Home / Privacy Policy
Privacy & Data Protection

Privacy Policy

MarketingHub.ca is operated by Dave Groups Inc, a Canadian company serving Canada, the United States and worldwide. This policy explains what personal information we collect, why, how we protect it, who we share it with, and the rights you have under PIPEDA (federal Canada), Quebec Law 25, the CCPA / CPRA (California) and other US state privacy laws, EU GDPR, and other applicable privacy legislation.

Effective date: June 4, 2026 · Last updated: June 4, 2026 · Version française disponible sur demande

1. Privacy Officer / Responsable contact

In accordance with PIPEDA Principle 1 (Accountability) and Quebec Law 25 (which mandates a designated Responsable de la protection des renseignements personnels), Dave Groups Inc has appointed a Privacy Officer responsible for compliance with this policy and applicable privacy law.

Privacy Officer / Responsable: The Privacy Officer, Dave Groups Inc
Email: info@marketinghub.ca
Phone: +1 (519) 916 5159
Mail: Dave Groups Inc, Privacy Office, Ontario, Canada

For any question, complaint, access request or to withdraw consent, contact the Privacy Officer. We respond within 30 days (or sooner for time-sensitive matters).

2. Information we collect

(a) Information you provide directly, when you contact us, request a quote, subscribe to communications, sign a contract or use our services:

  • Identity: name, business name, job title
  • Contact: email address, phone number, postal address
  • Project information: description of your enquiry, brand assets, content you share with us
  • Commercial: payment details (processed via Stripe/PayPal, not stored on our servers), billing address
  • Consent records: timestamp and choice for each consent you give us

(b) Information collected automatically, when you visit the website:

  • Technical: IP address (anonymised after 30 days), browser type, device type, operating system
  • Usage: pages viewed, time on page, referrer URL, search terms used to find us
  • Cookies and similar technologies (see our Cookie Policy)

We do not collect: government identifiers (SIN, driver's licence), health information, biometric data, sexual orientation, religious or political affiliations, or any other "sensitive" categories.

3. Why we collect it (identifying purposes)

Under PIPEDA Principle 2 and Law 25 Article 8, we identify the specific purpose before or at the time of collection. We use your personal information only for:

  • Responding to enquiries and providing quotes
  • Delivering the services you have engaged us for
  • Sending you communications you have asked for (project updates, newsletter, service announcements)
  • Processing payments and managing accounts
  • Improving our website, services and customer experience (aggregated/de-identified where possible)
  • Meeting our legal obligations (tax, accounting, fraud prevention, court orders)
  • Defending our legal rights and enforcing contracts

We will not use your personal information for any other purpose without first obtaining your consent.

Consent is free, enlightened and specific (the Law 25 standard) and may be express or implied depending on the sensitivity of the information.

  • Express consent is obtained for: marketing emails, optional analytics cookies, sharing with partners outside the service delivery context, and any use of sensitive information.
  • Implied consent applies only to information necessary for delivering a service you have specifically asked for (e.g. replying to your enquiry).
  • Bundled consent is never used. Each purpose is requested separately. You may consent to one purpose without consenting to another.
  • Withdrawal: you may withdraw consent at any time, subject to legal/contractual restrictions, by emailing info@marketinghub.ca or using the unsubscribe link in any marketing email. Withdrawal applies prospectively; it does not invalidate prior lawful processing.

5. Limiting collection, use & disclosure

We collect only what is necessary for the identified purposes (PIPEDA Principle 4). We do not use or disclose personal information for any purpose other than the one for which it was collected, except with your consent or as required by law (PIPEDA Principles 5).

We do not sell personal information. We do not "sell" personal information as defined under any privacy law, including PIPEDA, Law 25 or the EU GDPR.

6. Third parties & subprocessors

We use the following categories of vetted service providers ("subprocessors"). Each is bound by a written data processing agreement, including confidentiality, security and onward-transfer restrictions:

Category Provider(s) Purpose Location
Hosting & CDNNetlify, CloudflareServe the websiteCanada / US / EU (region-routed)
Form processingFormSubmit.coDeliver contact-form submissions to usUSA
Email & calendarGoogle WorkspaceBusiness email & meetingsCanada / US
CRM & ticketingHubSpot (or equivalent)Manage your enquiry & relationshipUSA / EU
AnalyticsPrivacy-respecting analytics (Plausible or similar); Google Analytics only with consentSite usage analyticsEU / USA
PaymentsStripe, PayPalProcess invoices & paymentsCanada / USA / EU
Marketing emailMailchimp / Klaviyo (only with consent)Send communications you subscribe toUSA / EU

A current, dated list of subprocessors with their privacy policy URLs is available at info@marketinghub.ca on 5 business days' notice.

7. Cross-border data transfers

Some of our subprocessors store or process data outside Canada (primarily in the United States and the European Union). When this happens:

  • The transfer is governed by a written contract that imposes equivalent privacy protections (PIPEDA Principle 4.1.3; Law 25 Article 17).
  • We carry out a Privacy Impact Assessment before engaging any new subprocessor that processes Quebec residents' data outside Quebec, as required under Law 25.
  • You acknowledge that information stored outside Canada may be subject to the laws of that jurisdiction, including lawful access by foreign authorities.

8. Retention periods

We retain personal information only as long as needed for the purpose collected, or as required by law. Specific retention periods:

  • Contact form enquiries: 24 months from last contact, then de-identified or deleted.
  • Active client records: for the duration of the engagement, plus 7 years (Canada Revenue Agency record-keeping requirements).
  • Marketing subscriber list: until you unsubscribe, then deleted within 30 days.
  • Server logs (IP, browser): 30 days, after which IPs are anonymised; aggregate logs retained 12 months for security analysis.
  • Consent records: 7 years after consent is withdrawn (audit trail required by CASL).
  • Backups: rolling 30-day backup; data deleted from production is removed from backups within that window.

9. Security safeguards

Per PIPEDA Principle 7, we protect personal information with safeguards appropriate to its sensitivity:

  • Technical: TLS 1.2+ encryption in transit, AES-256 at rest, role-based access control, multi-factor authentication on all admin accounts, security headers (HSTS, CSP, X-Frame-Options), automated dependency vulnerability scanning.
  • Administrative: written information-security policy, employee/contractor confidentiality agreements, periodic privacy training, vendor due diligence.
  • Physical: data is hosted in SOC 2-attested data centres; no personal information is stored on physical media at our offices.

No system is perfectly secure. If you believe you have discovered a vulnerability, please contact info@marketinghub.ca (see our security.txt).

10. Automated decision-making & AI

Quebec Law 25 (Article 12.1, effective September 2024) gives you the right to be informed when a decision is made about you based exclusively on automated processing. We do not currently make decisions about clients or prospects using fully automated systems (no automated denials, scoring or eligibility decisions). Marketing-channel personalisation, when used, is opt-in and reviewable.

If this changes, we will update this policy and offer the right to obtain human review of any such decision.

11. Your rights

You have the following rights regarding your personal information (PIPEDA Principle 9; Law 25 Sections 27-40; GDPR Articles 15-22):

  • Access: request a copy of the personal information we hold about you.
  • Correction / rectification: ask us to correct inaccurate or incomplete information.
  • Deletion / erasure: ask us to delete your personal information, subject to our legal retention obligations.
  • Portability: receive your information in a structured, commonly used, machine-readable format (Law 25 Article 27, effective September 2024; GDPR Article 20).
  • De-indexing: request that links to information about you be de-indexed where the conditions of Law 25 Section 28.1 are met.
  • Withdraw consent: for any purpose, prospectively.
  • Object to processing: for direct marketing or where our legitimate interest is the basis.
  • Lodge a complaint: see Section 16 below.

To exercise any right, email info@marketinghub.ca. We will verify your identity, respond within 30 days, and act free of charge unless your request is manifestly unfounded or excessive (in which case we will explain why and propose a reasonable fee).

12. Data breach response

In the event of a "breach of security safeguards" creating a "real risk of significant harm" to affected individuals, we will, in accordance with PIPEDA's mandatory breach reporting requirements and Law 25:

  • Notify the Office of the Privacy Commissioner of Canada and (for Quebec residents' data) the Commission d'accès à l'information du Québec as soon as feasible.
  • Notify affected individuals directly with: what happened, the information involved, what we are doing, what you can do, and our contact for questions.
  • Maintain a record of every breach for at least 24 months (PIPEDA Regulations).
  • For Quebec residents, file a "register of confidentiality incidents" entry (Law 25 Article 3.5).

13. Children's privacy

Our services are directed at businesses and adults. We do not knowingly collect personal information from anyone under 14 (Quebec) or 13 (rest of Canada / international). If you believe a minor has provided us information, contact info@marketinghub.ca and we will delete it.

14. Marketing communications & CASL

We comply with Canada's Anti-Spam Legislation (CASL). Specifically:

  • We send commercial electronic messages (CEMs) only with your express or implied consent, never on the basis of bundled consent.
  • Every CEM we send identifies us clearly (Dave Groups Inc operating MarketingHub.ca), includes our mailing address and phone, and provides a working unsubscribe mechanism at no cost.
  • Unsubscribe requests are honoured within 10 business days, as required by CASL.
  • We keep records of consent (date, method, content of consent request) for 7 years.

15. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. For material changes, we will notify users by email (where we have an email on file) and by a prominent notice on the homepage at least 30 days before the change takes effect.

16. Complaints & regulator contacts

If you are not satisfied with our handling of your privacy concerns, you have the right to escalate to:

  • Office of the Privacy Commissioner of Canada (OPC)priv.gc.ca · 1-800-282-1376
  • Commission d'accès à l'information du Québec (CAI)cai.gouv.qc.ca · 1-888-528-7741
  • Information and Privacy Commissioner of Ontario (IPC)ipc.on.ca · 1-800-387-0073
  • EU residents: your local Data Protection Authority

17. United States residents (CCPA / CPRA & state privacy laws)

If you reside in the United States, you have additional rights under the privacy laws of your state. We comply with the following US state privacy laws to the extent they apply to you:

  • California (CCPA / CPRA) — California Consumer Privacy Act, as amended by the California Privacy Rights Act.
  • Virginia (VCDPA) — Virginia Consumer Data Protection Act.
  • Colorado (CPA) — Colorado Privacy Act.
  • Connecticut (CTDPA) — Connecticut Data Privacy Act.
  • Utah (UCPA) — Utah Consumer Privacy Act.
  • Texas (TDPSA) — Texas Data Privacy and Security Act.
  • Oregon, Montana, Iowa, Delaware, New Hampshire, New Jersey, Tennessee, Indiana, Kentucky, Maryland, Minnesota, Rhode Island and other states with active comprehensive privacy laws — equivalent rights apply.

Your US privacy rights

  • Right to know / access: request the categories and specific pieces of personal information we have collected about you, the sources, the purpose of collection, and the third parties we share it with.
  • Right to delete: request that we delete personal information we have collected from you, subject to legal exceptions.
  • Right to correct: request that we correct inaccurate personal information.
  • Right to data portability: receive your personal information in a portable, machine-readable format.
  • Right to opt out of "sale" or "sharing" for cross-context behavioral advertising: we do not "sell" personal information for money. We may share limited information with analytics or advertising providers in ways that some states define as "sharing" for cross-context behavioral advertising; you can opt out using our cookie banner or the "Your Privacy Choices" link below.
  • Right to limit use of sensitive personal information (CPRA): we do not collect "sensitive personal information" as defined under CPRA.
  • Right to opt out of profiling / automated decision-making: see Section 10. We do not make decisions about you using fully automated processing.
  • Right to non-discrimination: we will not discriminate against you for exercising any of these rights (e.g. by denying service, charging a different price, or providing a different level of quality).
  • Authorised agent: a CCPA-authorised agent may submit a request on your behalf with valid written authorisation that we can verify.

How to exercise your US rights

Email info@marketinghub.ca, call +1 (519) 916 5159, or use our privacy request form. We will:

  • Verify your identity using two pieces of personal information we already hold (or three for sensitive requests).
  • Respond within 45 days (CCPA / CPRA / most state laws) with a one-time 45-day extension if reasonably necessary.
  • Provide the response free of charge unless the request is manifestly unfounded, excessive or repetitive.

Right to appeal (VA, CO, CT, TX, etc.)

If we decline your request, you have the right to appeal within a reasonable time. Appeals should be sent to info@marketinghub.ca with the subject line "Privacy appeal". We will respond within 60 days and explain the decision. If still unsatisfied, you may complain to your state's Attorney General:

Your Privacy Choices — Do Not Sell or Share / Limit Use

Use the cookie banner's "Customise" option to opt out of analytics and marketing categories. You can re-open it at any time via the "Cookie preferences" link in the footer. If your browser sends a Global Privacy Control (GPC) signal, we treat it as an opt-out of "sharing" for cross-context behavioral advertising in addition to your banner choice.

For California consumers: a dedicated "Do Not Sell or Share My Personal Information" link is also provided in the footer.

Notice at collection (California)

Categories of personal information we collect (per California Civil Code §1798.140): identifiers (name, email, phone, IP); commercial information (services purchased); internet/network activity (page views, referrers); geolocation (city-level only); professional information (job title, company); and inferences drawn from the above for service personalisation. We do not collect sensitive personal information, biometric data, or health information. Categories are retained per Section 8 of this policy.

"Shine the Light" (California Civil Code §1798.83)

California residents may once a year request information about any disclosure of their personal information to third parties for those third parties' direct marketing purposes. We do not currently share personal information with third parties for their direct marketing purposes.

18. COPPA (US Children's Online Privacy Protection Act)

Our services are directed at businesses and adults; we do not knowingly collect personal information from children under 13 (US) in compliance with COPPA (15 U.S.C. §§ 6501-6506). If you believe we have inadvertently collected information from a child under 13, please contact info@marketinghub.ca and we will delete it promptly.

19. CAN-SPAM Act (US email marketing)

For email recipients in the United States, we comply with the federal CAN-SPAM Act of 2003. Every commercial email we send to US recipients:

  • Clearly identifies the message as an advertisement where applicable.
  • Includes our valid physical postal address.
  • Provides a working, prominent unsubscribe mechanism.
  • Honours unsubscribe requests within 10 business days (CAN-SPAM allows 10 business days; we apply the stricter of CAN-SPAM and CASL).
  • Does not use deceptive subject lines or false header information.

20. ADA Title III (US accessibility)

We aim to make our website usable by everyone, including users in the United States protected by Title III of the Americans with Disabilities Act (42 U.S.C. § 12181 et seq.). Our website targets WCAG 2.1 Level AA conformance, the standard generally recognised by US federal courts and the Department of Justice's settlement agreements. See our Accessibility Statement for details and how to report barriers.

21. Français

Conformément à la Charte de la langue française et à la Loi 25 du Québec, une version française complète du site est disponible via le sélecteur de langue en haut de page. Les résidents du Québec peuvent exercer tous les droits prévus par la Loi 25 en français. Pour toute question dans une autre langue, écrivez à info@marketinghub.ca.

This document is a plain-language summary of our privacy practices and is not legal advice. For specific legal questions about how this policy applies to your circumstances, consult a qualified privacy lawyer in your jurisdiction.