Get A Quote

Privacy Policy

Advo Media — Privacy Policy

Effective date: August 25, 2025

Contact (Privacy Officer): support@advomedia.ca

Entity: Advo Media (“Advo,” “we,” “us,” or “our”), based in Mississauga, Ontario, Canada.

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our websites, communicate with us, or use our SEO and related marketing services (the “Services”). We comply with Canada’s PIPEDA, Canada’s Anti-Spam Legislation (CASL), and—where applicable—other privacy laws such as the EU/UK GDPR and certain U.S. state privacy laws.

Note (not legal advice): This is a general policy intended to help protect you and your users. Consult a lawyer licensed in Ontario for customized legal advice.

1) Scope & Roles

  • Controller vs. Processor.

    • For our website(s), newsletter sign-ups, sales communications, and general marketing, Advo is the controller of personal information.

    • When we process data on behalf of a client (e.g., within Google Analytics, ad platforms, CRM/email tools), Advo acts as a processor/service provider and follows the client’s written instructions. A Data Processing Addendum (DPA) is available on request.

  • This Policy does not apply to third-party sites or services you access through links from our properties.

2) Information We Collect

a) Directly from you

  • Contact data (name, business email, phone, company, role)

  • Account access you grant (e.g., GSC, GA4, Tag Manager, CMS, hosting credentials)

  • Communications (emails, messages, meeting notes)

  • Billing data (billing contact, address; payment processing handled by PCI-compliant processors)

b) Automatically (via our sites & landing pages)

  • Device/usage data (IP address, browser type, OS, timestamps, pages viewed, referring URLs)

  • Cookies, pixels, and similar technologies (see Cookies & Ads below)

  • Event data for analytics and conversion measurement

c) From third parties

  • Advertising and analytics partners (e.g., ad network reports)

  • Public/professional sources (LinkedIn, company websites)

  • Lead providers or event organizers (where permitted by law/consent)

Sensitive data: We do not intentionally collect sensitive categories. Do not send such data to us unless a DPA and appropriate safeguards are in place.

3) How We Use Personal Information (Purposes & Legal Bases)

  • Provide & improve Services (perform contracts; legitimate interests)

  • Client onboarding & support (perform contracts)

  • Analytics, diagnostics, and product improvement (legitimate interests; consent where required)

  • Marketing communications (consent under CASL; legitimate interests where permitted; opt-out any time)

  • Security, fraud prevention, and enforcing our terms (legitimate interests; legal obligations)

  • Legal compliance (tax, accounting, regulatory requests)

Where GDPR applies, our legal bases include consent, contract necessity, legitimate interests, and legal obligations.

4) CASL (Canada’s Anti-Spam Legislation)

We only send commercial electronic messages with express consent or where an applicable implied consent exists (e.g., existing business relationship). All messages include our identification and a functional unsubscribe. You can opt out at any time.

5) Cookies, Analytics & Interest-Based Ads

  • We use cookies/pixels and SDKs for:

    (i) essential site functionality, (ii) analytics/measurement (e.g., Google Analytics), (iii) advertising and retargeting (e.g., Google Ads, Meta, LinkedIn, TikTok), (iv) performance and security.

  • Your choices: Manage cookies in your browser, use built-in platform opt-outs (e.g., Google Ad Settings), industry tools (DAAC/NAI/AdChoices), or contact us to adjust preferences. Some features may not work if essential cookies are blocked.

We do not sell personal information for money. Where U.S. laws define “share” for cross-context behavioral advertising, our use of advertising cookies/pixels may be considered “sharing.” You may opt out of such sharing by adjusting cookie settings and/or contacting us.

6) Disclosures to Third Parties

We disclose personal information:

  • Service providers / subprocessors under contract (e.g., cloud hosting, analytics, marketing platforms, email/CRM such as representative examples: Google Analytics/Ads, Meta, LinkedIn, TikTok, ActiveCampaign or similar ESP/CRM, payment processors, web hosting, project management and ticketing tools).

  • Clients (when we act as their processor and they are the controller) and their authorized partners as directed.

  • Professional advisors (lawyers, auditors) under confidentiality.

  • Authorities when required by law or to protect rights, safety, and security.

  • Business transfers (merger, acquisition, financing).

    We do not permit vendors to use personal information for their own marketing without your consent.

7) International Transfers

We may store and process information in Canada, the United States, the EU/UK, or other jurisdictions where our vendors operate. For GDPR-covered transfers, we rely on adequacy decisions (if available) or Standard Contractual Clauses (SCCs) with additional safeguards, as applicable.

8) Data Retention

We retain personal information only as long as necessary for the purposes described, to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by record type (e.g., engagement records may be retained for the duration of the engagement plus a reasonable period). We will delete or de-identify data when no longer required.

9) Security

We implement commercially reasonable administrative, technical, and physical safeguards (access controls, encryption in transit where feasible, least-privilege access, credential hygiene, vendor due diligence). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

10) Your Rights & Choices

Your rights vary by jurisdiction. Subject to legal limits and verification, you may:

  • Access your personal information and learn how it has been used and disclosed (PIPEDA)

  • Correct/rectify inaccuracies

  • Delete/erase (where applicable; subject to retention requirements)

  • Object/restrict certain processing (GDPR)

  • Portability (GDPR)

  • Opt out of marketing and, where applicable, opt out of “sharing” for interest-based advertising

How to exercise your rights: Email support@advomedia.ca with your request and sufficient details to verify identity. Authorized agents may submit requests where permitted by law, subject to verification.

11) Children’s Privacy

Our Services are not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us to request deletion.

12) Client Data We Process as a Service Provider/Processor

When clients provide access to their systems (e.g., GA4, GSC, ad accounts, CRMs, email lists), we process personal information only on the client’s documented instructions, consistent with our DPA and this Policy. Clients are responsible for providing lawful notices/consents to their users and for their own privacy compliance.

13) AI & Automated Tools

We may use reputable AI-enabled or automated tools (e.g., copy generation, QA, anomaly detection) to assist delivery of the Services. Where such tools are used as processors, they are contractually restricted to process data solely to provide services to Advo and may not use the data to train models unless expressly permitted by you and the tool’s terms.

14) Third-Party Links & Social Features

Our sites may include links, widgets, or pixels from third parties. Interactions with those features are governed by the privacy policies of the third parties providing them.

15) Do Not Track

Our services do not currently respond to Do Not Track (DNT) signals. You may use the cookie and advertising controls described in Section 5.

16) Changes to This Policy

We may update this Policy from time to time. Material changes will take effect 30 days after posting or direct notice. The “Effective date” above reflects the latest revision.

17) Contact & Complaints

Privacy Officer

Email: support@advomedia.ca

If we cannot resolve your concern, you may contact the Office of the Privacy Commissioner of Canada (OPC). Provincial regulators may also have jurisdiction depending on your location and circumstances.

18) Jurisdiction-Specific Notices (Summary)

  • Canada (PIPEDA): You have rights to access and request correction. We maintain policies and practices to protect personal information and may provide additional details upon request.

  • EU/UK (GDPR): For site visitors in the EU/UK, Advo is the controller for website data. Legal bases are described in Section 3. You have GDPR rights to access, rectification, erasure, restriction, portability, and objection. You may lodge a complaint with your local Data Protection Authority (DPA).

  • U.S. State Laws (e.g., CPRA/VA/CO/CT/UT): We do not sell personal information for money. We may “share” personal information for cross-context behavioral advertising as noted. Residents may have rights to access, delete, correct, portability, and opt-out of targeted advertising. Use cookie controls or email us to exercise your rights.

19) Verification, Denials & Appeals

We may request information to verify your identity before acting on a rights request. We may deny requests where an exemption applies (e.g., legal privilege, security, trade secrets). If your request is denied, we will explain why and, where required, provide an appeal method or regulatory contact.

20) Business Customers’ Responsibilities

If you engage us for Services that involve personal information of your customers or users, you confirm you have provided all required notices/consents and have a lawful basis for us to process that information on your behalf. You agree to enter into our DPA if required by law.

Questions or requests?

Email support@advomedia.ca and we’ll help.