General Data Protection Regulation (GDPR) Privacy Notice
Last updated: February 12, 2025
This notice explains how Domain ("we", "us", "our") collects, processes, stores, and protects personal data in accordance with applicable data protection legislation. It applies to all users of our platform available at domain.biz and any related services we provide.
1. Data Controller
Domain acts as the data controller for personal data collected through this platform. You may contact us regarding any data protection matter at:
- Address: 397 S Edgeware Rd, St Thomas, ON N5P 4B8, Canada
- Email: [email protected]
- Phone: +1 416 971 5111
2. Personal Data We Collect
We collect personal data only to the extent necessary for the purposes described in this notice. The categories of personal data we may collect include:
2.1 Data You Provide Directly
- Full name and display name
- Email address
- Account credentials (stored in encrypted form)
- Profile information you choose to provide
- Communications and correspondence submitted via contact forms or support channels
2.2 Data Collected Automatically
- IP address and approximate geographic location derived from it
- Browser type, version, and operating system
- Device identifiers and screen resolution
- Pages visited, time spent, and navigation paths within the platform
- Quiz and assessment responses, scores, and completion records
- Session timestamps and access logs
2.3 Data from Third Parties
- Authentication data if you choose to register or log in using a third-party identity provider
- Payment processing data received from our payment service providers (we do not store full card details)
3. Lawful Bases for Processing
We process personal data only when a lawful basis applies. The bases we rely upon are:
| Processing Activity | Lawful Basis |
|---|---|
| Creating and managing your account | Performance of a contract |
| Delivering platform features, quizzes, and assessments | Performance of a contract |
| Processing payments | Performance of a contract |
| Sending transactional communications (account confirmations, password resets) | Performance of a contract |
| Sending promotional or marketing communications | Consent |
| Analysing platform usage to improve features | Legitimate interests |
| Detecting and preventing fraud or abuse | Legitimate interests |
| Compliance with legal obligations | Legal obligation |
4. How We Use Your Personal Data
We use the personal data we collect for the following purposes:
- To register and maintain your account on the platform
- To deliver interactive learning content, quizzes, and assessments
- To track your learning progress and provide personalised feedback
- To process and confirm payments for subscriptions or individual purchases
- To communicate with you about your account, activity, or support requests
- To send you service updates and important notices
- To send marketing communications where you have given consent
- To analyse aggregated usage patterns and improve platform performance
- To enforce our Terms of Service and protect platform integrity
- To meet applicable legal and regulatory obligations
5. Data Sharing and Disclosure
We do not sell your personal data. We may share it in the following limited circumstances:
5.1 Service Providers
We engage trusted third-party service providers who process personal data on our behalf under written data processing agreements. These providers may include cloud hosting services, payment processors, email delivery services, and analytics providers. They are permitted to use your data only as instructed by us.
5.2 Legal Requirements
We may disclose personal data when required to do so by applicable law, regulation, or binding order of a competent authority, or where necessary to protect the rights, property, or safety of Domain, our users, or others.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred to the successor entity. We will notify affected users in advance where practicable.
6. International Data Transfers
Where personal data is transferred to recipients located outside the jurisdiction in which it was collected, we ensure that appropriate safeguards are in place. These safeguards may include standard contractual clauses approved by competent supervisory authorities, adequacy decisions, or other legally recognised transfer mechanisms. You may request further information about the specific safeguards applicable to your data by contacting us at [email protected].
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes described in this notice or as required by applicable law. Our general retention periods are:
- Active account data: retained for the duration of your account and for a period of up to 3 years following account closure
- Payment and billing records: retained for up to 7 years to comply with financial and tax obligations
- Communication and support records: retained for up to 3 years from the date of the last interaction
- Platform usage and analytics data: retained in aggregated or anonymised form indefinitely; identifiable data retained for up to 2 years
- Marketing consent records: retained until consent is withdrawn and for a reasonable period thereafter as evidence of compliance
When data is no longer required, it is securely deleted or anonymised.
8. Your Rights Under Applicable Data Protection Law
Depending on your location and applicable law, you may have the following rights with respect to your personal data:
8.1 Right of Access
You have the right to request a copy of the personal data we hold about you and to receive information about how it is processed.
8.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
8.3 Right to Erasure
You have the right to request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you have withdrawn consent, or where processing is otherwise unlawful. This right is subject to certain legal exceptions.
8.4 Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, for example while the accuracy of data is contested or an objection is being assessed.
8.5 Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to request that it be transmitted to another controller where technically feasible.
8.6 Right to Object
You have the right to object to processing of your personal data carried out on the basis of legitimate interests, including profiling. You also have the absolute right to object to processing for direct marketing purposes at any time.
8.7 Rights Related to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. We do not currently make such automated decisions about users. Where this changes, we will update this notice accordingly.
8.8 Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
8.9 Right to Lodge a Complaint
You have the right to lodge a complaint with a competent supervisory authority if you consider that our processing of your personal data infringes applicable data protection law.
To exercise any of the above rights, please contact us at [email protected]. We will respond to verified requests within the timeframes required by applicable law, and no later than 30 days from receipt of your request.
9. Cookies and Similar Technologies
We use cookies and similar tracking technologies to operate and improve the platform. Cookies may be used for the following purposes:
- Strictly necessary cookies: required for the platform to function correctly, including session management and authentication
- Functional cookies: used to remember your preferences and settings
- Analytics cookies: used to collect aggregated information about how users interact with the platform
- Marketing cookies: used to deliver relevant communications, where you have provided consent
You may manage your cookie preferences through your browser settings or through the consent controls we provide on the platform. Please note that disabling certain cookies may affect the functionality of the platform.
10. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and staff training on data protection obligations.
No method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining measures consistent with industry standards and applicable legal requirements.
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will notify the competent supervisory authority and, where required, the affected individuals in accordance with applicable legal timelines.
11. Children's Privacy
Our platform is not directed at children under the age of 16. We do not knowingly collect personal data from children under this age. If we become aware that we have inadvertently collected personal data from a child under 16 without appropriate consent, we will take prompt steps to delete that data. If you believe a child under 16 has submitted personal data to us, please contact us at [email protected].
12. Changes to This Notice
We may update this notice from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The date at the top of this notice indicates when it was last revised. Where changes are material, we will provide notice through the platform or by email. We encourage you to review this notice periodically. Continued use of the platform after an updated notice has been published constitutes your acknowledgement of the changes.
13. Contact Us
If you have any questions, concerns, or requests relating to this notice or our data protection practices, please contact us:
- Email: [email protected]
- Phone: +1 416 971 5111
- Postal address: 397 S Edgeware Rd, St Thomas, ON N5P 4B8, Canada
We are committed to working with you to resolve any concerns regarding our processing of your personal data.