Vidura Insights Inc. – Privacy & Data Protection Policy

Effective Date: Nov 18, 2025

Version 1.1 – Reviewed November 2025

Vidura Insights Inc. (“Vidura Insights”, “we”, “our”, or “us”) is committed to protecting the privacy, confidentiality, and security of all personal information entrusted to us. This policy outlines how we collect, use, disclose, and protect personal information in accordance with applicable privacy and data protection laws in Canada and the United States.

1. Commitment to Privacy and Compliance

Vidura Insights complies with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and any substantially similar provincial legislation, including Alberta’s PIPA, British Columbia’s PIPA, and Quebec’s Law 25, as applicable.

In the United States, we comply with relevant federal and state privacy laws as well as applicable Federal Trade Commission (FTC) principles on fair information practices.

We collect, use, and disclose personal information only for legitimate business purposes and in accordance with these laws.

2. Definition of Personal Information

“Personal information” means information about an identifiable individual. This may include, but is not limited to, a person’s name, business or personal contact details, title, email address, phone number, billing or financial details, or other identifying data collected in connection with our services.

Business contact information used solely to communicate in a professional context may be excluded where permitted by law.

3. Collection and Use of Personal Information

We collect personal information directly from individuals or organizations for the following purposes:

To provide consulting, advisory, and strategic services to clients;

To communicate about engagements, proposals, and deliverables;

To manage client accounts, billing, and payments;

To comply with applicable legal or regulatory obligations; and

To maintain business relationships and provide relevant updates or insights.

We will not collect, use, or disclose personal information beyond what is necessary for these purposes without the individual’s knowledge or consent, unless required or authorized by law.

4. Consent

We obtain consent, either express or implied, before collecting, using, or disclosing personal information, except where otherwise permitted by law.

Consent may be withdrawn at any time, subject to legal or contractual restrictions and reasonable notice.

5. Cross-Border Data Handling

Vidura Insights operates in Canada and the United States. Accordingly, personal information may be transferred or stored in either country.

When we transfer personal information across borders, we ensure that equivalent contractual, organizational, and technical safeguards are in place to maintain a level of protection comparable to Canadian and U.S. standards.

6. Disclosure of Personal Information

We do not sell, rent, or trade personal information. We may disclose information to:

Authorized employees, contractors, or advisors who require access for legitimate business purposes;

Service providers or partners who assist us in delivering services (subject to confidentiality agreements and safeguards); and

Regulatory or law enforcement authorities, when required by law.

All third parties with whom we share data are required to protect it consistent with this policy and applicable legislation.

7. Accuracy and Retention

We strive to ensure personal information is accurate, complete, and up to date. Information is retained only as long as necessary to fulfill the identified purposes or to meet legal and contractual requirements. When no longer required, personal information is securely deleted or anonymized.

8. Safeguards

We use administrative, technical, and physical safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, or modification.

These measures include data encryption, access controls, multi-factor authentication, and secure cloud environments.

9. Access, Correction, and Individual Rights

Individuals have the right to request access to their personal information and to request corrections if inaccuracies are found.

Requests should be directed to our Privacy Contact (listed below). We will respond within 30 days, as required by PIPEDA and other applicable laws.

Where applicable under U.S. law (e.g., California or other state legislation), individuals may also request that we delete their personal data or provide details on the categories of information we hold.

10. Data Breach Notification

In the event of a breach involving personal information, Vidura Insights will notify affected individuals and regulators as required under applicable privacy laws in Canada and the United States. We will take immediate corrective and mitigation measures to protect data and prevent recurrence.

11. Openness and Accountability

Vidura Insights is responsible for personal information under its control.

This policy is available on request and on our website. We will review and update it periodically to reflect changes in laws or practices.

12. Questions, Concerns, and Complaints

Individuals with questions or concerns about this policy or our data practices may contact us at:

Privacy Officer

Vidura Insights Inc.

📧 info@vidurainsights.com

🌐 www.vidurainsights.com

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or your applicable provincial authority.

13. Updates to this Policy

This Privacy & Data Protection Policy may be updated periodically to reflect legal, operational, or regulatory changes. The latest version will always be available on our website, and the effective date and version number will be updated accordingly.

Version Control

Version 1.1 – Reviewed November 2025