Country-specific privacy addendum for users and operations in Canada
Last updated: January 15, 2026
This addendum supplements the ZhiYin global privacy policy with requirements specific to Canada. Where this addendum conflicts with the global policy, this addendum takes precedence for users located in Canada.
Office of the Privacy Commissioner of Canada (OPC), Provincial Commissioners
Applicable legislation: Personal Information Protection and Electronic Documents Act (PIPEDA), Provincial privacy laws (e.g., Alberta PIPA, Quebec Law 25)
No federal data localization requirement. Quebec Law 25 requires privacy impact assessments for out-of-province transfers.
PIPEDA requires reporting to the Privacy Commissioner and notifying affected individuals as soon as feasible after determining that a breach poses a real risk of significant harm; Quebec Law 25 requires prompt notification to the CAI.
ZhiYin aligns its incident-response process with these requirements and will notify the relevant regulatory authority and affected individuals within the timeframe required by applicable law.
Data should be retained only as long as necessary for the identified purpose. Organizations must develop retention schedules.
In addition to the rights outlined in our global privacy policy, users in Canada have the following specific rights under local law:
For privacy inquiries related to your region, please contact our Data Protection Officer.
Email: privacy@talentbridge.com