GDPR Compliance
Last updated: May 29, 2026
Our Commitment to GDPR
Misty Bridges is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA).
Legal Basis for Processing
We process personal data under the following legal bases:
- Consent: Where you have given clear consent for us to process your personal data for specific purposes
- Contract: Where processing is necessary for the performance of a contract with you
- Legal Obligation: Where processing is necessary to comply with legal obligations
- Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded or excessive.
Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure
You have the right to request that we erase your personal data, under certain conditions.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Object to Processing
You have the right to object to our processing of your personal data, under certain conditions.
Right to Data Portability
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
Right to Withdraw Consent
Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: [email protected]
Address: 287 Richmond Street West, Suite 400, Toronto, ON M5V 1W2, Canada
We will respond to your request within one month of receipt. In some cases, this period may be extended by two additional months where necessary, taking into account the complexity and number of requests.
Data Protection Officer
For any questions regarding data protection or GDPR compliance, you may contact our Data Protection Officer at [email protected].
Data Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data in transit and at rest
- Regular security assessments and audits
- Access controls and authentication mechanisms
- Staff training on data protection
- Incident response procedures
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.
International Data Transfers
When we transfer personal data outside of the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
- Standard contractual clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Binding corporate rules
Third-Party Processors
We ensure that any third-party processors we engage comply with GDPR requirements and have appropriate data processing agreements in place.
Complaints
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
Updates to This Policy
We may update this GDPR compliance statement from time to time. Any changes will be posted on this page with an updated revision date.