Skip to content
FioSec Consulting

Privacy Policy

Effective date: June 10, 2026 Last updated: June 10, 2026

FioSec Consulting Inc. (“FioSec,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information of the people who visit our website and do business with us. This Privacy Policy explains what personal information we collect through www.fiosec.com, why we collect it, how we use and protect it, who we share it with, how long we keep it, and the rights and choices available to you.

This policy is designed to comply with PIPEDA and with applicable privacy legislation in Ontario, Canada. FioSec is located at 200-120 East Beaver Creek Rd, Richmond Hill, ON L4B 4V1, Canada.

1. Accountability

FioSec is responsible for personal information under its control. As required by PIPEDA, we have designated an individual who is accountable for our compliance with this policy and with applicable privacy law:

That individual is Roger Warner, Privacy Officer, who can be reached at privacy@fiosec.com.

You may contact this individual with any question, request, or concern about your personal information using the details in Section 13.

2. What Personal Information We Collect

We collect only the personal information we need for the purposes described in this policy.

Information you provide to us. When you submit our contact form, we collect your first name, last name (optional), email address, phone number (optional), company name (optional), and the contents of your message. When you contact us by email, by phone, or by booking a meeting with a member of our team, we collect the information you choose to provide and a record of that correspondence.

Information collected automatically. Like most websites, our hosting and security infrastructure automatically logs limited technical information when you visit, which may include your IP address, browser and device type, the referring page, the pages you view, and the date and time of your visit. We use this information for security, troubleshooting, and aggregate traffic analysis, not to identify you personally.

Information we do not collect. We do not collect government identifiers, payment card or financial account numbers, or sensitive personal information through this website, and we ask that you not send such information through the contact form.

3. Why We Collect and Use Your Information (Purposes)

We identify the purposes for which we collect personal information at or before the time of collection. We use the personal information we collect to:

  • respond to your inquiries, support requests, and meeting bookings;
  • provide, plan, and deliver the cybersecurity consulting, assessment, and procurement services you request;
  • prepare quotes, proposals, and contracts, including procurement through OECM agreements;
  • maintain the security, integrity, and performance of our website, systems, and business;
  • comply with our legal, regulatory, and contractual obligations.

We will not use your personal information for a new purpose without your consent unless permitted or required by law.

By providing personal information to us, for example by submitting the contact form or booking a meeting, you consent to our collection, use, and disclosure of that information as described in this policy. Depending on the sensitivity of the information and the circumstances, consent may be express or implied.

You may withdraw your consent at any time, subject to legal or contractual restrictions, by contacting us using the details in Section 13. We will explain the consequences of withdrawal where applicable. Withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.

Commercial electronic messages (CASL). If we send commercial electronic messages such as newsletters or promotional emails, we do so in accordance with Canada’s Anti-Spam Legislation (CASL): we will have your consent (express or implied), we will clearly identify ourselves, and every such message will include a working unsubscribe mechanism that we honour promptly.

FioSec does not send unsolicited commercial electronic messages.

5. When We Disclose Your Information

We do not sell, rent, or trade your personal information, and we do not use it for third-party advertising. We disclose personal information only:

  • to service providers that process information on our behalf to operate our website and business, under contracts that limit them to providing services to us and require appropriate safeguards (see Section 6);
  • to technology vendors and distributors, only where necessary to fulfil a product quote, order, registration, or support request you have asked us to handle, and only the information needed for that purpose;
  • as required or permitted by law, including in response to a valid legal request or court order, or where necessary to protect the rights, property, or safety of FioSec, our customers, or the public;
  • in a business transaction, such as a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to protect the information in a manner consistent with this policy.

6. Service Providers and International Transfers

We use trusted third parties to help us operate this website and our business. These currently include:

  • Website hosting: Google Firebase Hosting (Google LLC), which serves this website and logs limited technical information for delivery and security.
  • Meeting scheduling: HubSpot, Inc., when you book a meeting with a member of our team through a link on this site.
  • Contact form handling: contact-form submissions are delivered to us by email or through a third-party form-handling service that processes them on our behalf.
  • Email: our business email provider, which hosts our @fiosec.com accounts and processes the messages you send us.

Some of these providers, including Google and HubSpot, may store or process information outside of Canada, including in the United States. When information is processed outside Canada, it is subject to the laws of the jurisdiction where it is processed and may be accessible to courts, law enforcement, and government authorities in that jurisdiction. We use providers that offer appropriate contractual and technical safeguards. You may contact us for more information about our practices for service providers located outside Canada, including how to direct related questions or complaints.

7. Cookies and Analytics

Cookies. This website is static and does not set first-party tracking cookies.

Analytics. We do not use third-party analytics or advertising trackers on this site.

8. Retention

We keep personal information only as long as necessary to fulfil the purposes for which it was collected or as required by law. Contact-form and inquiry records that do not lead to a business relationship are retained for 24 months and then securely deleted or anonymized. Records related to client engagements are retained for the period required by applicable tax, corporate, and contractual record-keeping obligations, after which they are securely destroyed.

9. Safeguards

As a cybersecurity firm, we apply to our own systems the same discipline we recommend to our clients. We protect personal information using physical, organizational, and technical safeguards appropriate to its sensitivity, including encryption of data in transit (this website is served exclusively over HTTPS), access controls that limit who can view inquiry data, and monitoring of our systems. No method of transmission or storage is completely secure, but we work to protect your information against loss, theft, and unauthorized access, use, disclosure, copying, or modification.

10. Privacy Breaches

If a breach of our security safeguards involving your personal information creates a real risk of significant harm to you, we will report the breach to the Office of the Privacy Commissioner of Canada and notify you as soon as feasible, as required by PIPEDA. We maintain records of breaches of security safeguards as required by law.

11. Your Rights

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you and receive an account of how it has been used and to whom it has been disclosed;
  • Correct information that is inaccurate or incomplete;
  • Withdraw consent to our use of your information, subject to legal and contractual restrictions;
  • Challenge our compliance with this policy and with PIPEDA.

We will respond to access and correction requests within 30 days, as required by PIPEDA, or tell you if we need more time as the law allows. We may need to verify your identity before acting on a request. There is no cost for a routine request; we will notify you in advance if a request would attract a fee permitted by law.

12. Children’s Privacy

Our services are directed at businesses and public sector organizations, not at individuals, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

13. How to Contact Us or Make a Complaint

For any question, request, or concern about your personal information or this policy, contact:

FioSec Consulting Inc. 200-120 East Beaver Creek Rd Richmond Hill, ON L4B 4V1, Canada Email: info@fiosec.com Phone: 416 450 3382 Attention: Roger Warner, Privacy Officer

If you are not satisfied with our response, you have the right to make a complaint to the Office of the Privacy Commissioner of Canada (www.priv.gc.ca, 1-800-282-1376).

Our website links to external sites, including our technology partners, OECM, and team meeting-booking pages. We are not responsible for the privacy practices or content of those sites, and we encourage you to review their privacy policies before providing personal information.

15. Changes to This Policy

We may update this policy from time to time. The “Last updated” date above reflects the most recent revision, and material changes will be posted on this page. We encourage you to review this policy periodically.