Privacy Policy

Zaha Technologies Inc. ("Zaha Technologies," "we," "us," or "our") is committed to protecting the privacy and confidentiality of personal information entrusted to us by our clients, partners, website visitors, and employees. This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), applicable provincial privacy legislation, and other relevant Canadian laws.

By accessing our website at zaha.ca, engaging our services, or otherwise providing personal information to us, you acknowledge that you have read and understood this Privacy Policy.

1. About Zaha Technologies

Zaha Technologies Inc. is a Canadian-owned IT consulting and managed services firm headquartered in Toronto, Ontario. We provide enterprise technology solutions including data analytics and artificial intelligence, architecture modernization, customer platforms, software development, managed IT services, unified communications, and healthcare IT solutions to organizations across Canada.

Registered Address:
Zaha Technologies Inc.
100 King Street West, Suite 5700
Toronto, ON M5X 1C7
Canada

2. Information We Collect

We collect personal information that is necessary for legitimate business purposes. The types of personal information we may collect include:

2.1 Information You Provide Directly

• Contact Information: Name, email address, phone number, mailing address, and job title when you submit a contact form, request a consultation, or communicate with us.
• Business Information: Company name, industry, organizational role, and information about your technology requirements and business objectives.
• Account Information: Credentials and preferences if you create an account on our client portal or managed services dashboard.
• Payment Information: Billing details and financial information necessary to process payments for our services, which are handled through PCI DSS-compliant payment processors.
• Employment Information: Resumes, cover letters, professional references, and related materials submitted through our careers section.
• Communications: The content of emails, support tickets, chat messages, and other correspondence you exchange with us.

2.2 Information Collected Automatically

• Device and Browser Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Usage Data: Pages visited, links clicked, time spent on pages, referring URLs, and navigation paths on our website.
• Log Data: Server logs, error reports, access timestamps, and related technical data.
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies as described in Section 7 of this Policy.

2.3 Information from Third Parties

• Business Partners and Referrals: Information received from technology partners, referral sources, or other third parties with whom you have a relationship.
• Publicly Available Information: Business information from public sources, company websites, professional networking platforms, and industry directories.
• Analytics Providers: Aggregated and anonymized data from analytics services that help us understand website traffic and user behaviour.

3. How We Use Your Information

We use personal information for the following purposes, each of which is based on a legitimate and identified purpose as required by PIPEDA:

• Service Delivery: To provide, manage, and improve our IT consulting, managed services, and technology solutions in accordance with our contractual obligations.
• Communication: To respond to your inquiries, provide customer support, send service-related notifications, and communicate about project status and deliverables.
• Business Development: To provide information about our services, industry insights, thought leadership content, and events that may be relevant to your organization, where you have consented to receive such communications or where permitted by applicable law.
• Website Improvement: To analyze how visitors use our website, identify technical issues, optimize user experience, and develop new features and content.
• Security and Compliance: To protect against unauthorized access, detect and prevent fraud, enforce our terms of service, and comply with legal obligations.
• Legal Purposes: To establish, exercise, or defend legal claims, comply with court orders, regulatory requirements, and other legal processes.
• Employment: To evaluate job applications, conduct background checks where applicable, and manage the recruitment process.
• Analytics and Research: To conduct internal research and analytics to improve our services, understand market trends, and develop new offerings.

4. Disclosure of Information

We do not sell, rent, or trade your personal information. We may share your personal information in the following limited circumstances:

• Service Providers: We engage trusted third-party service providers who process personal information on our behalf to support our business operations, including cloud hosting providers, payment processors, email service providers, and analytics platforms. These providers are contractually obligated to protect your information and may only use it for the purposes we specify.
• Technology Partners: When delivering solutions that involve our technology partners (such as AWS, Microsoft, Google Cloud, Cisco, Salesforce, and others), we may share necessary information to provision, configure, or support services on your behalf.
• Professional Advisors: We may disclose information to our lawyers, auditors, accountants, insurers, and other professional advisors as necessary for legal, financial, and compliance purposes.
• Legal Requirements: We may disclose information where required by law, regulation, legal process, or governmental request, including to comply with a subpoena, court order, or request from a regulatory authority with jurisdiction.
• Business Transfers: In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the successor entity. We will provide notice before your information becomes subject to a different privacy policy.
• With Your Consent: We may share your information for purposes not described in this Policy with your express consent.

5. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal and contractual obligations, to resolve disputes, and to enforce our agreements. Specific retention periods vary depending on the type of information and the purpose for which it was collected:

• Client Records: We retain client engagement records, project documentation, and related business information for a minimum of seven (7) years following the completion of services, or as required by applicable law, whichever is longer.
• Contact Inquiries: Information submitted through contact forms or consultation requests is retained for up to two (2) years unless a business relationship is established, in which case client retention periods apply.
• Employment Applications: Unsolicited resumes and employment applications are retained for one (1) year unless the applicant requests earlier deletion.
• Website Analytics: Anonymized usage data and analytics may be retained indefinitely for statistical and trend analysis.
• Financial Records: Financial transaction records are retained for a minimum of seven (7) years in accordance with Canada Revenue Agency requirements and applicable tax legislation.

When personal information is no longer required, we securely destroy, erase, or anonymize it using methods appropriate to the sensitivity of the information.

6. Your Rights Under PIPEDA

Under PIPEDA and applicable provincial privacy legislation, you have the following rights with respect to your personal information:

• Right of Access: You have the right to request access to the personal information we hold about you. We will respond to your request within thirty (30) days and provide you with a copy of your information, subject to limited exceptions permitted by law.
• Right to Correction: You may request that we correct or update any inaccurate, incomplete, or outdated personal information in our records.
• Right to Withdraw Consent: You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and upon reasonable notice. We will inform you of the implications of withdrawing consent.
• Right to Complain: If you believe that we have not handled your personal information in accordance with PIPEDA, you have the right to file a complaint with our Privacy Officer. If your complaint is not resolved to your satisfaction, you may file a complaint with the Office of the Privacy Commissioner of Canada.

6.1 Provincial Privacy Rights

If you are a resident of a province with its own privacy legislation, additional rights may apply:

• Quebec (Law 25 / Act Respecting the Protection of Personal Information in the Private Sector): Quebec residents have the right to data portability, the right to be informed of automated decision-making, and the right to request de-indexation. We conduct privacy impact assessments for projects involving the personal information of Quebec residents as required under Quebec Law 25.
• Alberta (Personal Information Protection Act - PIPA): Alberta residents have rights regarding the collection, use, and disclosure of their personal information by organizations operating in Alberta.
• British Columbia (Personal Information Protection Act - PIPA): British Columbia residents are entitled to similar protections under the BC PIPA, including the right to access and correct personal information.
• Ontario (Personal Health Information Protection Act - PHIPA): For healthcare IT engagements involving personal health information in Ontario, we comply with PHIPA requirements including additional safeguards for health information custodians and the rights of individuals regarding their personal health information.

7. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze site usage. The types of cookies we use include:

• Strictly Necessary Cookies: Essential for the operation of our website. These cookies enable basic functions such as page navigation, access to secure areas, and session management. They cannot be disabled.
• Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous statistical data about page views, traffic sources, and user navigation patterns.
• Functional Cookies: Allow us to remember your preferences, such as language settings and display options, to provide a more personalized experience.
• Marketing Cookies: Used to track visitors across websites and display relevant advertisements. We only set marketing cookies with your explicit consent.

You can manage your cookie preferences through your browser settings or through our cookie consent mechanism when you first visit our website. Disabling certain cookies may affect the functionality of our website.

We may also use web beacons, pixel tags, and similar technologies in our emails to track open rates and click-through rates to improve the relevance and effectiveness of our communications. You may opt out of email tracking by adjusting your email client settings or by unsubscribing from our mailing list.

8. Security

We take the security of your personal information seriously and implement organizational, physical, and technological safeguards to protect against unauthorized access, disclosure, copying, use, or modification. Our security measures include, but are not limited to:

• Encryption of personal information in transit (TLS 1.2+) and at rest (AES-256).
• Access controls based on the principle of least privilege, including role-based access, multi-factor authentication, and regular access reviews.
• Regular security assessments, vulnerability scanning, and penetration testing conducted by qualified security professionals.
• SOC 2 Type II compliance for our managed services operations, verified by independent third-party auditors.
• Comprehensive employee training on data privacy, information security, and incident response procedures.
• Data hosting in SOC 2-certified, Canadian-located data centres where applicable, ensuring compliance with data residency requirements.
• Incident response and breach notification procedures in accordance with PIPEDA's mandatory breach reporting requirements.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to continuously improving our security posture and promptly addressing any identified vulnerabilities.

9. International Data Transfers

As a Canadian company, we primarily store and process personal information within Canada. However, some of our service providers or technology partners may process personal information in jurisdictions outside of Canada, including the United States. When personal information is transferred outside of Canada, we ensure that appropriate contractual safeguards are in place, including data processing agreements that require the receiving party to provide a comparable level of protection to that required by PIPEDA and applicable Canadian privacy legislation.

We will inform you if your personal information may be processed in a foreign jurisdiction and the purposes for such transfer. Personal information processed in a foreign jurisdiction may be accessible to the law enforcement and national security authorities of that jurisdiction.

10. Children's Privacy

Our services are designed for businesses and professionals. We do not knowingly collect, use, or disclose personal information from individuals under the age of 16. If we become aware that we have inadvertently collected personal information from a child under 16, we will take immediate steps to delete that information from our records. If you believe we may have collected information from a minor, please contact our Privacy Officer immediately.

11. Automated Decision-Making

We do not currently use fully automated decision-making processes that produce legal effects or similarly significant effects concerning individuals. If we introduce such processes in the future, we will update this Policy and provide affected individuals with meaningful information about the logic involved, the significance, and the envisaged consequences of such processing, as well as the right to request human intervention, in accordance with applicable Canadian privacy law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Policy, we will post the updated version on our website with a revised effective date. We encourage you to review this Policy periodically to stay informed about how we protect your personal information.

For material changes that significantly affect how we use or disclose personal information previously collected, we will make reasonable efforts to notify affected individuals by email or through a prominent notice on our website prior to the changes taking effect.

13. Contact Information

If you have questions, concerns, or complaints about this Privacy Policy, our privacy practices, or if you wish to exercise any of your rights regarding your personal information, please contact our Privacy Officer:

If you are not satisfied with our response, you have the right to contact the Office of the Privacy Commissioner of Canada: