top of page

Privacy Policy

Last updated: March 25, 2025

This Privacy Policy applies to the Estara Corporation’s website and our compliance platform. It explains what personal information we collect, how we use it, and your rights under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

1. Who we are

Estara is an Extended Producer Responsibility (EPR) compliance consultancy incorporated in Ontario, Canada. We operate a web-based compliance management platform used by our clients and their authorised representatives. References to "we," "us," or "our" throughout this policy refer to Estara.

If you have questions about this policy or wish to exercise your privacy rights, contact us at: info@estara.ca

2. Information we collect

2.1 Information you provide directly

  • Contact and account information: name, business email address, job title, and employer organisation when you register for an account or contact us.

  • Client organisation data: business registration numbers, legal entity details, brand names, and provincial registration information submitted when onboarding your organisation to the platform.

  • Compliance and supply data: product SKU details, material composition data, provincial sales volumes, and related information you upload for the purpose of preparing regulatory compliance returns.

  • Communications: messages, inquiries, and feedback you send to us by email or through our platform.

 

2.2 Information collected automatically

  • Log data: IP address, browser type, pages visited, time spent, and referral source when you access our website or platform.

  • Cookies and similar technologies: session cookies required for platform functionality and analytics cookies to understand aggregate usage patterns. See Section 7 for details.

  • Device information: operating system, browser version, and screen resolution used to optimise platform display.

 

3. How we use your information

We use personal information only for the purposes for which it was collected:

  • Delivering our compliance consultancy services and operating the platform on your behalf.

  • Preparing, reviewing, and submitting regulatory compliance returns to provincial Producer Responsibility Organisations (PROs).

  • Communicating about your account, compliance deadlines, and service updates.

  • Improving the security, reliability, and functionality of our platform.

  • Meeting our legal obligations and maintaining audit records as required by applicable regulations.

  • Responding to your inquiries and providing client support.

We do not sell, rent, or trade personal information to third parties. We do not use your compliance data for any purpose other than delivering the services you have engaged us to provide.

 

4. Legal basis for processing (PIPEDA)

Under PIPEDA, we process personal information with your knowledge and consent, or where consent is implicit from the nature of our services. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide services to you.

We retain compliance data for a minimum of seven years to meet regulatory audit requirements unless you instruct otherwise and applicable law permits earlier deletion.

 

5. Sharing your information

We share personal information only in the following circumstances:

  • Service providers: cloud infrastructure providers (data centres located in Canada or the United States under appropriate data transfer agreements), email delivery services, and analytics tools who process data on our behalf under written confidentiality and data processing agreements.

  • Regulatory submissions: we transmit data to provincial PROs and registries solely as instructed by you in the course of preparing your compliance filings.

  • Legal requirements: where required by law, court order, or governmental authority.

  • Business transfers: in the event of a merger, acquisition, or sale of assets, personal information may be transferred subject to equivalent privacy protections.

All third-party processors are contractually bound to use your information only for the agreed purpose and to maintain appropriate security standards.

 

6. Data security

We implement industry-standard technical and organisational measures to protect personal information against unauthorised access, disclosure, alteration, or destruction, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256).

  • Role-based access controls limiting data access to authorised personnel only.

  • Multi-tenant data isolation ensuring one client cannot access another client's information.

  • Comprehensive audit logging of all data access and modifications.

  • Regular security reviews and vulnerability assessments.

No method of transmission over the internet is 100% secure. In the event of a data breach affecting your rights and freedoms, we will notify you and the Office of the Privacy Commissioner of Canada as required by PIPEDA's breach reporting obligations.

 

7. Cookies

Our website uses the following categories of cookies:

  • Strictly necessary cookies: required for platform login, session management, and security. These cannot be disabled.

  • Analytics cookies: aggregate, anonymised data to understand how visitors use our website (Google Analytics with IP anonymisation enabled). You may opt out via your browser settings or the Google Analytics opt-out browser add-on.

We do not use advertising, tracking, or profiling cookies. You can control cookie settings through your browser preferences.

 

8. Your rights

Under PIPEDA and applicable provincial law, you have the right to:

  • Access: request a copy of the personal information we hold about you.

  • Correction: request correction of inaccurate or incomplete information.

  • Withdrawal of consent: withdraw consent to collection or use, subject to legal limitations.

  • Complaint: lodge a complaint with the Office of the Privacy Commissioner of Canada (www.priv.gc.ca) if you believe your privacy rights have been violated.

To exercise any of these rights, contact us at info@estara.ca. We will respond within 30 days.

 

9. Children's privacy

Our website and platform are intended for business use by organisations and their authorised adult representatives. We do not knowingly collect personal information from individuals under the age of 18.

 

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this document reflects the most recent revision. Material changes will be communicated by email to registered users or by a notice on our platform. Continued use of our services after the effective date constitutes acceptance of the updated policy.

 

11. Contact us

Privacy Officer — Estara

Email: info@estara.ca

Address: Ontario, Canada

bottom of page