Privacy Policy

Eventara Automations Ltd. ("Eventara", "we", "us") is responsible for the personal information under our control. In accordance with PIPEDA's Accountability Principle (Schedule 1, Clause 4.1) and Alberta's Personal Information Protection Act (Section 5(3)), we have designated a privacy contact person who is accountable for our compliance with applicable privacy legislation.

For all privacy-related inquiries, access requests, complaints, or concerns:

We will acknowledge receipt of any privacy inquiry within 10 business days and provide a substantive response within 30 days. If additional time is required, we will explain why and provide a revised timeline.

We limit collection to what is necessary for identified purposes, as required by PIPEDA Principle 4.4 (Limiting Collection) and PIPA Section 11. Below is a complete account of the personal information we collect, with corresponding purposes.

Website Analytics (Implied Consent)

We use Google Analytics 4 to understand how visitors use our website. GA4 collects: cookie identifiers, pages visited, session duration, browser and device type, screen resolution, approximate geographic location (city-level), and referral source. GA4 does not store full IP addresses. This data cannot be used to personally identify you and is collected under implied consent, consistent with the OPC's "Guidelines on Privacy and Online Behavioural Advertising" (2011, updated 2015). The purpose of this collection is to improve our website and understand visitor behaviour in aggregate.

Telephone Interactions (Implied Consent)

When you call us or interact with our AI-powered receptionist, your phone number is captured through standard caller ID. This constitutes collection of personal information under PIPEDA. The sole purpose is to return your call or follow up on your inquiry. We consider implied consent sufficient for this purpose, as callers generally expect their number to be transmitted when contacting a business.

Information You Provide Voluntarily (Express Consent)

If you contact us by email or through our website, you may voluntarily provide your name, email address, phone number, business name, or other details. By initiating that communication, you consent to our use of this information for the purpose of responding to your inquiry and, if applicable, providing the services you have requested.

What We Do NOT Collect

We do not collect sensitive personal information such as health data, financial information, biometric data, or government-issued identification numbers. We do not engage in behavioural advertising, retargeting, or profiling. We do not purchase or acquire personal information from third-party data brokers.

Under PIPEDA Section 6.1, consent is only valid if a reasonable person would understand the nature, purpose, and consequences of the collection, use, or disclosure. We rely on the following forms of consent:

Implied consent is used for website analytics (Google Analytics) and caller ID collection, where the purposes are obvious and the information collected is not sensitive. You may withdraw implied consent at any time by: installing the Google Analytics Opt-out Browser Add-on, adjusting your browser's cookie settings, or blocking your caller ID before calling.

Express consent is obtained when you voluntarily provide personal information by contacting us directly. If we ever need to use your information for a purpose beyond what you originally provided it for, we will contact you to obtain fresh consent before doing so, as required by PIPEDA Principle 4.2.4.

Withdrawal of consent. You may withdraw your consent at any time by contacting us at Contact@Eventara.ca. Withdrawal of consent may limit our ability to provide certain services to you, and we will explain those consequences at the time of your request, as required by PIPA Section 9(4). Withdrawal does not have retroactive effect.

Eventara develops and operates AI-powered receptionist systems. When you interact with our AI receptionist:

Disclosure. Our AI receptionist will identify itself as an AI-powered system at the start of every interaction. This aligns with the OPC's "Principles for responsible, trustworthy and privacy-protective generative AI technologies" (December 2023), which require organizations to inform individuals when they are interacting with AI and to identify system outputs created by AI tools.

Data handling. Our AI receptionist processes your spoken input in real-time to respond to your inquiry. As of the effective date of this policy, we do not store conversation transcripts, voice recordings, or conversation logs from AI receptionist interactions beyond what is necessary to complete the immediate interaction.

Caller ID only. The only personal information retained from an AI receptionist call is your phone number, captured via standard caller ID for the sole purpose of returning your call.

Changes to AI data practices. If we introduce features that involve storing conversation logs, voice recordings, or analyzing interaction patterns, we will: update this policy before implementation, provide clear notice describing the new data practices, and obtain appropriate consent. We will not use AI receptionist data for purposes unrelated to your inquiry without your express consent.

No automated decisions with significant impact. Our AI receptionist is a communication tool. It does not make decisions about you that produce legal effects or similarly significant consequences. If this changes in the future, we will provide notice and the right to contest such decisions, consistent with the direction of anticipated Canadian privacy legislation.

Our website uses cookies placed by Google Analytics 4 to measure website traffic and usage patterns. These include both first-party cookies (set by eventara.ca) and third-party cookies (set by Google).

What these cookies do: They assign a random identifier to your browser session to distinguish unique visitors, track which pages you visit, and measure how long you spend on the site. They do not contain your name, email, or any directly identifying information.

Legal basis: Under Canada's Anti-Spam Legislation (CASL), Section 10(8), a person is deemed to have consented to the installation of cookies if their browser settings permit it. We rely on this deemed consent for analytics cookies. This is consistent with the OPC's position that implied opt-out consent is acceptable for non-sensitive online tracking when purposes are clearly communicated and an easy opt-out is available.

How to opt out: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, blocking cookies in your browser settings (which will prevent deemed consent under CASL Section 10(8)), or using your browser's private/incognito mode.

We do not use cookies for advertising, retargeting, cross-device tracking, or any purpose beyond understanding aggregate website usage. Google Signals is disabled in our analytics configuration. If we introduce additional tracking technologies in the future, we will update this policy and implement appropriate consent mechanisms before activation.

We use third-party service providers to help operate our business. Under PIPEDA Principle 4.1.3, we remain accountable for personal information transferred to these providers and use contractual means to ensure a comparable level of protection.

Current third-party service providers:

Google Analytics 4 (Google LLC, United States). Processes anonymized website usage data. We have accepted Google's Analytics Data Processing Terms, which establish contractual data protection obligations. Google's privacy policy is available at policies.google.com/privacy. Data retention is set to 14 months.

Disclosure of foreign processing (PIPA Section 13.1):

As required by Alberta's PIPA, we advise that personal information collected through Google Analytics may be processed and stored on servers located in the United States. While in a foreign jurisdiction, your information may be accessible to courts, law enforcement, or national security authorities of that country under its laws.

Future service providers:

As our business grows, we may adopt additional tools such as customer relationship management (CRM) platforms, email communication services, scheduling software, or payment processors. Before any new service provider begins processing personal information:

We will update this privacy policy to identify the provider and its purpose. We will ensure the provider offers a comparable level of protection through contractual or other means (PIPEDA Principle 4.1.3). We will provide notice and obtain consent where required. We will disclose any new foreign jurisdictions where data may be processed.

We will never sell, rent, or trade your personal information to any third party.

We do not sell, rent, or trade your personal information under any circumstances.

We may disclose your personal information without your consent only in the limited circumstances permitted by PIPEDA Section 7(3) and PIPA Sections 20 and 22:

Legal requirements. Where required by law, regulation, court order, or a lawful demand by a government institution with authority to compel production.

Threat to safety. Where necessary to protect the life, health, or security of an individual, and obtaining consent would compromise the ability to protect them.

Business transfers. In connection with a prospective or completed merger, acquisition, or sale of all or a portion of our assets. In such cases, the receiving organization would be bound by this policy or one that provides at least equivalent protection, and we will provide notice of the transfer.

Service providers. To third-party processors acting on our behalf under contractual obligations, as described in the "Third-Party Service Providers" section above.

With your consent. Where you have provided express consent for a specific disclosure.

In all cases, we disclose only the minimum information necessary for the identified purpose.

We retain personal information only for as long as necessary to fulfill the purpose for which it was collected, or as required by law. This is consistent with PIPEDA Principle 4.5 and the OPC's "Personal Information Retention and Disposal: Principles and Best Practices" (June 2014).

Analytics data is retained within Google Analytics for 14 months, after which it is automatically deleted by Google.

Contact information from phone calls, emails, or other communications is retained only as long as necessary to complete the inquiry and any resulting service engagement. Once the business purpose is fulfilled and no legal obligation requires further retention, the information is securely deleted.

Client engagement records are retained for the duration of the engagement plus a reasonable period for warranty, support, or legal compliance needs.

When personal information is no longer needed, it is destroyed, erased, or anonymized using methods appropriate to the sensitivity of the information, as required by PIPEDA Principle 4.5.3. Electronic records are permanently deleted. We do not simply archive personal information indefinitely.

We protect personal information with security safeguards appropriate to the sensitivity of the information, as required by PIPEDA Principle 4.7 and PIPA Section 34.

Our safeguards include: encrypted connections (HTTPS/TLS) across our website and services, access controls that limit personal information access to team members who require it for their duties, use of reputable and industry-standard third-party service providers with contractual data protection obligations, and regular review of our data handling practices.

No method of electronic transmission or storage is completely secure. If a breach of security safeguards occurs that creates a real risk of significant harm to any individual, we will comply with our obligations under PIPEDA's Breach of Security Safeguards Regulations (SOR/2018-64) and PIPA Section 34.1 by: reporting the breach to the Office of the Privacy Commissioner of Canada and/or the Alberta OIPC as applicable, notifying affected individuals as soon as feasible, and maintaining a record of the breach for at least 24 months as required by SOR/2018-64 Section 6.

Under PIPEDA and Alberta's PIPA, you have the following rights with respect to your personal information:

Right to access. You may request access to any personal information we hold about you. We will respond within 30 days under PIPEDA (Principle 4.9) or 45 days under PIPA (Section 28(1)).

Right to correction. You may request correction of any personal information that is inaccurate or incomplete. If we disagree with the correction, we will annotate the information with your requested correction.

Right to withdraw consent. You may withdraw consent for the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. We will inform you of the consequences of withdrawal.

Right to deletion. You may request that we delete your personal information where it is no longer necessary for the purpose it was collected. We will comply unless retention is required by law.

Right to information. You may request information about our privacy practices, including the types of personal information we hold, how it is used, and to whom it has been disclosed.

Right to complain. If you are not satisfied with our response to a privacy concern, you may file a complaint with:

We will never deny you service or treat you differently for exercising your privacy rights.

Our website and services are directed at businesses and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

Consistent with the OPC's position and the direction of anticipated federal privacy legislation (the proposed CPPA would have deemed all minors' personal information as sensitive), we treat any personal information identified as belonging to a minor with the highest standard of protection.

If you believe we have inadvertently collected personal information from a child, please contact us immediately at Contact@Eventara.ca and we will take prompt steps to delete the information.

We may update this policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

When we make changes, we will revise the effective date at the top of this page. For changes that materially expand how your personal information is collected, used, or disclosed, we will make reasonable efforts to provide notice (such as a prominent notice on our website) and obtain your consent where required by law.

Canadian federal privacy legislation is currently expected to undergo significant reform. We are monitoring developments and will update this policy as needed to maintain compliance with any new requirements.

We encourage you to review this page periodically. Your continued use of our website and services after changes are posted constitutes your acknowledgment of the updated policy, except where express consent is required for the specific change.