Privacy Policy

 

Table of Contents

1. General

2. Your consent to use personal information

3. How we protect your information

4. Information we collect when you visit our website

5. Information we collect when you contact us

6. Information we collect when you buy our services

7. Information we collect when you apply for a job

8. Information we collect when you work with us

9. Why we're legally allowed to process your data

10. Your privacy rights

11. Information about minors

12. What happens if we merge with another company

13. How to contact us

14. How to contact the privacy authority

15. Changes to this policy

​

General

 

Last updated: September 21, 2025

​

This Privacy Policy explains how DigiRisq Consulting Inc. ("DigiRisq Consulting", "DigiRisq.com", "DigiRisq", "we", "us", or "our") collects, stores, uses, and shares your personal information when you:

1. Visit our website at https://DigiRisq.com or any other website that links to this policy

2. Contact us by email, phone, video call, or in any other way

3. Purchase or subscribe to our services

4. Apply to work with us

5. Work with us as an employee, contractor, or partner

​

What is "personal information"?

Personal information is any information about you as an individual person. This includes information that can identify you directly (like your name) or indirectly (like your IP address combined with other data). We collect personal information from website visitors, potential clients, clients, partners, employees, contractors, and anyone else who contacts us or uses our services.

​

Questions or concerns?

Reading this policy will help you understand your privacy rights and choices. If you don't agree with our policies, please don't use our services. If you have questions or concerns, contact our Data Protection Officer.

​

Your consent to use personal information

 

We ask for your permission before collecting, storing, using, or sharing your personal information, except when the law says we don't need to. We only collect information that's necessary for the specific purposes we tell you about.

​

How we get your consent

We might get your consent in different ways:

• Direct consent: You sign a form, send an email, fill out an application, or tell us verbally

• Implied consent: You visit our website and accept cookies, or use our services knowing we need certain information

 

If you need to share personal information about other people (like your colleagues or employees), you must get their permission first before sharing it with us.

​

Using your information for new purposes

If we want to use your information for something different than what we originally collected it for, we'll ask for your permission again. You don't have to say yes to these new uses unless we say it's absolutely necessary.

​

How we protect your information

 

We use the same security measures for all personal information, whether it comes from website visitors, people who contact us, customers, job applicants, or employees.

​

Our security measures

• Third-party vetting: We carefully check all outside companies before trusting them with any information. All our partners and vendors must sign contracts to keep your data secure and confidential.

• Vendor risk management: We assess the security risks of every new vendor before working with them, and review these assessments at least once a year.

• Data encryption: Your information is encrypted when it travels between systems (using HTTPS/TLS 1.2+) and when it's stored (using AES256).

• Access controls: We use multi-factor authentication wherever possible. Only people who need access for their job can see your information, and they get the minimum access necessary. We review who has access every three months.

• Policy compliance: We handle data according to our policies and business requirements.

​

Information we collect when you visit our website

 

What we collect automatically

When you visit our website, we automatically collect:

• Your IP address

• Your browser type

• Your operating system

• Your device type

• When and how long you visit

• Which pages you visit

• External links you click

• Where you enter and exit our site

• Your clicks, scrolling, and website interactions

• Your approximate location (city, region, country)

• Your language preference

• Your age range

• Your gender

• Search terms you use on our site

​

How we collect this information

We collect this information automatically using cookies, visitor logs, and other tracking technologies.

​

What are cookies?

Cookies are small text files stored on your computer that collect standard internet log information and visitor behavior. When you visit our website, we may collect information from you automatically through cookies or similar technology.

​

Why we collect this information

We collect this data to:

• Make our website work properly (showing our story, services, events, news, blog articles, registration forms)

• Analyze how people use our website (if you agreed to this through our cookie banner)

​

If we want to use this information for anything else, we'll ask for your permission again.

​

Types of cookies we use

• Necessary cookies: Required for basic website features like secure login and remembering your consent preferences. These don't store personally identifiable information.

• Functionality cookies: Help us recognize you and remember your preferences (like language and location). These help with features like sharing content on social media and collecting feedback.

• Analytics cookies: Help us understand how visitors use our website, including number of visitors, bounce rate, and traffic sources.

• Performance cookies: Help us analyze website performance to deliver a better user experience.

• Advertising cookies: Collect information about your visit, content viewed, and links followed. We may share limited aspects of this data with advertising partners, which means you might see ads based on your browsing patterns when you visit other websites.

​

Managing cookies

You can reject non-essential cookies using our cookie banner or through your browser settings. If you do this, only necessary cookies will be enabled. Keep in mind that some website features might not work properly if you block cookies.

​

Do we share this information?

We don't share your personal information with third parties without your consent, except in these limited situations:

• Analytics: We may share data with analytics platforms, but we require them to use it only for the intended purpose and not keep it longer than necessary.

• Legal obligations: We may have to share your information to:

  • Comply with laws, regulations, court orders, or other legal processes

  • Enforce our agreements with you

  • Respond to claims that your use of our services violates third-party rights

​

How long we keep this information

We usually keep website data for five years. We store it using trusted third parties like our CRM (HubSpot) and analytics platform (Google Analytics).

​

Opting out of marketing

We don't send marketing emails to website visitors unless they specifically sign up for them. You can opt out using the unsubscribe link in any marketing email or by contacting our Data Privacy Officer.

​

Other websites

Our website links to other websites we don't control. This privacy policy doesn't cover those websites. We're not responsible for other websites' content, privacy policies, or practices.

​

Information we collect when you contact us

 

What we collect

When you contact us by email, phone, video call, or in person, we collect the information you voluntarily share:

• Your name

• Your company

• Your job title/role

• Your business email

• Your business phone number

• The content of your communication (requests, questions, comments)

• Any other information you choose to share

• Video and/or audio recordings of calls (when you've given consent)

​

How we collect this information

We collect this when you voluntarily provide it by emailing us, calling us, using online forms, meeting with us virtually, or meeting in person.

​

Why we collect this information

We collect this information so we can contact you back and provide the service you're asking for.

​

Do we share this information?

We don't share the content of our communications with third parties. We may share topics and questions from conversations with specific partners for collaborations, referrals, webinars, etc.

We may share your contact information with partners for webinars, events, collaborations, and marketing campaigns.

​

Marketing communications

With your permission, we might occasionally send you information about our services or our partners' services that we think you'd like. We might share your contact information (like your email) with these partners:

• A-LIGN

• Circle Innovation

• Sophos

• KnowBe4

• Prescient Assurance

• Vanta

 

You can opt out anytime by contacting us or using the unsubscribe link in marketing emails.

​

How long we keep this information

We keep information from your communications for up to five years, or longer if you become a customer or if regulations require it.

​

Information we collect when you buy our services

 

What we collect

When you purchase our services, we collect:

• Your name

• Your title, role, and/or function at your company

• Your business email

• Your business phone number (if available)

• Your business payment information

• Names, titles, roles, and functions of key people involved in our contract

​

How we collect this information

We collect this when you voluntarily provide it through email, phone, online forms, video calls, or in-person meetings.

​

Why we collect this information

We need this information to support our sales, operations, and support processes. We also use it in promotional materials and share some information with business partners to support our services or promote new services that might benefit your business.

​

Do we share this information?

Core third parties that support all our processes:

• Google (Emails/Calendar/Calls)

• HubSpot (CRM)

• Slack (Instant communication, when applicable)

Additional third parties for sales support:

• NRCC / IRAP (Partnerships, when applicable)

• Cyber Security Canada (Audit partner, when applicable)

• BMO (Partnerships, when applicable)

• Vanta (GRC platform, when applicable)

• Centra (Penetration testing partner, when applicable)

• Zoom (Calls, when applicable)

Additional third parties for service delivery:

• Atlassian (Documentation management)

• SentinelOne (EDR, when applicable)

• KnowBe4 (Training, when applicable)

• Freedcamp (Project Management)

• Blumira (SOC, when applicable)

 

We may share data with other select third parties involved in sales or delivery on a case-by-case basis, with your approval first.

​

How long we keep this information

We keep this information in our approved systems for at least as long as we're providing services, and generally up to five years after services end. Some financial transaction information may be kept for up to seven years for regulatory purposes.

​

Information we collect when you apply for a job

 

What we collect

If you apply to work at DigiRisq.com, we collect:

• Your resume or CV

• Your full legal name

• Your email address

• Your phone number

• Your location

• Your employment history (from your resume)

• References you provide (names and contact information)

• Information for background checks (if you get the job): ID documents, address history, identity verification, criminal record check, credit check

• Video and audio recordings of your interviews

• Transcripts and AI-generated notes from your interviews

​

How we collect this information

You voluntarily provide this information when applying through our applicant tracking system.

​

Do we share this information?

We don't sell hiring information to third parties. We do share it with trusted platforms we use to manage applications. These platforms have contracts with us that include security and confidentiality requirements:

• Google (Document management)

• Slack (Communication between recruitment team members)

​

How long we keep this information

We keep this information for five years by default.

​

Information used to make decisions about you: We keep any personal information used to make a decision that directly affects you for at least one year, so you have a reasonable opportunity to access it. After this period, we securely destroy personal information as soon as it's no longer needed.

​

Information we collect when you work with us

 

What we collect

If you become an employee, contractor, or partner, we collect:

• Your full legal name

• Your personal email address

• Your phone number

• Your home address

• Your IP address

• Your Social Insurance Number (SIN, for employee payroll only, potentially for group retirement plan)

• Your bank account information (for payroll and payment deposits)

• Information about your work computer (serial number, MAC address, username, etc., due to our Bring Your Own Device security policy)

• List of installed applications on your computer (BYOD)

• Any information from the hiring process

• Video and audio recordings of recorded meetings you participate in

• Transcripts and AI-generated notes from recorded meetings

​

How we collect this information

We collect personal information during recruitment, onboarding, and various work activities involving documentation, calls, and transcripts. Technical information is collected through our compliance monitoring process for BYOD devices.

​

Why we collect this information

We collect and keep information to:

• Establish, carry out, manage, or end your contract with DigiRisq.com

• Perform our contract with you

• Fulfill our legal obligations

• Meet compliance requirements

​

Do we share this information

We share this data with approved platforms we use to manage employee and partner information. These platforms have contracts with us that include security and confidentiality provisions. Employee information is shared with the third parties described in the job applicant and service sections.

​

How long we keep this information

We keep this information for the length of your contract plus up to seven years (depending on the type of information, since some tax/financial reporting requires up to seven years retention).

​

Why we're legally allowed to process your data

 

We process your information based on these legal reasons:

​

Consent

When you give us permission to use your personal information for a specific purpose. You can withdraw your consent anytime.

​

Performance of a contract

When we need to process your information to fulfill our contractual obligations to you, including providing our services or before entering into a contract with you.

​

Legitimate interests

When we believe it's reasonably necessary for our legitimate business interests, and those interests don't override your rights and freedoms.

Examples include:

• Direct marketing (existing customers): Sending marketing about similar products/services to existing business customers where there's a pre-existing relationship

• Direct marketing (prospecting): Reaching out to business contacts at companies that clearly fit our products/services based on their role and industry

• Maintaining customer relationships: Processing contact information to manage accounts, provide support, and communicate about ongoing contracts

• Improving products and services: Analyzing anonymized or combined data to understand customer usage and identify improvements

• Fraud prevention: Processing data to detect and prevent fraudulent activities (IP address, login activity)

• Network and information security: Processing data to protect systems and data from cyberattacks (for our Managed Threat Detection and Managed Endpoint Protection clients)

• Internal administration: Processing data for internal tasks like accounting and auditing

​

Legal obligations

When we need to comply with laws, such as cooperating with law enforcement, exercising or defending legal rights, or disclosing information as evidence in litigation.

​

Vital interests

When we believe it's necessary to protect your vital interests or someone else's, such as situations involving potential threats to anyone's safety.

​

Your privacy rights

 

We value your privacy rights and want you to know all your data protection rights. We'll respond to each request within 30 days. For complex requests, we might ask for more time when permitted by law.

If we can't honor your request (partially or fully) because it conflicts with other legal obligations (like mandatory financial record keeping or other people's privacy rights), we'll explain why.

To exercise any of these rights, contact DigiRisq.com's Data Protection Officer.

​

Everyone we collect personal information about has these rights:

​

The right to access (to know)

You can ask us for a copy of your personal data or to know what information we have about you.

​

The right to rectification (to correct)

You can ask us to correct information you believe is wrong or complete information you believe is incomplete.

​

The right to erasure (to delete)

You can ask us to delete your personal data under certain conditions.

​

The right to restrict processing

You can ask us to limit how we process your personal data under certain conditions.

​

The right to object to processing

You can object to our processing of your personal data under certain conditions.

​

The right to data portability

You can ask us to transfer the data we've collected to another company or directly to you under certain conditions.

​

Information about minors

We don't knowingly collect data from or market to children under 19 years old. By using our services or engaging with us, you confirm that you're at least 19 years old or that you're the parent/guardian of a minor and consent to their use of our services.

​

If we learn that we've collected personal information from someone under 19, we'll promptly delete that data from our records and any third-party software. If you know of any data we may have collected from children under 19, please contact us.

​

What happens if we merge with another company

If DigiRisq Consulting Inc. is involved in a merger, acquisition, restructuring, bankruptcy, or other sale or transfer of assets, your information may be transferred as part of that transaction.

​

We'll make reasonable efforts to notify you by email and/or a prominent website notice about:

• Any change in ownership or control of your personal information

• Any choices you may have regarding your personal information

 

The new entity will be bound by this Privacy Policy or a privacy policy that's at least as protective, unless they notify you of changes and give you the opportunity to opt out.

If the new entity makes significant changes to this Privacy Policy, we'll provide notice as required by law.

 

During merger or acquisition discussions, we may share information with the other parties as reasonably necessary. We'll limit this sharing to the minimum necessary information and require the other parties to keep any shared information confidential.

​

How to contact us

If you have questions about DigiRisq.com's Privacy Policy, the data we have about you, or want to exercise any of your data protection rights, please contact us.

​

How to contact the privacy authority

If you want to file a complaint, or if DigiRisq.com hasn't addressed your concern satisfactorily, you can submit a complaint to a data protection authority about our collection and use of your personal information.

​

For Ontario, Canada, contact the Information and Privacy Commissioner of Ontario:

• Website: https://www.ipc.on.ca

• Email: info@ipc.on.ca

• Phone: +1 (416) 326-3333

• ​

Changes to this policy

DigiRisq.com regularly reviews this Privacy Policy and posts any updates on this webpage. Please check our Privacy Policy regularly for the latest version.

​