GDPR Compliance

Last updated: April 23, 2026

Our Commitment

ubbrisoggi is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR), applicable privacy laws in Canada, and other relevant data protection legislation.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contractual necessity: Processing is necessary to perform our services that you have requested
• Legitimate interests: Processing is necessary for our legitimate business interests, such as improving our services
• Legal obligation: Processing is necessary to comply with applicable laws
• Consent: You have given explicit consent for specific processing activities

Your Rights Under GDPR

If you are located in the European Economic Area, you have the following rights:

• Right of access: You can request copies of your personal data
• Right to rectification: You can request correction of inaccurate or incomplete data
• Right to erasure: You can request deletion of your personal data under certain circumstances
• Right to restrict processing: You can request restriction of processing under certain circumstances
• Right to data portability: You can request transfer of your data to another organization
• Right to object: You can object to processing of your personal data
• Rights related to automated decision-making: We do not use automated decision-making or profiling

Data Controller

For the purposes of GDPR, the data controller is:
ubbrisoggi
420 Wellington Street West, Suite 800
Toronto, ON M5V 1E3
Canada
Email: [email protected]

International Data Transfers

Your information may be transferred to and processed in Canada. We ensure that appropriate safeguards are in place to protect your personal data in accordance with GDPR requirements.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Staff training on data protection

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us at:

Email: [email protected]

We will respond to your request within one month. In certain cases, we may extend this period by two additional months where necessary, taking into account the complexity and number of requests.

Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

Changes to This Statement

We may update this GDPR compliance statement from time to time. We will notify you of any material changes by posting the updated statement on our website.