GDPR & CPPA Compliance Statement

Token tact PensionWell complies with both the General Data Protection Regulation (GDPR) and the Canadian Consumer Privacy Protection Act (CPPA). We uphold the rights and freedoms of all individuals whose personal data we handle.

1. Lawful Basis for Processing

All data is processed on a lawful basis: either consent, contract fulfillment, legal obligation, or legitimate interest. We never collect unnecessary data.

2. Transparency and Control

We clearly inform users about data usage, provide opt-in choices, and allow you to change preferences at any time. Our privacy notices are easy to understand and accessible.

3. Rights of the Individual

• Right to access and correct your personal data
• Right to erasure (“right to be forgotten”)
• Right to data portability
• Right to object to certain types of processing

4. Data Security

We apply advanced security protocols, encryption, and access control to protect your data against misuse, loss, or unauthorized access.

5. International Data Transfers

We ensure lawful safeguards when personal data is transferred outside Canada or the EU. This includes Standard Contractual Clauses and Data Protection Agreements.

6. Breach Response

In case of a data breach involving your rights or freedoms, we will notify the affected individuals and appropriate authorities promptly, in line with GDPR/CPPA timelines.

7. Data Officer Contact

If you have concerns about data handling or wish to exercise your rights, please contact our Data Protection Officer via the contact form or physical address listed on our site.