Privacy Policy

2. Privacy Officer and Contact

We have designated a Privacy Officer who is accountable for our compliance with this Policy and applicable privacy law.

• Privacy Officer: Privacy Officer, MF License & Regulatory Consultants
• Email: info@mflrc.com
• Phone: +1-647-492-5301
• Mail: MF License & Regulatory Consultants, Unit 700, 305 Milner Avenue, Scarborough, Ontario, M1B 3V4, Canada

You may contact our Privacy Officer at any time to ask questions, exercise your rights, or make a complaint about how we handle your personal information.

3. Information We Collect

We collect only the personal information we reasonably need for the purposes described in this Policy.

Information you provide to us. When you contact us, request information, book or inquire about a consultation, subscribe to our newsletter, apply for a position, or otherwise engage with us, we may collect:

• Contact and identity details — name, business name, job title, email address, telephone number, and mailing address;
• Inquiry and engagement details — the products, markets, or regulatory matters you ask us about, and any information you choose to include in your message or documents;
• Recruitment information — where you apply for a role, your résumé, qualifications, and related details; and
• Communications — records of correspondence and consultation notes.

Information collected automatically. When you visit our website, we automatically collect certain technical information through your browser or device, which may include your IP address, device and browser type, operating system, referring pages, pages viewed, and the dates and times of your visits.

Cookies and analytics. Our website uses cookies and similar technologies (small data files stored on your device) to operate the site, remember preferences, and understand how the site is used. We use, among others, Google Tag Manager / Google Analytics for traffic measurement and HubSpot for forms and communications.

You can control or disable cookies through your browser settings and, where presented, through our cookie consent banner. Disabling certain cookies may affect site functionality. For more detail on the analytics tools we use, see the relevant providers' own privacy notices.

Note: We do not sell your personal information, and we do not use it for third-party behavioural advertising.

4. How We Use Your Information

We use personal information only as permitted by law, including:

• With your consent — for example, to respond to an inquiry, send you information you have requested, or send marketing communications you have opted into;
• To perform or enter into a contract — to provide our consulting services, manage engagements, and communicate with you about them;
• To meet legal and regulatory obligations — including tax, accounting, professional, and record-keeping requirements; and
• For our legitimate business interests — such as maintaining and improving our website, ensuring security, and managing our business — provided these are not overridden by your privacy rights.

You can change your communication choices at any time using the contact details in Section 2 or the unsubscribe link in our emails.

5. Email Communications and CASL

Where we send commercial electronic messages (such as newsletters or service updates), we do so in accordance with CASL. This means we will:

• Send marketing messages only with your express or implied consent;
• Clearly identify MFLRC as the sender and provide our contact information; and
• Include a working unsubscribe mechanism in every commercial message.

You may withdraw your consent to marketing communications at any time, and we will give effect to your request promptly.

6. How We Share Your Information

We treat your personal information as confidential. We do not sell, rent, or trade it. We may share it only in the following circumstances:

Service providers. We share information with trusted third-party service providers who process it on our behalf and under contract — for example, website hosting, analytics, email and form platforms (such as Google and HubSpot), and professional advisors. These providers are permitted to use the information only to deliver services to us.

Cross-border transfers. Some of our service providers store or process data on servers located outside Canada, including in the United States. Where personal information is transferred outside your jurisdiction, it may be subject to the laws of that jurisdiction, and we take reasonable steps to ensure it remains protected by a comparable level of safeguards. You may contact our Privacy Officer for more information about these transfers.

Legal and protective disclosures. We may disclose personal information where we reasonably believe it is necessary to: (a) comply with applicable law, legal process, or a regulatory or government authority; (b) assist law enforcement; (c) enforce our agreements or investigate violations; (d) protect against legal claims; or (e) protect the rights, property, or safety of MFLRC, our clients, our personnel, or the public.

Business transfers. If MFLRC is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to confidentiality protections and applicable law.

7. How We Protect Your Information

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against loss, theft, and unauthorized access, use, or disclosure. These measures are appropriate to the sensitivity of the information. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

8. Data Breach Notification

If a breach of security safeguards involving your personal information occurs that creates a real risk of significant harm, we will notify affected individuals and report to the Office of the Privacy Commissioner of Canada (and any other authority as required), and keep records of the breach, in accordance with PIPEDA and applicable law.

9. How Long We Keep Your Information

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected and to meet our legal, professional, tax, and regulatory obligations.

Inquiry and prospect information is kept only as long as needed to respond to and follow up on your inquiry, unless you ask us to delete it sooner. Client engagement and professional records may be retained for longer periods where required to support our services, professional standards, audit obligations, or the establishment or defence of legal claims.

When personal information is no longer required, we securely delete, destroy, or anonymize it.

10. Your Rights and Choices

Subject to applicable law and reasonable limitations, you have the right to:

• Access — request a copy of the personal information we hold about you;
• Correction — ask us to correct inaccurate or incomplete information;
• Withdraw consent — withdraw consent to our use of your information or to marketing communications, subject to legal or contractual restrictions;
• Erasure — request deletion of your personal information, subject to records we are required to retain by law; and
• Portability — where applicable, request a copy of information you provided in a structured, commonly used, machine-readable format, or that we transmit it to another provider where technically feasible.

To exercise any of these rights, contact our Privacy Officer (Section 2). We will verify your identity before acting on a request to safeguard your information. We aim to respond to legitimate requests within 30 days; if a request is complex or you have made several, we may need additional time and will keep you informed.

11. Children's Privacy

Our website and services are directed to businesses and professionals and are not intended for children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact our Privacy Officer and we will take appropriate steps to delete it.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any website you visit.

13. Limitation of Liability

To the fullest extent permitted by applicable law, MFLRC is not liable for indirect, incidental, special, or consequential damages arising from your use of this website, including from any interruption, error, or unauthorized access to data transmitted to or from this site. Nothing in this section limits or excludes any rights you have under applicable privacy legislation, or any liability that cannot lawfully be limited or excluded.

14. Changes to This Policy

We may update this Policy from time to time. When we do, we will post the revised version on this page and update the “Last updated” date above. Material changes will be highlighted where appropriate. We encourage you to review this Policy periodically.

15. How to Make a Complaint

If you have a concern about how we handle your personal information, please contact our Privacy Officer first (Section 2) so we can try to resolve it. If you are not satisfied with our response, you may contact:

• Office of the Privacy Commissioner of Canada (OPC) — www.priv.gc.ca
• Commission d'accès à l'information du Québec (CAI) — for Quebec residents — www.cai.gouv.qc.ca