Privacy Policy

Introduction

At CCBONLINE Inc. ("we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website ccbonline.ca or use our services, in compliance with:

• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
• Canada's Anti-Spam Legislation (CASL) - current as of December 2025
• Consumer Privacy Protection Act (CPPA) - Bill C-27 (enacted 2025)
• Provincial privacy laws including Quebec's Law 25 (fully effective 2024-2025)
• Digital Charter Implementation Act, 2022 requirements

As of December 2025, we maintain full compliance with Quebec's Law 25, including enhanced data protection obligations, mandatory breach notifications within 72 hours, and expanded individual rights such as data portability and de-indexing.

Your Consent

By accessing our website, you consent to the collection and use of your information as described in this Privacy Policy for service delivery and website functionality purposes (such as website analytics, security, and technical operations).

For marketing communications (including promotional emails, newsletters, and service updates), we will obtain your explicit opt-in consent through:

• Checkboxes on contact forms or registration pages that are not pre-checked
• Email confirmation links (double opt-in) where required by Canada's Anti-Spam Legislation (CASL)
• Clear notice and opportunity to decline at the point of collection

You may withdraw your consent at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Contacting us at privacy@ccbonline.ca
• Adjusting your account settings (if you have an account)

If you do not agree with our policies and practices, please do not use our services.

Information We Collect

Personal Information

We collect personal information that you voluntarily provide to us when you express interest in obtaining information about us or our services, participate in activities on our website, or otherwise contact us. The personal information we collect may include:

• Contact Information: Name, email address, phone number, mailing address
• Business Information: Company name, industry, business type, tax identification number
• Account Information: Username, password, and other credentials (if you create an account)
• Payment Information: If you purchase services from us, payment processing is handled by secure third-party payment processors. We may collect billing information such as billing address and invoice details, but we do not directly collect or store your complete credit card information on our servers. Payment data is transmitted directly to and processed by our payment processor in accordance with Payment Card Industry Data Security Standards (PCI DSS). You will be notified of the specific payment processor at the time of transaction.
• Communication Data: Information contained in messages you send us, including inquiry details and customer service requests

Usage Data

We automatically collect certain information when you visit, use, or navigate our website. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser type, operating system, access times, pages viewed, and the pages visited before navigating to our website. We collect this information using cookies and similar tracking technologies (see our Cookie Policy for more details).

How We Use Your Information

We use the personal information we collect or receive for the following purposes:

• Service Delivery: To provide, maintain, and improve our website development, AI integration, and consulting services
• Customer Support: To respond to your inquiries, provide customer service, and address technical issues
• Business Operations: To process transactions, manage accounts, send invoices, and fulfill contractual obligations
• Marketing and Communications: To send you information about our services, promotions, government grant opportunities (Digital Main Street, SR&ED, OIDMTC, CanExport, FedDev Ontario, IRAP), and industry insights (with your consent)
• Analytics and Improvement: To analyze website usage, understand user preferences, and improve our services and user experience
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. However, we may share your information in the following limited circumstances:

Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in operating our website, conducting our business, or servicing you. These providers include hosting services, payment processors, email marketing platforms, analytics providers (such as Google Analytics), and customer relationship management (CRM) systems. All third-party providers are required to protect your data and use it only for the purposes we specify.

Legal Requirements

We may disclose your personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court, government agency, or law enforcement). We may also disclose your information to protect our rights, property, or safety, or that of our clients or the public.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. As of December 2025, our security measures include:

• Encryption: SSL/TLS encryption for data in transit, AES-256 encryption for sensitive data at rest
• Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA) for employee access
• Network Security: Firewalls, intrusion detection systems (IDS), and regular security monitoring
• Security Assessments: Annual third-party security audits and vulnerability assessments
• Employee Training: Regular privacy and security training for all employees handling personal information
• Data Minimization: We collect only the minimum necessary information to provide our services
• Secure Development: Security-by-design principles in all our development processes

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. We encourage you to use strong passwords and to keep your login credentials confidential.

Data Breach Notification

In compliance with Quebec's Law 25 (fully effective since September 2024) and PIPEDA's breach notification requirements, we have implemented the following procedures:

Our Breach Response Process

• Detection and Assessment: We continuously monitor our systems for potential security incidents and assess the risk of harm to affected individuals
• Containment: Immediate action to contain the breach and prevent further unauthorized access
• Notification to Authorities: Within 72 hours, we will notify the Office of the Privacy Commissioner of Canada and Quebec's CAI (if applicable) of any breach presenting a real risk of significant harm
• Notification to Affected Individuals: We will notify affected individuals as soon as feasible if a breach creates a real risk of significant harm, including:
  • Description of the breach and affected information
  • Date or estimated date of the breach
  • Steps we are taking to mitigate harm
  • Actions you can take to protect yourself
  • Contact information for our privacy officer
• Documentation: We maintain detailed records of all privacy breaches, including those that do not require notification, for at least 5 years

Data Retention

CCBONLINE retains your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. We follow the principle of data minimization, ensuring that we do not retain information longer than required.

Specific Retention Periods

• Contact Form Submissions: 2 years from the date of last contact or inquiry
• Client Project Data: 7 years from project completion (required by Canadian tax laws for business records)
• Marketing Communications: Until you unsubscribe, plus 1 year for record-keeping purposes
• Website Analytics Data: 26 months (default retention period for Google Analytics)
• Account Information: Duration of business relationship plus 1 year after account closure
• Payment Records: 7 years (required by Canada Revenue Agency for tax purposes)
• Legal and Compliance Records: As required by applicable laws, typically 7-10 years

After the applicable retention period expires, we will securely delete or anonymize your personal information using industry-standard data destruction methods. You may request early deletion of your personal information by contacting us at privacy@ccbonline.ca, subject to legal retention requirements and legitimate business needs.

Your Rights

Under PIPEDA, Quebec's Law 25 (fully effective 2024-2025), Canada's new Consumer Privacy Protection Act (CPPA, 2025), and other applicable privacy laws, you have the following rights regarding your personal information:

• Right to Access: You have the right to request access to the personal information we hold about you, including information about how we use it and with whom we share it
• Right to Correction: You may request that we correct inaccurate or incomplete personal information
• Right to Deletion ("Right to be Forgotten"): You may request that we delete your personal information, subject to legal retention requirements and legitimate business needs
• Right to Data Portability: You may request a copy of your personal information in a structured, commonly used, machine-readable format (as per Law 25 requirements)
• Right to Withdraw Consent: You may withdraw your consent to our processing of your personal information at any time, without affecting the lawfulness of processing before withdrawal
• Right to Object: You may object to the processing of your personal information for direct marketing or other purposes based on legitimate interests
• Right to Opt-Out of Marketing: You may opt out of receiving marketing communications by clicking the "unsubscribe" link in emails or contacting us directly
• Right to Lodge a Complaint: You may file a complaint with the Office of the Privacy Commissioner of Canada or Quebec's Commission d'accès à l'information (CAI)
• Right to De-indexing: Under Quebec Law 25, you may request de-indexing of your personal information from search engines in certain circumstances

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and store certain information. Cookies are files with a small amount of data that are sent to your browser from a website and stored on your device.

📋 For complete details about our cookie practices, please read our Cookie Policy.

Cookie Categories

• Essential Cookies: Required for website functionality (cannot be disabled)
• Analytics Cookies: Help us understand visitor behavior (requires consent)
• Marketing Cookies: Used for personalized advertising (requires consent)

Your Cookie Choices

You have full control over cookie usage:

• Cookie Banner: When you first visit, you can accept or reject non-essential cookies
• Manage Preferences: Click the "Manage Cookies" link in our footer at any time
• Browser Settings: Configure your browser to block or delete cookies
• Withdraw Consent: Change your mind anytime without affecting website access

For technical details about specific cookies we use, retention periods, and third-party providers, please refer to our Cookie Policy.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately, and we will take steps to delete such information from our systems.

International Data Transfers

CCBONLINE is based in Canada, and your information is primarily stored and processed in Canada. However, some of our third-party service providers may be located outside of Canada, including in the United States. When we transfer your personal information internationally, we ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

Artificial Intelligence (AI) Usage and Transparency

In compliance with Canada's Artificial Intelligence and Data Act (AIDA, 2025), part of Bill C-27, CCBONLINE discloses the following regarding our use of artificial intelligence technologies:

How We Use AI

• AI-Powered Chatbot: Our website uses an AI-powered chatbot (integrated through third-party platforms) to provide automated customer support, answer frequently asked questions, and assist with service inquiries. When you interact with the chatbot, your messages and conversation history are processed by AI systems.
• Content Generation: We may use AI tools to assist with content creation, website copy, marketing materials, technical documentation, and SEO optimization. AI-generated content is reviewed by human experts before publication.
• Website Development: We use AI-assisted coding tools, development platforms, and automated testing systems to accelerate website development processes and improve code quality.
• Analytics and Insights: We use AI-powered analytics tools to understand user behavior, identify trends, improve user experience, and optimize our services. AI processes aggregated, anonymized data to generate insights.
• Security and Fraud Detection: AI algorithms monitor for suspicious activities, detect potential security threats, and protect against fraud and cyberattacks.

AI Data Processing

When you interact with our AI systems, the following data may be processed:

• Conversation Data: Messages, questions, and responses exchanged with AI chatbots
• Personal Information: Name, email address, company name, and inquiry details (when voluntarily provided)
• Usage Data: Interaction patterns, session duration, pages visited, click behavior
• Device Data: Browser type, operating system, IP address (for security and analytics)
• Technical Data: API calls, system logs, error reports, performance metrics

Third-Party AI Platforms: Some AI processing occurs on third-party platforms (see "Third-Party Platforms and Services" section below). These platforms have their own privacy policies and data processing practices. Your data may be transmitted to and processed by:

• AI chatbot providers (CCBonline AI Platform, Genspark AI, or similar services)
• AI development tools and code generation platforms
• AI analytics and business intelligence platforms
• AI content generation and optimization services

AI Limitations and Accuracy

Human Oversight and Intervention

• Monitoring: CCBONLINE employees monitor AI interactions and can intervene to correct errors or provide human assistance
• Human Review: Critical business decisions, contract terms, pricing, and complex inquiries are reviewed and approved by human employees
• Escalation: Complex or sensitive issues are automatically escalated to human specialists
• Request Human Support: You may request to speak with a human representative at any time by emailing info@ccbonline.ca or calling +1 (647) 568-1128
• No Automated High-Impact Decisions: AI does NOT make final decisions regarding contracts, pricing, service eligibility, employment, or other significant matters without human review

Your AI Rights Under AIDA

Under AIDA, CPPA, and Quebec's Law 25, you have specific rights regarding AI systems:

• Right to Know: You have the right to know when you're interacting with an AI system
• Right to Explanation: You can request an explanation of how AI systems process your data or make recommendations that affect you
• Right to Human Review: You can request human review of any AI-generated decision or recommendation
• Right to Opt-Out: You can opt out of AI interactions and request human-only support
• Right to Deletion: You can request deletion of your data from AI training datasets (subject to legal retention requirements)
• Right to Object: You can object to AI processing of your personal information for specific purposes
• Right to File Complaints: You can file complaints about AI systems with CCBONLINE, the Privacy Commissioner of Canada, or the AI and Data Commissioner

AI Safety and Accountability

• Risk Assessments: We conduct quarterly risk assessments of AI systems for accuracy, bias, security, and potential harm
• Bias Testing: Regular testing for algorithmic bias based on protected characteristics (race, gender, age, disability, religion, etc.)
• Technical Safeguards: AI systems are configured to prevent harmful, discriminatory, illegal, or inappropriate content generation
• Incident Reporting: Reportable AI incidents (significant harm, bias, privacy breaches) are documented and reported to the AI and Data Commissioner as required by AIDA
• AI Compliance Officer: We have designated an AI Compliance Officer responsible for AIDA compliance. Contact: ai@ccbonline.ca

Contact for AI Concerns

If you have questions, concerns, or complaints about our AI usage, or if you wish to exercise your AI rights, please contact:

• AI Compliance Officer: ai@ccbonline.ca
• Privacy Officer: privacy@ccbonline.ca
• General Inquiries: info@ccbonline.ca
• Phone: +1 (647) 568-1128

Third-Party Platforms and Services

Our website integrates with various third-party platforms and services to provide enhanced functionality and user experience. These third-party services have their own privacy policies and terms of service, which we encourage you to review.

Third-Party AI Platform Account Authorization and Management

For AI Integration Services: When you engage CCBONLINE for AI chatbot or voice assistant integration services, we may assist you with the technical setup and configuration of third-party AI platforms. This process may involve:

• Account Registration Assistance: We may help you register for third-party AI platform accounts. You are responsible for providing accurate information during registration and maintaining the accuracy of your account details.
• Temporary Access Authorization: You may grant us temporary access to your third-party AI platform account for initial setup, technical configuration, and integration purposes. This access is provided at your discretion through the platform's official authorization mechanisms.
• Account Credentials: You retain full ownership and control of your third-party AI platform account credentials. We recommend using the platform's official access authorization features (such as OAuth, API keys, or role-based access) rather than sharing passwords directly.
• Data Access During Setup: During the integration process, we may access account configuration settings, API connections, and technical setup parameters. We will not access, view, or modify your business content or customer data within the platform unless explicitly authorized by you for specific technical troubleshooting purposes.
• Account Management Responsibility: You are solely responsible for managing your third-party AI platform account, including subscription payments, user access controls, data privacy settings, content configuration, and compliance with the platform's terms of service.
• Access Revocation: You may revoke our access to your third-party AI platform account at any time through the platform's access management features. We recommend revoking access after the initial setup and integration is completed.
• No Ongoing Account Management: Unless specifically agreed in a separate service agreement, CCBONLINE does not provide ongoing account management, content moderation, or administrative services for your third-party AI platform account. Our services are limited to technical integration and setup.

Third-Party Development and Deployment Platform Authorization

For Website Development Services: When you engage CCBONLINE for website development, design, or deployment services, we utilize various third-party platforms, tools, and services to create, test, and deploy your website. This process may involve:

• Development Platform Account Setup: We may create accounts on third-party development platforms (such as code repositories, project management tools, design platforms, or content management systems) on your behalf or in our name for project purposes. You acknowledge that project files, code, and assets may be stored on these platforms during development.
• Hosting and Deployment Platform Accounts: We may assist you with registering for or configuring accounts on third-party hosting platforms (such as GitHub Pages, Netlify, Vercel, AWS, Google Cloud, or similar services) to deploy and host your website. You are responsible for providing accurate registration information and maintaining account credentials.
• Domain Registration Services: If you use our domain registration assistance, we may help you register domains through third-party domain registrars (such as GoDaddy, Namecheap, or similar services). You own the domain, and you are responsible for domain renewals, DNS management, and compliance with registrar terms.
• Content Delivery Networks (CDN): Your website may utilize third-party CDN services (such as Cloudflare, jsDelivr, or similar) for performance optimization. These services process visitor IP addresses, browser information, and access logs according to their privacy policies.
• Development Tools and APIs: We may use third-party development tools, APIs, libraries, frameworks, and software (including AI-assisted coding tools) to create your website. Your project code and content may be transmitted to these services during the development process.
• Testing and Analytics Platforms: During development and after deployment, we may integrate third-party testing tools, analytics platforms, or monitoring services to ensure website functionality and performance. These services collect technical data about website visitors and usage.
• Version Control and Collaboration: Project files may be stored in version control systems (such as GitHub, GitLab, Bitbucket) that are accessible to CCBONLINE team members and potentially to you if you request access. These platforms store your website code, assets, and development history.

Platform Ownership and Control

Account Ownership and Access:

• Client-Owned Accounts: For hosting, domain, and deployment platforms where you own the account, you retain full ownership and control. We may request temporary administrative access for setup and maintenance purposes, which you can revoke at any time.
• CCBONLINE-Owned Accounts: For development tools, version control systems, or project management platforms, CCBONLINE may use our own accounts to manage your project. You may request copies of project files, code, or access to repositories upon request.
• Shared Access Arrangements: Some platforms may require shared access or collaborative accounts. Access permissions and roles will be defined based on project needs and your preferences.
• Post-Project Transition: Upon project completion, we will transfer relevant access credentials, provide code repositories, and assist with transitioning account ownership as agreed in the service agreement. Some development platform accounts used during the project may remain under CCBONLINE's ownership for internal archival purposes.

Third-Party Platform Payment and Subscription Responsibilities

You acknowledge and agree to the following regarding third-party platform fees and costs:

• Client Payment Responsibility: You are solely responsible for all fees, costs, subscriptions, and charges associated with third-party platforms registered in your name or used for your website/services, including but not limited to:
  • Hosting platform monthly/annual subscription fees
  • Domain registration and renewal fees
  • SSL certificate costs
  • CDN usage fees and bandwidth charges
  • AI platform subscription and usage fees (API calls, token usage, etc.)
  • Email service provider fees
  • Analytics platform fees
  • Database hosting and storage fees
  • Backup and disaster recovery service fees
  • Any overage charges, bandwidth limits, or usage-based billing
• CCBONLINE Platform Costs: For development platforms, tools, and services that CCBONLINE uses on our own accounts (such as version control systems, project management tools, or development software), CCBONLINE bears those costs. These are considered part of our service delivery and are not separately billed to you unless explicitly agreed in the service agreement.
• Platform Fee Estimates: CCBONLINE may provide estimated costs for third-party platform services as a courtesy during project planning. However, these are estimates only and not guarantees. Actual costs may vary based on platform pricing changes, your usage patterns, traffic volumes, or feature selections. You are responsible for verifying current pricing directly with platform providers.
• Price Changes: Third-party platforms may change their pricing, introduce new fees, modify subscription tiers, or eliminate free plans at any time without notice to CCBONLINE. You are responsible for monitoring platform pricing notifications and managing cost implications.
• Payment Method Management: You are responsible for maintaining valid payment methods (credit cards, payment accounts) for all client-owned platform accounts. Account suspension or service termination due to payment failures is your responsibility.
• Overage and Usage-Based Charges: Many platforms charge based on usage (bandwidth, API calls, storage, visitor traffic, etc.). You are responsible for monitoring usage, setting budget alerts, and managing overage charges. CCBONLINE is not responsible for unexpected overage bills or usage spikes.
• Free Tier Limitations: If your website initially uses free tiers or trial periods of third-party platforms, you acknowledge that free tiers have limitations (bandwidth caps, feature restrictions, etc.) and may require upgrading to paid plans as your website grows. You are responsible for upgrading accounts and associated costs.
• No Refund Responsibility: CCBONLINE is not responsible for obtaining refunds from third-party platforms if you are dissatisfied with their services, if you cancel services, or if you experience billing disputes. All refund requests must be directed to the respective platform provider.

Third-Party Services We Use

Our website and services integrate with or utilize the following third-party platforms and services. Each of these services operates independently with its own privacy policies, terms of service, and data processing practices.

• Genspark AI (AI-Powered Services): We may use Genspark AI services for content generation, analysis, or other AI-powered functionality. Genspark AI may process information you provide through our services. When you interact with AI features on our website, your inputs and data may be transmitted to and processed by Genspark AI's systems. Genspark AI's privacy policy and terms are available at https://www.genspark.ai/privacy and https://www.genspark.ai/terms
• Cloudflare (Content Delivery Network & Security): We use Cloudflare as our content delivery network (CDN) and security service provider. Cloudflare processes your IP address, browser information, and other technical data to provide caching, DDoS protection, SSL/TLS encryption, and performance optimization. Cloudflare may collect and process your information independently as a data controller for its own security and analytics purposes. Cloudflare's privacy policy is available at https://www.cloudflare.com/privacypolicy/
• Formspree (Contact Form Processing): We use Formspree to process contact form submissions. When you submit our contact form, your data (including name, email, message content, and any other information you provide) is transmitted to Formspree's servers and forwarded to our email address. Formspree stores form submissions on their servers. Formspree's privacy policy is available at https://formspree.io/legal/privacy-policy
• CCBonline AI Platform (Live Chat & Customer Support): We use our CCBonline AI Platform to provide live chat support on our website. When you interact with our live chat widget, your messages, contact information, conversation history, and technical data (IP address, browser type, pages visited) may be collected and processed by our AI platform. Chat transcripts and user data are stored securely on our platform servers with end-to-end encryption and PIPEDA compliance.
• Google Analytics (Website Analytics): We use Google Analytics to analyze website traffic, user behavior, and website performance. Google Analytics automatically collects information such as IP addresses, browser types, operating systems, device information, pages visited, time spent on pages, referral sources, geographic location, and user interactions. This data is transmitted to and stored on Google's servers. Google uses cookies and similar tracking technologies to collect this information. Google's privacy policy is available at https://policies.google.com/privacy. You can opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.
• Google Fonts (Typography & Font Delivery): Our website uses Google Fonts to enhance typography and visual design. When you visit our website, your browser automatically connects to Google's servers to load font files. Google may collect technical information such as IP addresses, browser type, and requested font files for analytics and performance purposes. Google's privacy policy is available at https://policies.google.com/privacy
• Font Awesome (Icons & Typography): We use Font Awesome for icons and additional typography resources. Font Awesome may collect technical information such as IP addresses when icons and fonts are loaded. Font Awesome's privacy policy is available at https://fontawesome.com/privacy
• jsDelivr (Content Delivery Network): We may use jsDelivr CDN to deliver JavaScript libraries, CSS files, and other web resources. jsDelivr may collect technical information including IP addresses, requested files, and performance metrics. jsDelivr's privacy policy is available at https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net
• Henderson Associates (Business Services & Consulting): We may integrate with, reference, or collaborate with Henderson Associates (hendersonassociates.ca) for business services, professional consulting, legal advice, or other specialized services. When you interact with Henderson Associates through our website, are referred to their services, or when we share information with them for service delivery purposes, your personal information may be transmitted to, processed by, or shared with Henderson Associates. Henderson Associates operates as an independent service provider with its own privacy practices, data security measures, and legal obligations. Henderson Associates' privacy policy is available at https://hendersonassociates.ca/privacy and their terms of service are available at https://hendersonassociates.ca/terms. Important: Any information shared with or processed by Henderson Associates is subject to their own privacy policy, data protection practices, and applicable laws, and CCBONLINE assumes no liability for Henderson Associates' data handling, security measures, or legal compliance.
• GitHub Pages / Hosting Providers: Our website may be hosted on third-party hosting platforms (such as GitHub Pages, Netlify, Vercel, or similar services). These hosting providers process your IP address, browser information, and access logs to deliver our website content. Each hosting provider has its own privacy policy governing their data collection and processing practices.
• Other Third-Party Services: We may integrate additional third-party services, APIs, plugins, widgets, or tools from time to time to enhance website functionality, improve user experience, or provide additional features. Any such third-party services will have their own privacy policies and terms of service. We will update this list periodically, but may not provide immediate notice of all third-party integrations.

Comprehensive Disclaimer of Liability for Third-Party Services

CCBONLINE EXPRESSLY DISCLAIMS ALL LIABILITY AND RESPONSIBILITY FOR THE PRIVACY PRACTICES, DATA SECURITY, OPERATIONS, OR CONTENT OF ANY AND ALL THIRD-PARTY SERVICES. We do not control, monitor, endorse, or assume any responsibility for how third-party platforms collect, use, store, transmit, process, or share your personal information.

No Liability for Legal Compliance Failures

CCBONLINE is not responsible for third-party service providers' failure to comply with applicable laws, even where such compliance is legally mandated. This includes but is not limited to:

• Privacy Law Violations: Failure by third parties to comply with PIPEDA, CPPA, AIDA, Quebec Law 25, CASL, or other privacy legislation
• Data Breach Notification Failures: Failure by third parties to notify you or authorities of data breaches within required timeframes (e.g., 72 hours under Law 25)
• Rights Violation: Failure by third parties to honor your rights to access, correction, deletion, portability, or other statutory rights
• Security Standard Breaches: Failure by third parties to maintain adequate security measures, encryption, or access controls
• Consent Violations: Failure by third parties to obtain proper consent or respect withdrawal of consent
• Cross-Border Transfer Violations: Improper transfer of your data across international borders without adequate safeguards
• Retention Violations: Failure by third parties to delete or anonymize data within required timeframes

Independent Contractor Relationship

All third-party service providers operate as independent contractors. CCBONLINE does not exercise control over their operations, employment practices, security protocols, or legal compliance. We are not liable for any acts, omissions, negligence, willful misconduct, or legal violations committed by third parties, regardless of whether we have a contractual relationship with them.

Your Acknowledgment and Assumption of Risk

By using our website and any integrated third-party services, you expressly acknowledge, understand, and agree that:

• Voluntary Use: Your use of third-party services integrated into our website is entirely voluntary and at your sole risk and discretion
• No Guarantees: We make no representations, warranties, or guarantees regarding the security, privacy, reliability, availability, or legal compliance of any third-party service
• Independent Review Required: You are responsible for reviewing and understanding the privacy policies, terms of service, and security practices of all third-party services you interact with
• Alternative Methods Available: You may choose to contact us through alternative methods (direct email, phone) to avoid third-party service use
• Release of Claims: You release, waive, and forever discharge CCBONLINE from any and all claims, demands, damages, or causes of action arising from or related to third-party service providers
• Indemnification: You agree to indemnify and hold CCBONLINE harmless from any claims, losses, or expenses arising from your use of third-party services

Regulatory Notification Disclaimer

IMPORTANT LEGAL NOTICE: While Canadian privacy laws (including PIPEDA, CPPA, and Quebec Law 25) may require CCBONLINE to notify you or regulatory authorities of certain third-party data breaches or incidents, such notification obligations do not create liability on our part for the third party's actions, omissions, or legal violations.

Any notifications we provide regarding third-party incidents are:

• Provided solely to fulfill our own legal compliance obligations
• Based on information received from third parties, which we cannot independently verify
• Not an admission of liability or responsibility for the third party's conduct
• Not a guarantee that the information provided is complete, accurate, or timely
• Subject to the limitations of information provided to us by third parties

For any issues, complaints, or legal claims related to third-party services, you must contact the respective service provider directly. CCBONLINE cannot and will not intervene in disputes between you and third-party service providers.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Officer: