Privacy Policy

1. Introduction & Controller Identity

This Privacy Policy explains how Nilor Knowledge Center (“we”, “us”, or “our”) collects, uses, discloses, and protects personal data when you visit our website, request information, or contact us about workplace learning resources and professional development programmes. Nilor Knowledge Center is the public brand of NIL'OR Canada Inc.

Data Controller (for the purposes of applicable privacy laws): NIL'OR Canada Inc.
Registered address: 66 Wellington St W, Suite 5300, Toronto, ON M5K 1E6, Canada
Contact email: [email protected]
Phone: +1 416 954 7816

Our work is educational. We provide learning materials, facilitator-led sessions, and consulting support for organizational learning and workplace practices. We do not provide financial services, trading, investment advice, legal services, or individualized professional advice. Users remain responsible for their own decisions.

2. Personal Data We Collect

We collect personal data in a limited and practical way so we can respond to requests, provide materials, and maintain a secure website. The categories below describe what may be collected depending on how you use the site:

• Identity and contact data: name, email address, phone number, organization name (if you choose to provide it), and role or department (if included in your message).
• Form content: the subject line and message you submit, including programme preferences, timing constraints, and high-level context.
• Technical data: IP address, browser type and version, device identifiers, operating system, language settings, and approximate region derived from IP address.
• Usage data: pages viewed, time spent on pages, referrer URL, click paths, and interactions with content (for example, opening an FAQ item).
• Cookies and identifiers: stored consent preferences and optional analytics/marketing identifiers, as described in Section 4.
• Conversion events: events such as a completed contact request or a visit to a confirmation page, used to understand whether site content is helpful.

We do not intentionally collect special-category personal data (such as health data, religious beliefs, political opinions), financial account details, or government-issued identification numbers through this website. Please do not include sensitive personal information in form messages.

3. Why We Process Personal Data & Legal Basis

Where GDPR or similar legal frameworks apply, we process personal data only when there is a valid legal basis. The purposes below also describe how we use your information in practice:

• Responding to enquiries and providing requested information (e.g., programme outlines, scheduling options). Legal basis: GDPR Art. 6(1)(b) (steps prior to entering a contract) and Art. 6(1)(a) (consent where required).
• Delivering learning services when an organization engages us for workshops or programmes (coordination, materials, participant communications where applicable). Legal basis: GDPR Art. 6(1)(b).
• Site improvement and analytics to understand what content is used and where we should clarify materials. Legal basis: GDPR Art. 6(1)(a) (consent) for analytics cookies where applicable.
• Marketing and remarketing (only when enabled by cookie preferences), such as measuring conversion attribution and showing relevant ads. Legal basis: GDPR Art. 6(1)(a) (consent).
• Security, fraud prevention, and abuse detection, including monitoring unusual traffic patterns and protecting the contact endpoint. Legal basis: GDPR Art. 6(1)(f) (legitimate interests).
• Legal and compliance obligations (for example, responding to lawful requests or retaining records where required). Legal basis: GDPR Art. 6(1)(c).

Automated decision-making: We do not engage in automated decision-making or profiling that produces legal or similarly significant effects under GDPR Art. 22.

4. Cookies & Tracking

Cookies are small text files stored on your device. We use cookies and similar technologies (including pixel tags and server-side event signals) to operate the website, remember preferences, and—only with your consent—measure site usage and advertising effectiveness. Cookie categories on this site are:

Essential cookies (always active)

These cookies are required for core site functionality, such as maintaining a session and storing your cookie choice. They do not require consent. Examples include _site_session and cookie_consent. Retention may be session-based up to 12 months depending on the cookie.

Analytics cookies (optional, consent-based)

Analytics cookies help us understand how visitors use the website so we can improve structure, clarity, and content. When enabled, we may use Google Analytics 4 with IP anonymization. Example cookies include _ga and _ga_XXXXXXXXXX. We configure analytics data retention to 14 months.

Marketing cookies (optional, consent-based)

Marketing cookies support conversion measurement and relevant advertising. When enabled, these may include cookies such as _gcl_au (Google Ads) and _fbp/_fbc (Meta). They can be used to build remarketing audiences, measure campaign performance, and improve attribution across sessions and devices. Typical retention is 90 days for these identifiers.

If you want details on specific cookies, read our Cookie Policy. You can change your choices at any time using “Manage cookie preferences” in the site footer.

5. Consent Management (EEA/UK and Similar Regimes)

Where required (including the EEA and UK), we present a consent notice and activate analytics and marketing technologies only after explicit, informed, freely given consent (GDPR/UK GDPR Art. 6(1)(a)). Your preference is stored in the cookie_consent cookie for 12 months. You may withdraw consent at any time through the “Manage cookie preferences” link in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

6. Sharing With Advertising & Service Partners

We share limited data with service providers to operate the website, deliver requested communications, and—if you consent—measure analytics and marketing performance. We do not sell personal data. Depending on your choices and usage, these partners may include:

• Google LLC (Google Analytics 4, Google Ads, Tag Manager, remarketing): cookie identifiers, usage events, and conversion signals. policies.google.com/privacy
• Meta Platforms (Meta Pixel, Custom/Lookalike Audiences, Conversion API): page views, conversions, and audience membership signals where enabled. facebook.com/privacy/policy
• Cloudflare (content delivery and security): IP-based threat detection and performance optimization. cloudflare.com/privacypolicy

We do not permit these providers to use site data for their own independent commercial purposes. They process data as service providers under their contractual terms and privacy commitments.

7. International Transfers

Some of our service providers may process data outside your jurisdiction, including in the United States. Where GDPR/UK GDPR applies, transfers may rely on the EU–U.S. Data Privacy Framework (including the UK Extension and Swiss–U.S. DPF where relevant) or, where needed, Standard Contractual Clauses (EU 2021/914) and UK transfer mechanisms (such as the UK IDTA) as a fallback. We also apply practical safeguards, including limiting data shared and using security controls appropriate for the purpose.

8. Data Retention

We retain personal data only for as long as needed for the purposes described in this policy:

• Contact submissions: up to 2 years from the last interaction, unless a longer period is needed for contractual or legal reasons.
• Email correspondence: for the duration of the relationship, plus up to 1 year for continuity and follow-up.
• Analytics data: configured to 14 months where enabled.
• Marketing cookies: retained according to cookie lifetimes (commonly 90 days) where enabled.
• Server and security logs: typically up to 90 days, unless required for investigating abuse or security incidents.
• Consent records: we may retain evidence of cookie consent choices for up to 3 years for audit purposes.
• Legal and tax records: retained as required by applicable law (often 6–10 years for invoices and contractual documentation, where relevant).

9. Your Rights

Depending on your location, you may have rights over your personal data. Under GDPR/UK GDPR, these include:

• Right of access (Art. 15)
• Right to rectification (Art. 16)
• Right to erasure (Art. 17)
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20)
• Right to object (Art. 21)
• Right to withdraw consent (Art. 7(3))
• Right to lodge a complaint with a supervisory authority (Art. 77)

To exercise rights, email [email protected]. We aim to respond within 30 days, with an extension of up to 60 days for complex requests where permitted.

Supervisory authorities (examples): European Data Protection Board guidance: edpb.europa.eu; UK ICO: ico.org.uk.

For Canadian visitors, privacy rights may arise under Canadian federal or provincial privacy laws depending on circumstances. We will respond to reasonable requests in line with applicable requirements and our legitimate operational needs.

10. Children

This site is not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us without appropriate consent, contact [email protected] and we will take steps to delete the information.

11. Do Not Track Signals

Some browsers include a “Do Not Track” (DNT) feature. This website does not respond to DNT signals. Third-party providers may have their own DNT handling as described in their privacy documentation.

12. Data Deletion Requests

You may request deletion of your personal data by emailing [email protected] with the subject line “Data Deletion Request”. We may ask for reasonable verification to protect against unauthorized deletion. We aim to complete deletion within 30 days where feasible, except where retention is required by law or needed for legitimate business purposes (such as security or recordkeeping).

13. Business Transfers

If NIL'OR Canada Inc. is involved in a merger, acquisition, reorganization, financing, insolvency, or sale of assets, personal data may be transferred to a successor entity as part of that transaction. If such a transfer materially changes how personal data is used, we will provide notice via the website.

14. California (CCPA/CPRA) Notice

If you are a California resident, the following disclosures apply for the preceding 12 months:

• Identifiers (name, email, IP address, cookie IDs): shared with service providers and advertising partners when enabled.
• Internet or network activity (pages visited, interactions): shared with analytics and advertising providers when enabled.
• Inferences (interests/preferences derived from site activity): shared with advertising partners when enabled.

We do not sell personal information as defined by CCPA. We may share information for cross-context behavioral advertising when marketing cookies are enabled. California residents may opt out by using our cookie preferences panel via the footer link “Manage cookie preferences”.

You may also request to know, delete, or correct personal information by emailing [email protected] with the subject line “California Privacy Request”. We may verify your identity. Authorized agents must provide written permission.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising. To submit a request, email [email protected] with the subject line “Virginia Privacy Request”. We do not sell personal data or engage in profiling that produces legal or similarly significant effects.

If we decline a request, you may appeal by emailing with the subject line “Appeal of Refusal — Privacy Request”. We will respond within 60 days. If the appeal is denied, you may contact the Virginia Attorney General.

16. Nevada

Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line “Nevada Do Not Sell Request”. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide a notice on the website at least 14 days before the change takes effect where feasible. The “Last Updated” date at the top of this page shows when the policy was most recently revised.

18. Contact

If you have questions about this Privacy Policy, your personal data, or your rights, contact:

NIL'OR Canada Inc.
66 Wellington St W, Suite 5300, Toronto, ON M5K 1E6, Canada
Email: [email protected]
Phone: +1 416 954 7816