Privacy Policy 
(Ontario, Canada)

1. Introduction

Darit Technology Services (“we,” “us,” or “our”) provides IT services and support within Ontario, Canada. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website (https://www.darit.net) or use our services.

This website is operated exclusively for clients and users located in Ontario, Canada. We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, the Ontario Personal Health Information Protection Act (PHIPA).

2. Information We Collect

We collect information necessary to provide and improve our services. This may include:

• Personal Information: name, phone number, email address, and any information you voluntarily provide through contact forms or service requests.

• Technical Information: IP address, browser type, device information, and usage data automatically collected via cookies and similar technologies.

• Communication Records: emails, chat messages, and other correspondence related to support or service inquiries.

• Payment Information: when applicable, limited billing information (for example, records of Interac e-Transfer confirmations or payment processor transaction IDs). We do not store full credit card numbers or CVV on our servers.

For clients operating in healthcare or dental fields, Darit Technology Services may, on occasion, access systems that contain Personal Health Information (PHI) solely for the purpose of providing technical support or maintenance. We do not store, retain, or process any PHI beyond what is necessary to complete the service. All such access is handled in compliance with PHIPA and any contractually required safeguards.

3. How We Use Your Information

We use personal information to: deliver and bill for IT services; manage appointments and communications; provide technical support; improve our website and services; comply with legal or regulatory obligations; and for internal record-keeping. We do not sell or rent personal information to third parties.

4. Third-Party Processors and Disclosures

We use third-party service providers for specific functions, including:

• Hosting / Site platform: Wix.com (site hosting and storage).

• Consent management: Usercentrics (cookie consent management and tag blocking).

• Payment processing (if used): Interac e-Transfer (bank transfer), PayPal, Wix Payments, Stripe, or other PCI-compliant processors. Payment data is handled by the selected processor and not stored by Darit Technology Services.

• Email, CRM, and backup providers as needed.

We require written Data Processing Agreements (DPAs) with our processors and limit their access to information only as necessary to perform their services.

5. Data Storage, Retention, and Security

We retain personal information only as long as necessary to fulfill the purposes described in this Policy or to meet legal, tax, or contractual obligations. Typical retention periods include:

• Consent logs (cookie consent): 12 months.

• Support tickets and technical logs: 3 years.

• Encrypted backups: 30–90 days (depending on sensitivity).

• Dental/health-related records (if any and only when retained by client systems): minimum 10 years from last entry, in accordance with professional guidelines.

We implement reasonable administrative, technical, and physical safeguards to protect personal information against unauthorized access, disclosure, loss, or misuse. These measures include TLS/HTTPS for data in transit, encryption where supported by processors, role-based access control, and mandatory multi-factor authentication for admin access.

6. Cookies, Tracking, and Consent Management

We use cookies and similar technologies for essential site functions and to analyze site usage. We use a Consent Management Platform (Usercentrics) to obtain and record user consent for non-essential cookies and to prevent non-consented third-party scripts from loading. You can change or withdraw consent at any time via the cookie settings on our site.

7. Sensitive Health Information (PHI) — Special Handling

If we must access PHI in the course of providing services to a client, we will:

• Access only the minimum PHI necessary to perform the service.

• Process PHI only under a written agreement that sets out roles and responsibilities (Customer = Data Controller; Darit Technology Services = Data Processor).

• Apply additional safeguards, including stricter access controls, enhanced logging, and encryption where feasible.

• Assist the client with obligations under PHIPA, including breach notification requirements.

8. Your Rights

As a resident of Ontario, you have the right to request access to the personal information we hold about you, request correction of inaccurate information, request restriction of processing, or request deletion where lawful and feasible. To exercise these rights, contact us at privacy@darit.net or call +1 (437) 320-3029. We will verify identity before fulfilling requests to protect privacy.

9. Incident Response and Breach Notification

If we become aware of a breach that poses a real risk of significant harm to an individual, we will take reasonable steps to contain the breach, assess its scope, and notify affected individuals and the Office of the Privacy Commissioner of Canada (OPC) as required by law. For health-related incidents involving PHI, we will cooperate with the client and follow provincial guidance as applicable.

10. Children’s Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect personal information from minors.

11. Business Transfers

If Darit Technology Services is sold, merged, or undergoes a reorganization, personal information may be transferred to a successor entity. We will require any successor to adhere to this Policy.

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date.

13. Contact Information

For privacy questions, requests, or complaints, contact:

Darit Technology Services
PO BOX 55001 RPO Sheppard East
Toronto, ON M2N 0K7, Canada
Phone: +1 (437) 320-3029
Email: privacy@darit.net