PRIVACY

1. Scope

This Privacy Policy applies to personal information collected through:

* the CMDR website;

* contact and inquiry forms;

* email, telephone, or other direct communications;

* consultation, assessment, and business-development discussions;

* other interactions where this Privacy Policy is referenced.

This policy does not apply to information handled solely on behalf of a client under a separate agreement, statement of work, confidentiality agreement, or data-processing arrangement. Those terms will govern where applicable.

2. Personal Information We May Collect

Depending on how you interact with CMDR, we may collect:

Information you provide directly

* your name;

* business email address;

* telephone number;

* job title and organization;

* information included in an inquiry or message;

* information supplied during discovery, consultation, or assessment discussions;

* correspondence and records of our communications;

* any other information you choose to provide.

Please do not submit confidential, sensitive, regulated, or security-critical information through a general website form unless CMDR has specifically requested it and an appropriate secure method has been established.

Information collected automatically

When you visit the website, CMDR or its service providers may collect limited technical information, such as:

* Internet Protocol address;

* browser and device type;

* operating system;

* referring page;

* pages viewed;

* date and time of access;

* general location derived from an IP address;

* diagnostic, performance, and security information.

This information is used to operate, secure, maintain, and understand the performance of the website.

3. How We Use Personal Information

CMDR may use personal information to:

* respond to inquiries and communications;

* determine whether CMDR services may be relevant to your organization;

* arrange consultations or meetings;

* prepare proposals, assessments, recommendations, or agreements;

* provide requested services;

* manage client and prospective-client relationships;

* maintain business, administrative, and legal records;

* improve the website and service experience;

* protect the security, integrity, and availability of our systems;

* detect, prevent, or investigate misuse, fraud, security incidents, or unlawful activity;

* comply with legal, regulatory, insurance, accounting, and contractual obligations;

* establish, exercise, or defend legal rights.

CMDR will not use personal information for a materially different purpose without obtaining consent where consent is required.

4. Consent

By voluntarily providing personal information to CMDR, you consent to its collection, use, and disclosure for the purposes identified in this policy or otherwise explained at the time of collection.

You may withdraw consent, subject to legal, contractual, and reasonable notice requirements. Withdrawal of consent may limit CMDR’s ability to respond to an inquiry or provide a requested service.

5. Limiting Collection

CMDR seeks to collect only the personal information reasonably necessary for legitimate business, service-delivery, security, and legal purposes.

We do not intentionally collect more information than is required for the relevant interaction.

6. Disclosure of Personal Information

CMDR does not sell, rent, or trade personal information.

We may disclose personal information only where reasonably necessary to:

* service providers supporting website hosting, communications, document management, scheduling, security, analytics, or business operations;

* professional advisers such as lawyers, accountants, insurers, or auditors;

* contractors or specialists involved in delivering an authorized service;

* comply with a subpoena, court order, regulatory requirement, or applicable law;

* investigate or respond to fraud, misuse, security incidents, or threats;

* protect the rights, property, safety, or legitimate interests of CMDR, its clients, or others;

* complete a corporate transaction such as a merger, financing, reorganization, or sale, subject to appropriate confidentiality protections.

Service providers are authorized to handle personal information only for the purposes for which they have been engaged and are expected to apply appropriate safeguards.

7. Service Providers Outside Canada

CMDR uses technology and service providers that may collect, process, transfer, or store personal information outside Canada.

Personal information may be processed or stored in jurisdictions including:

* the United States;

* Ireland;

* the Netherlands.

Information processed outside Canada may be subject to the laws of the jurisdiction where it is handled and may be accessible to courts, law-enforcement agencies, regulators, or national-security authorities under those laws.

CMDR remains responsible for personal information under its control and takes reasonable measures to select and manage service providers appropriately.

Questions regarding foreign service-provider processing may be directed to the CMDR Privacy Officer using the contact information below.

8. Cookies and Similar Technologies

The website and its hosting providers may use cookies, server logs, and similar technologies that are necessary to:

* operate and secure the website;

* maintain functionality;

* prevent abuse;

* measure basic performance;

* understand general website usage.

CMDR does not currently use the website for behavioural advertising or the sale of visitor information.

You may control or delete cookies using your browser settings. Disabling some cookies may affect website functionality.

If CMDR later introduces non-essential analytics, advertising technologies, user accounts, or additional tracking tools, this policy and any required consent controls will be updated.

9. Marketing Communications

CMDR will not add you to a marketing mailing list merely because you submitted an inquiry.

Where you expressly request or consent to receive marketing or informational communications, you may unsubscribe at any time by using the unsubscribe mechanism provided or by contacting CMDR.

CMDR may still send non-marketing communications relating to an active inquiry, agreement, service, transaction, security issue, or legal obligation.

10. Security

CMDR uses reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the personal information under its control.

These safeguards may include:

* access controls;

* multifactor authentication;

* secure cloud services;

* device and account security;

* limited internal access;

* confidentiality obligations;

* secure disposal practices;

* monitoring and incident-response procedures.

No website, transmission method, or storage system can be guaranteed to be completely secure. CMDR therefore cannot guarantee absolute security.

11. Retention and Destruction

CMDR retains personal information only for as long as reasonably necessary to:

* respond to an inquiry;

* provide services;

* maintain appropriate business and client records;

* satisfy legal, tax, insurance, regulatory, or contractual obligations;

* resolve disputes;

* enforce agreements;

* protect legitimate business interests.

When personal information is no longer reasonably required, CMDR will securely delete, destroy, or de-identify it, subject to lawful retention requirements and technical limitations associated with backup systems.

12. Accuracy

CMDR takes reasonable steps to keep personal information accurate and complete where it is used to make decisions or provide services.

You may request correction of personal information that you believe is inaccurate or incomplete.

13. Access and Correction Requests

Subject to applicable law, you may request:

* confirmation of whether CMDR holds personal information about you;

* access to that information;

* information about how it has been used or disclosed;

* correction of inaccurate or incomplete information.

Requests must be made in writing to the Privacy Officer.

CMDR may need to verify your identity before responding. Access may be limited where required or permitted by law, including where disclosure would reveal confidential commercial information, personal information about another individual, or legally privileged information.

CMDR will respond within the time required by applicable law.

14. Privacy Complaints

Questions, concerns, complaints, access requests, and correction requests should first be directed to the CMDR Privacy Officer.

CMDR will review privacy concerns in a fair and timely manner and take appropriate corrective action where warranted.

You may also have the right to contact the Office of the Information and Privacy Commissioner of Alberta or the Office of the Privacy Commissioner of Canada.

15. Third-Party Websites

The CMDR website may link to third-party websites, platforms, or services.

CMDR is not responsible for the privacy, security, content, or practices of third parties. Review the applicable third-party privacy policy before providing personal information.

16. Children

The CMDR website and services are intended for business and professional audiences and are not directed to children.

CMDR does not knowingly collect personal information from children through the website.

17. Changes to This Policy

CMDR may update this Privacy Policy periodically to reflect changes in law, technology, services, vendors, or business practices.

The current version will be posted on the website with a revised “Last updated” date.

Material changes may be communicated through an additional notice where appropriate.

18. Contact and Privacy Officer

The individual holding the position of Privacy Officer is responsible for CMDR’s compliance with applicable privacy requirements.

**Privacy Officer**

CMDR Data Systems & Semantics Inc.

Edmonton, Alberta, Canada

Email: kalvin@cmdrdata.com