Privacy Policy

---

Cosmina Buiga
Operating under Nextech Software Inc.

Effective Date: January 1, 2025
Last Updated: January 1, 2025

This Privacy Policy describes how Cosmina Buiga , operating under Nextech Software Inc. ("we," "us," or "our"), collects, uses, discloses, and protects your personal information when you use our website, services, or interact with us in any way.

Our Commitment: We are committed to protecting your privacy and handling your personal information in accordance with applicable privacy laws, including:

• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
• United States federal and state privacy laws
• European Union General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)

Data Controller/Privacy Officer:Cosmina Buiga
Operating under Nextech Software Inc.
Toronto, Ontario, Canada

Contact Information:

• Email: communications@nextechsoftware.ca
• Phone: (647) 2955516

For privacy-related inquiries, complaints, or to exercise your rights, please contact us using the information above.

We collect personal information that you voluntarily provide to us, including:

• Full name
• Business title and role
• Company name and industry
• Email address
• Phone number
• Business address
• LinkedIn profile (if provided)

• Company size (revenue and employee count)
• Technology challenges and requirements
• Project details and timelines
• Budget ranges and investment capacity
• Previous consulting experiences

• Email correspondence
• Phone call records and notes
• Meeting recordings (with consent)
• Consultation notes and assessments
• Support ticket information

• IP address and location data
• Browser type and version
• Device information
• Website usage patterns
• Referral sources
• Cookies and tracking data

• Pages visited and time spent
• Click patterns and user behavior
• Search terms used on our site
• Download and form completion data
• Session duration and frequency

• Email open and click rates
• Resource download history
• Webinar attendance records
• Social media engagement
• Lead scoring and qualification data

• Providing consulting services and assessments
• Delivering requested resources and materials
• Scheduling and conducting consultations
• Project management and communication
• Invoice generation and payment processing

• Responding to inquiries and requests
• Sending service-related notifications
• Providing project updates and reports
• Delivering technical support
• Processing feedback and complaints

• Sending newsletters and educational content
• Promoting relevant services and resources
• Conducting market research and surveys
• Analyzing service effectiveness
• Improving our website and offerings

• Consent: For marketing communications and non-essential cookies
• Contract Performance: For service delivery and client communications
• Legitimate Interest: For business development, analytics, and fraud prevention
• Legal Obligation: For tax reporting, record keeping, and compliance

We do not sell, rent, or trade your personal information to third parties for monetary consideration.

We may share your information with trusted third-party service providers who assist us in:

Technology Services:

• Website hosting and maintenance (e.g., AWS, GoDaddy)
• Email marketing platforms (e.g., HubSpot, Mailchimp)
• Customer relationship management (e.g., Salesforce, Apollo)
• Video conferencing services (e.g., Zoom, Microsoft Teams)
• File storage and backup services (e.g., Google Drive, Dropbox)

Professional Services:

• Accounting and tax preparation
• Legal counsel and compliance
• Insurance providers
• Banking and payment processing

Business Partners:

• Subcontractors for specific project work (with client consent)
• Strategic partners for joint service delivery
• Industry associations and professional organizations

We may disclose your information when required by law, including:

• Court orders or legal subpoenas
• Government investigations or regulatory requests
• Protection of our legal rights and property
• Prevention of fraud or illegal activities
• Emergency situations involving personal safety

As a Canadian company serving clients internationally, we may transfer your personal information across borders, including:

• United States (for technology services and business operations)
• European Union (for European clients and service providers)
• Other jurisdictions where our clients or partners operate

• GDPR Adequacy Decisions: We rely on European Commission adequacy decisions where available
• Standard Contractual Clauses: We use approved contractual clauses for transfers to non-adequate countries
• Privacy Shield and Successor Frameworks: We work with US companies that participate in recognized privacy frameworks
• Due Diligence: We assess the privacy practices of all international service providers

• During engagement: Throughout the duration of our business relationship
• Post-engagement: 7 years after project completion (for tax and legal requirements)
• Contract records: 7 years after contract termination

• Email subscribers: Until unsubscribe or 3 years of inactivity
• Website visitors: Analytics data retained for 2 years
• Inactive prospects: 3 years from last interaction

• Financial records: 7 years (Canadian tax requirements)
• Employment records: As required by applicable labor laws
• Legal documents: As required by limitation periods

When retention periods expire, we securely delete or anonymize personal information using industry-standard methods, including:

• Secure overwriting of digital storage
• Physical destruction of paper records
• Anonymization of analytics data
• Verification of deletion completion

• Request information about what personal information we have about you
• Receive a copy of your personal information in our possession
• Learn how your information has been used and disclosed

• Request correction of inaccurate or incomplete information
• Provide updated information for our records
• Challenge the accuracy of information we hold

• Withdraw consent for marketing communications
• Opt out of non-essential data collection
• Request limitation of processing activities

• Right of Access: Detailed information about processing activities
• Right to Rectification: Correction of inaccurate information
• Right to Erasure ("Right to be Forgotten"): Deletion under specific circumstances
• Right to Restrict Processing: Limitation of processing activities
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Rights Related to Automated Decision-Making: Protection from solely automated decisions

• Right to Know: What personal information is collected and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

We comply with applicable state privacy laws, including Virginia's Consumer Data Protection Act (CDPA) and Colorado Privacy Act (CPA).

• Email: communications@nextechsoftware.ca
• Phone: (647) 2955516

To protect your privacy, we may need to verify your identity before fulfilling requests:

• Email verification for simple requests
• Additional documentation for sensitive requests
• Phone verification for urgent matters

• Canadian requests: 30 days (extendable to 60 days if complex)
• EU requests: 1 month (extendable to 3 months if complex)
• US requests: 45 days (extendable to 90 days with notice)

• Session management: Maintain your session during site visits
• Security: Protect against cross-site request forgery
• Accessibility: Remember accessibility preferences
• Load balancing: Distribute traffic across servers

• Google Analytics: Website usage patterns and performance
• Hotjar: User behavior analysis and heatmaps
• Custom analytics: Form completion and conversion tracking

• LinkedIn Insight Tag: Professional audience targeting
• Facebook Pixel: Social media advertising effectiveness
• Email tracking: Newsletter and campaign performance
• Retargeting pixels: Relevant advertising delivery

• Preferences: Remember your communication preferences
• Language settings: Display content in preferred language
• Form data: Save form progress during completion

We use a cookie consent banner that allows you to:

• Accept all cookies
• Reject non-essential cookies
• Customize cookie preferences
• Learn more about each cookie type

• Browser settings: Control cookies through your browser
• Opt-out tools: Use industry opt-out mechanisms
• Privacy settings: Update preferences at any time
• Cookie policy: Detailed information about all cookies used

• Data in transit: TLS 1.3 encryption for all data transmission
• Data at rest: AES-256 encryption for stored data
• Database encryption: Encrypted database storage
• Backup encryption: Encrypted backup and disaster recovery

• Multi-factor authentication: Required for all system access
• Role-based permissions: Least privilege access principles
• Regular access reviews: Quarterly access audits
• Secure authentication: Strong password requirements

• Firewalls: Advanced threat protection
• Intrusion detection: Real-time security monitoring
• Vulnerability scanning: Regular security assessments
• Secure hosting: SOC 2 compliant hosting providers

• Staff training: Regular privacy and security training
• Awareness programs: Ongoing security awareness
• Incident response: Trained incident response team
• Compliance monitoring: Regular compliance assessments

• Due diligence: Security assessments for all vendors
• Contractual protections: Data processing agreements
• Regular audits: Ongoing vendor security reviews
• Incident notification: Vendor breach notification requirements

1. Detection and Assessment: Immediate threat evaluation
2. Containment: Stop ongoing unauthorized access
3. Investigation: Determine scope and cause of breach
4. Notification: Notify authorities and affected individuals
5. Recovery: Restore normal operations
6. Lessons Learned: Improve security based on findings

• Regulatory authorities: Within 72 hours (GDPR), as required by other laws
• Affected individuals: Without undue delay, as legally required
• Clients and partners: As contractually required
• Insurance providers: As required by insurance policies

Our services are not directed to children under 16 years of age (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children.

• Immediately delete the child's personal information
• Notify parents/guardians if contact information is available
• Implement additional safeguards to prevent future collection
• Review and update age verification procedures

Parents and guardians may:

• Request access to their child's information
• Request deletion of their child's information
• Object to processing of their child's information
• Contact us with concerns about child privacy

Our website may contain links to third-party websites, including:

• Industry resources: Professional associations and publications
• Technology vendors: Software and service providers
• Social media platforms: LinkedIn, Twitter, YouTube
• Educational content: Webinars, whitepapers, case studies

• We are not responsible for third-party privacy practices
• We encourage you to review third-party privacy policies
• Third-party data collection is governed by their policies
• We may receive analytics data from third-party platforms

• LinkedIn: Professional networking and content sharing
• Twitter: Industry news and thought leadership
• YouTube: Educational videos and webinars

• Social media interactions are governed by platform privacy policies
• We may receive aggregated analytics data
• Direct messages and comments may be stored
• Social media advertising uses platform targeting

• Double opt-in: Confirmation required for newsletter subscriptions
• Clear consent: Explicit consent for marketing communications
• Purpose specification: Clear explanation of communication types
• Easy unsubscribe: One-click unsubscribe in every email

• Newsletters: Industry insights and company updates
• Educational content: Whitepapers, webinars, and resources
• Service announcements: New services and capabilities
• Event invitations: Workshops, conferences, and networking

• Interest-based: Content relevant to your industry and role
• Behavior-based: Based on website and email interactions
• Preference-based: Frequency and content type preferences
• Geographic: Location-relevant content and events

• Explicit or implied consent for commercial electronic messages
• Clear identification of sender and contact information
• Unsubscribe mechanism in every message
• Consent records maintained for three years

• Truthful header information and subject lines
• Clear identification as advertising when applicable
• Valid physical postal address in every email
• Honor unsubscribe requests within 10 business days

• Prior consent for electronic marketing
• Clear and specific consent requests
• Easy withdrawal of consent
• Respect for Do Not Call registries

In the event of a merger, acquisition, bankruptcy, or sale of all or part of our assets, your personal information may be transferred to the successor entity, subject to the following protections:

• Advance notice: Notification before transfer completion
• Consent requirements: Additional consent if practices change significantly
• Opt-out opportunity: Right to object to transfer in applicable jurisdictions
• Continued protection: Successor bound by this privacy policy

• Privacy assessment: Evaluation of successor's privacy practices
• Contractual protections: Data protection requirements in transfer agreements
• Transition planning: Secure data transfer procedures
• Compliance verification: Ensuring continued regulatory compliance

• Email notification: For material changes affecting your rights
• Website notice: Prominent notice on our website
• Effective date: Clear indication of when changes take effect
• Version history: Previous versions available upon request

• Legal compliance: Updates required by new laws or regulations
• Service changes: Modifications to our services or practices
• Clarifications: Improvements to policy clarity and understanding
• Contact updates: Changes to contact information or procedures

• Review changes: Take time to understand new terms
• Contact us: Ask questions about changes
• Exercise rights: Update preferences or withdraw consent
• Opt out: Choose not to continue using our services

• Website: www.priv.gc.ca
• Phone: 1-800-282-1376
• Email: info@priv.gc.ca

• EU Data Protection Board: edpb.europa.eu
• Local supervisory authorities: Contact information varies by member state

• Federal Trade Commission: www.ftc.gov
• State attorneys general: Contact information varies by state
• California Privacy Protection Agency: cppa.ca.gov

1. Contact our privacy officer: communications@nextechsoftware.ca
2. Provide details: Specific concerns and desired resolution
3. Investigation: We will investigate and respond within 30 days
4. Resolution: We will work with you to resolve the issue

If you're not satisfied with our response, you may file a complaint with:

• Your local privacy authority
• The privacy commissioner in your jurisdiction
• Industry-specific regulators
• Consumer protection agencies

• Right to Know: Categories and specific pieces of personal information
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We don't sell personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

California residents may request information about sharing of personal information with third parties for marketing purposes.

• Data Protection Officer: Available for privacy questions
• Legal basis: Specific legal basis for each processing activity
• Data minimization: We collect only necessary information
• Purpose limitation: Data used only for stated purposes

• Adequacy decisions: Transfers to countries with adequate protection
• Standard contractual clauses: EU-approved transfer mechanisms
• Binding corporate rules: Internal data transfer policies

Nevada residents have the right to opt out of the sale of certain personal information. We do not sell personal information as defined by Nevada law.

Information that identifies, relates to, describes, or could reasonably be linked with a particular individual or household.

Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.

The entity that determines the purposes and means of processing personal data.

The entity that processes personal data on behalf of the controller.

Freely given, specific, informed, and unambiguous indication of agreement to the processing of personal data.

An identified or identifiable natural person whose personal data is processed.

For any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Primary Contact:Cosmina Buiga Consulting
Privacy Officer
Email: communications@nextechsoftware.ca
Phone: (647) 2955516

European Representative (if applicable):[EU Representative Name and Address]

Response Time: We will respond to privacy inquiries within 30 days of receipt.

© 2025 Nextech Software Inc. All rights reserved.

This Privacy Policy was last updated on January 1, 2025. Please check this page periodically for updates.

What We Collect: Contact information, professional details, and website usage data
How We Use It: Service delivery, communications, and business improvement
Who We Share With: Service providers only, never sold to third parties
Your Rights: Access, correction, deletion, and communication preferences
Contact: communications@nextechsoftware.ca for all privacy questions

This summary is for convenience only. Please read the full policy above for complete details.