This Privacy Policy explains how eVamb Technologies ("eVamb", "we", "us") handles personal information when you visit evamb.com, contact us, or engage our services. We act as the data controller for personal information collected through this website. Where we process personal information on behalf of a business customer within our products, we act as a processor / service provider under that customer's instructions and the applicable data-processing agreement.
1. Personal information we collect
- Information you give us — your name, organisation, email, phone number, and the content of any message when you use a contact or routing form, email us, or call.
- Technical information — IP address, browser type, device and approximate region, and pages viewed, collected through server logs and, only with your consent, analytics cookies.
- Cookies and similar technologies — strictly necessary cookies to operate the site, and optional analytics cookies that load only after you opt in. See our Cookie Policy.
We do not knowingly collect personal information from children. We do not sell personal information, and we do not engage in profiling that produces legal or similarly significant effects.
2. Why we use it, and our legal basis
We use personal information to respond to your inquiries, provide and improve our services, maintain the security and integrity of the site, and meet our legal obligations. Under the GDPR our legal bases are: your consent (e.g. optional analytics, marketing); the performance of a contract or steps taken at your request; our legitimate interests in operating and securing our business (balanced against your rights); and compliance with a legal obligation.
3. Consent and commercial electronic messages (CASL)
Consistent with Canada's Anti-Spam Legislation (CASL), we send commercial electronic messages only where we have your express or validly implied consent, every message identifies us clearly, and every message includes a working, no-cost unsubscribe that we honour promptly. You can withdraw consent at any time by using the unsubscribe link or by writing to our Privacy Officer below. When you submit a contact form, we use your details only to respond to you — not to add you to a marketing list — unless you separately opt in.
4. How we share information
We share personal information only with service providers who help us operate the site and our business (for example hosting and, where enabled, analytics), each bound by contract to protect it and use it only on our instructions. We may disclose information where required by law or to protect our rights, and in connection with a corporate transaction subject to equivalent protections. We do not sell or rent personal information.
5. International transfers
Our infrastructure may process data in Canada, the United States, and the European Economic Area. Where we transfer personal information outside your jurisdiction, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses for transfers out of the EEA/UK, and comparable contractual protections under PIPEDA and Law 25 — and we assess the protections available in the destination country.
6. Retention
We keep personal information only as long as necessary for the purpose it was collected, to meet legal or accounting requirements, or to resolve disputes, after which we securely delete or anonymise it. Contact-inquiry records are typically retained for up to 24 months unless a longer period is required.
7. Your rights
Subject to your jurisdiction and applicable law, you have the right to:
- Access the personal information we hold about you and request a copy.
- Correct information that is inaccurate or incomplete.
- Withdraw consent at any time, without affecting prior lawful processing.
- Delete ("erasure") your information where the law allows.
- Port your information (data portability), where applicable under the GDPR and Law 25.
- Object to or restrict certain processing, and not be subject to solely automated decisions with significant effects.
- De-indexing — request that links to your information be ceased or de-indexed, where Law 25 applies.
To exercise any right, contact our Privacy Officer below. We respond within the timeframes set by applicable law (generally 30 days under PIPEDA and Law 25, and one month under the GDPR). There is no charge to make a request.
8. How we protect information
We use administrative, technical, and physical safeguards appropriate to the sensitivity of the information — including encryption in transit, access controls on a need-to-know basis, and a tight content-security posture for this site. Where Law 25 requires, we conduct privacy impact assessments before deploying systems that process personal information, and we will notify affected individuals and the relevant authorities of any confidentiality incident that presents a risk of serious injury, without undue delay.
9. Privacy Officer (Law 25) and how to reach us
eVamb Technologies has designated a Privacy Officer responsible for our compliance, including the requirement under Quebec's Law 25 to name a person in charge of the protection of personal information.
10. Complaints
If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec (for Law 25 matters), or your local data-protection authority in the EEA/UK. We ask that you raise concerns with us first so we can put things right.
11. Changes to this policy
We may update this policy to reflect changes in our practices or the law. Material changes will be posted here with a revised effective date.