GDPR Compliance

Information about how we protect your data rights

Our Commitment to Data Protection

While Vortex Streak operates primarily in Canada, we recognize and respect the data protection rights of individuals in the European Union under the General Data Protection Regulation (GDPR).

Legal Basis for Processing

We process your personal data based on:

  • Contract performance: To deliver the communication training services you've enrolled in
  • Consent: For marketing communications and optional program features
  • Legitimate interests: To improve our services and communicate relevant program information

Your GDPR Rights

If you are an EU resident, you have the following rights:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data under certain conditions
  • Right to restrict processing: Request limitation of how we process your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

Data Transfers

Your personal data is stored and processed in Canada. When data is transferred outside the EU, we ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

Data Protection Officer

For GDPR-related inquiries or to exercise your rights, please contact our Data Protection Officer at:

[email protected]

Supervisory Authority

If you believe we have not addressed your data protection concerns adequately, you have the right to lodge a complaint with your local EU supervisory authority.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, or as required by law. Session materials are typically retained for three years after program completion, after which they are securely deleted.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Staff training on data protection principles

Changes to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated through our website.