GDPR Compliance

Last updated: June 25, 2026

fjord beacon is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal data.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent for specific processing activities, such as receiving marketing communications
• Contract: When processing is necessary to fulfill our contractual obligations to you
• Legal Obligation: When we must process data to comply with legal requirements
• Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms

Your Rights Under GDPR

As a data subject, you have the following rights:

• Right to Access: You can request a copy of the personal data we hold about you
• Right to Rectification: You can request correction of inaccurate or incomplete data
• Right to Erasure: You can request deletion of your personal data under certain circumstances
• Right to Restrict Processing: You can request limitation of how we process your data
• Right to Data Portability: You can request your data in a structured, commonly used format
• Right to Object: You can object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: You can withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information provided below. We will respond to your request within one month, though this period may be extended by two additional months for complex requests.

When making a request, please provide sufficient information to allow us to verify your identity and locate your data. We may request additional information if needed for verification purposes.

Data Protection Officer

We have appointed a Data Protection Officer who is responsible for overseeing our GDPR compliance. You can contact our DPO at:

Email: [email protected]

Data Processing Activities

We process personal data for the following purposes:

• Responding to inquiries and providing information about our services
• Managing client relationships and delivering contracted services
• Improving our website and services based on usage analytics
• Sending marketing communications with your consent
• Complying with legal and regulatory obligations

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Inquiry data: Retained for 2 years from last contact
• Client project data: Retained for 7 years after project completion for legal and tax purposes
• Marketing consent: Retained until consent is withdrawn
• Website analytics: Anonymized after 26 months

International Data Transfers

When transferring personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Binding Corporate Rules for intra-group transfers

Data Security Measures

We implement technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and audits
• Employee training on data protection
• Incident response procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you without human intervention.

Third-Party Processors

We work with carefully selected third-party service providers who process data on our behalf. All processors are bound by data processing agreements that ensure GDPR compliance and appropriate security measures.

Updates to This Policy

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Material changes will be communicated to you through appropriate channels.

Contact Information

For any questions or requests regarding GDPR compliance or your data protection rights, please contact:

fjord beacon
428 Davie Street, Suite 302
Vancouver, BC V6B 2G1
Canada
Email: [email protected]
DPO: [email protected]