GDPR Compliance

Last updated: June 19, 2026

Our Commitment to Data Protection

While pine-egret is based in Canada, we recognize the importance of the General Data Protection Regulation (GDPR) for our clients and website visitors in the European Economic Area. We are committed to protecting your personal data and respecting your privacy rights.

Legal Basis for Processing

We process personal data only when we have a legal basis to do so:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract: Processing is necessary to fulfill our service agreements with you
  • Legal obligation: Processing is necessary to comply with applicable laws
  • Legitimate interests: Processing is necessary for our legitimate business interests, provided these do not override your rights

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

  • Right of access: Request copies of your personal data
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data under certain circumstances
  • Right to restrict processing: Request limitation on how we use your data
  • Right to data portability: Request transfer of your data to another organization
  • Right to object: Object to processing based on legitimate interests
  • Rights related to automated decision-making: We do not use automated decision-making or profiling

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. When data is no longer needed, we securely delete or anonymize it.

International Data Transfers

Your personal data may be transferred to and processed in Canada. We ensure that appropriate safeguards are in place to protect your data in accordance with GDPR requirements.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Employee training on data protection practices

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours and inform affected individuals without undue delay.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or numerous, we may extend this period by two additional months and will inform you accordingly.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements. For EEA residents, you may contact your local data protection authority.

Contact Information

For GDPR-related inquiries or to exercise your rights:

[email protected]
142 King Street West, Suite 800
Toronto, ON M5H 1J8
Canada