Privacy Policy

01 Who This Policy Applies To

This Privacy Policy applies to:

• Visitors to the AlecTech website;
• Prospective clients who submit inquiries, book consultations, or request information;
• Clients who have entered into service agreements with AlecTech;
• Business contacts including vendors, partners, and referral partners;
• Individuals whose personal information is provided to AlecTech in the course of delivering services to a client organization.

This Policy does not apply to the personal information practices of our clients. Where AlecTech processes personal information on behalf of a client in the course of providing services (acting as a service provider), that client’s privacy policy governs the collection and use of that information by the client organization.

02 Our Privacy Principles

AlecTech’s privacy practices are built on the ten fair information principles established under PIPEDA:

03 What Personal Information We Collect

3.1 Information You Provide to Us

We collect personal information that you voluntarily provide, including:

• Contact information: Full name, job title, company name, business email address, phone number, and business mailing address.
• Inquiry and communication information: The content of messages submitted through our contact forms, email correspondence, support tickets, and meeting notes.
• Account and billing information: Information needed to establish and manage a client account, including authorized signatories, billing contacts, and payment details (processed through secure third-party payment processors).
• Service delivery information: Technical and organizational information you share with us in connection with the delivery of managed IT, cybersecurity, or other services, which may include network configurations, system inventory, user account details, and security event data.
• Event and marketing information: Registration details when you attend AlecTech events, webinars, or download resources from the Site.

3.2 Information Collected Automatically

When you visit the Site, we may collect technical information automatically through cookies and similar technologies, including:

• IP address and approximate geographic location (city/region level);
• Browser type and version;
• Operating system;
• Pages visited, time spent on each page, and navigation patterns;
• Referring URL (how you arrived at the Site);
• Date and time of visits;
• Device identifiers.

This information is collected using cookies, web beacons, and analytics tools. See Section 9 for details on our use of cookies and how to manage your preferences.

3.3 Information from Third Parties

We may receive personal information about you from:

• Referral partners who refer prospective clients to AlecTech;
• Publicly available business directories and LinkedIn profiles in the context of business development;
• Our technology vendor partners (such as Microsoft) in connection with service provisioning;
• Client organizations who provide us with employee and user information necessary to manage IT or security services on their behalf.

3.4 Sensitive Information

In the course of delivering cybersecurity and managed IT services, AlecTech may encounter or process sensitive categories of information, including security event logs, authentication data, and network traffic data. We treat all such information with heightened security controls and limit access on a strict need-to-know basis.

04 How We Use Personal Information

AlecTech uses personal information for the following identified purposes:

4.1 Service Delivery

• Providing and managing managed IT, cybersecurity, and GRC services;
• Operating the Themis, BreachGuard, and ARGUS platforms for contracted clients;
• Managing helpdesk and support requests;
• Provisioning and managing Microsoft 365 and other cloud service environments;
• Conducting security monitoring, vulnerability assessments, and incident response.

4.2 Business Operations

• Processing invoices and managing billing;
• Managing vendor and partner relationships;
• Communicating about service changes, scheduled maintenance, or outages;
• Maintaining accurate client records;
• Complying with legal and regulatory obligations.

4.3 Marketing and Communications

• Sending service updates, newsletters, and security advisories to individuals who have consented to receive them, in compliance with CASL;
• Following up on inquiries submitted through the Site;
• Inviting contacts to events, webinars, or product demonstrations where consent exists or is implied by an existing business relationship.

4.4 Site Improvement

• Analyzing Site traffic and usage to improve content, navigation, and user experience;
• Identifying and resolving technical issues with the Site.

4.5 Legal and Compliance

• Meeting AlecTech’s obligations under PIPEDA, CASL, and other applicable legislation;
• Responding to lawful requests from regulatory authorities or law enforcement;
• Establishing, exercising, or defending legal claims.

We will not use your personal information for purposes other than those listed above without your consent, unless required or permitted by law.

05 Legal Basis & Consent

5.1 Consent

For most personal information we collect, we rely on your express or implied consent. Express consent is obtained through opt-in mechanisms (such as subscribing to our newsletter or submitting a service inquiry). Implied consent arises from existing business relationships — for example, where you provide your business contact information in the course of entering a service agreement, we may use that information to send service-related communications.

5.2 Withdrawing Consent

You may withdraw your consent to marketing communications at any time by:

• Clicking the “unsubscribe” link in any email from AlecTech;
• Emailing privacy@alectech.ca with a withdrawal request.

Please note that withdrawing consent to marketing communications does not affect our ability to send service-related communications that are necessary to fulfill a contractual obligation.

5.3 Legitimate Business Purpose

In limited circumstances permitted by PIPEDA, we may collect, use, or disclose personal information without consent — for example, to investigate fraud, comply with a legal obligation, or address an emergency situation involving a risk to health or safety.

06 Disclosure of Personal Information

6.1 Service Delivery Partners

We may share personal information with trusted third-party service providers who assist us in delivering services, including:

• Cloud infrastructure and hosting providers;
• Technology vendor platforms (Microsoft, Fortinet, Bitdefender, WatchGuard, Arctic Wolf) necessary to fulfill service agreements;
• Payment processing companies;
• Professional services firms (legal, accounting) engaged under confidentiality obligations.

All third-party service providers are required to protect personal information to standards at least equivalent to those maintained by AlecTech.

6.2 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of AlecTech’s assets, personal information may be transferred to the successor organization, subject to equivalent privacy protections. We will notify affected individuals of any such transfer where required by law.

6.3 Legal Requirements

We may disclose personal information where required by law, court order, or government authority, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of AlecTech, our clients, or the public.

6.4 Cross-Border Transfers

AlecTech is a Canadian company and stores the majority of its data within Canada. However, some of our technology partners (including Microsoft) operate infrastructure in multiple jurisdictions, including the United States. When personal information is transferred outside Canada, it may be subject to the laws of the destination jurisdiction. We take steps to ensure that cross-border transfers are governed by appropriate contractual protections.

07 Retention of Personal Information

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our general retention guidelines are:

• Client records and service data: Retained for the duration of the service relationship plus seven (7) years, in accordance with standard Canadian accounting and legal record-keeping requirements.
• Security event logs and incident records: Retained for a minimum of twelve (12) months, or longer where required by a specific service agreement or legal obligation.
• Marketing contact information: Retained until consent is withdrawn, at which point it is removed from active marketing lists within ten (10) business days.
• Website analytics data: Retained in aggregated or anonymized form indefinitely; identifiable visitor data is retained for up to twenty-six (26) months.
• Inquiry records: Retained for two (2) years following an inquiry if no service relationship is established.

When personal information is no longer required, it is securely deleted or anonymized in a manner that prevents reconstruction.

08 How We Protect Personal Information

AlecTech applies administrative, technical, and physical safeguards appropriate to the sensitivity of the information and the nature of our business as a cybersecurity service provider:

8.1 Technical Controls

• Encryption of data in transit (TLS 1.2 or higher) and at rest for sensitive data stores;
• Multi-factor authentication on all internal systems and administrative accounts;
• Role-based access controls limiting employee access to personal information on a need-to-know basis;
• Continuous security monitoring of our own infrastructure;
• Regular vulnerability assessments and penetration testing;
• Endpoint detection and response tools on all AlecTech-managed devices.

8.2 Administrative Controls

• Privacy and security training for all AlecTech employees upon onboarding and annually thereafter;
• Confidentiality agreements with all employees and contractors;
• Documented data handling procedures and incident response protocols;
• Vendor due diligence process for third-party service providers.

8.3 Physical Controls

• Access restrictions to physical office and infrastructure environments;
• Secure disposal of physical media containing personal information.

8.4 Breach Response

09 Cookies & Tracking Technologies

9.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They help us recognize your browser, remember your preferences, and understand how you use the Site.

9.2 Types of Cookies We Use

• Strictly necessary cookies: Required for the Site to function. These cannot be disabled.
• Analytics cookies: Used to understand how visitors interact with the Site (e.g., Google Analytics). This data is aggregated and anonymized where possible.
• Functional cookies: Remember your preferences, such as language or form fields.
• Marketing cookies: Used to deliver relevant content and track the effectiveness of marketing campaigns. Only placed with your consent.

9.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or set preferences for specific types. Please note that disabling cookies may affect the functionality of the Site.

For Google Analytics specifically, you can opt out using the Google Analytics Opt-Out Browser Add-on.

9.4 Do Not Track

Some browsers transmit “Do Not Track” signals. The Site does not currently respond to Do Not Track signals from browsers, though we do offer the cookie management options described above.

10 Your Privacy Rights

Under PIPEDA, you have the following rights regarding your personal information:

10.1 Right to Access

You have the right to request access to the personal information AlecTech holds about you, including information about how it is being used and to whom it has been disclosed. We will respond to verified access requests within thirty (30) days, or notify you if an extension is required.

10.2 Right to Correct

If the personal information we hold about you is inaccurate, incomplete, or outdated, you have the right to request a correction. We will update the information and, where appropriate, notify third parties to whom the information was disclosed.

10.3 Right to Withdraw Consent

As described in Section 5.2, you may withdraw your consent to certain uses of your personal information at any time, subject to legal or contractual restrictions and reasonable notice.

10.4 Right to Complain

If you believe AlecTech has not handled your personal information appropriately, you may file a complaint with our Privacy Officer (see Section 12) or with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

10.5 How to Exercise Your Rights

To exercise any of the above rights, please submit a written request to:

• Privacy Officer, AlecTech Inc.
• Email: privacy@alectech.ca

We may require you to verify your identity before processing a request. We will not charge a fee for access requests unless the request is clearly excessive or repetitive, and will notify you of any applicable fee before processing.

11 AlecTech’s Role as a Service Provider

In delivering managed IT and cybersecurity services, AlecTech frequently handles personal information on behalf of client organizations. In this context, AlecTech acts as a service provider (also referred to in some frameworks as a “data processor”) and processes personal information only as directed by the client and as necessary to deliver the contracted services.

Clients who use AlecTech services such as:

• Microsoft 365 management (which may include access to mailboxes, Teams data, or user accounts);
• Managed security monitoring (which may involve access to security event logs containing user identifiers);
• BreachGuard (which involves processing privacy breach data including affected individual records);
• Helpdesk services (which may involve access to user credentials or support tickets containing personal information);

— are responsible for ensuring that their own privacy policies and practices govern the collection and use of personal information in those environments, and for obtaining any necessary consents from their employees or customers. AlecTech will enter into appropriate data processing agreements with clients where required by applicable law.

12 Privacy Officer & Contact Information

AlecTech has designated a Privacy Officer who is accountable for our compliance with PIPEDA and this Privacy Policy. For all privacy-related inquiries, access requests, corrections, complaints, or concerns, please contact:

13 Children’s Privacy

The Site and AlecTech services are directed at businesses and professionals, not individuals under the age of 18. AlecTech does not knowingly collect personal information from minors. If you believe a minor has submitted personal information to AlecTech, please contact our Privacy Officer immediately and we will promptly delete the information.

14 Changes to This Privacy Policy

AlecTech may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or service offerings. We will post the revised Policy on the Site with an updated effective date.

Where changes are material, we will take reasonable steps to notify affected individuals, such as by email to active clients or by a notice on the Site homepage. We encourage you to review this Policy periodically. Continued use of the Site following the posting of a revised Policy constitutes your acceptance of the changes.

15 Regulatory Authority

AlecTech’s privacy practices are subject to oversight by the Office of the Privacy Commissioner of Canada (OPC). If you are not satisfied with our response to a privacy concern, you have the right to contact the OPC:

Ontario residents may also contact the Information and Privacy Commissioner of Ontario (IPC) regarding matters related to provincial legislation: