How we collect, use, disclose and protect personal information — in keeping with Canadian federal privacy law and applicable New Brunswick legislation.
English GRC ("we", "us", "our") respects your privacy. This policy describes how we handle personal information collected through englishgrc.ca and in the course of providing governance, risk, and compliance services.
We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law. Where other federal or provincial privacy laws apply to a particular engagement, we honour those obligations in addition to this policy.
English GRC is a consultancy based in New Brunswick, Canada, providing fractional GRC services to technology companies. Our privacy officer can be reached at privacy@englishgrc.ca.
We do not sell personal information and do not use it for advertising or behavioural profiling.
By submitting the contact form or emailing us, you consent to our use of the information provided for the purpose of responding. For ongoing client engagements, consent is documented in the engagement letter. You may withdraw consent at any time by contacting the privacy officer, subject to legal or contractual restrictions.
Data is processed primarily in Canada. Some service providers (including Cloudflare and email-transit providers) may process data in the United States or other jurisdictions, where it may be subject to local law including lawful access by foreign authorities. We select providers with strong security and privacy commitments.
Because protecting information is our trade, we hold ourselves to a high standard. Administrative, technical, and physical safeguards include:
If we become aware of a breach that poses a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by PIPEDA.
This website does not set first-party cookies for tracking, profiling, or advertising. Cloudflare may set strictly-necessary cookies for security and bot mitigation. We do not embed third-party analytics, advertising pixels, or social media trackers.
Under PIPEDA you have the right to:
Email privacy@englishgrc.ca. We respond within 30 days. We may need to verify your identity. In limited circumstances permitted by law (for example where disclosure would reveal another individual's information or where information is privileged) we may not be able to provide access.
Our services are directed at businesses, not individuals under the age of majority. We do not knowingly collect personal information from children.
We may update this policy occasionally. The "Effective" date shows when the current version was published; material changes will be prominently noted.
Questions, requests, or complaints — contact our privacy officer first:
Privacy Officer, English GRC
privacy@englishgrc.ca
New Brunswick, Canada
If we cannot resolve your concern, you may file a complaint with the Office of the Privacy Commissioner of Canada:
30 Victoria Street, Gatineau QC K1A 1H3
1-800-282-1376 · priv.gc.ca