Privacy Policy

1. Accountability

CMO Data Systems Corp., operating as CMO IT Services, is responsible for personal information under its control. Our designated Privacy Officer is accountable for compliance with this policy and with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the British Columbia Personal Information Protection Act (BC PIPA).

Privacy Officer: Shaun Peterson, General Manager
Email: privacy@cmoit.ca
Phone: (250) 562-0907
Address: 1515 8th Avenue, Prince George, BC V2L 3R3, Canada

2. Information We Collect

We collect personal information that you voluntarily provide when you contact us, request a consultation, or engage our services. This includes your name, email address, phone number, company name, and details you share about your IT environment.

We also collect technical information automatically through our website, including IP addresses, browser type, operating system, referring URLs, and pages visited. This information is collected through server logs and cookies (see Section 9).

We collect personal information directly from you (via contact forms, email, phone, and in-person meetings) and automatically through your use of our website. We do not collect personal information from third-party sources.

3. Purpose of Collection

We identify the purpose for collecting personal information at or before the time of collection. We collect and use your information for the following purposes: responding to inquiries and service requests, delivering and managing IT services under contract, managing client relationships and communications, issuing invoices and processing payments, meeting legal and regulatory obligations, and improving our website and service delivery. We do not use your information for unsolicited marketing without your explicit consent.

4. Consent

We obtain your informed consent before collecting, using, or disclosing your personal information, except where permitted or required by law. By submitting a contact form, signing a service agreement, or otherwise voluntarily providing your personal information, you consent to its collection and use for the purposes identified in this policy.

Withdrawing consent: You may withdraw your consent to the collection, use, or disclosure of your personal information at any time by contacting our Privacy Officer. Upon receiving your withdrawal, we will inform you of the likely consequences (for example, we may be unable to continue providing certain services) and will stop collecting, using, or disclosing the information unless otherwise permitted by law.

5. Limiting Collection

We collect only the personal information necessary to fulfil the purposes identified in this policy. Information is collected by fair and lawful means.

6. Data Storage, Residency, and Retention

All client data managed by CMO IT Services is stored exclusively in Canadian data centres. We do not transfer personal information outside of Canada. Our backup and disaster recovery infrastructure operates entirely within Canadian-only cloud environments.

We retain personal information only as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specifically: active client records are retained for the duration of the service relationship, financial records are retained for seven years following the end of the service relationship (as required by Canada Revenue Agency), website inquiry data is retained for 24 months, and website analytics data is retained for 12 months. When personal information is no longer required, we securely destroy it or render it non-identifiable using methods appropriate to the sensitivity of the information.

7. Data Protection

We implement CIS Controls v8 Implementation Group 1 (all 56 safeguards) across our managed environments. Personal information is protected by encryption at rest and in transit, role-based access controls, continuous monitoring, endpoint detection and response, and regular security assessments. The level of protection is proportionate to the sensitivity of the information.

8. Third-Party Disclosure

We do not sell, trade, or rent your personal information. We may share personal information with the following categories of service providers who assist in our operations: cloud infrastructure and hosting providers (Canadian data centres only), security monitoring and threat detection platforms, backup and disaster recovery providers, and accounting and invoicing software providers. All third-party providers are contractually required to protect personal information to a standard consistent with this policy. We may also disclose personal information when required by law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of CMO IT Services, our clients, or the public.

9. Cookies and Website Analytics

Our website uses cookies to improve your browsing experience and to collect anonymous usage statistics. Specifically, we use essential cookies required for website functionality and analytics cookies to understand how visitors use our site (pages visited, time on site, traffic sources). We do not use advertising or tracking cookies. You can configure your browser to refuse cookies. Disabling essential cookies may affect website functionality, but disabling analytics cookies will not affect your experience.

10. Accuracy

We make reasonable efforts to ensure personal information is accurate, complete, and up to date for the purposes for which it is used. If you believe the personal information we hold about you is inaccurate or incomplete, you may request a correction by contacting our Privacy Officer.

11. Breach Notification

In the event of a breach of security safeguards involving personal information that creates a real risk of significant harm, we will notify affected individuals and report the breach to the Office of the Privacy Commissioner of Canada as required under PIPEDA. Notification will include a description of the breach, the types of personal information involved, the steps we have taken to reduce the risk of harm, and the steps affected individuals can take to protect themselves.

12. Your Rights

Under PIPEDA and BC PIPA, you have the right to: request access to the personal information we hold about you, request correction of inaccurate or incomplete information, withdraw your consent to ongoing collection, use, or disclosure, and challenge our compliance with this policy.

How to exercise your rights: Submit a written request to our Privacy Officer at privacy@cmoit.ca. We will respond within 30 business days, as required by BC PIPA. There is no fee for access requests unless the request is excessive or repetitive. If we refuse a request, we will provide written reasons and inform you of your right to complain to the applicable commissioner.

13. Challenging Compliance

If you are not satisfied with our response to a privacy concern, you have the right to file a complaint with:

Office of the Privacy Commissioner of Canada
www.priv.gc.ca · 1-800-282-1376

Office of the Information and Privacy Commissioner for British Columbia
www.oipc.bc.ca · (250) 387-5629

14. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be posted on this page with an updated effective date. Where a change materially affects how we collect, use, or disclose personal information, we will make reasonable efforts to notify affected individuals and obtain fresh consent where required.

15. Contact

For privacy inquiries, access requests, or to exercise any of your rights under PIPEDA or BC PIPA, contact our Privacy Officer at privacy@cmoit.ca or call (250) 562-0907. CMO Data Systems Corp., 1515 8th Avenue, Prince George, BC V2L 3R3, Canada.