Privacy Policy

BrandWave Agency Inc. ("BrandWave", "we", "us") operates brandwave.life. This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and guidance from the Office of the Privacy Commissioner of Canada (OPC).

1. Accountability and data controller

BrandWave Agency Inc. is accountable for personal information under our control. Business Number 845678901 RC0001. Registered address: 740 4th Avenue SW, Calgary, AB T2P 3T9. Privacy inquiries: [email protected]. Director of Publication: Alexis Tremblay.

2. Identifying purposes

We collect personal information for identifiable purposes including: responding to contact form submissions; scheduling discovery calls; delivering contracted marketing services; maintaining client records; improving website security and performance; complying with legal obligations; and managing cookie consent preferences.

3. Consent

We obtain meaningful consent before collecting personal information except where permitted by law. Contact form submission requires explicit consent via checkbox for PIPEDA and CASL-aligned processing. Cookie analytics load only after consent through our cookie banner. You may withdraw consent subject to legal or contractual restrictions by contacting [email protected].

4. Limiting collection

We collect only information reasonably necessary for stated purposes: typically name, email, phone, company, subject selection, message content, consent records, and technical metadata such as IP address and browser type in server logs.

5. Limiting use, disclosure, and retention

We do not sell personal information. Disclosure is limited to service providers who assist hosting, email delivery, or analytics (when consented), bound by contractual safeguards. Enquiry records retained 12–24 months unless a client relationship continues. Analytics data retained up to 14 months. Server logs retained up to 90 days. Client project records retained 24–36 months after completion unless otherwise agreed.

6. Accuracy

We rely on you to provide accurate information. You may request correction of inaccurate personal information by contacting [email protected].

7. Safeguards

We implement administrative, technical, and physical safeguards appropriate to sensitivity, including HTTPS transport, access controls, and staff training. No internet transmission is completely secure; we encourage strong passwords on your systems.

8. Openness

This policy is publicly available. Questions about our privacy practices may be directed to [email protected].

9. Individual access

You may request access to personal information we hold about you. We respond within 30 days where PIPEDA requires, subject to permitted exceptions. Access requests should include sufficient detail to locate records.

10. Challenging compliance

Contact [email protected] to challenge our compliance with this policy. You may lodge a complaint with the Office of the Privacy Commissioner of Canada: 30 Victoria Street, Gatineau, QC K1A 1H3 — priv.gc.ca.

11. Cookies and similar technologies

See our Cookie Policy for categories, purposes, and management options. Essential cookies operate the site; analytics cookies require consent.

12. Cross-border processing

Hosting and email infrastructure may process data in Canada or other jurisdictions with contractual protections. We assess transfers for PIPEDA compliance.

13. Marketing communications

We send commercial electronic messages only with consent under Canada's Anti-Spam Legislation (CASL). You may unsubscribe using links in messages or by contacting [email protected].

14. Minors

Our services target business clients. We do not knowingly collect personal information from individuals under 16 without appropriate consent.

15. Breach notification

We maintain procedures to assess and report significant breaches as required by PIPEDA breach notification rules, including notification to affected individuals and the OPC when applicable.

16. Changes

We may update this policy with a revised date posted on this page. Material changes will be communicated where appropriate.

17. Service-specific processing

During marketing engagements, clients may share customer insights or research materials. We process such data only per contract instructions, apply need-to-know access, and return or delete materials per agreement schedules.

18. Automated decision-making

We do not make solely automated decisions producing legal or similarly significant effects about individuals without human review.

19. Contact

[email protected] | +1 (403) 555-0176 | 740 4th Avenue SW, Calgary, AB T2P 3T9

20. Campaign performance data

When reviewing awareness metrics on behalf of clients, we may access platform dashboards you authorise. We do not store ad account passwords; access uses role-based invitations you control and may revoke.

21. Creative asset handling

Brand assets uploaded for campaign planning are used solely for agreed deliverables. Watermarked previews may be shared internally among BrandWave staff assigned to your programme.

22. Media buying boundaries

If media is purchased through partner agencies, personal data from lead forms remains governed by your privacy policies and platform terms. We advise on disclosure copy but do not operate as data controller for your end customers.

23. Event and activation lists

Field activation attendee lists require proof of consent for follow-up messaging under CASL. We reject projects requesting unsolicited bulk outreach.

24. Influencer coordination

Influencer contracts should specify disclosure obligations under Competition Act guidance. We help draft briefing language but influencers remain responsible for their published content.

25. Archival of campaign calendars

Wave sequence documents are archived for 24 months to support retainer continuity, then deleted unless renewal extends retention.

26. Privacy by design in reporting

Dashboards default to aggregated metrics. We avoid exporting user-level identifiers in standard report templates.

27. De-identification

Where analytics permits, IP addresses are truncated and user agents hashed before storage. We periodically review analytics configurations for alignment with this policy.

28. Physical records

Printed workshop materials, if any, are shredded after digitisation unless clients request return. Locked storage applies during active projects only.

29. Privacy impact reviews

New tools undergo lightweight privacy impact review before deployment on client programmes involving personal information.

30. Contact for data breaches

Report suspected incidents to [email protected] immediately. We maintain an incident log and cooperate with OPC guidance on notification timelines.

31. Website log files

Server logs may capture IP address, request timestamp, requested URL, HTTP status, and browser user agent. Logs support security monitoring and troubleshooting. They are not used to build marketing profiles of individual visitors and are deleted on a rolling schedule not exceeding ninety days unless investigation requires temporary extension.

32. Form submission security

Contact forms use honeypot fields and referer validation to reduce automated spam. Spam submissions are deleted without response. Legitimate submissions are stored in secure mailboxes accessible only to authorised BrandWave staff in Calgary and remote team members under confidentiality obligations.

33. Direct marketing from BrandWave

If you enquire about services, we may send follow-up messages related to your request under CASL implied consent rules for existing inquiries. Ongoing newsletters or promotional messages require express consent. Every commercial email includes an unsubscribe mechanism.

34. Aggregated statistics

We may publish aggregated, non-identifying statistics about industries served or project types completed. These statistics never include personal information or client-identifiable performance metrics without written permission.

35. Due diligence requests

Enterprise clients may submit security questionnaires during procurement. We respond with accurate summaries of practices described in this policy. Custom data processing agreements are available for large engagements involving systematic personal information processing on your behalf.

36. Policy review cycle

BrandWave reviews this Privacy Policy at least annually and after material changes to tools or regulations. The last updated date appears at the top of this page. Previous versions may be archived internally for compliance records.

37. Accessibility of privacy notices

We aim to present privacy information in plain language. If you require this policy in an alternative format, contact [email protected] with your request and we will endeavour to accommodate reasonable accessibility needs.

38. Linking to third-party sites

Our site may link to regulator resources, mapping tools, or font providers. Those sites have independent privacy practices. We encourage you to read their policies before submitting personal information externally.

39. Children's privacy

Our business services are not directed at children. If we learn that personal information from a child was submitted without appropriate parental consent, we will delete it promptly upon notification to [email protected].