Privacy Statement (Europe/GDPR)

Effective Date: January 2025
Last Updated: January 2025

This Privacy Policy explains how Decibel Peak (“we,” “us,” “our”) collects, uses, discloses, and protects personal data obtained through https://decibelpeak.com.

This Policy applies to individuals located in the European Economic Area (EEA) and complies with:

  • General Data Protection Regulation (GDPR – EU 2016/679)

1. DATA CONTROLLER

The data controller responsible for your personal data is:

Decibel Peak
Montreal, Quebec, Canada
Email: info@decibelpeak.com
Website: https://decibelpeak.com

(We do not publish residential addresses for privacy and security.)

2. PERSONAL DATA WE COLLECT

We only collect data necessary for legitimate business purposes.

2.1 Identity & Contact Data

  • First and last name
  • Business name (if applicable)
  • Email address
  • Phone number

2.2 Billing & Transaction Data

  • Billing name
  • Email address
  • Phone number
  • Transaction records

⚠️ Payment data is processed securely by third-party processors (e.g., Stripe). We do not store full credit card numbers.

2.3 Client & Project Data

  • Project communications
  • Creative assets and files
  • Strategy and deliverables
  • Brand and business information

2.4 Marketing & Newsletter Data

  • Name
  • Email address
  • Subscription status

2.5 Website & Technical Data

  • IP address (anonymized where possible)
  • Browser type
  • Device type
  • Pages visited
  • Referrer URLs

3. PURPOSES & LEGAL BASES FOR PROCESSING

We process personal data only where a lawful basis exists:

PurposeLegal Basis
Responding to inquiriesLegitimate interest
Providing services & consultingContract
Payment processingContract / Legal obligation
Newsletter distributionConsent
Website analyticsConsent
Marketing communicationsConsent
Security & fraud preventionLegitimate interest
Legal & accounting complianceLegal obligation

4. CONSENT

Where required, consent is obtained explicitly through:

  • Website forms
  • Cookie banners
  • Newsletter opt-ins
  • Purchase checkouts

You may withdraw consent at any time.

5. DATA DISCLOSURE

We do not sell personal data.

We may share limited data only with:

  • Payment processors (e.g., Stripe)
  • Email platforms
  • Analytics providers
  • Legal and accounting professionals
  • Authorities where legally required

All processors operate under GDPR-compliant Data Processing Agreements (DPAs).

6. INTERNATIONAL DATA TRANSFERS

Data may be processed outside the EEA (including in Canada and the United States). When this occurs, safeguards include:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions (where applicable)
  • Contractual confidentiality and security obligations

7. COOKIES & TRACKING

We use cookies as described in our:

  • Cookie Policy (EU / GDPR)
  • Related regional Cookie Policies

We may use tools such as Google Analytics with IP anonymization enabled where applicable.

8. DATA SECURITY

We implement appropriate technical and organizational measures to protect personal data against:

  • Unauthorized access
  • Loss
  • Misuse
  • Alteration
  • Disclosure

Access is restricted to authorized personnel only.

9. DATA RETENTION

We retain personal data only:

  • As long as necessary for the stated purposes
  • As required by contracts
  • As required by legal or tax obligations

Data is securely deleted or anonymized when no longer required.

10. YOUR GDPR RIGHTS

You have the right to:

  • Access your data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time
  • Lodge a complaint with your Data Protection Authority (DPA)

11. AUTOMATED PROCESSING & AI TOOLS

Where AI-assisted tools are used:

  • Outputs are provided for assistance only
  • No fully automated decisions with legal or significant effects are made without human oversight
  • You may request information about automated processing involving your data

12. CHILDREN’S DATA

Our services are not directed at children under 18.
We do not knowingly collect personal data from minors.

13. THIRD-PARTY WEBSITES

Our website may contain links to third-party websites. We are not responsible for their privacy practices.

14. POLICY UPDATES

We may update this policy periodically. Updates take effect upon publication. Continued use constitutes acceptance.

15. CONTACT FOR EU DATA SUBJECTS

For all privacy-related matters:

Decibel Peak – Data Controller
Montreal, Quebec, Canada
Email: info@decibelpeak.com
Website: https://decibelpeak.com