Skip to content
Onward SecurityOnward Security logo

Privacy Policy

Our privacy policy explains how we handle personal information collected through our website, contact forms, and marketing communications. It is written to reflect our obligations under BC's Personal Information Protection Act (PIPA) and applicable federal requirements.

Effective: August 9, 2025

Who We Are

Onward Security Ltd.
Victoria, BC

What This Policy Covers

This policy explains how we collect, use, disclose, and safeguard personal information obtained through our digital channels. It complements, and does not replace, any confidentiality or data-handling terms in our service contracts. For provincial guidance, see the Office of the Information and Privacy Commissioner for BC.

Information We Collect

Personal Information You Provide

  • Contact details: name, email address, phone number, company name, and messages submitted through our forms.
  • Quote requests: event or site information, dates, locations, staffing requirements, and service specifications.
  • Communication records: correspondence related to inquiries, quotes, or services.

Technical Information

  • Website usage: IP address, pages viewed, session duration, referral sources, device type, and browser details.
  • Cookies and analytics: data that helps us improve performance, reliability, and user experience.

We collect only what is needed for legitimate business purposes and by fair means (for example, your form submission or standard web browsing).

How We Use Your Information

Primary Uses

  • Responding to inquiries and preparing quotes.
  • Delivering and managing security services.
  • Processing payments and maintaining records.
  • Complying with legal and regulatory requirements.

Secondary Uses

  • Website security and fraud prevention.
  • Analytics and service improvement.
  • Marketing communications where consent is provided.
  • Business development and service enhancement.

Legal Basis and Consent

We identify purposes and obtain consent before collecting, using, or disclosing personal information, unless an exemption applies. Consent may be express (for example, submitting a form) or implied (providing information for an obvious purpose).

  • You may withdraw consent at any time; withdrawal applies moving forward.
  • Some services may be unavailable without necessary information.
  • Legal requirements may oblige us to retain certain data.

Cookies and Website Analytics

We use cookies and similar technologies to operate the site, maintain security, measure performance, and improve usability.

  • Essential: site operation, security, and form functionality (session or up to one year).
  • Analytics: traffic analysis, page performance, and user experience (up to two years).
  • Functional: preferences that improve usability (up to one year).

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality. We provide meaningful notice and respect choices for analytics and similar technologies.

Information Sharing and Service Providers

We work with trusted service providers who may access personal information only to deliver contracted services on our behalf.

Technology Services

  • Website hosting and maintenance.
  • Email delivery and marketing platforms.
  • Analytics, performance monitoring, and security.
  • Backup and disaster recovery.

Business Services

  • Payment processing and accounting.
  • Legal, insurance, and risk management.
  • Government and regulatory compliance support.

Some providers may be located outside Canada. We use contractual safeguards and due diligence to ensure equivalent protection of personal information.

Data Retention and Disposal

  • Active client records: kept for the duration of the business relationship plus seven years for legal and audit purposes.
  • Quotes and inquiries: retained for three years to maintain service history and follow up appropriately.
  • Analytics and technical data: anonymized for improvement; identifiable data is removed within twenty-six months.
  • Marketing communications: consent records and communication history are maintained until withdrawal plus three years for CASL compliance.

When retention periods expire, we securely delete or anonymize personal information to prevent unauthorized recovery.

Security Measures

Technical Safeguards

  • SSL/TLS encryption and secure hosting infrastructure.
  • Regular security updates, monitoring, and firewalls.
  • Data backups and resilience planning.

Access and Operational Controls

  • Role-based access and need-to-know handling.
  • Staff training on privacy and security practices.
  • Vendor due diligence and periodic reviews.
  • Incident response procedures and regular assessments.

No system is completely immune to risk. We review and update safeguards to align with PIPA security expectations.

Your Privacy Rights

  • Access: request information about personal data we hold and how it is used.
  • Correction: ask us to update or correct incomplete or inaccurate information.
  • Withdraw consent: change or withdraw consent for specific uses at any time.
  • Complain: raise a concern with us or with the relevant privacy commissioner.

We aim to respond within 30 days, as required by PIPA. We may need identity verification to protect your information.

Marketing Communications (CASL)

We follow Canada's Anti-Spam Legislation for commercial electronic messages.

What We Send

  • Service updates related to your requests.
  • Quote follow-ups and service information.
  • Occasional industry insights and company updates when consent is provided.

Your Controls

  • Use the unsubscribe link included in every commercial email.
  • Contact us directly to opt out or update preferences.
  • Select which communication types you wish to receive.
  • Change your preferences at any time.

We maintain records of consent as required by CASL, including when and how consent was provided and any subsequent changes.

Children's Privacy

Our website and services are designed for business use and are not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information, please contact us so we can investigate, delete the information if confirmed, and prevent future collection.

Breach Notification

If a data breach poses a risk of significant harm, we will contain the issue, assess impact, notify regulators where required, and inform affected individuals without unreasonable delay. Notifications describe what occurred, what information was involved, the steps we are taking, and actions you can take to protect yourself.

International Data Transfers

Some service providers operate outside Canada. When personal information is transferred internationally, it may be subject to the laws of the destination country. We use contractual safeguards, reputable providers, and purpose limitation to maintain appropriate protection.

Policy Updates

We may update this policy to reflect changes in our practices, technology, legal requirements, or business operations. The effective date at the top of this page shows the most recent version. Material changes may be communicated through email (where permitted) or website notices.

By continuing to use our website and services after changes take effect, you accept the updated policy. If you disagree with changes, please discontinue use and contact us about your information.

Contact Our Privacy Officer

Email: privacy@onwardsecurity.ca

Phone: 604-358-7787

Location: Victoria, BC

We aim to acknowledge privacy inquiries within two business days and respond formally within thirty days.

External resources:

Last Updated: August 9, 2025 • Next Review: August 2026

This privacy policy is intended to align with BC's Personal Information Protection Act (PIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and Canada's Anti-Spam Legislation (CASL).