Introduction

This General Data Protection Regulation (GDPR) Policy explains how Light Speed Consulting Corporation ("dotCanada," "we," "our," or "us") collects, uses, shares, and protects personal data of European Union (EU) and United Kingdom (UK) residents in accordance with the General Data Protection Regulation (GDPR) and the UK GDPR.
While dotCanada is based in Canada, we recognize and respect the privacy rights of individuals from the EU and UK who use our services. This policy supplements our Privacy Policy and applies specifically to the personal data of individuals protected by the GDPR.

1. Data Controller and Contact Information

dotCanada acts as a Data Controller for the personal information we collect from you for our own business purposes, and as a Data Processor for the data you store on our hosting platforms.

Data Controller Contact Information:
Name: Light Speed Consulting Corporation (d/b/a dotCanada.com)
Address: 4-180 Northfield Drive West, Waterloo, Ontario, N2L 0C7, Canada
Email: privacy@dotCanada.com

If you have any questions about this GDPR Policy or our data practices, please contact our Data Protection Officer at dpo@dotCanada.com.

2. Personal Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped as follows:

2.1 Information You Provide to Us
  • Identity Data: First name, last name, username or similar identifier, company name, title
  • Contact Data: Billing address, delivery address, email address, telephone numbers
  • Financial Data: Payment card details, payment transaction records
  • Account Data: Login credentials, purchase history, account settings
  • Profile Data: Your preferences, feedback, and survey responses
  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us
  • Communication Data: Your communications with us and your preferences in receiving marketing from us
2.2 Information We Collect Automatically
Technical Data: Internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website
Usage Data: Information about how you use our website, products, and services

2.3 Information Related to Hosted Content
As a hosting provider, we may have access to personal data that you store on our services, including:

  • Website visitor data
  • End-user information
  • Content in emails, databases, and web applications
We process this data strictly in accordance with your instructions and applicable data protection laws.

3. Legal Basis for Processing

Under the GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases for processing personal data:

3.1 Performance of a Contract
We process your personal data to perform our contractual obligations to you, such as providing hosting services, processing payments, and delivering customer support.

3.2 Legitimate Interests
We process your personal data based on our legitimate interests, such as:

  • Providing, improving, and securing our services
  • Detecting and preventing fraud
  • Managing our relationship with you
  • Marketing our services to existing customers
  • Business management and planning
We balance our interests against your rights and interests and do not process data based on legitimate interests if your rights would be seriously impacted.

3.3 Consent
We process certain personal data based on your consent, particularly for marketing communications. You have the right to withdraw your consent at any time.

3.4 Legal Obligation
We process personal data to comply with our legal obligations, such as tax, accounting, and data protection laws.

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To create and manage your account
  • To provide and manage the services you have requested
  • To process and complete transactions
  • To communicate with you about your account and services
  • To provide customer support and resolve issues
  • To personalize your experience with our services
  • To improve our products and services
  • To send you marketing communications (with your consent)
  • To comply with legal obligations and protect our rights
  • To detect and prevent fraud and security incidents
  • To analyze usage patterns and trends

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • Legal, regulatory, and contractual requirements

5.1 Specific Retention Periods
Account Data: We retain account data for the duration of your relationship with us and for a period of up to 7 years thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.

Transaction Data: We retain transaction data for 7 years to comply with tax and accounting regulations.

Communication Data: We retain customer service communications for 2 years after the last interaction.

Hosted Content: We retain the content you store on our servers for the duration of your service with us. Upon termination of your service, we delete your content within 30 days unless otherwise required by law.

6. Your Data Protection Rights

Under the GDPR, you have the following rights regarding your personal data:

6.1 Right to Access
You have the right to request copies of your personal data. We may charge a reasonable fee when a request is manifestly unfounded or excessive.

6.2 Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

6.3 Right to Erasure
You have the right to request that we erase your personal data, under certain conditions. This right may be limited by our legal obligations to retain certain data.

6.4 Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.

6.5 Right to Object to Processing
You have the right to object to our processing of your personal data, under certain conditions, particularly when we rely on legitimate interests or use your data for direct marketing.

6.6 Right to Data Portability
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

6.7 Right to Withdraw Consent
If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
6.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@dotCanada.com or write to us at:

dotCanada.com
ATTN: Data Protection Officer
4-180 Northfield Drive West
Waterloo, Ontario, N2L 0C7
Canada

We will respond to your request within 30 days. If we need more time, we will inform you of the delay and the reason for it.

7. International Data Transfers

dotCanada is based in Canada, which has been recognized by the European Commission as providing an adequate level of data protection. However, we may transfer your personal data to third-party service providers located in countries outside the EU or UK that may not have data protection laws as comprehensive as those in the EU or UK.

Whenever we transfer your personal data outside the EU or UK, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards:

  • Using specific contracts approved by the European Commission or UK authorities that give personal data the same protection it has in the EU and UK
  • Transferring data to countries that have been deemed to provide an adequate level of protection
  • Transferring data to organizations that have adopted Binding Corporate Rules
  • Using Standard Contractual Clauses
If you have questions about our data transfer mechanisms, please contact our Data Protection Officer.

8. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive data
  • Firewalls and intrusion detection systems
  • Regular security assessments and penetration testing
  • Access controls and authentication procedures
  • Staff training on data protection
  • Physical security controls for our facilities
  • Data backup and disaster recovery procedures
While we work hard to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We encourage you to take steps to protect your personal data as well, such as maintaining strong passwords and logging out of your account when finished.

9. Subprocessors

We may use third-party service providers ("subprocessors") to help us provide our services. These subprocessors may have access to your personal data but are only permitted to process it according to our instructions and for the purposes outlined in this policy.

We maintain a list of our current subprocessors on our website. When we add new subprocessors, we will update this list and notify affected customers in accordance with our contractual obligations.

10. Data Protection Impact Assessments

Where required by law, we conduct Data Protection Impact Assessments (DPIAs) for processing activities that may result in a high risk to the rights and freedoms of individuals. These assessments help us identify and minimize data protection risks.

11. Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. In case of a breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

The notification will include:
  • The nature of the personal data breach
  • The name and contact details of our Data Protection Officer
  • The likely consequences of the breach
  • The measures taken or proposed to address the breach

12. Your Role as a Data Controller

If you use our hosting services to collect and process personal data of EU or UK residents, you are considered a Data Controller under the GDPR, and we act as your Data Processor. As a Data Controller, you are responsible for:

  • Ensuring you have a legal basis for collecting and processing personal data
  • Providing appropriate privacy notices to data subjects
  • Obtaining necessary consents
  • Responding to data subject rights requests
  • Ensuring your processing complies with the GDPR
We provide tools and features to help you fulfill these obligations, but the primary responsibility rests with you as the Data Controller.

13. Children's Privacy

Our services are not intended for individuals under the age of 18, and we do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately.

14. Changes to This Policy

We may update this GDPR Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will provide appropriate notice, such as by posting the updated policy on our website or sending you an email notification.

We encourage you to review this GDPR Policy periodically to stay informed about our data practices.

15. Complaints

If you have concerns about our handling of your personal data, please contact us first at privacy@dotCanada.com so that we can address your concerns.

You also have the right to lodge a complaint with a supervisory authority. For EU residents, this would be the supervisory authority in your place of residence or work, or the place of the alleged infringement. For UK residents, you can contact the Information Commissioner's Office (ICO).

16. Additional Information for Specific Processing Activities

16.1 Cookies and Similar Technologies
We use cookies and similar technologies on our website. Please see our Cookie Policy for more information on how we use these technologies and how you can control them.

16.2 Marketing Communications
We may send you marketing communications if you have requested information from us, purchased services from us, or if you provided us with your details for this purpose. You can opt out of these communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Contacting customer support
  • Updating your communication preferences in your account settings

16.3 Analytics
We use analytics tools to understand how our websites and services are used. These tools may collect data such as how often you visit our sites, what pages you visit, and what other sites you used prior to coming to our sites. We use this data to improve our websites and services, and to understand user behavior.

17. Contact Us

If you have any questions about this GDPR Policy or our privacy practices, please contact our Data Protection Officer:

Email: dpo@dotCanada.com

Postal address:
dotCanada.com
ATTN: Data Protection Officer
4-180 Northfield Drive West
Waterloo, Ontario, N2L 0C7
Canada

Last Modified: March 1, 2025

Since 2002, dotCanada has been providing Canadian Web Hosting to Canadian businesses. We understand what Canadians needs and we’ve been keeping Canadian businesses online for over 20 years.

Copyright © 2025 dotCanada.com. All Rights Reserved.