Privacy Policy

Last Updated: [11/20/2025]

Perimium Security ("we", "us", "our") is committed to protecting your privacy.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website,
purchase our services, or interact with us.

By using our website or services, you agree to the practices described in this Privacy Policy.

1. Scope of This Policy

This Privacy Policy applies to:

• The Perimium Security website
• Our cybersecurity consulting services
• Any form submissions, emails, or communication with our team
• Any digital assets, tools, or assessments we provide

This policy is designed to comply with Canada’s PIPEDA, applicable provincial privacy laws, and major international
privacy regulations including the GDPR and CCPA/CPRA.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name
• Email address
• Phone number
• Company name
• Billing information
• IP address
• Any information you submit through forms, assessments, or service requests

2.2 Technical & Usage Data

When you visit our site, we automatically collect certain data, including:

• Device type and browser
• Pages visited
• Time spent on pages
• Referring URLs
• Cookies and other tracking technologies (see Section 10)

2.3 Sensitive Information

As a cybersecurity company, we may handle sensitive business information provided to us during an engagement.
This information is handled under strict confidentiality and processed solely to deliver contracted services.

We do not knowingly collect sensitive personal information without explicit consent.

3. How We Use Your Information

We use the collected information to:

• Provide and improve our cybersecurity services
• Respond to inquiries and support requests
• Manage billing, contracts, and client accounts
• Customize and improve user experience on our website
• Enhance security, detect and prevent fraud or abuse
• Meet legal, regulatory, or compliance obligations
• Communicate regarding updates, assessments, or service offerings
  (you may opt out of non-essential communications at any time)

4. Legal Basis for Processing (GDPR Compliance)

For visitors from the European Union, we process personal data under the following legal bases:

• Consent
• Performance of a contract
• Legitimate interests (such as security, fraud prevention, analytics, and improving our services)
• Compliance with legal obligations

5. How We Share Information

We may share information with:

• Service providers who help operate our website, analytics, communication, and payment processing systems
  (they are only given access to the information necessary to perform their services).
• Cybersecurity partners or subcontractors involved in delivering specialized services, and only as necessary
  to fulfill our engagement with you.
• Law enforcement, regulators, or governmental authorities, if required by applicable law or in response to valid legal requests.
• Business transfers, if Perimium Security is involved in a merger, acquisition, or asset sale, in which case
  personal information may form part of the transferred assets.

We do not sell personal information.

6. Data Storage and Security

We implement industry-standard cybersecurity controls to protect your information, including but not limited to:

• Encryption in transit and at rest where appropriate
• Zero-trust and least-privilege access controls
• Multi-factor authentication for administrative access
• Secure backup and disaster recovery procedures
• Ongoing monitoring and security best practices

While we take reasonable steps to safeguard your information, no method of transmission or storage is completely secure.
We cannot guarantee absolute security, but we are committed to continuously improving our security practices.

7. International Data Transfers

Your information may be stored and processed in Canada or in other jurisdictions where we or our service providers operate.
When personal information is transferred outside your jurisdiction, we take steps to ensure an adequate level of protection,
such as using contractual safeguards consistent with applicable data protection laws (including GDPR).

8. Your Rights

8.1 Rights Under Canadian Law (PIPEDA and Provincial Laws)

Subject to applicable law, you have the right to:

• Request access to the personal information we hold about you
• Request correction or updating of inaccurate or incomplete information
• Withdraw your consent to certain types of processing (where processing is based on consent)
• Request deletion of your personal information, where permitted by law
• Ask how your information is used, disclosed, and stored

8.2 Rights for EU/EEA Residents (GDPR)

In addition to the above, if you are in the EU/EEA, you may have the right to:

• Request data portability of your personal information
• Restrict or object to certain processing activities
• Request erasure of your personal data (the “right to be forgotten”), subject to legal limitations
• File a complaint with your local Data Protection Authority

8.3 Rights for California Residents (CCPA/CPRA)

If you are a resident of California, you may have the right to:

• Request to know what categories and specific pieces of personal information we collect
• Request deletion of your personal information, subject to legal exceptions
• Request information about how we share or disclose personal information
• Not be discriminated against for exercising your privacy rights

Perimium Security does not sell personal information.

To exercise any of these rights, please contact us using the information provided in the
Contact Us section below. We may need to verify your identity before responding to your request.

9. Data Retention

We retain personal information only for as long as necessary to:

• Provide our services and maintain our relationship with you
• Comply with legal, tax, and regulatory obligations
• Resolve disputes and enforce our agreements

When personal information is no longer required, we will take reasonable steps to securely delete, anonymize, or destroy it,
in accordance with our data retention policies and applicable laws.

10. Cookies & Tracking Technologies

Our website may use cookies and similar tracking technologies to:

• Improve site functionality and performance
• Analyze traffic and usage patterns
• Remember your preferences and settings
• Support basic marketing and remarketing activities (where permitted)

You can control or disable cookies through your browser settings. However, some features of the website may not function properly
if cookies are disabled.

Where required by law (for example, in the EU/EEA), we will present a cookie banner or consent tool to obtain your consent
before setting certain types of cookies.

11. Third-Party Links

Our website may contain links to third-party websites or services that are not operated by Perimium Security.
We are not responsible for the privacy practices or content of those third parties.
We encourage you to review the privacy policies of any website you visit before providing any personal information.

12. Children’s Privacy

Our services are not intended for individuals under the age of 16, and we do not knowingly collect personal information
from children. If we become aware that we have collected personal information from a child without appropriate consent,
we will take steps to delete that information as soon as reasonably possible.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements,
or other factors. When we make changes, we will update the "Last Updated" date at the top of this page.

Your continued use of our website or services after any changes to this Privacy Policy constitutes your acceptance
of the updated policy.

14. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy or our privacy practices, please contact us at:

Perimium Security
Email: admin@perimium.com
Website: www.perimium.com
Edmundston, New Brunswick, Canada