Last Updated: June 25, 2026
This document provides information about how we comply with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Economic Area (EEA), United Kingdom, and Switzerland.
For the purposes of GDPR, the data controller is:
stone-civet
2847 Riverside Drive
Ottawa, ON K1V 8N4
Canada
Email: [email protected]
We process personal data based on the following legal grounds:
Processing is necessary to perform a contract with you or take steps before entering into a contract, such as processing service requests, scheduling appointments, and delivering requested services.
Processing is necessary for our legitimate business interests, including:
For certain processing activities, such as the use of non-essential cookies, we obtain your explicit consent. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.
Processing may be necessary to comply with legal obligations, such as tax record retention requirements or responding to lawful requests from authorities.
Under GDPR, you have the following rights regarding your personal data:
You have the right to obtain confirmation about whether we process your personal data and, if so, to access that data along with certain information about the processing.
You have the right to request correction of inaccurate personal data and completion of incomplete personal data.
You have the right to request deletion of your personal data under certain circumstances, including:
You have the right to request restriction of processing in certain situations, such as when you contest the accuracy of the data or object to processing based on legitimate interests.
Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
You have the right to object to processing of your personal data when processing is based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or place of alleged infringement if you believe our processing of your personal data violates GDPR.
To exercise any of the rights described above, please contact us at [email protected]. Please include sufficient information to allow us to verify your identity and locate your data.
We will respond to your request within one month of receipt. In complex cases or if we receive multiple requests, we may extend this period by two additional months, in which case we will inform you of the extension and the reasons for delay.
We will not charge a fee for processing your request unless it is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.
| Processing Activity | Data Categories | Legal Basis | Retention Period |
|---|---|---|---|
| Service Request Processing | Name, email, address, solar system details | Contractual necessity | Duration of relationship plus 7 years |
| Email Communications | Email address, correspondence content | Contractual necessity, legitimate interest | Duration of relationship plus 3 years |
| Website Analytics | IP address, browser data, usage patterns | Legitimate interest | 26 months |
| Cookie Management | Cookie preferences, consent records | Consent, legal obligation | Duration of cookie usage |
Our business operations and data storage are located in Canada. When you provide personal data to us from the EEA, UK, or Switzerland, that data is transferred to Canada.
Canada has been recognized by the European Commission as providing adequate protection for personal data. This adequacy decision means that data transferred from the EEA to Canada is considered to receive an equivalent level of protection to that provided within the EEA.
If we engage service providers located in countries without adequacy decisions, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in such risk.
If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay, unless we have implemented appropriate technical and organizational protection measures or taken subsequent measures to ensure the high risk is no longer likely to materialize.
We do not engage in automated decision-making or profiling activities that produce legal effects or similarly significantly affect individuals.
Our services are not directed to children under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete such information.
We may update this GDPR compliance notice periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by posting a notice on our website or through other appropriate communication channels.
If you have questions about our GDPR compliance practices or wish to exercise your data subject rights, please contact us:
Email: [email protected]
Address: 2847 Riverside Drive, Ottawa, ON K1V 8N4, Canada