Last Updated: July 1, 2026
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations processing personal data of individuals in the European Union. Although moon-beacon is based in Canada, we respect the principles of GDPR and apply similar standards to protect the personal information of all users, regardless of location.
For the purposes of data protection law, moon-beacon is the data controller responsible for your personal information. Our contact details are:
moon-beacon
428 Wellington Street West, Suite 302
Toronto, ON M5V 1E3
Canada
Email: [email protected]
If you are located in the European Economic Area, you have the following rights regarding your personal data:
You have the right to request access to the personal information we hold about you. This allows you to receive a copy of your data and verify that we are processing it lawfully.
You have the right to request correction of inaccurate or incomplete personal information we hold about you.
You have the right to request deletion of your personal information in certain circumstances, including when:
You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller in certain circumstances.
You have the right to object to processing of your personal data where we are relying on legitimate interests as the legal basis for processing. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Where we rely on consent as the legal basis for processing, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing prior to withdrawal.
You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.
We process personal data only when we have a valid legal basis:
We collect and process personal data for specific, explicit, and legitimate purposes. We do not process data in ways incompatible with those purposes. For detailed information about what data we collect and how we use it, please refer to our Privacy Policy.
We collect only the personal data that is adequate, relevant, and necessary for the purposes for which it is processed. We do not collect excessive data beyond what is required.
We take reasonable steps to ensure that personal data is accurate and kept up to date. We encourage you to inform us of any changes to your personal information.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When data is no longer needed, we securely delete or anonymize it.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay.
If we transfer your personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as:
We do not use your personal data for automated decision-making, including profiling, that produces legal effects or similarly significantly affects you.
When we engage third-party service providers to process personal data on our behalf, we ensure they:
To exercise any of your rights under GDPR, please contact us at:
Email: [email protected]
We will respond to your request within one month. In complex cases, we may extend this period by two additional months, in which case we will inform you of the extension and the reasons for delay.
When you submit a request to exercise your rights, we may ask for additional information to verify your identity and ensure we are disclosing information only to the rightful individual.
We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. The effective date at the top of this page indicates when it was last revised.