MakingITworc (“we,” “us,” “our”) respects your privacy and protects personal information in our care. This Privacy Policy explains what personal information we collect, why we collect it, how we use and disclose it, and your rights under Canadian privacy law — primarily the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation.
This policy is paired with our Data Retention Policy (which specifies how long we keep different categories of data) and our Terms and Conditions (which govern our service engagements).
1. Information We Collect
1.1 Information you provide directly
- Contact information when you request a quote, sign a Statement of Work or Purchase Order, or submit a service request (name, business email, business phone, business address, title)
- Billing information necessary to process payments
- Communications you send us by email, phone, or web form
1.2 Information collected while delivering services
- System and device telemetry from monitored endpoints via Cisco Meraki Systems Manager (asset names, OS version, patch status, performance metrics, security events)
- Helpdesk content and resolution notes captured in our JIRA Service Management portal
- Configuration data and credentials needed to administer Client systems, stored in encrypted vaults
- Active Directory, Microsoft Entra ID, and Microsoft 365 tenant data we administer on a Client’s behalf
1.3 Information collected automatically by our website
- Standard server logs (IP address, browser type, pages visited, timestamps) used for security monitoring
- Strictly necessary cookies required for the site to function; we do not use third-party advertising cookies
2. Why We Collect It
We collect personal information for the following purposes:
- To provide quotes, deliver services, and fulfill Statements of Work and Purchase Orders
- To communicate with clients about active engagements and service tickets
- To invoice clients and process payments
- To maintain the security and integrity of systems we manage
- To meet legal, tax, and regulatory obligations (including Canada Revenue Agency record-keeping requirements)
- To respond to inquiries from prospective clients
3. Legal Basis and Consent
We collect and use personal information based on consent (express where required, or implied through the nature of the engagement) or other lawful bases recognized under PIPEDA, including necessity to perform a contract, legal obligation, or legitimate business interest in operating, securing, and improving our services.
4. How We Disclose Information
We do not sell personal information. We disclose personal information only when:
- Necessary to deliver the services the Client has engaged us for (e.g., provisioning a Microsoft 365 licence requires sharing user identity with Microsoft)
- To trusted sub-processors who help us deliver our services (see Section 5)
- To comply with a court order, subpoena, or other legal obligation
- To investigate or prevent fraud, abuse, or security incidents
- With the explicit consent of the individual whose information is involved
5. Sub-Processors
We rely on third-party services to deliver our offering. Current sub-processors include the following (this list may change — a current list is available on request):
- Microsoft Corporation — Microsoft 365, Entra ID, Active Directory, and related identity and productivity services
- Atlassian — JIRA Service Management ticketing platform
- Cisco Systems — Meraki Dashboard and Meraki Systems Manager for network and endpoint management
- GoDaddy — hosting for makingitworc.ca
- Proton AG — encrypted email for internal MakingITworc communications
- Payment processors and accounting providers used to issue invoices and accept payment
Each sub-processor is bound by its own privacy and security practices and, where applicable, by data processing agreements with MakingITworc.
6. International Transfers
Some sub-processors store or process data outside of Canada (commonly the United States or European Union). In those cases, the data may be accessible to authorities in those jurisdictions under their applicable laws. Clients with strict Canadian-residency requirements should notify us in writing so we can confirm whether a Canadian-resident option is available for the affected service.
7. Security
We protect personal information through layered safeguards:
- Encryption in transit (TLS) and at rest where supported
- Multi-factor authentication on administrative accounts
- Least-privilege access controls and audit logging
- Endpoint security and patch management on systems used to deliver services
- Staff training on confidentiality and incident response
If we experience a breach affecting personal information that creates a real risk of significant harm, we will notify the affected Client and the Office of the Privacy Commissioner of Canada as required by PIPEDA.
8. Retention
We retain personal information only as long as needed for the purposes described in this policy and in our Data Retention Policy. Standard retention periods apply to financial records (seven years for tax compliance), service tickets, system documentation, telemetry, and other categories of data.
9. Your Rights
Under PIPEDA, you have the right to:
- Access the personal information we hold about you
- Request correction of inaccurate or incomplete information
- Withdraw consent (where consent is the basis for processing)
- Request deletion, subject to our legal retention obligations
- File a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca)
To exercise any of these rights, contact us at the email address in Section 12. We will respond within thirty (30) days.
10. Children
Our services are directed to businesses and organizations, not to children. We do not knowingly collect personal information from individuals under the age of 16.
11. Cookies and Tracking
This website uses only cookies strictly necessary for site operation and security. We do not deploy advertising cookies or third-party tracking pixels for marketing purposes.
12. Contact and Privacy Officer
Questions, access requests, or complaints can be directed to:
MakingITworc — Privacy Officer
Email: support@makingitworc.ca
Web: makingitworc.ca
13. Changes to This Policy
We may update this policy from time to time. Material changes will be posted on this page with a revised “Last Updated” date and, where they materially affect existing Clients, communicated in writing.