Privacy Policy

1. Who We Are

Gridiron Equity Group is a global advisory and technology solutions group comprising:

• Gridiron Agency E-Commerce Inc. — registered in Canada, with offices in Toronto, Ontario. (Canadian Arm)
• Gridiron Group E-Commerce Inc. Ltd — registered in the United Kingdom. (UK Arm)

We provide business consulting, AI and workflow automation, digital commerce infrastructure, international market expansion advisory, and related professional services to businesses and enterprise operators across Canada, the United Kingdom, and Europe.

For data protection purposes, the relevant data controller is the entity with which you are engaging directly. For general enquiries, contact us at info@gridironequitygroup.com.

2. What Data We Collect

We may collect and process the following categories of personal data:

• Identity data: first name, last name, job title, company name
• Contact data: email address, phone number, business address
• Enquiry data: details of your project, service interest, region, and message content submitted via our contact form
• Technical data: IP address, browser type, device type, pages visited, time and date of visit (collected via server logs)
• Communication data: records of correspondence between you and Gridiron Equity Group
• Contractual data: information required to fulfil a service engagement, including business registration details where relevant

We do not collect sensitive personal data (such as health, racial, religious, or financial account data) through this website.

3. How We Use Your Data

We use your personal data for the following purposes:

• To respond to your enquiry and communicate with you about our services
• To assess your requirements and provide relevant advisory recommendations
• To enter into and administer a service agreement, retainer, or statement of work
• To send you service-related communications and updates where you have consented or where we have a legitimate interest
• To comply with our legal and regulatory obligations
• To improve our website and services based on aggregated, anonymised usage data

We will never sell your personal data to third parties or use it for unsolicited marketing without your explicit consent.

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contractual necessity: where processing is required to perform a contract with you or to take steps prior to entering into one
• Legitimate interests: where we have a legitimate business interest in processing your data (e.g. responding to enquiries, improving our services) that is not overridden by your rights
• Legal obligation: where we are required by law to process your data
• Consent: where you have given explicit consent for a specific purpose (e.g. marketing communications)

5. How We Store and Protect Your Data

Your data is stored securely on GoDaddy-hosted servers in accordance with industry-standard security practices. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

Our website is served over HTTPS (SSL/TLS encryption). Contact form submissions are transmitted securely and delivered to authorised personnel only.

Access to personal data is restricted to employees and contractors who have a legitimate need to process it in the course of their duties.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data. We may share data with trusted third parties only where necessary:

• IT and hosting providers: GoDaddy Inc. (web hosting and email infrastructure)
• Professional advisors: legal, accounting, or compliance professionals bound by confidentiality obligations
• Regulatory authorities: where we are legally required to disclose information
• Service delivery partners: contractors or sub-processors engaged to deliver services to you, bound by appropriate data processing agreements

All third parties are required to handle your data in accordance with applicable data protection law.

7. International Transfers

As Gridiron Equity Group operates across Canada, the UK, and Europe, your data may be transferred between our entities in different jurisdictions. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including reliance on adequacy decisions, standard contractual clauses, or equivalent mechanisms as required by applicable law (including UK GDPR and Canadian PIPEDA).

8. Cookies

Our website uses minimal cookies. Specifically:

• Strictly necessary cookies: required for the website to function correctly (e.g. session management)
• Server log data: we collect standard server access logs (IP address, browser, referrer) for security and performance monitoring purposes

We do not currently use advertising, tracking, or analytics cookies from third parties. If this changes, we will update this policy and implement a cookie consent mechanism accordingly.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: to request a copy of the personal data we hold about you
• Right to rectification: to request correction of inaccurate or incomplete data
• Right to erasure: to request deletion of your personal data in certain circumstances
• Right to restrict processing: to request that we limit how we use your data
• Right to data portability: to receive your data in a structured, machine-readable format
• Right to object: to object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at info@gridironequitygroup.com. We will respond within 30 days. You also have the right to lodge a complaint with the relevant supervisory authority (e.g. the ICO in the UK, or the Office of the Privacy Commissioner in Canada).

10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting obligations:

• Enquiry data (no contract formed): up to 12 months
• Client and contract data: up to 7 years from the end of the engagement (in accordance with applicable commercial and tax record-keeping requirements)
• Server log data: up to 90 days

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

• Email: info@gridironequitygroup.com
• Canadian Arm: Gridiron Agency E-Commerce Inc., Toronto, Ontario, Canada
• UK Arm: Gridiron Group E-Commerce Inc. Ltd, United Kingdom

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised effective date.