Your data protection rights under European law
ballodirug is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements for individuals in the European Economic Area (EEA) and the United Kingdom.
ballodirug acts as the data controller for personal information collected through our website and consulting services. Our contact details are:
ballodirug
350 Albert Street, Suite 1200
Ottawa, Ontario K1R 1A4
Canada
Email: [email protected]
We process personal data under the following legal bases:
If you are located in the EEA or UK, you have the following rights regarding your personal data:
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.
You have the right to request that we correct any inaccurate personal data or complete any incomplete data we hold about you.
You have the right to request that we delete your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected.
You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making processes.
As a Canadian organization, data may be transferred to and processed in Canada. Canada has been recognized by the European Commission as providing an adequate level of data protection. For any transfers to other countries, we ensure appropriate safeguards are in place, such as standard contractual clauses.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are:
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.
To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month. If your request is complex or we receive numerous requests, we may extend this period by up to two additional months, in which case we will notify you.
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection supervisory authority. We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority, so please contact us first.
We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.