Effective Date 06 July 2024.
Gorp Labs (“Gorp Labs”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your personal data, as well as your rights under applicable data protection laws. If you have any questions about this policy, please contact us using the details provided at the end of this document.
1. Purpose of This Policy This Privacy Policy explains how Gorp Labs collects and processes your personal data when you interact with us, including through our website and services. Updates to This Policy We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Your continued use of our services after such updates constitutes acceptance of the revised policy. Our website may include links to third-party websites or services. We are not responsible for their privacy practices.
2. Data We Collect About You “Personal data” (UK) or “personal information” (Canada) means any information that can identify an individual. We may collect: Identity Information First and last name Title IP address Contact Information Email address Phone number Company name Postal or office address Marketing and Communications Data Preferences for receiving marketing Communication preferences Engagement with our emails, events, or outreach Services Information Records relating to services we provide Visitor Information Identity and contact details Visit purpose and host CCTV footage (where applicable) Technical and Usage Data Browser and device data Pages visited and interactions Date/time of visits Cookie preferences Recruitment Information (if applicable) CV, qualifications, and employment history References Right-to-work eligibility Other relevant hiring information Sensitive / Special Category Data Where necessary and permitted by law, we may process limited sensitive data (e.g. health or diversity information) with appropriate safeguards. We may also use aggregated or anonymised data that does not identify individuals.
3. How We Collect Your Data We collect data through: Direct Interactions You may provide data when you: Contact us via our website Subscribe to updates or newsletters Request services Attend events Apply for roles Automated Technologies We use cookies and similar technologies to collect technical and usage data. Third Parties and Public Sources We may receive data from: Publicly available sources Marketing or data providers Social media platforms
4. How We Use Your Personal Data We process your personal data in accordance with applicable laws, including the UK GDPR and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). We use your data to: Manage our relationship with you Provide services and maintain records Communicate with you, including marketing (where permitted) Invite you to events Respond to enquiries Improve our website and services Ensure security and compliance Support recruitment processes Legal Bases for Processing (UK & Canada) We rely on: Your consent Performance of a contract Legitimate business interests Compliance with legal obligations You may withdraw consent at any time where processing is based on consent.
5. Disclosure of Your Personal Data We may share your personal data with: Service providers (e.g. hosting, analytics, CRM systems) Professional advisors Affiliates or related entities Regulators or authorities where required by law Potential buyers or partners in the event of a business transaction All third parties are required to protect your data and only use it for specified purposes.
6. International Data Transfers Your personal data may be transferred to and processed in countries outside your jurisdiction, including the UK and Canada. Where required, we implement safeguards such as: Standard contractual clauses Equivalent legal protection mechanisms By using our services, you acknowledge such transfers where permitted by law.
7. Data Security We implement appropriate technical and organisational measures to protect your personal data against unauthorized access, loss, misuse, or disclosure. Access to personal data is restricted to individuals who require it for legitimate business purposes and are subject to confidentiality obligations. We maintain procedures for responding to suspected data breaches and will notify affected individuals and regulators where legally required.
8. Data Retention We retain personal data only as long as necessary for the purposes it was collected, including legal, regulatory, tax, or reporting obligations. Retention periods are determined based on: The nature and sensitivity of the data Legal requirements Business needs Recruitment data is retained only as long as reasonably necessary.
9. Your Legal Rights Depending on your location, you have rights under data protection laws, including: Your rights may include: Access to your personal data Correction of inaccurate data Deletion of your data Objection to processing Restriction of processing Data portability Withdrawal of consent To exercise your rights, please contact us.
10. Cookies We use cookies to distinguish users and improve website performance. Types of cookies we use: Strictly necessary cookies – essential for website operation Performance cookies – help analyze usage Targeting cookies – used for marketing and personalization Functionality cookies – remember preferences You can manage cookies through your browser settings.
11. Historical Data Use We may occasionally use limited datasets, including publicly available information, to test and improve our products and services. Such data is handled responsibly and retained only as necessary.
12. Contact and Complaints If you have questions or wish to exercise your rights, contact: Gorp Labs Email: legal@gorplabs.com Address: 151 Charles St W, Kitchener, ON N2G 1H6, Canada Regulatory Authorities If you are in the UK, you may contact: Information Commissioner Office (ICO) If you are in Canada, you may contact: Office of the Privacy Commissioner of Canada (OPC) You also have the right to contact your local provincial privacy regulator in Canada where applicable.
13. Glossary Legal Bases Consent: You have given permission Contract: Processing is necessary to fulfill an agreement Legal obligation: Required by law Legitimate interests: Necessary for our business, balanced against your rights