Data Protection Policy

1. Introduction

WilGlobo Enterprises ("we," "us," or "our") is committed to protecting the personal data of users of the WilGlobo Mentorship Platform ("Platform"). This Data Protection Policy outlines our practices concerning the collection, use, storage, and protection of personal data.

This policy complements our Privacy Policy and provides more detailed information about our data protection practices. It is designed to ensure compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta's Personal Information Protection Act (PIPA).

2. Data Protection Principles

We adhere to the following data protection principles:

• Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner.
• Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
• Data Minimization: We limit the collection of personal data to what is necessary for the purposes for which it is processed.
• Accuracy: We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
• Storage Limitation: We retain personal data only for as long as necessary for the purposes for which it is processed.
• Integrity and Confidentiality: We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
• Accountability: We are responsible for and can demonstrate compliance with these principles.

3. Data Protection Measures

We implement appropriate technical and organizational measures to ensure the security of personal data, including:

• Encryption: We use industry-standard encryption technologies to protect data in transit and at rest.
• Access Controls: We implement strict access controls to ensure that personal data is accessible only to authorized personnel on a need-to-know basis.
• Authentication: We use multi-factor authentication for access to systems containing personal data.
• Regular Backups: We perform regular backups of personal data to prevent data loss.
• Security Assessments: We conduct regular security assessments and penetration testing to identify and address potential vulnerabilities.
• Employee Training: We provide regular training to employees on data protection and security best practices.
• Physical Security: We implement physical security measures to protect our servers and facilities.

4. Data Breach Response

In the event of a data breach that may compromise the security of personal data, we will:

• Containment: Take immediate steps to contain the breach and mitigate its impact.
• Assessment: Assess the nature and scope of the breach, including the types of personal data affected and the potential harm to affected individuals.
• Notification: Notify affected individuals and relevant regulatory authorities, as required by applicable law, without undue delay.
• Investigation: Conduct a thorough investigation to determine the cause of the breach and identify measures to prevent similar breaches in the future.
• Remediation: Implement remedial measures to address the breach and strengthen our data protection practices.

5. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that may present high risks to the rights and freedoms of individuals. DPIAs help us identify and minimize data protection risks and ensure compliance with applicable data protection laws.

Our DPIA process includes:

• Identifying the need for a DPIA: We assess whether a DPIA is required based on the nature, scope, context, and purposes of the processing.
• Describing the processing: We document the processing activities, including the types of personal data processed, the purposes of processing, and the data flows.
• Assessing necessity and proportionality: We evaluate whether the processing is necessary and proportionate to the purposes.
• Identifying and assessing risks: We identify potential risks to individuals and assess their likelihood and severity.
• Identifying mitigating measures: We identify measures to mitigate the identified risks.
• Documenting the DPIA: We document the DPIA process and its outcomes.
• Implementing and reviewing: We implement the identified measures and regularly review the DPIA to ensure it remains up to date.

6. Data Retention and Deletion

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. Our data retention practices are guided by the following principles:

• Purpose-Based Retention: We retain personal data only as long as it is needed for the purposes for which it was collected.
• Legal Compliance: We retain personal data as required by applicable laws and regulations.
• User Requests: We respect user requests for deletion of personal data, subject to legal and legitimate business requirements.
• Secure Deletion: When personal data is no longer needed, we securely delete or anonymize it.

Our data retention schedule specifies the retention periods for different categories of personal data. At the end of the retention period, personal data is securely deleted or anonymized.

7. Data Subject Rights

We respect and facilitate the exercise of data subject rights under applicable data protection laws. These rights may include:

• Right to Access: The right to request access to personal data we hold about you.
• Right to Rectification: The right to request correction of inaccurate or incomplete personal data.
• Right to Erasure: The right to request deletion of personal data in certain circumstances.
• Right to Restrict Processing: The right to request restriction of processing of personal data in certain circumstances.
• Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• Right to Object: The right to object to processing of personal data in certain circumstances.
• Right to Withdraw Consent: The right to withdraw consent to processing of personal data at any time.

To exercise any of these rights, please contact us at info@wilglobo.com. We will respond to your request within 30 days, as required by applicable law.

8. Data Protection Training

We provide regular data protection training to our employees to ensure they understand their responsibilities regarding the protection of personal data. Our training program covers:

• Data Protection Principles: The fundamental principles of data protection.
• Legal Requirements: The requirements of applicable data protection laws.
• Security Practices: Best practices for data security.
• Incident Response: Procedures for responding to data breaches and security incidents.
• Data Subject Rights: How to handle requests from data subjects.

All employees who have access to personal data are required to complete this training upon joining the company and to participate in refresher training at regular intervals.

9. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and implementation. The DPO's responsibilities include:

• Monitoring Compliance: Monitoring compliance with data protection laws and our internal data protection policies.
• Advising on DPIAs: Providing advice on Data Protection Impact Assessments.
• Training: Organizing data protection training for staff.
• Audits: Conducting regular audits to ensure compliance.
• Liaison: Serving as the point of contact for data protection authorities and data subjects.

You can contact our DPO at info@wilglobo.com.

10. Third-Party Data Processors

We may engage third-party service providers to process personal data on our behalf. When we do so, we ensure that these third parties provide sufficient guarantees to implement appropriate technical and organizational measures to ensure the protection of personal data.

Our agreements with third-party data processors include provisions requiring them to:

• Process personal data only on our documented instructions;
• Ensure that persons authorized to process the personal data have committed themselves to confidentiality;
• Implement appropriate technical and organizational measures to ensure the security of personal data;
• Assist us in fulfilling our obligations to data subjects;
• Delete or return all personal data to us after the end of the provision of services;
• Submit to audits and inspections and provide us with information to demonstrate compliance.

11. International Data Transfers

We may transfer personal data to countries outside Canada. When we do so, we ensure that appropriate safeguards are in place to protect the personal data and to ensure that data subjects can exercise their rights effectively.

These safeguards may include:

• Standard Contractual Clauses: We use standard contractual clauses approved by relevant data protection authorities.
• Adequacy Decisions: We transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data.
• Binding Corporate Rules: We may use binding corporate rules for transfers within our corporate group.
• Consent: We may transfer personal data based on the explicit consent of the data subject, after informing them of the possible risks of such transfers.

12. Compliance Monitoring and Audits

We regularly monitor our compliance with data protection laws and our internal data protection policies. Our compliance monitoring activities include:

• Regular Audits: We conduct regular audits of our data processing activities to ensure compliance.
• Risk Assessments: We perform regular risk assessments to identify and address potential data protection risks.
• Policy Reviews: We regularly review and update our data protection policies and procedures.
• Incident Monitoring: We monitor and record data breaches and security incidents and take appropriate action to address them.
• Compliance Reports: We prepare regular compliance reports for management review.

13. Changes to This Policy

We may update this Data Protection Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date at the top of this policy.

You are advised to review this policy periodically for any changes. Changes to this policy are effective when they are posted on this page.

14. Contact Information

If you have any questions about this Data Protection Policy, please contact us at:

Email: info@wilglobo.com

If you have a data protection-related complaint, please contact us at the email address above. If we are unable to resolve your complaint, you may have the right to make a complaint to the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner of Alberta.