· Information

Privacy

How This Is My URL handles personal information under PIPEDA and CASL — what is collected, why, who processes it, how long it is kept, and the rights Ontario and Canadian visitors have.

Reviewed by on

This Is My URL is a one-person Canadian web practice based in Fort Erie, Ontario, owned and operated by Christopher Ross. This policy explains what information this site collects, why it is collected, how it is used, and the rights you have under Canadian privacy law — the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL).

Who is responsible for your data

This Is My URL is the data controller for personal information collected through this site. You can reach the controller at hello@thisismyurl.com or by mail at 210 Gilmore Road, Fort Erie, Ontario L2A 2M3, Canada.

What is collected, and why

  • Contact and inquiry forms. Name, email address, and the message you send. Used to reply to you and, if a project follows, to keep a record of what was discussed. Lawful basis under PIPEDA: consent, given when you submit the form.
  • Newsletter. No newsletter is currently being sent. If a newsletter is offered in the future, it will require express consent under CASL, every message will include a one-click unsubscribe and a clear sender identity, and your email will be used only for that purpose.
  • Comments. Name, email, comment text, and IP address (used by WordPress to mitigate spam). Comments are public; the email address is not.
  • Server logs. IP address, user agent, requested URL, referrer, and timestamps. Used to keep the site online, investigate errors, and block abusive traffic.
  • Analytics. Aggregated usage data via Google Analytics 4 — pages visited, approximate location at the country/region level, device class. GA4 is configured to limit personal data collection; IP-derived location is not stored at full precision. Lawful basis: legitimate interest in understanding which content is useful, balanced against the right to opt out (see “Your choices” below).
  • Cookies and similar storage. Strictly necessary cookies for site function (for example, comment author preferences) and analytics cookies set by GA4. No advertising or cross-site tracking cookies are set by this site.

What is not collected

This site does not sell personal information. It does not run advertising networks, behavioural targeting pixels, or fingerprinting scripts. It does not share email addresses with marketing partners. The site is not directed at children under 13, and personal information is not knowingly collected from children.

What this site will not do

  • No pre-ticked consent boxes. If you have to opt in to something, the opt-in is yours to make, not yours to undo.
  • No dark patterns. The unsubscribe link is the same size and weight as any other link in the email.
  • No surprise newsletters. Filling out the contact form does not subscribe you to anything.
  • No email harvesting from comments. Commenter email addresses are not displayed publicly and are not exported for any purpose other than moderation.
  • No cross-site tracking. No advertising pixels, no Facebook pixel, no LinkedIn Insight tag, no third-party tag manager loading networks of trackers.
  • No selling, renting, or trading of any personal information, ever, under any circumstances.

Who else processes your data

A small number of trusted service providers help operate this site. They process information only on instruction and only for the purposes listed:

  • Hosting: WP Engine (United States) — site hosting, backups, and security.
  • Email delivery: the SMTP provider listed in the current site configuration — transactional and newsletter email delivery.
  • Analytics: Google Analytics 4 (Google LLC, United States) — aggregated usage statistics.
  • Spam mitigation: WordPress core anti-spam features and any active comment-filtering plugin.

Some of these providers are based in or process data in the United States. By using this site, you acknowledge that your information may be processed outside Canada and may be subject to lawful access requests in those jurisdictions. Where required, contractual safeguards are in place with each provider.

How long data is kept

  • Contact and inquiry submissions: up to 24 months after the conversation ends, then deleted unless tied to an active client engagement.
  • Newsletter subscriptions: until you unsubscribe, after which your address is suppressed (kept on a do-not-contact list to honour the unsubscribe).
  • Comments: kept while the post is published; you may request removal at any time.
  • Server logs: rotated within 90 days.
  • Analytics: retained per the GA4 default of 14 months, then aggregated.

Your rights under PIPEDA

You have the right to ask what personal information is held about you, to ask for it to be corrected if it is wrong, to withdraw consent (including for marketing), and to ask for your information to be deleted where the law allows. To exercise any of these rights, email hello@thisismyurl.com. Reasonable requests are answered within 30 days.

If you are not satisfied with how a privacy concern is handled, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada.

Your choices

  • Analytics opt-out: use a browser that honours Global Privacy Control or Do Not Track, install the Google Analytics opt-out add-on, or block analytics cookies in your browser settings.
  • Newsletter opt-out: click the unsubscribe link in any newsletter email, or reply asking to be removed.
  • Comment removal: email the address above with the URL of the comment.

Security and breach notification

The site uses TLS for all traffic, hardened WordPress configuration, two-factor authentication on administrative accounts, and managed hosting with regular backups. No system is perfectly secure, and no transmission over the internet can be guaranteed. If a breach involving personal information creates a real risk of significant harm, affected individuals and the Office of the Privacy Commissioner will be notified as required by PIPEDA, and a record of the breach will be kept.

Changes to this policy

This policy is reviewed at least once a year. The reviewer’s name and the last review date are stamped on this page by the site framework. Material changes are summarised in a short note at the top of the page for at least 30 days.

Ready for a clear next step?

Share your goal and I will send practical next steps your team can start this week.

Book a discovery call About Christopher