Legal

Privacy Policy

Last updated: 2026-05-29

EmpowerIT ("EmpowerIT", "we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, share, retain, and protect your personal information when you visit empowerit.ca, request our services, book a consultation, subscribe to our newsletter, or otherwise interact with us.

EmpowerIT is incorporated in Ontario, Canada and is subject to the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian privacy laws. We also follow the Canadian Anti-Spam Legislation (CASL) for our commercial electronic messages.

If you do not agree with this Policy, please do not use our website or services.

1. The information we collect

We collect personal information you provide to us directly and information generated automatically when you use our website or services.

1.1 Information you provide

  • Contact details: name, email address, phone number, company name, role.
  • Booking information: service requested, date and time of appointment, notes you include with a booking, and any details you share during a consultation.
  • Newsletter and form submissions: email address and any information you choose to provide in a contact form or subscription field.
  • Business information: details you share about your IT environment, security posture, or business operations during a Gap Analysis or engagement.

1.2 Information collected automatically

  • Technical information: IP address, browser type and version, operating system, device identifiers, referring URL, pages visited, and timestamps.
  • Cookies and similar technologies: small data files that your browser stores. We use cookies to keep the site functioning (essential), measure usage (analytics), and, where applicable, remember preferences. See Section 7 for details and choices.

1.3 Information from third parties

We may receive information about you from publicly available sources (such as your company website or LinkedIn profile) or from partners who refer you to us. We use that information only to evaluate fit and respond to inquiries.

2. How we use your information

We use the personal information we collect for the following purposes:

  • To respond to your inquiries, deliver the services you request, and manage our relationship with you;
  • To schedule and confirm consultations, including through Microsoft 365 Bookings;
  • To produce and deliver the IT Gap Analysis, proposals, agreements, and other engagement materials;
  • To send you transactional messages related to your booking, account, or engagement;
  • To send marketing communications where you have given express or implied consent under CASL — you can unsubscribe at any time;
  • To improve our website, services, and customer experience;
  • To detect, prevent, and respond to security incidents, fraud, and other unlawful activity;
  • To comply with applicable law, regulation, court order, or other lawful request.

3. Legal basis for processing (PIPEDA)

Under PIPEDA, we collect, use, and disclose personal information only with your knowledge and consent (express or implied) and only for purposes that a reasonable person would consider appropriate in the circumstances. Express consent is obtained where required, such as for marketing communications. Implied consent applies in routine business contexts, for example when you submit a contact form and clearly expect a reply.

4. How we share your information

We do not sell personal information. We share personal information only as described below.

  • Service providers and subcontractors who help us operate the website and deliver services, including:
    • Microsoft Corporation (Microsoft 365, Microsoft Bookings, Outlook, Azure) for email, calendar, productivity, and identity services;
    • Cloudflare, Inc. (Cloudflare Pages, Cloudflare DNS) for website hosting, content delivery, and security;
    • OVHcloud Canada for managed Canadian infrastructure;
    • Other vendors as needed to deliver an engagement (for example, telecommunications, backup, and security operations partners).
    These providers are contractually required to protect personal information and use it only for the purposes we specify.
  • Business transfers: if EmpowerIT is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to appropriate confidentiality protections.
  • Legal and regulatory: we may disclose personal information if required by law, court order, or to protect our rights, property, or the safety of others.
  • With your consent: we may share personal information in other circumstances with your express consent.

5. International data transfers

Some of our service providers operate or store data outside Canada, including in the United States and the European Union. When personal information is transferred outside Canada, it may be subject to the laws of those jurisdictions, including lawful access by foreign authorities. We use reputable providers, prefer Canadian data residency where practical (for example, Cloudflare Toronto edge and OVH Canada infrastructure), and rely on contractual safeguards to protect your information.

6. How long we keep your information

We retain personal information only as long as necessary to fulfil the purposes for which it was collected, to satisfy our legal, accounting, audit, and reporting obligations, and to enforce our agreements. Specific retention periods depend on the nature of the information and the purpose. Bookings and engagement records are typically retained for the duration of the relationship plus seven (7) years to satisfy Canadian tax and recordkeeping requirements.

7. Cookies and analytics

We use the following categories of cookies and similar technologies:

  • Strictly necessary cookies that make the website function (for example, session and security tokens). These cannot be disabled through the site.
  • Analytics cookies that help us understand how visitors use the site (for example, which pages are most visited) so we can improve it.
  • Functional cookies that remember your preferences.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the site. We do not use cookies for cross-site advertising tracking.

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate or incomplete information;
  • Withdraw consent for the collection, use, or disclosure of your personal information (this may affect our ability to provide certain services);
  • Unsubscribe from marketing communications at any time (see Section 9);
  • Ask questions or raise a concern about how we handle your personal information.

To exercise any of these rights, contact our Privacy Officer using the details in Section 13. We will respond within thirty (30) days. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca.

9. Marketing communications and CASL

We send commercial electronic messages (CEMs) only in accordance with Canada's Anti-Spam Legislation. Every CEM includes our identity, contact information, and an easy way to unsubscribe. You can unsubscribe at any time by clicking the unsubscribe link in any message or by emailing hello@empowerit.ca. We will action your unsubscribe within ten (10) business days.

10. Security

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These include access controls, encryption in transit, secure development practices, monitoring, and regular review. No method of transmission or storage is perfectly secure; in the event of a privacy breach that poses a real risk of significant harm, we will notify affected individuals and the Office of the Privacy Commissioner of Canada as required by law.

11. Children

Our services are directed at businesses, not children. We do not knowingly collect personal information from children under the age of eighteen (18). If you believe a child has provided us personal information, please contact us so we can delete it.

12. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. When we make a material change, we will update the "Last updated" date above and, where appropriate, provide a more prominent notice. We encourage you to review this Policy periodically.

13. Contact us

Questions, comments, or requests regarding this Privacy Policy or our handling of your personal information can be directed to our Privacy Officer:

EmpowerIT
Attention: Privacy Officer
22 King St S, Suite 300
Waterloo, ON N2J 1N8
Canada
Email: privacy@empowerit.ca
Phone: (519) 279-0194