Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how Benco Advisory Group (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit bencoadvisorygroup.ca (the “Site”), request information, or engage with our services and workshops.

For the purposes of applicable privacy laws, the data controller is:

• Legal entity: B.E.N.C.O Inc.
• Operating name: Benco Advisory Group
• Registered address: 200 Bay Street, Suite 1700, Toronto, ON M5J 2J2, Canada
• Contact email: [email protected]
• Phone: +1 416 642 7813

We provide business education, digital workflow education, and operational guidance. Our content and sessions are educational and professional information services. We do not provide financial, legal, investment, tax, or career advice, and we do not guarantee outcomes.

2. Personal Data We Collect

We collect only the personal data that is reasonably necessary to respond to requests, deliver workshops, improve the Site, and maintain security. Depending on how you interact with us, the data we collect may include:

• Identity and contact information: name, email address, phone number, organization name (if provided).
• Form content and communications: messages you send through the Site, including project context, scheduling constraints, and the service or workshop you select.
• Technical information: IP address, browser type, device type, operating system, language, time zone, and approximate location derived from IP (at a broad level such as city/region).
• Usage information: pages viewed, time spent on pages, referrer URL, navigation paths, and interactions with page elements.
• Cookies and identifiers: first-party cookies used to support basic site functions and store consent; third-party identifiers may be set if you consent to analytics or marketing cookies.
• Conversion events: events indicating you submitted a form or requested information (for measurement and service improvement when consent is provided).

We do not intentionally collect special-category data (such as health data, political opinions, or religious beliefs), financial account details, or government identification numbers through the Site. Please do not include sensitive personal information in form messages.

3. Why We Process Personal Data & Legal Basis

We process personal data for specific purposes and based on a lawful basis. Where privacy laws use different terminology (for example, under Canadian privacy law), we still apply the same principles: purpose limitation, data minimization, and transparency.

Contact and service enquiries

Purpose: to respond to your request, propose a scope, and coordinate delivery format and scheduling. Legal basis (GDPR framework): performance of a contract or steps prior to entering a contract (Art. 6(1)(b)) and, where applicable, consent (Art. 6(1)(a)) for communications initiated through the contact form.

Analytics and service improvement

Purpose: to understand how the Site is used, identify content gaps, improve navigation, and prioritize educational resources. Legal basis (GDPR framework): consent (Art. 6(1)(a)) for analytics cookies and measurement where required.

Marketing and advertising measurement

Purpose: to measure advertising performance, prevent repeated irrelevant messaging, and build audiences for educational content. Legal basis (GDPR framework): consent (Art. 6(1)(a)) for marketing cookies and similar technologies where required.

Security, fraud prevention, and operational integrity

Purpose: to protect the Site, detect abuse, reduce spam, investigate suspicious activity, and maintain service continuity. Legal basis (GDPR framework): legitimate interests (Art. 6(1)(f)) and, where applicable, compliance with legal obligations (Art. 6(1)(c)).

Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for individuals (GDPR Art. 22). Some analytics and marketing tools may infer interest categories for advertising measurement, but we do not use such inferences to make decisions with legal or material impact.

4. Cookies & Tracking Technologies

Cookies are small text files placed on your device. We also use similar technologies (such as pixel tags) and may use server-side event forwarding where enabled. Our cookie categories are:

Essential (always active)

These are required for the Site to function and to remember your cookie choices. Essential cookies include _site_session and cookie_consent. Retention ranges from session-based to up to 12 months depending on the cookie.

Analytics (optional, consent-based)

If you consent, we may use Google Analytics 4 to understand usage and improve content. IP anonymization may be enabled depending on configuration. Example cookies include _ga and _ga_XXXXXXXXXX. Analytics data retention is typically set to 14 months.

Marketing (optional, consent-based)

If you consent, marketing cookies may be used to measure ad effectiveness and deliver relevant messaging. Example cookies include _gcl_au (Google Ads) and _fbp/_fbc (Meta). Retention is typically around 90 days for marketing identifiers, though it can vary by provider.

You can manage cookie preferences using the “Manage cookie preferences” link in the footer. You can also clear cookies in your browser. For more detail, see our Cookie Policy.

5. Consent for Cookies (EEA/UK Visitors)

Users in the EEA and the UK may receive a consent notice under GDPR and UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Consent is recorded in the cookie_consent cookie (typically for 12 months).

You may withdraw consent at any time by using “Manage cookie preferences” in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing before you withdrew consent.

6. Sharing With Service Providers and Advertising Partners

We use vetted service providers to operate the Site and, where enabled and consented, to measure advertising and improve content. We do not sell personal data. Depending on your preferences and the services you request, we may share limited data with:

• Google LLC (Google Analytics 4, Google Ads measurement): cookie identifiers, usage data, and conversion events. policies.google.com/privacy
• Meta Platforms, Inc. (advertising measurement and audiences): page views, conversions, audience membership signals, and where configured, hashed identifiers. facebook.com/privacy/policy
• Cloudflare, Inc. (security and performance): IP-based threat detection and content delivery. cloudflare.com/privacypolicy

These providers process data as service providers and are not permitted to use Site data for their own independent commercial purposes beyond providing their services to us and meeting their legal obligations. Sharing depends on configuration and consent signals.

7. International Data Transfers

We operate in Canada and may use service providers that process data in other countries, including the United States. When personal data is transferred internationally, we take steps designed to provide an appropriate level of protection based on the nature of the transfer and applicable law.

For EEA/UK-related transfers, mechanisms may include the EU–U.S. Data Privacy Framework (where applicable), the UK extension to the DPF (where applicable), and Standard Contractual Clauses (EU 2021/914) or the UK International Data Transfer Agreement (IDTA) as fallbacks.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Typical retention periods include:

• Contact submissions: up to 2 years from the last interaction to support follow-up and continuity.
• Email correspondence: duration of the relationship plus 1 year, unless we need it longer for recordkeeping.
• Server logs: typically up to 90 days for security and troubleshooting.
• Analytics data: typically 14 months (subject to settings and consent).
• Marketing cookies: per cookie lifetime (often around 90 days, depending on provider settings).
• Consent record: we may retain evidence of your cookie choices for up to 3 years for audit and compliance.
• Legal and tax: records may be retained as required by applicable laws (commonly 6–10 years for certain business records).

9. Your Rights (GDPR/UK GDPR) and How to Exercise Them

Depending on your location and the laws that apply, you may have rights such as:

• Right of access (GDPR Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent (Art. 7(3))
• Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise rights, email us at [email protected]. We may request limited information to verify identity and protect privacy. We aim to respond within 30 days; in complex cases, this may be extended by up to 60 additional days where permitted.

Supervisory authority references (for general guidance): edpb.europa.eu and, for UK residents, the Information Commissioner’s Office: ico.org.uk.

10. Children’s Privacy

This Site is not directed at individuals under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data to us, contact us and we will take steps to delete the information.

11. Do Not Track Signals

Some browsers offer a “Do Not Track” (DNT) signal. The Site does not respond to DNT signals in a uniform way. Third-party providers may have their own DNT handling and opt-out mechanisms.

12. Requests for Deletion or Copies of Data

To request deletion or a copy of your data, email [email protected] with the subject line “Data Deletion Request” or “Data Access Request”. We may ask you to confirm details to ensure we are responding to the correct individual.

Where deletion is requested, we will delete data unless we must retain it to comply with legal obligations, resolve disputes, or enforce agreements. In those cases, we will restrict access to retained data.

13. Business Transfers

If B.E.N.C.O Inc. is involved in a merger, acquisition, financing, restructuring, or sale of assets, personal data may be transferred as part of that transaction. If the transfer materially changes how data is used, we will provide notice on the Site.

14. California Privacy Notice (CCPA/CPRA)

This section applies to California residents when required. In the past 12 months, we may have collected the following categories of personal information:

• Identifiers: name, email address, IP address, and cookie identifiers.
• Internet or network activity: interactions with the Site and related analytics.
• Inferences: interest categories derived from browsing behavior for advertising measurement where consent is provided.

We do not sell personal information as defined by CCPA. We may share information for cross-context behavioral advertising when marketing cookies are enabled. California residents may opt out by using our cookie preferences panel (via the footer) and disabling marketing cookies.

Depending on the circumstances, you may have rights to know, delete, correct, and opt out of sale/sharing, and to be free from discrimination for exercising privacy rights. Submit requests by emailing [email protected] with the subject line “California Privacy Request”. We will verify your request before responding. Authorized agents may submit requests with proof of authorization.

15. Virginia Privacy Notice (VCDPA)

Where applicable to Virginia residents, you may have rights to access, correct, delete, obtain a copy of personal data, and opt out of targeted advertising. Submit requests by emailing [email protected] with the subject line “Virginia Privacy Request”.

We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects. If we decline to act on a request, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request”. We will respond within 60 days where required. If an appeal is denied, you may contact the Virginia Attorney General.

16. Nevada Privacy Notice

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service providers. If a change is material, we will post a notice on the Site at least 14 days before the change takes effect where practical. The “Last Updated” date at the top of this page indicates when the policy was last revised.

18. Contact

If you have questions about privacy, data use, or this Privacy Policy, contact:

• B.E.N.C.O Inc. (Benco Advisory Group)
• Address: 200 Bay Street, Suite 1700, Toronto, ON M5J 2J2, Canada
• Email: [email protected]
• Phone: +1 416 642 7813