Privacy Policy

Introduction

Nexanova Systems ("Nexanova," "we," "us," or "our") is committed to protecting the privacy and security of the personal information we collect, use, and disclose in the course of our business operations. This Privacy Policy describes our practices regarding the collection, use, disclosure, retention, and protection of personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), British Columbia's Personal Information Protection Act (PIPA), and other applicable privacy legislation.

This policy applies to all personal information collected through our website at nexanova.ca, through our managed IT and cybersecurity services, through direct communications with our team, and through any other interaction you have with Nexanova Systems. By using our website or engaging our services, you acknowledge that you have read and understand this Privacy Policy.

Nexanova Systems is headquartered in Langley, British Columbia, Canada. Our Privacy Officer can be reached at info@nexanova.ca or by phone at (604) 613-0150.

Definitions

"Personal information" means information about an identifiable individual, as defined under PIPEDA and PIPA. This includes, but is not limited to, name, email address, phone number, mailing address, IP address, billing information, employment information, and any other information that can be used to identify an individual, either on its own or in combination with other data.

"Service information" means technical and operational data collected in the course of delivering our managed IT, cybersecurity, and AI enablement services. This may include device identifiers, network configuration data, software inventory data, security event logs, and system performance metrics. Service information is collected and processed under the terms of our service agreements with clients and is governed by the confidentiality and data protection provisions of those agreements.

For the purposes of this policy, "consent" means voluntary agreement to the collection, use, and disclosure of personal information for the purposes identified in this policy or at the time of collection.

Personal Information We Collect

We collect personal information in several ways, depending on how you interact with us.

Information you provide directly: When you contact us through our website contact form, by phone, or by email, we collect the information you provide, which typically includes your name, email address, phone number, business name, and the content of your message. If you engage our services, we may also collect billing information, business address, and information about your technology environment as necessary to deliver our services.

Information collected automatically: When you visit our website, we automatically collect certain technical information, including your IP address, browser type and version, operating system, referring URL, pages visited, time spent on each page, and the date and time of your visit. This information is collected through cookies, server logs, and similar technologies as described in the Cookies and Tracking Technologies section of this policy.

Information collected through service delivery: When we provide managed IT, cybersecurity, or AI enablement services, we collect technical and operational data necessary to deliver those services. This includes device inventories, software configurations, network topology data, security event logs, backup status information, and system performance metrics. The specific data collected depends on the scope of services defined in your service agreement.

Information from third parties: We may receive information about you from third-party sources, such as software vendors, referral partners, or publicly available business directories. We only collect such information when we have a legitimate business purpose and the information was obtained lawfully by the third party.

Purposes for Collection, Use, and Disclosure

We collect, use, and disclose personal information for the following purposes:

Service delivery: To provide managed IT, cybersecurity, AI enablement, and related technology services as described in your service agreement. This includes monitoring your technology environment, responding to support requests, performing maintenance and security operations, generating reports, and communicating with you about your services.

Communication: To respond to your inquiries, provide information you have requested, send service-related communications, and notify you of changes to our services or policies.

Business operations: To manage our business relationship with you, including invoicing, payment processing, contract management, and service scheduling.

Website improvement: To analyze how visitors use our website, improve website functionality and content, and ensure the security of our web properties.

Security and compliance: To detect, prevent, and respond to security threats, fraud, or other unauthorized or illegal activities. To comply with applicable laws, regulations, and legal processes.

Marketing: With your consent, to send you information about our services, industry updates, or other communications that may be of interest to you. You may withdraw your consent to marketing communications at any time by contacting us or using the unsubscribe mechanism in our emails.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not use personal information for purposes other than those identified at or before the time of collection, unless we obtain your consent or are required or permitted to do so by law.

Consent

We obtain your consent before or at the time we collect your personal information for the purposes identified in this policy. Consent may be express or implied, depending on the sensitivity of the information and the reasonable expectations of the individual.

Express consent is obtained when you actively agree to the collection, use, or disclosure of your personal information — for example, by submitting a contact form, signing a service agreement, or opting in to marketing communications.

Implied consent may be reasonable in certain circumstances — for example, when you provide your business card at a professional event, when the collection is necessary to fulfill a service you have requested, or when the information is publicly available business contact information.

You may withdraw your consent at any time, subject to legal or contractual restrictions, by contacting our Privacy Officer at info@nexanova.ca. We will inform you of the implications of withdrawing consent, which may include our inability to provide certain services. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

We do not require consent as a condition of supplying a product or service beyond what is necessary to deliver that product or service.

Disclosure to Third Parties

We may disclose your personal information to the following categories of third parties, and only for the purposes described in this policy:

Service providers: We engage third-party service providers to assist in delivering our services, including cloud hosting providers, remote monitoring and management platform providers, security software vendors, backup service providers, email service providers, and payment processors. These service providers are contractually required to protect your personal information and to use it only for the purposes for which it was disclosed to them.

Software vendors: In the course of providing managed IT services, we may interact with your software vendors — such as Microsoft, practice management software providers, and other technology partners — on your behalf. Information shared with these vendors is limited to what is necessary to resolve technical issues or manage your software environment.

Professional advisors: We may disclose personal information to our legal, accounting, or insurance advisors as necessary for the operation of our business.

Legal requirements: We may disclose personal information when required or permitted by law, including in response to a court order, subpoena, warrant, or other legal process, or to comply with applicable laws and regulations.

Business transfers: In the event of a merger, acquisition, reorganization, or sale of all or a portion of our assets, personal information may be transferred as part of that transaction. We will notify affected individuals of any such transfer and any choices they may have regarding their personal information.

We do not disclose personal information to third parties for purposes unrelated to our services without your express consent.

Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.

Website inquiry data: Contact form submissions and related correspondence are retained for 24 months from the date of last contact, unless you become a client, in which case retention is governed by your service agreement.

Client service data: Personal information collected in the course of delivering services is retained for the duration of the service agreement and for 36 months following termination, unless a longer retention period is required by law or by the terms of the service agreement.

Billing and financial records: Invoicing and payment records are retained for seven years in accordance with Canadian tax and business record-keeping requirements.

Technical and security logs: System logs, security event data, and technical operational data collected during service delivery are retained for 12 months unless a security incident requires longer retention for investigation or legal purposes.

When personal information is no longer required for any purpose, it is securely destroyed or anonymized using methods appropriate to the sensitivity of the information.

Security Safeguards

We protect personal information using physical, organizational, and technological safeguards appropriate to the sensitivity of the information.

Technological safeguards include encryption of data at rest and in transit, multi-factor authentication on all systems that store or process personal information, endpoint detection and response on all company devices, firewall and network security controls, regular security patching and vulnerability management, and access controls that limit access to personal information to authorized personnel who require it for legitimate business purposes.

Organizational safeguards include privacy and security training for all team members, documented policies and procedures for handling personal information, access controls based on role and need-to-know, and regular review of our security practices.

Physical safeguards include secured office premises, locked storage for any physical records containing personal information, and secure disposal of physical media.

No method of transmission or storage is completely secure. While we take all reasonable steps to protect your personal information, we cannot guarantee absolute security. In the event of a security breach involving personal information, we will comply with all applicable breach notification requirements under PIPEDA, PIPA, and other applicable legislation.

Breach Notification

In the event of a breach of security safeguards involving personal information that creates a real risk of significant harm to individuals, we will:

Notify the Office of the Privacy Commissioner of Canada as required under PIPEDA, and the Office of the Information and Privacy Commissioner for British Columbia as required under PIPA.

Notify affected individuals as soon as feasible, providing a description of the breach, the types of personal information involved, a description of what we are doing to address the breach and reduce the risk of harm, and contact information for our Privacy Officer.

Notify any third-party organizations that may be able to reduce the risk of harm to affected individuals.

Maintain a record of every breach of security safeguards involving personal information, regardless of whether the breach triggers notification obligations, as required under PIPEDA.

Our breach response procedures are documented and tested regularly as part of our security operations.

Your Rights

Under PIPEDA and PIPA, you have the following rights regarding your personal information:

Right of access: You have the right to request access to the personal information we hold about you. Upon receiving a written request and verifying your identity, we will provide you with information about the existence, use, and disclosure of your personal information within 30 days, subject to limited exceptions permitted by law.

Right of correction: You have the right to request correction of any personal information we hold about you that is inaccurate or incomplete. If we are unable to make the requested correction, we will note your request in our records.

Right to withdraw consent: You have the right to withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. We will inform you of the implications of withdrawal.

Right to complain: If you believe we have not handled your personal information in accordance with this policy or applicable privacy legislation, you have the right to file a complaint with our Privacy Officer. If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for British Columbia.

To exercise any of these rights, contact our Privacy Officer at info@nexanova.ca or by phone at (604) 613-0150. We will respond to all requests within 30 days of receipt.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyze website traffic, and understand how visitors interact with our site.

Essential cookies are required for the basic functionality of our website, including session management and security. These cookies do not collect personal information and cannot be disabled.

Analytics cookies help us understand how visitors use our website by collecting information such as pages visited, time spent on pages, and traffic sources. We use Google Analytics and Vercel Analytics for this purpose. Analytics data is aggregated and does not directly identify individual visitors, though IP addresses may be collected and are treated as personal information under this policy.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified before a cookie is placed. Please note that disabling cookies may affect the functionality of our website.

Our website does not respond to Do Not Track signals, as there is no industry-standard interpretation of this signal. However, you can control tracking through your browser cookie settings as described above.

Third-Party Links

Our website may contain links to third-party websites, services, or applications. This Privacy Policy applies only to nexanova.ca and our services. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete it promptly.

International Data Transfers

Nexanova Systems is based in British Columbia, Canada. Your personal information may be processed and stored in Canada. Some of our third-party service providers may process or store data outside of Canada. Where personal information is transferred outside of Canada, we take reasonable steps to ensure that it is protected by contractual obligations or other safeguards that provide a comparable level of protection to that required under Canadian privacy legislation.

By providing your personal information to us, you consent to the transfer and processing of your information in Canada and, where applicable, in other jurisdictions as described in this section.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations. When we make material changes, we will update the "Last Updated" date at the top of this policy and, where appropriate, notify you by email or through a notice on our website.

We encourage you to review this policy periodically. Your continued use of our website or services after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact our Privacy Officer:

Nexanova Systems Langley, BC, Canada Email: info@nexanova.ca Phone: (604) 613-0150

You may also file a complaint with:

Office of the Privacy Commissioner of Canada 30 Victoria Street, Gatineau, QC K1A 1H3 Toll-free: 1-800-282-1376 Website: www.priv.gc.ca

Office of the Information and Privacy Commissioner for British Columbia PO Box 9038 Stn Prov Govt, Victoria, BC V8W 9A4 Toll-free: 1-800-663-7867 Website: www.oipc.bc.ca