This Canada Data Protection Agreement (“Canada DPA”) is incorporated into the Terms of Use or any other agreement (“Agreement”) between you (“Customer”) and FortaTech Security, LLC (“FortaTech Security,” “we,” “us,” or “our”) when you use our services and provide personal information subject to Canadian privacy laws.
This Canada DPA sets forth the terms and conditions under which FortaTech Security processes personal information subject to the Federal Personal Information Protection and Electronic Documents Act (PIPEDA) and any applicable provincial privacy laws, including but not limited to the Personal Health Information Protection Act (PHIPA).
1. Scope of the Canada DPA
1.1 Applicability
This Canada DPA applies to the collection, use, and disclosure of personal information from individuals in Canada (“Canadian Personal Information”) provided by the Customer in connection with their use of FortaTech Security’s services (“Services”).
1.2 Relationship of the Parties
For the purposes of this Canada DPA, the Customer is the controller of Canadian Personal Information, and FortaTech Security acts as the processor or service provider, processing the data solely on behalf of the Customer.
2. Compliance with Canadian Privacy Legislation
2.1 Accountability for Personal Information
We take responsibility for the management and protection of personal information under our control. A designated Privacy Officer oversees compliance with PIPEDA and PHIPA.
2.2 Identifying Purposes
We clearly identify the purposes for which personal information is collected at or before the time of collection. For example:
- Contact details (e.g., name, email address, phone number).
- Personal information (e.g., company, title).
- Payment information.
- Data from the use of our services.
- Any other information you provide directly to us.
2.3 Consent
We obtain your informed consent for the collection, use, or disclosure of your personal information. Consent can be provided explicitly or impliedly, depending on the context and sensitivity of the data.
2.4 Limiting Collection
We collect only the personal information necessary to provide our services, ensuring it is gathered fairly and lawfully. Examples include information required to create accounts, process payments, and deliver AI-generated documentation or analyses.
2.5 Limiting Use, Disclosure, and Retention
Personal information is used or disclosed strictly for the purposes for which it was collected unless otherwise required by law or with your explicit consent. We retain data only for as long as necessary to fulfill these purposes, after which we securely destroy or anonymize it.
2.6 Accuracy
We make reasonable efforts to ensure that personal information is accurate, complete, and up-to-date. You can update your information directly within the platform or contact us for assistance.
2.7 Safeguards
We implement advanced encryption and access control mechanisms to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification. Regular risk assessments and third-party security reviews are conducted to maintain robust safeguards.
2.8 Openness
Our privacy practices and policies are transparent and readily available. The BastionGPT Privacy Policy outlines how we collect, use, and protect your data.
2.9 Individual Access
You have the right to request access to your personal information. Upon request, we will provide information about the existence, use, and disclosure of your personal data within a reasonable timeframe. If access is denied, we will provide a reason.
2.10 Challenging Compliance
If you have any concerns or complaints about our handling of your personal information, please contact us using the details below. We are committed to addressing all complaints promptly and transparently.
3. Obligations of FortaTech Security
3.1 Compliance with Applicable Laws
We will comply with PIPEDA and as applicable PHIPA privacy laws when processing Canadian Personal Information on behalf of the Customer.
3.2 Processing Purposes
We will process Canadian Personal Information only for the purposes of providing the Services in accordance with the Agreement and this Canada DPA.
3.3 Security Measures
We will implement appropriate technical, organizational, and administrative measures to protect Canadian Personal Information from unauthorized access, use, disclosure, alteration, or destruction. These measures include, but are not limited to:
- Encryption of data.
- Access controls based on the principle of least privilege.
- Regular security assessments and monitoring.
3.4 Sub-processors
We may engage sub-processors to assist in the provision of the Services. Sub-processors will be bound by contractual obligations that provide the same level of protection as required under this Canada DPA. A current list of sub-processors is available upon request.
3.5 Cross-Border Transfers
Canadian Personal Information may be transferred, stored, or processed outside of Canada, including in the United States. FortaTech Security ensures that such transfers are conducted in compliance with PIPEDA and applicable laws.
3.6 Data Breach Notification
In the event of a breach involving Canadian Personal Information, FortaTech Security will promptly notify the Customer and provide sufficient information to meet any applicable breach reporting obligations under PIPEDA.
4. Data Subject Rights
4.1 Assistance with Requests
If FortaTech Security receives a request from an individual to exercise their rights under PIPEDA or applicable laws (e.g., access, correction, deletion), we will promptly notify the Customer. We will assist the Customer in responding to such requests to the extent required by law and the Agreement.
4.2 Customer Responsibility
The Customer is responsible for responding to individuals exercising their data subject rights under PIPEDA or other applicable Canadian privacy laws.
5. Data Retention and Deletion
5.1 Retention Periods
FortaTech Security will retain Canadian Personal Information only for as long as necessary to fulfill the purposes outlined in the Agreement and this Canada DPA, or as required by law.
5.2 Deletion or Return of Data
Upon termination of the Agreement or upon the Customer’s request, FortaTech Security will delete or return Canadian Personal Information unless retention is required by applicable law.
6. Audits and Certifications
FortaTech Security will maintain records of its data protection practices and provide the Customer with reasonable documentation or certifications to demonstrate compliance with this Canada DPA. The Customer may request additional information or audits in accordance with the Agreement.
7. Liability and Indemnification
FortaTech Security’s liability arising from or related to this Canada DPA will be subject to the limitations and exclusions of liability set forth in the Agreement.
8. General Provisions
8.1 Governing Law
This Canada DPA will be governed by the laws of the State of Texas, United States, as the jurisdiction of FortaTech Security’s principal place of business.
8.2 Conflicts
In the event of any conflict between this Canada DPA and the Agreement, the terms of this Canada DPA will prevail with respect to the processing of Canadian Personal Information.
8.3 Amendments
This Canada DPA may be amended from time to time to reflect changes in applicable laws or the Services. For questions about this Canada DPA or to request further details, please contact us at legal@forta.tech.
Acknowledgment and Agreement
By using our Services and providing Canadian Personal Information, you acknowledge that you have read, understood, and agree to the terms of this Canada DPA.
FortaTech Security, LLC
11816 Inwood Rd # 3181
Dallas, TX 75244
Email: privacy@forta.tech
Contact Information
For any questions about compliance with PIPEDA or PHIPA, or to make a request regarding your personal information, please contact us:
FortaTech Security, LLC
11816 Inwood Rd # 3181
Dallas, TX 75244
Email: hello@bastiongpt.com
Phone: +1 (214) 444-8445
We are committed to resolving all complaints promptly. If you feel our response is inadequate, you can escalate your concerns to the appropriate oversight body:
- Office of the Privacy Commissioner of Canada (OPC):
Website: www.priv.gc.ca
Phone: 1-800-282-1376 - Information and Privacy Commissioner of Ontario (IPC):
Website: www.ipc.on.ca
Phone: 1-800-387-0073
We are here to support your AI journey and ensure full compliance with Canadian privacy laws. Schedule a consultation with us to discuss any questions or concerns about PIPEDA, PHIPA, or other regulatory requirements.
.png)
.png)
