GDPR Compliance

Riconorich Solutions is committed to protecting the personal data of all individuals, including residents of the European Union (EU) and European Economic Area (EEA). This page outlines how we comply with the General Data Protection Regulation (GDPR) when processing personal data of EU/EEA residents.

Data Controller Information

For the purposes of GDPR, the data controller is:

Riconorich Solutions
250 University Avenue, Suite 400
Toronto, Ontario M5H 3E5
Canada
Email: [email protected]

Legal Basis for Processing

We process personal data of EU/EEA residents only when we have a valid legal basis, including:

Consent

Where you have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications or submitting contact forms.

Contract Performance

Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract, such as providing our accounting services.

Legal Obligation

Processing necessary for compliance with legal obligations to which we are subject, including tax law compliance and professional accounting standards.

Legitimate Interests

Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This includes improving our services, ensuring website security, and fraud prevention.

Your Rights Under GDPR

If you are an EU/EEA resident, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you, along with information about how we process it.

Right to Rectification

You have the right to request correction of inaccurate personal data and to have incomplete data completed.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have challenged.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect you.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.

Please note that certain rights may be limited by applicable laws or our legitimate business interests. We will inform you if any limitations apply to your request.

International Data Transfers

As a Canadian company, your personal data may be transferred to and processed in Canada. Canada has been granted an adequacy decision by the European Commission, meaning that personal data can flow from the EU to Canada without requiring additional safeguards.

If we transfer data to other countries that have not received an adequacy decision, we will implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. For accounting records, we typically retain documentation for seven years from the relevant tax year to comply with Canadian tax law requirements.

When data is no longer needed, it is securely deleted or anonymized.

Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Access controls and authentication requirements
• Regular security assessments and penetration testing
• Employee training on data protection practices
• Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly unless communication would involve disproportionate effort.

Supervisory Authority

If you are an EU/EEA resident and believe that we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Updates to This Page

We may update this GDPR compliance information from time to time. Any changes will be posted on this page with an updated date.

Contact Us

For GDPR-related inquiries, please contact:

Data Protection Contact
Riconorich Solutions
Email: [email protected]