Orbit Accountants Privacy Policy

 

Last updated: September, 2025
Who we are: Orbit Accountants (“Orbit,” “we,” “us,” “our”)
Applies to: Our Canadian website at orbitaccountants.ca (the Site) and our Canadian services (the Services), for clients and visitors outside the Province of Quebec.

1. Scope & exclusions

  • This Policy applies to personal information handled by Orbit in Canada other than Quebec. We do not target or intend to collect personal information from individuals located in Quebec via the Site. If you are in Quebec, please contact us for assistance.
  • This Policy does not cover third-party websites, services, or tools that are linked from our Site.

2. Key definitions

  • See Appendix A for capitalized terms such as “Personal Information,” “Breach,” “Service Provider,” “Client Records,” “Processing,” and “RROSH (real risk of significant harm).”

3. What we collect

We collect only what we reasonably require providing and improve the Services and operate the Site:

  • Identification & contact: name, role/title, business email, business phone, company, mailing address.
  • Engagement & Client Records: documents and data you or your authorized users provide to deliver Services (e.g., bookkeeping source data, payroll inputs, tax compliance artifacts), our working notes, and communications.
  • Billing & payment: payer name, billing address, limited payment information processed through our payment processor.
  • Technical/usage (Site): page views, timestamps, device/browser, general geolocation at time of request, referrer, and similar telemetry. See Cookie & Tracking Policy.

4. Sources of collection

  • Directly from you and your authorized representatives;
  • From Service Providers used to deliver the Services (e.g., secure document exchange, communications, ticketing, accounting back-office by nature only; we do not list brands);
  • From lawful public sources, where permitted.

5. Purposes of collection and use

We collect and use Personal Information for the following purposes:

  • Deliver Services: to perform, administer, and improve our Services, and to fulfill our agreements with you.
  • Operate the Site: to maintain, secure, and improve the Site and user experience.
  • Communications: to send service and administrative notices; and, where permitted by CASL, marketing communications with an unsubscribe in every message.
  • Legal & compliance: to meet professional/recordkeeping obligations, detect and prevent fraud, and handle disputes or legal claims.
  • Analytics & quality: to understand Site usage (see Cookie & Tracking Policy) and to produce de-identified or aggregated reports.

6. Consent under Canadian law

  • We rely on your consent and on reasonable purposes recognized by PIPEDA. Consent may be express or implied depending on context.
  • You may withdraw consent at any time, subject to legal/contractual limits and reasonable notice. Some Services cannot be provided without certain information.

7. CASL compliance (commercial electronic messages)

  • We send commercial electronic messages only with valid express or time-limited implied consent and include sender identification and a working unsubscribe.
  • You can unsubscribe or change preferences at any time via message links or by contacting us.

8. Disclosures to Service Providers and other recipients

  • We use vetted Service Providers to host, process, and support the Services. They may access Personal Information only to perform contracted services and must protect it appropriately.
  • We do not sell Personal Information.
  • We may disclose where required by law, to protect our rights or users, or in connection with business transactions (subject to confidentiality and applicable law).

9. Storage location & transfers

  • Client Records under our control are stored in Canada.
  • Certain operational telemetry (e.g., website analytics) may be processed outside Canada (see Cookie & Tracking Policy). We implement safeguards appropriate to the nature of the data and service.

10. Safeguards

We maintain administrative, physical, and technical safeguards appropriate to sensitivity and risk, including access controls, encryption in transit and at rest where supported, logging/auditing, workforce confidentiality undertakings, and incident response procedures. See Appendix C for our high-level Security Overview.

11. Retention

  • We retain Client Records for periods required by professional and legal obligations, then securely delete or de-identify.
  • Site analytics follow the tool-level retention configurations.
  • See Appendix B for an illustrative retention table.

12. Individual rights (access, correction, withdrawal)

You may request access to or correction of your Personal Information. You may also withdraw consent (subject to limits noted above). To exercise rights, contact our Privacy Officer.

13. Breach notification & records

If a Breach creates a real risk of significant harm (RROSH), we will notify affected individuals and the Office of the Privacy Commissioner of Canada (OPC), and we keep records of all Breaches as required by law. See Appendix D for incident timelines.

14. Children

Our Site/Services are not directed to children under 13. We do not knowingly collect their data.

15. Changes

We may update this Policy. The “Last updated” date will change and material updates will be highlighted on the Site.

16 How to contact us

Privacy Officer: Malay Matalia
Email: info@orbitaccountants.ca
Mailing address: 361, 150 King St West, Toronto, ON M5H 1J9