Skip to content
GaleiraGALEIRA
लॉग इनशुरू करें

Canada addendum (PIPEDA + Quebec Law 25)

Last updated: May 25, 2026

This addendum supplements our baseline Privacy Policy for users in Canada under the federal Personal Information Protection and Electronic Documents Act (PIPEDA), and provincial statutes where they apply (Quebec Law 25 / Act respecting the protection of personal information in the private sector; Alberta PIPA; British Columbia PIPA).

1. Ten Fair Information Principles (PIPEDA Schedule 1)

We are accountable, identify purposes, obtain consent, limit collection, limit use and disclosure, keep accurate data, safeguard it, are open, give individuals access, and provide a complaints route. Specifics for each principle live in our baseline Privacy Policy.

2. Your rights

  • Access to the personal information we hold about you and an account of how it has been used and to whom it has been disclosed.
  • Correction of inaccurate information.
  • Withdraw consent at any time, subject to legal or contractual restrictions, with reasonable notice.
  • Quebec Law 25 only: right of data portability, right to ask for de-indexing / cessation of dissemination, and rights regarding automated decision-making with human-review on request.

3. Consent

Express consent for sensitive information (including biometric / face vectors) and any uses beyond the original purpose. Implied consent for obvious uses (delivering the gallery you signed up for). Withdraw via the cookie banner or by emailing [email protected].

4. Quebec Law 25 specifics

  • Privacy Officer responsible for Galeira's compliance with Quebec Law 25: [email protected] (subject "Law 25 RPP").
  • We notify the Commission d'accès à l'information du Québec (CAI) of confidentiality incidents creating a risk of serious injury, and notify affected individuals.
  • We conduct Privacy Impact Assessments before any technology project involving Quebec personal information.
  • Cross-border transfer assessments cover destinations outside Quebec.

5. Cross-border transfers

Data is primarily processed in the EU. Where processors are outside Canada (Stripe, Sentry, Twilio in the US; AWS / Hetzner in the EU), we use contractual safeguards and disclose this in our processor table. PIPEDA permits transfers with comparable protection; Quebec Law 25 requires a documented assessment of foreign jurisdictions, which we maintain.

6. Complaints

Contact us first at [email protected]. If unresolved you may complain to the Office of the Privacy Commissioner of Canada at priv.gc.ca, or to your provincial commissioner (CAI for Quebec, OIPC for BC / Alberta).