GDPR Compliance
Last updated: February 19, 2026
Our Commitment to Data Protection
Jlay-champ is committed to protecting the privacy and rights of individuals whose personal data we process. While we primarily serve clients in Canada, we recognize the importance of the General Data Protection Regulation (GDPR) and apply its principles to safeguard all personal information we handle.
This document outlines how we comply with GDPR standards and respect your data protection rights.
Legal Basis for Processing
We process personal data only when we have a valid legal basis. Our processing activities rely on:
- Consent: When you explicitly agree to us processing your information for specific purposes
- Contract Performance: When necessary to deliver services you have requested
- Legitimate Interests: For business operations that do not override your fundamental rights
- Legal Obligations: When required by applicable laws and regulations
You have the right to withdraw consent at any time where we rely on it as our legal basis for processing.
Your GDPR Rights
Under GDPR principles, you have comprehensive rights regarding your personal data:
Right to Access
You can request confirmation of whether we process your personal data and obtain a copy of that information. We will provide this in a clear, accessible format.
Right to Rectification
If your personal information is inaccurate or incomplete, you have the right to have it corrected. We will update our records promptly upon notification.
Right to Erasure
Also known as the "right to be forgotten," you may request deletion of your personal data when:
- The data is no longer needed for its original purpose
- You withdraw consent and no other legal basis exists
- You object to processing and there are no overriding legitimate grounds
- The data has been processed unlawfully
- Deletion is required for legal compliance
Note that we may retain certain information when legally obligated or for legitimate business purposes such as resolving disputes.
Right to Restriction of Processing
You can request that we limit how we use your data in certain situations:
- You contest the accuracy of the data during verification
- Processing is unlawful but you prefer restriction over deletion
- We no longer need the data but you require it for legal claims
- You have objected to processing pending verification of our legitimate grounds
Right to Data Portability
Where technically feasible, you can receive your personal data in a structured, machine-readable format and transmit it to another controller without hindrance.
Right to Object
You may object to processing of your personal data when:
- We process data based on legitimate interests or public interest
- Your data is used for direct marketing purposes
- Processing involves automated decision-making or profiling
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects. We do not currently employ automated decision-making processes.
Data Protection Officer
For any questions or concerns about how we handle your personal data, you can contact our designated privacy contact:
Email: [email protected]
We will respond to all inquiries within one month, though complex requests may require additional time. We will inform you if an extension is necessary.
Data Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data in transit and at rest
- Regular security assessments and vulnerability testing
- Access controls limiting data access to authorized personnel
- Employee training on data protection principles
- Incident response procedures for potential data breaches
International Data Transfers
When transferring personal data outside the European Economic Area, we ensure adequate protection through:
- Standard contractual clauses approved by the European Commission
- Transfers to countries with adequacy decisions
- Other legally recognized transfer mechanisms
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware
- Inform affected individuals without undue delay when there is a high risk
- Provide clear information about the nature of the breach and steps being taken
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
- Service delivery and client relationship management
- Compliance with legal, accounting, and regulatory requirements
- Resolution of disputes and enforcement of agreements
We regularly review our data holdings and securely delete information that is no longer required.
Third-Party Processors
When we engage third-party service providers who process personal data on our behalf, we:
- Conduct due diligence to ensure they provide sufficient guarantees
- Establish data processing agreements that meet GDPR requirements
- Ensure they process data only according to our documented instructions
- Monitor their compliance with data protection obligations
Exercising Your Rights
To exercise any of your GDPR rights, please contact us at [email protected] with:
- Sufficient information to verify your identity
- A clear description of your request
- Any relevant details that will help us locate your data
We will not charge a fee for processing your request unless it is manifestly unfounded, excessive, or repetitive.
Right to Lodge a Complaint
If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with a supervisory authority in your jurisdiction. However, we encourage you to contact us first so we can address your concerns directly.
Updates to This Statement
We may update this GDPR compliance statement periodically to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a revised effective date.