Breken Group Incorporated
With over 25 years of development experience and over 100 clients served, the Breken Group can meet the needs of your internet database application requirements.
Breken Group Incorporated
With over 25 years of development experience and over 100 clients served, the Breken Group can meet the needs of your internet database application requirements.
Breken Group Incorporated
With over 25 years of development experience and over 100 clients served, the Breken Group can meet the needs of your internet database application requirements.
Breken Group Incorporated
With over 25 years of development experience and over 100 clients served, the Breken Group can meet the needs of your internet database application requirements.
Privacy Policy
1. Introduction
The Breken Group of Companies Inc. ("Breken," "we," "us," or "our") is committed to protecting the personal information that it collects, uses, and shares within the framework of its activities. This Privacy Policy sets out the terms and conditions relating to the collection, use, sharing, retention, and protection of personal information from users ("you" or "your") of our services, in accordance with applicable Canadian and international privacy laws and regulations, including but not limited to:
-
The Personal Information Protection and Electronic Documents Act (PIPEDA)
-
Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25)
-
The General Data Protection Regulation (GDPR) (where applicable)
The expressions "Breken services," "our services," or the "services" mean the services provided by Breken as described in the Breken Terms of Use.
This policy was last updated on October 2, 2025. We encourage you to review this policy periodically to stay informed about how we protect your personal information.
For all Privacy Policy inquiries, please contact our Privacy Officer:
Privacy Officer The Breken Group of Companies Inc. Email: privacy@breken.com Phone: (705) 741-5867 Address: 541 Weller Street, Peterborough, Ontario, K9H 2N9
2. Definitions
-
"Personal information" means any information about an identifiable individual, including but not limited to name, email address, home address, telephone number, sex, payment information, and any other information that can be used to identify an individual directly or indirectly.
-
"Breken partner" means an entity (such as a city, municipality, or university) that uses Breken services to communicate with you and provide services to you.
-
"Third-party processor" means a certified entity retained by Breken to process specific data, such as credit card information, in accordance with applicable security standards.
-
"Consent" means any freely given, specific, informed, and unambiguous indication of agreement to the collection, use, or sharing of personal information.
3. Responsibility and Accountability
Under the provisions of applicable laws and regulations, Breken is responsible for the personal information that we collect or that we have in our possession or under our control. To ensure accountability:
-
Breken has appointed a Privacy Officer who is responsible for overseeing compliance with this policy and all applicable privacy laws and regulations.
-
All Breken employees and subcontractors who handle personal information are trained on privacy practices and are subject to confidentiality obligations.
-
Breken conducts regular privacy impact assessments to evaluate risks associated with the collection, use, and sharing of personal information.
-
Breken maintains written agreements with all subcontractors and third-party processors to ensure that personal information is handled in accordance with this policy and applicable laws.
4. Legal Basis for Processing Personal Information
Breken collects, uses, and shares personal information based on the following legal grounds:
-
Consent: When you create an account, use our payment platform, or otherwise provide personal information, you consent to its collection and use as described in this policy.
-
Contractual Necessity: Certain personal information is required to fulfill our contractual obligations to you, such as providing access to Breken services.
-
Legal Obligations: We may process personal information to comply with applicable laws, regulations, or legal proceedings.
-
Legitimate Interest: We may process personal information where it is in our legitimate interest to do so, provided that such interests do not override your fundamental rights and freedoms.
You have the right to withdraw your consent at any time by contacting our Privacy Officer. Withdrawal of consent may affect your ability to use certain Breken services.
5. Data Collection and Use
5.1 Data That You Provide
Account Creation
When you create your user account to access Breken services, you must provide the following personal information:
-
Name
-
Email address
-
Password
We save this personal information in order to identify you and provide you with access to our services.
Online Payment Platform
When you use the Breken online payment link, we use a third party payment platform (Stripe – https://stripe.com/en-ca).
Credit Card Information
Credit card information is handled as follows:
-
It is transferred only to a PCI DSS-certified third-party processor for verification and processing.
-
Breken does not store credit card information on its own servers.
-
The certified processor may process and store credit card information outside of Canada (see Section 9 for details on international data transfers).
5.2 Data Collected During Use of Breken Services
We collect certain personal information automatically when you use the Breken platform, including:
-
Cookies and Similar Technologies: To access our services, you must accept cookie files or similar technologies in order to remain logged in to your account for the duration of your session. Cookies are small data files sent to your browser and saved on your computer's hard drive when you visit certain websites.
Cookies are used to:
-
Recognize your visits to the site
At the end of each session, you may delete your cookies without affecting your use of the services during the following session.
-
Log Data: We may collect information such as your IP address, browser type, operating system, referring URLs, and pages visited to help us analyze usage patterns and improve our services.
5.3 Purposes of Data Collection
We collect and use personal information for the following purposes:
-
To create and manage your user account
-
To provide you with access to Breken services
-
To process payments through the Breken payment platform
-
To communicate with you about your account and services
-
To improve and develop new services and features
-
To comply with legal and regulatory obligations
-
To protect against fraud, unauthorized transactions, and other security risks
-
To conduct analytics and research to improve user experience
We will not use your personal information for purposes other than those described in this policy without first obtaining your consent.
6. Sharing of Personal Information
Breken may share your personal information with the following parties:
6.1 Third-Party Processors
Credit card information is shared with PCI DSS-certified third-party processors solely for the purpose of verifying and processing payments.
6.2 Subcontractors
We may hire subcontractors to provide services on our behalf. These subcontractors:
-
Are authorized to use personal information solely for the purpose of providing the services that Breken has entrusted to them.
-
Must not use personal information for any other purpose.
-
Are bound by written agreements that provide at least the same level of protection as this policy.
6.3 Legal Requirements
We may disclose personal information if required to do so by law, regulation, court order, or other legal process, or if we believe in good faith that such disclosure is necessary to:
-
Comply with applicable laws or regulations
-
Protect the rights, property, or safety of Breken, our users, or others
-
Detect, prevent, or address fraud, security, or technical issues
6.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the successor entity, provided that the successor agrees to be bound by this policy or a comparable privacy policy.
7. Your Rights
In accordance with applicable privacy laws, you have the following rights regarding your personal information:
7.1 Right to Access
You have the right to request access to the personal information that Breken holds about you. Upon request, we will provide you with a copy of your personal information in a commonly used electronic format.
7.2 Right to Rectification
You have the right to request the correction of any inaccurate or incomplete personal information that we hold about you.
7.3 Right to Deletion (Right to Be Forgotten)
You have the right to request the deletion of your personal information, subject to certain legal exceptions (e.g., where retention is required by law or for legitimate business purposes).
7.4 Right to Data Portability
You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that information to another data controller.
7.5 Right to Withdraw Consent
You have the right to withdraw your consent to the collection, use, or sharing of your personal information at any time. To withdraw your consent, please contact our Privacy Officer at privacy@breken.com. Please note that withdrawal of consent may affect your ability to use certain Breken services.
7.6 Right to Object
You have the right to object to the processing of your personal information where such processing is based on legitimate interest.
7.7 Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal information under certain circumstances (e.g., while a complaint is being investigated).
7.8 Right to File a Complaint
You have the right to file a complaint with the applicable privacy regulatory authority if you believe that your privacy rights have been violated. In Canada, you may contact:
-
Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca
-
Commission d'accès à l'information du Québec (CAI): https://www.cai.gouv.qc.ca [blocked]
For users in the European Union, you may contact your local Data Protection Authority (DPA).
7.9 Exercising Your Rights
To exercise any of these rights, please contact our Privacy Officer:
Email: privacy@breken.com Phone: (705) 741-5867 Address: 541 Weller Street, Peterborough, Ontario, K9H 2N9
We will respond to your request within 30 days of receiving it. If we are unable to fulfill your request within this timeframe, we will notify you and provide a revised timeline.
8. Data Retention
Breken retains personal information only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations.
8.1 Active Accounts
Personal information associated with active accounts is retained for as long as your account remains open and active.
8.2 Closed Accounts
Within 90 days following the closing of your account or your online payment account, the information associated with your account will be deleted, with the exception of:
-
Data that Breken is required to retain by law or regulation
-
Data that is necessary for Breken to exercise or defend legal claims
8.3 Payment Information
Credit card information stored by a certified third-party processor will be deleted upon your request or within 90 days of account closure, unless the processor is required by law to retain it.
8.4 Cookies and Log Data
Cookies are deleted at the end of each session or when you manually delete them. Log data is retained for a maximum of 12 months for analytics and security purposes.
9. International Data Transfers
In some cases, personal information may be transferred to and processed in countries outside of Canada, including but not limited to:
-
Credit card information processed by certified third-party processors
When personal information is transferred outside of Canada, Breken ensures that:
-
The recipient country provides an adequate level of data protection as determined by applicable laws, or
-
Appropriate safeguards are in place, such as:
-
Standard contractual clauses approved by the applicable regulatory authority
-
Binding corporate rules
-
Written agreements that provide at least the same level of protection as this policy
-
For users in the European Union, Breken ensures that international data transfers comply with the requirements of the GDPR, including the use of Standard Contractual Clauses (SCCs) or other approved transfer mechanisms.
You may request information about the safeguards in place for international data transfers by contacting our Privacy Officer.
10. Security Measures
Breken has adopted comprehensive security measures to protect against unauthorized access, use, disclosure, alteration, or destruction of personal information. These measures include but are not limited to:
10.1 Encryption
-
Account information and payment information are encrypted at rest and in transit.
-
All data transfers to subcontractors, certified processors, and Breken partners are encrypted using industry-standard protocols.
10.2 Access Controls
-
Access to personal information is restricted to authorized Breken employees on a need-to-know basis.
-
All employees with access to personal information are subject to confidentiality obligations.
10.3 Subcontractor and Processor Agreements
-
All subcontractors and certified processors have signed written agreements with Breken that provide at least the same level of protection as this policy.
10.4 Regular Audits and Assessments
-
Breken conducts regular security audits and privacy impact assessments to identify and mitigate risks.
10.5 Incident Response
-
Breken maintains a data breach response plan to ensure timely and effective response to any security incidents (see Section 11).
11. Data Breach Notification
In the event of a data breach involving personal information that creates a real risk of significant harm to individuals, Breken will:
-
Notify affected individuals as soon as feasible, and in any case within the timeframes required by applicable laws (e.g., 72 hours under the GDPR, as soon as feasible under PIPEDA and Law 25).
-
Notify the applicable regulatory authorities, including:
-
The Office of the Privacy Commissioner of Canada (OPC)
-
The Commission d'accès à l'information du Québec (CAI) (where applicable)
-
The relevant Data Protection Authority (DPA) in the European Union (where applicable)
-
-
Take immediate steps to contain and remediate the breach.
-
Maintain a record of all data breaches, regardless of whether they meet the threshold for notification.
The notification to affected individuals will include:
-
A description of the breach
-
The types of personal information affected
-
The steps Breken has taken to address the breach
-
Recommendations for individuals to mitigate potential harm
-
Contact information for Breken's Privacy Officer
12. Children's Privacy
Breken services are not intended for use by individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children under this age. If we become aware that we have collected personal information from a child under the applicable age of consent, we will take steps to delete that information as soon as possible.
If you believe that a child under the applicable age has provided us with personal information, please contact our Privacy Officer immediately at privacy@breken.com.
13. Other Websites
Our services may allow you to be directed to other websites, such as a Breken partner site. The operators of these other websites may collect your personal information, as well as information produced through the use of cookies when you use a link to their website.
Breken is not responsible for how third parties collect, use, or share your personal information. We strongly encourage you to review the privacy policies of any third-party websites before providing personal information to them.
14. Automated Decision-Making
Breken does not currently engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you. If this changes in the future, we will update this policy and obtain your explicit consent where required by law.
15. Dispute Resolution
If you have a concern or complaint about how Breken handles your personal information, we encourage you to follow these steps:
-
Contact our Privacy Officer at privacy@breken.com. We will investigate your concern and respond within 30 days.
-
If you are not satisfied with our response, you may escalate your complaint to the applicable regulatory authority:
-
Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca
-
Commission d'accès à l'information du Québec (CAI): https://www.cai.gouv.qc.ca
-
Your local Data Protection Authority (DPA) in the European Union (where applicable)
-
16. Changes to This Policy
Breken reserves the right to update or modify this Privacy Policy at any time. When we make changes, we will:
-
Update the "Last Updated" date at the top of this policy.
-
Notify you of material changes through:
-
A prominent notice on our website or application
-
An email notification to the address associated with your account
-
-
Where required by law, obtain your renewed consent before implementing changes that affect how your personal information is collected, used, or shared.
We encourage you to review this policy periodically. Your continued use of Breken services after any changes to this policy constitutes your acceptance of those changes.
17. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact our Privacy Officer:
Privacy Officer The Breken Group of Companies Inc. Email: privacy@breken.com Phone:(705) 741-5867 Address: 541 Weller Street, Peterborough, Ontario, K9H 2N9
Last Updated: October 2nd, 2025
This Privacy Policy is available in both English and French. In the event of a discrepancy between the two versions, the English version shall prevail.