Access controls and authentication procedures

• Regular security assessments and updates

• Staff training on privacy and security

• Incident response procedures

11. Cookies and Website Technologies

Our website uses cookies and similar technologies. Cookie Consent: When you first visit our website, you will see a cookie consent banner allowing you to accept, decline, or customize your cookie preferences.

Cookie Categories:

• Essential Cookies: Required for website functionality (always enabled)

• Analytics Cookies: Google Analytics to understand website usage (opt-in required)

• Marketing Cookies: Currently not used, but may be implemented with your consent

Third-Party Analytics:

We use Google Analytics with IP anonymization enabled. Data is processed in the United States under Google's privacy safeguards. You can opt out by declining analytics cookies or using Google's opt-out tool.

Cookie Management: You can control cookies through:

• Our cookie preference center (accessible in the website footer)

• Your browser settings

• Third-party opt-out tools

Some website features may not function properly if essential cookies are disabled.

12. Marketing Communications

We may send marketing communications to existing clients and prospects who have provided consent or with whom we have an existing business relationship. You can opt out of marketing communications at any time by:

• Clicking the unsubscribe link in emails

• Contacting us directly

• Updating your preferences on our website

13. Privacy Breach Response

In the event of a privacy breach that poses a risk of serious harm, we will:

Immediate Response (within 72 hours):

• Contain and investigate the breach

• Document the incident in our breach log as required by Law 25

• Assess the risk of harm to affected individuals

• Implement containment measures

Notification Requirements:

• High Risk Breaches: Notify affected individuals without unreasonable delay

• Regulatory Reporting: Report to the Commission d'accès à l'information du Québec within 72 hours when required by law

• Documentation: Maintain detailed records of all privacy incidents

Follow-up Actions:

• Conduct thorough investigation and root cause analysis

• Implement corrective measures to prevent future incidents

• Review and update security measures as needed

• Provide ongoing support to affected individuals

15. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will post updates on our website and notify you of material changes as required by law.

16. Complaints and Concerns

If you have questions, concerns, or complaints about our privacy practices, please contact our Privacy Officer. If you are not satisfied with our response, you may file a complaint with:

Office of the Privacy Commissioner of Canada
Website: www.priv.gc.ca
Phone: 1-800-282-1376

Commission d'accès à l'information du Québec (CAI)
Website: www.cai.gouv.qc.ca
Phone: 1-888-528-7741

Acknowledgment: By engaging our services or using our website, you acknowledge that you have read and understood this Privacy Policy.