Privacy Policy
Effective Date: 2025-05-02
Last Updated: 2025-05-02
1. Introduction
AbilityMatrix Innovation Consulting Inc. ("we," "us," "our") is committed to protecting the privacy and security of the personal information of users ("you," "your") of the website pwrpm.com (the "Site") and its associated services. These services include, but are not limited to, self-paced online courses, live online cohort training sessions, and custom training solutions developed for corporate clients (collectively, the "Services").
This Privacy Policy outlines how we collect, use, disclose, retain, and protect your personal information in compliance with applicable Canadian privacy laws, including the federal Personal Information Protection and Electronic Documents Act (PIPEDA), and relevant privacy principles applicable in the Province of Ontario. This policy applies to all personal information collected through your access to and use of the Site and Services.
By accessing the Site or using any of the Services, you acknowledge that you have read, understood, and agree to be bound by the terms outlined in this Privacy Policy and our associated Terms and Conditions.
If you do not agree with any part of this Privacy Policy or the Terms and Conditions, you must not use the Site or Services. This policy is designed to be transparent and easily understandable, reflecting the "Openness" principle fundamental to Canadian privacy law.
For the purposes of this policy, "Personal Information" means any factual or subjective information, recorded or not, about an identifiable individual. This includes, but is not limited to, your name, email address, contact details, payment information context, course progress, communications, and technical data associated with your use of the Site and Services. Other terms used in this Privacy Policy, such as "User," "Services," and "Site," shall have the meanings ascribed to them herein or in our Terms and Conditions, ensuring consistency between these key documents.
2. Accountability & Contact Information
AbilityMatrix Innovation Consulting Inc., located at 18 King Str. East, Suite 1400, Toronto, ON, M5C 1C4, Canada, is the organization responsible for the personal information under its control and for ensuring compliance with this Privacy Policy and applicable privacy laws.
In accordance with PIPEDA's "Accountability" principle, we have designated a Privacy Officer who is accountable for our compliance. The Privacy Officer is responsible for overseeing our data protection strategy, ensuring adherence to privacy principles, and addressing any privacy-related inquiries or complaints.
If you have any questions about this Privacy Policy, our privacy practices, or if you wish to exercise your privacy rights (as detailed in Sections 9 and 10), please contact our Privacy Officer:
By Email: [email protected]
By Mail: Privacy Officer AbilityMatrix Innovation Consulting Inc. 18 King Str. East, Suite 1400 Toronto, ON, M5C 1C4 Canada
3. Personal Information We Collect
We are committed to the principle of "Limiting Collection" under PIPEDA. We only collect personal information that is necessary for the purposes identified in Section 4 of this policy. All personal information is collected by fair and lawful means. We collect information in two primary ways: information you provide directly and information collected automatically through your use of the Site and Services.
3.1 Information You Provide Directly
Account Registration: When you create an account on pwrpm.com, we collect information such as your full name, email address, and a password you create. You may also optionally provide your company name or job title. It is your responsibility to provide accurate and complete information and to update it as necessary.
Course Enrollment & Participation: When you enroll in or participate in our Services, we collect information related to your engagement, including course selections, progress tracking (e.g., modules completed, time spent), assignment submissions, quiz and exam responses, and any peer-to-peer feedback or communications exchanged within course forums or messaging features. Please refrain from including sensitive personal information in your submissions or communications unless specifically required for the course activity. This data is essential for delivering the educational experience and tracking your achievements.
Payment Information: To process payments for paid Services, we collect billing information, such as your billing address and payment method details. However, we utilize secure third-party payment processors (e.g., Stripe, PayPal) to handle all payment card transactions. We do not directly collect, store, or have access to your full credit card number or other sensitive payment card details. Our systems may receive and store limited information related to your transaction, such as a unique transaction identifier, the last four digits of your card number, card expiry information (if applicable), and payment status, solely for verification, record-keeping, and support purposes. This approach minimizes our handling of sensitive financial data, enhancing security.
Communications: When you contact us for support, provide feedback, participate in surveys, or subscribe to our newsletters or marketing communications, we collect the information you provide, including your name, email address, and the content of your message or feedback.
Custom Training Inquiries & Agreements: If you or your organization inquire about or engage us for custom training solutions, we collect contact information (such as name, corporate email address, phone number, company name, and title) and details regarding your specific training requirements provided during the inquiry, proposal, or contracting stages.
3.2 Information Collected Automatically
Technical & Usage Data: When you access the Site or use the Services, our servers automatically record certain information. This may include your Internet Protocol (IP) address, browser type and version, operating system, device identifiers, the specific pages you visit on our Site, the time and date of your visit, the time spent on those pages, links clicked, interactions with course content, and the referring website address. This data helps us understand how users interact with our platform and is crucial for troubleshooting, security, and service improvement.
Cookies and Similar Technologies: We use cookies (small text files placed on your device) and may use similar technologies (like web beacons or pixels) to operate and personalize the Site and Services. These technologies help us provide essential functionality (e.g., keeping you logged in), analyze usage patterns (analytics), remember your preferences, and potentially deliver relevant information or advertising (if applicable). We use session cookies (which expire when you close your browser) and persistent cookies (which stay on your device for a set period). We may use both first-party cookies (set by us) and third-party cookies (set by partners like analytics providers). You can manage your cookie preferences through your browser settings or potentially through a consent management tool provided on our Site. Blocking certain cookies may impact your experience and the functionality available to you. Further details may be provided in a separate Cookie Policy, if applicable.
Summary of Personal Information Processing
The following table summarizes the main categories of personal information we collect and how we use it:
Category of Personal Information | Examples | Purpose(s) of Use | Legal Basis (Primary) |
Account Information | Name, email, password, company/title (optional) | Provide & manage Services (account creation, login); Communicate with you (service announcements); Ensure security | Consent; Contractual Necessity |
Course Participation Data | Course selections, progress, submissions, quiz/exam results, forum posts, peer feedback | Provide & manage Services (deliver content, track progress, issue certificates); Improve & personalize Services (understand engagement); Fulfill custom training agreements (aggregate reporting) | Consent; Contractual Necessity |
Payment Information (Limited) | Billing address, payment method type, transaction ID, last 4 digits of card, payment status | Process payments (via third-party); Comply with legal obligations (financial records) | Consent; Contractual Necessity; Legal Obligation |
Communications Data | Email content, support tickets, feedback submissions, survey responses, newsletter subscription status | Communicate with you (respond to inquiries, provide support, send requested communications); Improve & personalize Services (gather feedback) | Consent; Legitimate Interest (responding to users) |
Technical & Usage Data | IP address, browser type, OS, device info, pages visited, time on site, interaction data, cookies | Provide & manage Services (ensure functionality); Improve & personalize Services (analytics, understand usage); Ensure security & prevent fraud (monitor activity); Comply with legal obligations | Consent (often implied for analytics); Legitimate Interest (security, functionality) |
Custom Training Data (Corporate) | Corporate contact info (name, email, phone, company), training needs details | Provide & manage Services (deliver custom training); Fulfill custom training agreements (manage client relationship); Communicate with you (regarding custom training) | Consent; Contractual Necessity |
This table serves as a high-level summary. The detailed purposes are described in Section 4. Providing such a summary aids transparency and helps users quickly understand the core data processing activities, aligning with the Openness principle.
4. How We Use Your Personal Information (Purposes Identified)
In accordance with PIPEDA's "Identifying Purposes" principle, we collect and use your personal information only for specific, identified purposes that are disclosed to you before or at the time of collection, or for purposes directly compatible with those stated, unless we obtain your further consent. Vague descriptions like 'service improvement' are insufficient; we aim to be clear about how your information helps us achieve these goals.
The purposes for which we use your personal information include:
To Provide and Manage Services: This is the core purpose. We use your account information, course participation data, and technical data to create and manage your user account, deliver the course content you enroll in, track your progress towards completion, issue certificates or other credentials upon successful completion, and ensure the overall functionality of the Site and learning platform.
To Process Payments: We use your limited payment information (as described in Section 3.1) and work with our third-party payment processors to facilitate secure transactions when you purchase paid Services or subscriptions.
To Communicate with You: We use your contact information (primarily email address) to respond to your inquiries, requests for support, or feedback. We may also send important service-related communications, such as updates to our Services or Terms, security alerts, and administrative messages. If you opt-in, we will also use your contact information to send newsletters, marketing materials, or promotional offers related to our Services. You can opt-out of marketing communications at any time using the unsubscribe link provided in emails or by contacting our Privacy Officer.
To Improve and Personalize Services: We analyze technical and usage data, as well as aggregated course participation data and feedback, to understand how our users interact with the Site and Services. This analysis helps us identify areas for improvement, develop new features, enhance existing content, fix bugs, and personalize your experience, for instance, by recommending courses that might interest you.
To Ensure Security and Prevent Fraud: We monitor usage patterns and technical data to detect and prevent fraudulent activity, security breaches, or other misuse of our Services. This includes enforcing our Terms and Conditions and protecting the rights, property, and safety of AbilityMatrix, our users, and the public.
To Fulfill Custom Training Agreements: For corporate clients engaging our custom training services, we use contact information to manage the client relationship and deliver the agreed-upon services. We may use aggregated or anonymized participation and completion data to report back to the corporate client as stipulated in the service agreement. Any reporting of individual-level data would only occur with the explicit consent of the individual user/employee involved.
To Comply with Legal Obligations: We may need to use or disclose your personal information to comply with applicable laws, regulations, court orders, subpoenas, or other legal processes, or to respond to lawful requests from public authorities.
For Analytics and Research: We may use aggregated or de-identified data (which does not identify individuals) for statistical analysis, market research, academic research (where appropriate and permitted), and business reporting purposes.
5. Legal Basis for Processing and Consent
Our collection, use, and disclosure (processing) of your personal information is based on the following legal grounds recognized under Canadian privacy law:
Consent: This is the primary basis for most of our processing activities under PIPEDA. By accessing the Site, registering for an account, purchasing or enrolling in Services, and agreeing to this Privacy Policy and our Terms and Conditions, you provide your consent to the collection, use, and disclosure of your personal information as described herein. We strive to ensure this consent is "meaningful" by providing clear and comprehensive information about our practices.
Contractual Necessity: Some processing is essential to fulfill our contractual obligations to you, as outlined in our Terms and Conditions. For example, we need to process your account information to grant you access to the Services you have enrolled in or purchased.
Legal Obligation: We may process your personal information where necessary to comply with applicable laws and regulations (e.g., financial record-keeping, responding to lawful data requests).
Legitimate Interests: In limited circumstances, we might process personal information based on our legitimate interests, such as maintaining the security of our platform or improving our services through analytics, provided these interests are not overridden by your fundamental privacy rights. Where we rely on legitimate interests, we conduct a balancing assessment. However, consent remains the cornerstone of our processing activities in the Canadian context.
Obtaining Consent:
We obtain your consent through various means depending on the context and sensitivity of the information:
Express Consent: We seek your explicit agreement for certain actions, such as creating an account, authorizing payment transactions, subscribing to marketing communications, or agreeing to specific data uses outlined at the point of collection (e.g., through checkboxes or clickwrap agreements during signup/purchase).
Implied Consent: For less sensitive information collected during your routine interaction with the Site (e.g., standard technical data for basic site functionality or analytics), your consent may be implied by your continued use of the Site and Services after having been provided with clear notice through this Privacy Policy.
We are committed to ensuring your consent is informed and meaningful by providing clear, accessible information about what information is collected, why it's collected, how it will be used, who it might be shared with, and any potential risks.
Withdrawing Consent:
You have the right to withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice.
How to Withdraw: You can typically withdraw consent by adjusting settings within your account profile, using unsubscribe mechanisms provided in our communications (e.g., for marketing emails), or by contacting our Privacy Officer directly using the details in Section 2.
Consequences of Withdrawal: Withdrawing consent may affect our ability to provide certain Services or features to you. For example, withdrawing consent essential for account operation may require account closure. We will inform you of the likely consequences of withdrawing your consent when you make your request.
6. Sharing and Disclosure of Personal Information
We do not sell your personal information. We will only share or disclose your personal information for the purposes identified in Section 4, with your consent, or as permitted or required by applicable law, adhering to PIPEDA's principle of "Limiting Use, Disclosure, and Retention".
We may share your personal information with the following categories of third parties:
Service Providers: We engage third-party companies and individuals to perform services on our behalf. These may include payment processors (e.g., Stripe, PayPal), cloud hosting providers (e.g., AWS, Google Cloud), video hosting platforms, email delivery services, analytics providers (e.g., Google Analytics), customer relationship management (CRM) tools, and customer support platforms. These service providers only have access to the personal information necessary to perform their functions and are contractually obligated to protect the confidentiality and security of the information, using it solely for the purposes for which it was disclosed to them and in a manner consistent with this Privacy Policy and PIPEDA requirements. Our accountability extends to information processed by these third parties.
Instructors/Content Providers: In some cases, limited information (e.g., your name or username for forum participation) might be visible to instructors or other participants within a specific course environment as part of the interactive learning experience. We will clearly indicate when such sharing occurs. Direct sharing of contact information with instructors is generally not done without your explicit consent.
Corporate Clients (Custom Training): For users participating in custom training arranged by their employer or another organization, we may provide aggregated or anonymized reports on overall participation, progress, and completion rates to the corporate client, as defined in our service agreement. We will not share your individual personal information (e.g., specific scores, submissions) with your employer or the corporate client without your explicit, informed consent obtained separately. Clarity on this point is crucial to respect individual privacy within a corporate training context.
Third-Party Integrations: If you choose to connect your pwrpm.com account with third-party services or applications (e.g., logging in via a social media account, linking to external platforms), we will share information only as authorized by you through the integration process. We encourage you to review the privacy policies of any third-party services you connect.
Legal Requirements: We may disclose your personal information if required to do so by law, or in the good faith belief that such action is necessary to comply with a legal obligation, respond to a subpoena or court order, protect and defend our rights or property, prevent fraud, act in urgent circumstances to protect the personal safety of users or the public, or protect against legal liability.
Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, sale of assets, or other similar business transaction, your personal information may be transferred to a successor entity. We will comply with PIPEDA's specific requirements for disclosures in business transactions, which include ensuring the receiving party agrees to protect the information according to standards similar to ours and notifying affected individuals after the transaction closes.
Aggregated or De-identified Data: We may share data that has been aggregated or de-identified (meaning it cannot reasonably be used to identify you) for purposes such as statistical analysis, research, industry reporting, or marketing. The process of de-identification follows recognized standards to ensure individual privacy is protected.
International Data Transfers:
Your personal information may be processed and stored by us or our third-party service providers in locations outside of Canada, including the United States. Where information is transferred outside of Canada, it will be subject to the laws of the jurisdiction(s) where it is processed. This means that it may be accessible to courts, law enforcement, and national security authorities in those jurisdictions.
By using our Site and Services, you consent to the potential transfer of your information outside of Canada as described herein.
7. Data Retention
We retain your personal information only for as long as it is necessary to fulfill the purposes for which it was collected, as outlined in Section 4, or as required to comply with our legal obligations (e.g., financial record-keeping laws), resolve disputes, and enforce our agreements. This aligns with PIPEDA's principle of "Limiting Use, Disclosure, and Retention". The criteria used to determine our retention periods include:
The duration for which you maintain an active account with us.
The time required to provide the Services you have requested or enrolled in, including tracking progress and issuing certificates.
The length of time necessary to respond to your inquiries or resolve potential issues.
Ongoing legal or regulatory requirements (e.g., tax laws, statutes of limitations for potential legal claims).
Contractual obligations, including those with corporate clients for custom training reporting (subject to individual consent where applicable).
When your personal information is no longer required for these purposes, we will take reasonable steps to securely destroy it or permanently de-identify/anonymize it in accordance with industry best practices and our internal data disposal policies.
8. Data Security
We are committed to protecting the security of your personal information. We implement and maintain reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the information collected, to protect it against loss, theft, and unauthorized access, use, disclosure, copying, modification, or destruction.
Our security measures include:
Technical Safeguards: Using encryption for data transmission (e.g., SSL/TLS) and potentially for data at rest, employing firewalls, intrusion detection systems, and access control mechanisms to limit access to information systems.
Physical Safeguards: Securing physical servers and data storage facilities, controlling access to premises.
Administrative Safeguards: Implementing internal privacy and security policies, providing regular data protection training to employees, restricting access to personal information on a "need-to-know" basis, and conducting periodic security assessments.
While we take significant steps to protect your data, it is important to remember that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
You also play a role in protecting your information. You are responsible for maintaining the confidentiality of your account password and for restricting access to your account. You should notify us immediately if you suspect any unauthorized use of your account or any other breach of security.
In the event of a data breach involving personal information under our control, we will comply with applicable breach notification laws. Under PIPEDA, this includes notifying the Office of the Privacy Commissioner of Canada (OPC) and affected individuals if the breach creates a "real risk of significant harm".
9. Your Privacy Rights
Under Canadian privacy law (PIPEDA) and applicable Ontario privacy principles, you have certain rights regarding the personal information we hold about you. These rights are fundamental to providing individuals control over their information.
Your key rights include:
Right to Access: You have the right to request confirmation of whether we hold personal information about you, to be informed about how it has been used and to whom it has been disclosed, and to receive access to that information.
Right to Correction (Rectification): If you believe the personal information we hold about you is inaccurate or incomplete, you have the right to challenge its accuracy and completeness and request that it be amended or corrected.
Right to Withdraw Consent: As detailed in Section 5, you have the right to withdraw your consent to our collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent often forms the basis for requesting data deletion where retention is no longer necessary.
Right to Challenge Compliance: You have the right to challenge our compliance with PIPEDA principles. You should first address your challenge to our designated Privacy Officer. If your concerns are not resolved to your satisfaction, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC).
10. How to Exercise Your Rights
To exercise any of the rights described above, please submit your request in writing to our Privacy Officer using the contact details provided in Section 2. Making requests in writing helps ensure clarity and provides a record of the request.
Verification: To protect your privacy and security, we may need to verify your identity before processing your request. We will only use the information provided for verification purposes.
Response Time: We will respond to your request as accurately and completely as reasonably possible, and typically within 30 calendar days of receiving it. PIPEDA allows for an extension of this timeframe under specific circumstances, in which case we will notify you of the extension and the reason for it.
Costs: Access to your personal information is generally provided at minimal or no cost. However, PIPEDA permits charging a reasonable fee for processing access requests in certain cases (e.g., for extensive copying). If a fee applies, we will provide you with an estimate in advance and await your confirmation to proceed.
Refusal: In certain limited circumstances, as permitted or required by law (e.g., if the information is subject to solicitor-client privilege, contains confidential commercial information, or involves personal information about another individual that cannot be severed), we may not be able to provide access to all the personal information we hold about you or make a requested correction. If we refuse a request, we will notify you in writing, providing the reasons for the refusal and outlining your options for recourse.
Complaints: If you have concerns about how we have handled your request or your personal information, please first contact our Privacy Officer. If you are not satisfied with the resolution, you have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC): Office of the Privacy Commissioner of Canada 30 Victoria Street Gatineau, QC K1A 1H3 Website: www.priv.gc.ca
11. Children's Privacy
The Site and Services are intended for adult learners and professionals. They are not directed at children under the age of 13.
We do not knowingly collect personal information from individuals under the age of 13. If you are under 13, you are prohibited from creating an account or using the Services.
If we become aware that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take steps to delete that information promptly. If you believe we might have collected information from a child under 13, please contact our Privacy Officer immediately.
Some jurisdictions may have different age of consent requirements for online services. If our Terms and Conditions permit minors (e.g., individuals between 13 and the age of majority in their jurisdiction) to use the Services under the supervision of a parent or legal guardian, the account must be registered and managed by the parent or guardian. In such cases, the parent or guardian provides consent for the collection, use, and disclosure of the minor's personal information as described in this policy, and is responsible for the minor's activities. We recognize that personal information relating to minors is considered particularly sensitive under PIPEDA, and handle it accordingly. Proposed changes under the Consumer Privacy Protection Act (CPPA) aim to further strengthen protections for minors' data.
12. Third-Party Links
The Site and Services may contain links to external websites or services that are not operated or controlled by AbilityMatrix Innovation Consulting Inc. This Privacy Policy applies only to our Site and Services.
We do not endorse and are not responsible for the content, privacy policies, or practices of any third-party websites or services. If you choose to click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit before providing any personal information. This clause clarifies the scope of our policy and manages user expectations when navigating away from our platform.
13. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, service offerings, or legal requirements.
We will notify you of any material changes to this Privacy Policy. Notification methods may include posting a prominent notice on our Site, sending an email to the address associated with your account, or other reasonable means. We will indicate the date the policy was last revised at the top of the page ("Last Updated"). Material changes will typically become effective 30 days after notification, or as otherwise required by law, although changes required for legal compliance or addressing security risks may take effect sooner.
Your continued use of the Site or Services after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Communicating changes clearly is essential for maintaining informed consent, especially considering potential future legislative requirements in Ontario regarding amendments to consumer agreements.
14. Governing Law
This Privacy Policy and any disputes arising out of or related to it shall be governed by and construed in accordance with the laws of the Province of Ontario and the federal laws of Canada applicable therein, specifically including the Personal Information Protection and Electronic Documents Act (PIPEDA), without regard to principles of conflicts of law.