Legal

Privacy Policy

How Microlytics Ltd collects, uses, and protects your personal information — in full compliance with PIPEDA and GDPR.

Effective: 1 January 2024
Last updated: June 2025
Jurisdiction: Canada (PIPEDA) · EU/EEA (GDPR)
01

Who We Are

Microlytics Ltd ("Microlytics", "we", "us", or "our") is a Canadian analytics and technology company incorporated in Ontario, Canada. We provide advanced business intelligence, data engineering, AI & machine learning, cloud analytics, digital advertising, and web design services to organisations in healthcare, finance, insurance, government, and other sectors across Canada and globally.

Microlytics Ltd is the data controller for the personal information we process in connection with our website and services. Our registered address is:

265 Enfield Place, Mississauga, ON L5B 3Y7, Canada


02

Information We Collect

We collect personal information only where necessary to provide our services or respond to your enquiries. This includes:

  • Contact and identity data — your name, job title, company name, email address, and phone number when you submit a form, book a consultation, or correspond with us.
  • Business information — details about your organisation, industry, and analytics or data needs that you voluntarily share during onboarding or discovery calls.
  • Usage and technical data — IP address, browser type, operating system, pages visited, time on page, and referral source, collected automatically when you visit our website.
  • Communications — records of emails, messages, and meeting notes exchanged in the course of our business relationship.
  • Marketing preferences — your opt-in status for our newsletter and marketing communications.
  • Payment data — invoicing details such as billing address and company registration number. We do not store payment card information directly; card processing is handled by our PCI-DSS-compliant payment processors.

We do not knowingly collect sensitive personal data (such as health records, biometric data, or financial account numbers) unless specifically required to deliver a contracted service and with your explicit consent.


03

How We Use Your Information

We use personal information for the following purposes:

  • To respond to enquiries and provide the services you have requested or contracted.
  • To deliver, maintain, and improve our analytics, data engineering, AI/ML, cloud, and web design services.
  • To communicate project updates, invoices, reports, and other service-related information.
  • To send you marketing communications, insights, and updates where you have consented or where we have a legitimate interest (you can opt out at any time).
  • To analyse how our website is used and improve its performance, content, and user experience.
  • To comply with legal obligations, including tax, accounting, and regulatory requirements in Canada and applicable jurisdictions.
  • To protect the security and integrity of our systems, services, and users.

We will not use your personal information for purposes incompatible with those described above without first obtaining your consent.


04

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases under the General Data Protection Regulation (GDPR):

  • Contract — processing is necessary to perform a contract with you or take pre-contractual steps at your request.
  • Legitimate interests — we have a legitimate interest in operating and improving our business, communicating with prospects, and securing our services, provided your rights do not override those interests.
  • Consent — for marketing communications and non-essential cookies, we rely on your freely given, specific, and informed consent, which you may withdraw at any time.
  • Legal obligation — where processing is necessary to comply with applicable law.

For Canadian residents, we process personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.


05

Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share it with:

  • Service providers and sub-processors — trusted third parties who assist us in delivering our services (e.g., cloud hosting providers, CRM platforms, payment processors, email tools). These parties are contractually bound to process data only as instructed and to maintain appropriate security.
  • Professional advisers — lawyers, accountants, and auditors who require access for compliance or advisory purposes, subject to professional confidentiality obligations.
  • Regulatory and law enforcement authorities — where required by applicable law, court order, or government request.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, personal information may be transferred as part of that transaction. We will notify you before your information is subject to a different privacy policy.

In all cases, we require third parties to respect your personal information and to treat it in accordance with applicable law.


06

International Data Transfers

Microlytics Ltd is based in Canada. Canada has been deemed by the European Commission to provide an adequate level of data protection for commercial organisations subject to PIPEDA.

Where we transfer personal data to third-party service providers outside Canada or the EEA, we take appropriate safeguards to ensure the data remains protected, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions where applicable.
  • Binding corporate rules or other recognised transfer mechanisms.

You may request information about the specific safeguards in place for a transfer by contacting us at the address below.


07

Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

  • Client project data — retained for the duration of the engagement plus 7 years to meet Canadian tax and accounting obligations.
  • Prospective client enquiries — retained for up to 24 months following the last contact, unless a business relationship is established.
  • Marketing contacts — retained until you unsubscribe or request deletion, whichever is earlier.
  • Website analytics data — aggregated and anonymised data may be retained indefinitely; identifiable data is deleted after 26 months.

When personal information is no longer required, we securely delete or anonymise it.


08

Your Rights

Subject to applicable law, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Rectification — request correction of inaccurate or incomplete information.
  • Erasure — request deletion of your personal information where there is no compelling reason for continued processing.
  • Restriction — request that we restrict processing of your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format and transmit it to another controller (GDPR).
  • Objection — object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint — complain to the Office of the Privacy Commissioner of Canada (OPC) or your local data protection authority.

To exercise any of these rights, please contact us at contactus@microlyticsltd.com. We will respond within 30 days. We may need to verify your identity before processing your request.


09

Cookies & Tracking Technologies

Our website uses cookies and similar technologies to provide core functionality, analyse usage, and (where you consent) support marketing activities.

  • Essential cookies — required for the website to function correctly (e.g., session management, security). Cannot be disabled.
  • Analytics cookies — help us understand how visitors interact with our website (e.g., pages visited, traffic source). Used only with your consent.
  • Marketing cookies — used to deliver relevant advertising on third-party platforms such as Google and Meta. Used only with your consent.

You can manage your cookie preferences at any time through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect website functionality.


10

Children's Privacy

Our website and services are directed at business professionals and organisations. We do not knowingly collect personal information from individuals under the age of 16. If we become aware that we have collected personal information from a child without appropriate consent, we will delete it promptly. If you believe we may have inadvertently collected such information, please contact us immediately.


11

Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, accidental loss, alteration, or disclosure. These measures include:

  • Encryption of data in transit (TLS) and at rest where appropriate.
  • Access controls limiting personal data to authorised personnel only.
  • Regular security reviews and vulnerability assessments.
  • Employee training on data protection and security best practices.

No transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant regulatory authority as required by law.


12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or a prominent notice on our website.

We encourage you to review this policy periodically. Your continued use of our website or services after any changes constitutes your acceptance of the updated policy.


13

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact our Privacy Officer:

Microlytics Ltd — Privacy Officer

265 Enfield Place, Mississauga, ON L5B 3Y7, Canada

Email: contactus@microlyticsltd.com

Phone: +1 (647) 939 3568

You also have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada or, if you are in the EEA, with your local supervisory authority.