GDPR Compliance Information

Last Updated: April 28, 2026

1. Our Commitment to GDPR

Although VenticeDol Finance operates primarily in Canada, we recognize that some of our clients may be subject to the European Union's General Data Protection Regulation (GDPR). We are committed to protecting the personal data of all individuals, including those in the European Economic Area (EEA).

2. Data Controller Information

VenticeDol Finance acts as the data controller for personal information collected through our website and services.

Data Controller:
VenticeDol Finance
425 Bay Street, Suite 1200
Toronto, ON M5H 2Y2
Canada
Email: [email protected]

3. Legal Basis for Processing

We process personal data under the following legal grounds:

Consent: You have given clear consent for us to process your personal data for specific purposes
Contract: Processing is necessary to fulfill our contractual obligations to provide accounting services
Legal Obligation: Processing is required to comply with Canadian and international tax laws
Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your fundamental rights

4. Your Rights Under GDPR

If you are a resident of the EEA, you have the following rights:

Right to Access

You can request copies of your personal data that we hold. We will provide this information within one month of your request.

Right to Rectification

You can request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You can request that we erase your personal data under certain conditions. Note that we may be required to retain certain information to comply with legal and professional obligations.

Right to Restrict Processing

You can request that we restrict the processing of your personal data under certain conditions.

Right to Data Portability

You can request that we transfer the data we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to our processing of your personal data under certain conditions, particularly for processing based on legitimate interests or direct marketing.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]
Subject line: "GDPR Rights Request"
Include: Your full name, contact information, and specific right you wish to exercise

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will notify you of any such extension.

6. Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption of personal data in transit and at rest
Regular security assessments and vulnerability testing
Access controls and authentication mechanisms
Staff training on data protection and security
Incident response and breach notification procedures

7. International Data Transfers

When we transfer personal data from the EEA to Canada, we ensure appropriate safeguards are in place. Canada has been recognized by the European Commission as providing adequate data protection for commercial organizations under PIPEDA (Personal Information Protection and Electronic Documents Act).

For any transfers to third countries not deemed adequate by the European Commission, we use:

Standard Contractual Clauses approved by the European Commission
Binding Corporate Rules where applicable
Other legally approved transfer mechanisms

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

Duration of our service relationship
Legal and regulatory retention requirements (typically 7 years for financial records)
Resolution of disputes and enforcement of agreements

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
Document all data breaches, regardless of whether notification is required

10. Third-Party Processors

We work with third-party service providers who process personal data on our behalf. These processors are contractually bound to:

Process data only on our documented instructions
Implement appropriate security measures
Assist us in responding to data subject rights requests
Delete or return personal data at the end of the service provision

11. Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

You can also contact us directly to resolve any concerns:

Email: [email protected]

12. Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. We will notify you of material changes through our website or direct communication.