Legal · Data protection
Privacy Policy
This document explains how Ghefryonquobrynn collects, uses, stores, and protects personal information when you visit ghefryonquobrynn.world, contact us, or use our services. We are based in Canada and follow the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws where they apply. Where we offer services to individuals in the European Economic Area or United Kingdom, we also align with the General Data Protection Regulation (GDPR) and UK GDPR where relevant.
Introduction
We are committed to transparency. Personal data means any information relating to an identified or identifiable individual. This policy applies whether you browse our pages, submit a contact form, correspond by email, or interact with optional tools that rely on cookies or similar technologies.
We do not sell your personal data. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal, subject to limitations under applicable law.
Data controller
The controller responsible for processing is Ghefryonquobrynn, located at 1000 Gerrard St E, Toronto, ON M4M 3G6, Canada.
For privacy-related requests: ask@ghefryonquobrynn.world · +1 416-461-0964. Please include enough detail for us to verify your identity and locate relevant records.
Categories of personal data
Depending on how you interact with us, we may process:
- Identity and contact data: name, email address, telephone number if provided, and mailing address if you share it.
- Communication content: messages you send through forms or email, including attachments and metadata such as timestamps.
- Technical and usage data: IP address, browser type and version, device category, referring URLs, pages viewed, and approximate geographic region derived from IP when server logs are active.
- Cookie and storage data: consent selections stored locally on your device; identifiers associated with optional analytics or marketing tools when you opt in.
- Service records: booking references, payment confirmations, and correspondence notes tied to paid services where applicable.
Purposes and legal bases
We process personal information only where permitted under PIPEDA (and comparable provincial laws in Canada) and, where applicable, the GDPR or equivalent rules:
- Performance of a contract or pre-contract steps: responding to your inquiries, delivering purchased services, and managing accounts.
- Legitimate interests: securing our website, understanding aggregated usage to improve content, preventing fraud, and internal training, balanced against your rights.
- Legal obligation: retaining records where tax, accounting, or regulatory rules require it.
- Consent: non-essential cookies, certain marketing communications, and optional newsletters where you subscribe.
Under PIPEDA, we identify purposes before collection, limit use to those purposes or compatible purposes, and keep information accurate and protected as described in this policy.
Retention periods
We keep personal data only as long as necessary for the purposes described:
- Contact form and general email: typically up to twenty-four months after the last substantive exchange, unless a longer period is needed for legal claims or compliance.
- Contract and billing records: for the duration of the relationship plus statutory limitation periods applicable in Ontario and Canada.
- Server and security logs: usually rotated within ninety days unless an incident investigation requires a secure hold.
- Marketing consents: until you withdraw consent or we end the program, then deleted or anonymized within a reasonable period.
- Cookie consent records: stored on your device until you clear site data or update preferences.
When retention ends, we delete or irreversibly anonymize data where possible.
Recipients and processors
We may share data with trusted processors who assist us under written agreements: hosting providers, email delivery services, analytics vendors (only if you consent), payment processors for paid services, and professional advisers when required. Processors may access data only on our instructions.
We may disclose information if required by law, court order, or competent authority, or to protect the rights, property, or safety of our visitors, staff, or the public.
International transfers
Our operations may involve storing or processing data in Canada, the European Economic Area, the United Kingdom, or the United States. Where data leaves the EEA or UK, we implement appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or supplementary measures as required by regulators.
Security measures
We apply administrative, technical, and organizational measures proportionate to the risk, including access controls, encryption in transit where supported, credential hygiene, periodic review of vendor practices, and staff awareness. No system is completely immune; we encourage you to use strong passwords and protect your devices.
Your rights
Subject to applicable law, you may have the right to:
- Request access to your personal data and obtain a copy in a structured, commonly used format where portability applies.
- Request rectification of inaccurate data or completion of incomplete data.
- Request erasure (“right to be forgotten”) where grounds apply.
- Request restriction of processing in certain situations.
- Object to processing based on legitimate interests or for direct marketing.
- Withdraw consent where processing is consent-based, without retroactive effect on prior lawful processing.
- Lodge a complaint with a supervisory authority in your country of residence or work.
Canada: Under PIPEDA you may request access to your personal information and challenge its accuracy and completeness. You may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) if you believe we have not handled your information appropriately.
To exercise these rights, email us with a clear description of your request. We may need to verify your identity before acting. Response timelines depend on applicable law (for example, GDPR timelines where that law applies).
Children
Our website and services are not directed at individuals under sixteen. We do not knowingly collect personal data from children. If you believe we have received such data, contact us and we will take steps to delete it.
Complaints
We hope to resolve concerns directly. You may also contact the Office of the Privacy Commissioner of Canada or, where the GDPR applies, your local supervisory authority.
Changes to this policy
We may update this Privacy Policy to reflect legal, technical, or business developments. The effective date at the top of this page will change accordingly. Material updates may be highlighted through a notice on the website when practical.