Privacy Policy

Last Updated: June 11, 2025

At G & P Millwork (“we,” “us,” or “our”), we are committed to protecting your privacy and ensuring compliance with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and, where applicable, the General Data Protection Regulation (GDPR) for visitors from the European Union. This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you visit our website https://www.gpmillwork.com, interact with our services, or engage with us offline.

1. What Information We Collect

We collect personal information that can identify an individual, either directly or in combination with other data, as defined by PIPEDA. This includes:

  • Identity Information: Name, email address, phone number, and mailing address provided when you contact us, place an order, or subscribe to our newsletter.
  • Financial Information: Payment details (e.g., credit card information) for processing orders, securely handled via third-party payment processors.
  • Technical Data: IP address, browser type, device information, and pages visited, collected automatically when you use our website, including through cookies (see Section 5).
  • Usage Data: Information about how you interact with our website, such as time spent on pages, clicks, and preferences.
  • Health or Sensitive Information (if applicable): For regulated professionals working with G & P Millwork, specific data may be collected as required, in compliance with applicable regulations.

We only collect information necessary for the purposes outlined in this policy.

2. How We Collect Information

  • Directly from You: When you fill out forms on our website (e.g., contact forms, order forms), sign up for newsletters, or communicate with us via email or phone.
  • Automatically: Through website analytics tools (e.g., Google Analytics) that track usage patterns or via cookies and similar technologies.
  • From Third Parties: From payment processors, marketing partners, or other service providers, only as necessary to fulfill our services or with your consent.

3. Why We Collect Information

We collect and use your personal information for the following purposes, as permitted by PIPEDA:

  • To Provide Services: To process orders, deliver products, and respond to inquiries or customer service requests.
  • To Improve Our Website: To analyze usage data and enhance user experience, functionality, and content.
  • For Marketing: To send promotional emails or newsletters about G & P Millwork’s products or services, with your consent. You may unsubscribe at any time.
  • To Comply with Legal Obligations: To meet requirements under PIPEDA, GDPR (if applicable), and other relevant laws.
  • To Protect Our Business: To detect and prevent fraud, unauthorized access, or other illegal activities.

We obtain your consent before collecting, using, or disclosing your personal information, except where required or permitted by law. Consent may be:

  • Express: Provided through a checkbox, form submission, or explicit agreement (e.g., signing up for our newsletter).
  • Implied: Assumed when you voluntarily provide information for a clear purpose, such as placing an order.

You may withdraw consent at any time by contacting us (see Section 11), subject to legal or contractual restrictions. Withdrawing consent may limit our ability to provide certain services.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and collect technical data. Cookies may include:

  • Essential Cookies: Necessary for website functionality (e.g., maintaining your session).
  • Analytics Cookies: To track website usage and improve performance.
  • Marketing Cookies: To deliver personalized ads, with your consent.

You can manage cookie preferences through your browser settings or our cookie preference tool (if applicable). If you are in the EU, we comply with GDPR requirements for cookie consent. For more details, see our Cookies Policy.

6. How We Share Your Information

We do not sell or share your personal information with third parties except as follows:

  • Service Providers: We share information with trusted third parties (e.g., payment processors, shipping companies, or analytics providers) to perform services on our behalf. These providers are contractually obligated to protect your information.
  • Legal Requirements: We may disclose information if required by law, such as in response to a court order or government request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, with notice to you.

If your data is shared with third parties, we ensure they comply with PIPEDA and, where applicable, GDPR.

7. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. For example:

  • Order information is retained for 7 years to comply with tax and accounting laws.
  • Marketing data is retained until you unsubscribe or request deletion.
  • Technical data (e.g., analytics) is retained for 12 months to analyze trends.

When no longer needed, we securely delete or anonymize your information.

8. Data Security

We implement reasonable security measures to protect your personal information, including:

  • Encryption of sensitive data (e.g., payment information).
  • Firewalls and intrusion detection systems.
  • Secure storage of physical and electronic records.

However, no online transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights

Under PIPEDA, and GDPR where applicable, you have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request updates to inaccurate or incomplete information.
  • Deletion: Request deletion of your information, subject to legal obligations.
  • Withdraw Consent: Opt out of data collection or use (e.g., marketing emails).
  • Complaint: File a complaint with us or the Office of the Privacy Commissioner of Canada.

To exercise these rights, contact us (see Section 11). We will respond within 30 days or notify you if an extension is needed.

10. International Data Transfers

If you are located outside Canada (e.g., in the EU), your information may be transferred to and processed in Canada. We ensure such transfers comply with PIPEDA and GDPR (e.g., through standard contractual clauses or adequate safeguards). If you use Google Analytics, we may collect data about EU visitors, and our policy includes GDPR-compliant provisions.

11. Contact Us

For questions, requests, or complaints about this Privacy Policy or our data practices, please contact our Privacy Officer:

G & P Millwork
191 Finchdene Square, Toronto, ON M1X 1E3
Email: info@gpmillwork.com
Phone: (416) 298-4204

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on our website with a new “Last Updated” date. Please review this policy periodically.

13. Compliance with PIPEDA and GDPR

This Privacy Policy is designed to comply with PIPEDA’s 10 principles of privacy protection, including accountability, consent, and safeguarding personal information. For EU visitors, we include GDPR-compliant provisions, such as explicit consent for cookies and data transfer disclosures.