Effective Date: January 26, 2026 Last Updated: January 26, 2026
This Privacy Policy describes how alser.ca (“we”, “us”, or “our”) collects, uses, and discloses your information when you visit our website (the “Site”). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR), ISO/IEC 27001 principles, and industry best practices.
1. Data Controller
The data controller responsible for your personal information is:
Alser Sugasawa Whitehorse, YT Canada Email: email@alser.ca
For any privacy-related inquiries, please contact us at the email address above.
2. Information We Collect
We collect information in the following ways:
a) Information You Provide Voluntarily
- Contact Forms: If you use a contact form, we may collect your name, email address, and message content.
- Newsletter Subscription: If you subscribe to our newsletter, we will collect your email address.
b) Information Collected Automatically
- Log Data: Our servers may automatically record information including your IP address, browser type, operating system, referring page, pages visited, and device information.
- Cookies and Similar Technologies: We use cookies to enhance your experience. See Section 5 for details.
c) Local Storage
- Theme Preferences: We store your light/dark theme preference in your browser’s localStorage. This data never leaves your device.
3. Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
| Purpose | Legal Basis | Data Involved |
|---|---|---|
| Website functionality | Legitimate Interest | Log data, essential cookies |
| Analytics (with consent) | Consent | Usage data, analytics cookies |
| Responding to inquiries | Consent / Contract | Contact information, messages |
| Security & fraud prevention | Legitimate Interest | Log data, IP addresses |
4. How We Use Your Information
- To provide and maintain our Site (Legitimate Interest)
- To improve our Site (Legitimate Interest / Consent for analytics)
- To communicate with you (Consent)
- For security purposes (Legitimate Interest)
5. Cookie Policy and Consent
What are cookies?
Cookies are small text files stored on your device when you visit a website. They help the website recognize your device and remember information about your visit.
Types of cookies we use:
| Cookie Type | Purpose | Consent Required |
|---|---|---|
| Essential | Site functionality, theme preferences | No (Required) |
| Analytics | Understanding site usage (Google Analytics) | Yes |
Your Cookie Choices
When you first visit our Site, you will see a cookie consent banner with the following options:
- Accept All: Enables all cookies including analytics
- Essential Only: Only enables cookies required for site functionality
- Settings: Granular control over individual cookie categories
You can change your cookie preferences at any time by clicking the “Cookie Settings” button at the bottom of any page.
Cookie Retention
- Essential cookies: Session or up to 1 year
- Analytics cookies: Up to 2 years
- Consent record: 1 year
6. Data Retention
We retain personal data only as long as necessary:
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 2 years |
| Server logs | 90 days |
| Cookie consent records | 1 year |
| Analytics data | 26 months (Google Analytics default) |
After the retention period, data is securely deleted or anonymized.
7. Data Sharing and Third Parties
We do not sell your personal data. We may share information with:
- Analytics Providers: Google Analytics (with your consent) - Google Privacy Policy
- Hosting Services: IONOS - IONOS Privacy Policy
- CDN Providers: jsDelivr (for Bootstrap/fonts) - serves static files only
All third-party processors are required to comply with GDPR and maintain appropriate security measures.
8. International Data Transfers
Some of our service providers may process data outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Binding Corporate Rules where applicable
9. Your Data Protection Rights (GDPR)
If you are in the EEA, UK, or a jurisdiction with similar privacy laws, you have the following rights:
| Right | Description |
|---|---|
| Access | Request copies of your personal data |
| Rectification | Request correction of inaccurate data |
| Erasure | Request deletion of your data (“right to be forgotten”) |
| Restrict Processing | Request limitation of data processing |
| Object | Object to processing based on legitimate interests |
| Data Portability | Request transfer of your data in a machine-readable format |
| Withdraw Consent | Withdraw consent at any time (for consent-based processing) |
| Lodge Complaint | File a complaint with your local data protection authority |
To exercise any of these rights, please contact us at email@alser.ca. We will respond within 30 days.
10. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in Transit: All data transmitted via HTTPS/TLS
- Secure Cookies: SameSite and Secure attributes on cookies
- Access Control: Limited access to personal data
- Regular Updates: Security patches and updates applied promptly
- Subresource Integrity: External scripts verified via SRI hashes
11. Children’s Privacy
Our Site is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated “Last Updated” date. For significant changes, we may provide additional notice.
13. Contact Us
For questions about this Privacy Policy or to exercise your rights:
Email: email@alser.ca Website: https://alser.ca
14. Supervisory Authority
If you are in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local Data Protection Authority. In Canada, you may contact the Office of the Privacy Commissioner of Canada.