GDPR Compliance

Last Updated: January 15, 2024

evideminde is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and explains your rights as a data subject.

Data Controller

evideminde acts as the data controller for personal data collected through our website and services. For questions about data processing, contact:

evideminde
180 John Street, Suite 402
Toronto, Ontario M5T 1X5
Canada
Email: [email protected]

Legal Bases for Processing

We process personal data under the following legal bases:

• Consent: When you voluntarily provide information or opt-in to communications
• Contractual Necessity: When processing is required to fulfill a contract with you
• Legal Obligation: When we must process data to comply with applicable laws
• Legitimate Interests: When processing serves our legitimate business interests without overriding your rights

Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for its original purpose or when you withdraw consent.

Right to Restrict Processing

You have the right to request that we limit how we use your data in certain circumstances, such as when you contest data accuracy or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not engage in automated decision-making that affects your legal rights.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. We may request verification of your identity before processing your request.

International Data Transfers

When we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules where applicable
• Transfers to countries with adequacy decisions

Data Retention

We retain personal data only as long as necessary for the purposes collected. Specific retention periods vary by data type:

• Contact form submissions: 3 years
• Client engagement records: 7 years
• Website analytics data: 26 months

Data Security

We implement appropriate technical and organizational measures to protect personal data, including encryption, access controls, and regular security assessments.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence. For EU residents, you may contact your local Data Protection Authority.

Updates to This Information

We may update this GDPR information periodically. Material changes will be communicated through our website.