Effective Date: Last Updated:

1. Introduction

Purpose: This Privacy Policy describes how Nor-Weld Ltd. (“Norweld,” “we,” “us,” “our”), located at 449 West Street South, Orillia, ON L3V 5H2, Canada , collects, uses, discloses, and protects personal information obtained through the website www.norweld.com (the “Site”). Norweld is committed to protecting the privacy of individuals who visit the Site and interact with our services, in compliance with applicable Canadian privacy legislation, primarily the Personal Information Protection and Electronic Documents Act (PIPEDA).

Scope: This Privacy Policy applies solely to personal information collected through this Site (www.norweld.com), which represents the Canadian operations of Nor-Weld Ltd. based in Ontario. It does not extend to information collected through other means (e.g., offline) or to the activities of other Norweld entities or websites, such as Norweld USA. Clearly distinguishing the scope is essential as privacy regulations and practices may differ based on jurisdiction. Under this policy, “Personal Information” means any factual or subjective information, recorded or not, about an identifiable individual. This includes, but is not limited to, information such as your name, email address, phone number, Internet Protocol (IP) address, and information collected through cookies related to your browsing activity on the Site.

Accessibility: This policy is designed to be clear, comprehensive, and written in plain language to ensure it is accessible and understandable to all Site visitors.

2. Our Commitment to Privacy (Accountability)

Norweld is committed to upholding the principles of fair information practices as outlined in PIPEDA. These principles guide our handling of personal information and include Accountability, Identifying Purposes, Consent, Limiting Collection, Limiting Use, Disclosure, and Retention, Accuracy, Safeguards, Openness, Individual Access, and Challenging Compliance.

To ensure accountability, Norweld has designated specific individuals who are responsible for the organization’s compliance with this Privacy Policy and applicable privacy laws. Establishing clear responsibility ensures that privacy obligations are actively managed, including responding to inquiries and handling access requests or complaints effectively. Contact information for privacy-related matters is provided in the “Contact Us” section (Section 15) of this policy.

We are committed to transparency regarding our privacy practices. This policy serves as a key component of that commitment, outlining how we handle your personal information (Principle 8: Openness).

3. What Personal Information We Collect (Identifying Purposes & Limiting Collection)

Norweld collects different types of personal information through the Site, always limiting collection to what is necessary for the identified purposes. We collect information by fair and lawful means. The types of information collected include:

a) Information You Provide Directly:

When you use the contact form on our Site (“Get Started with Nor-Weld Ltd.”), we collect your Name and Email Address (required fields), and optionally your Phone Number and any information you include in Your Message.
(Note to Norweld: If the Site includes other forms, such as quote request forms or career application portals, the types of personal information collected through those forms (e.g., project details, resume information) must also be explicitly listed here.)

b) Information Collected Automatically (Usage Data):

Log Data: When you visit the Site, our servers automatically record standard information provided by your web browser. This may include your device’s IP address, browser type and version, the pages of our Site you visit, the time and date of your visit, the time spent on each page, and other diagnostic data related to your visit. This information is passively collected during your interaction with the Site.
Device Data: We may automatically collect data about the device you use to access the Site, such as the type of device, operating system, and potentially unique device identifiers (especially if accessing via mobile).
Data via Cookies and Tracking Technologies: We use cookies and similar technologies to collect information about your browsing activities. Details are provided in Section 6 (“Cookies and Tracking Technologies”).
Data via reCAPTCHA: The contact form on this Site is protected by Google reCAPTCHA. The use of reCAPTCHA involves the collection of hardware and software information, such as device and application data, and sending this data to Google for analysis purposes. This analysis helps distinguish human users from automated bots. This collection and sharing of information with Google are governed by Google’s Privacy Policy and Terms of Service, which are linked on the contact form. It is important for users to understand that interacting with the reCAPTCHA service means certain usage information is shared with Google, a third party, for security purposes. This disclosure is necessary for the functioning of the security tool.

Purpose Identification (Why We Collect It): We collect your personal information for the following specific purposes, identified at or before the time of collection :

To Respond to Inquiries: To reply to questions, comments, or requests submitted through the contact form (using Name, Email, Phone, Message).
To Provide Services: To provide information about our fabrication and installation services, generate quotes if requested, and manage ongoing business relationships.
To Operate and Improve the Site: To maintain the functionality and security of the Site, analyze website traffic and usage patterns (using Usage Data and Cookies) to understand user needs and improve user experience.
To Ensure Security: To protect the Site from spam and abuse using tools like reCAPTCHA (using Usage Data shared with Google).
To Comply with Legal Obligations: To meet legal and regulatory requirements.

Limiting Collection: Norweld collects only the personal information that is necessary for these identified purposes. We do not collect sensitive personal information (e.g., health information, financial details beyond basic transaction needs if applicable) through the Site unless it is explicitly required for a specific service (like a job application, if offered) and legally permissible. Understanding the distinction between information actively provided by users (like form submissions) and information collected passively (like logs or cookie data) is important, as user awareness and expectations differ, influencing how we obtain consent.

4. How We Collect Your Personal Information

We collect personal information through the following methods:

Direct Collection: When you voluntarily submit information through interactive features on the Site, such as filling out and submitting the contact form.
Automated Collection: Through technologies that automatically gather information as you navigate the Site. This includes server logs, cookies, web beacons, and potentially other tracking technologies. We may use tools like Google Analytics for this purpose (see Section 6). The use of Google reCAPTCHA also involves automated collection of interaction data by Google.
Third Parties: Primarily, information collected automatically may involve third-party tools like Google Analytics and Google reCAPTCHA, where data is collected directly by or shared with these third parties according to their own policies. We generally do not collect personal information about website visitors from other third-party sources unless specified for a particular process (e.g., background checks for job applicants, if applicable).

Clarifying these different methods helps users understand the context in which their data is gathered, supporting informed consent.

5. How We Use Your Personal Information (Limiting Use)

Norweld uses the personal information collected for the purposes identified at the time of collection, as described in Section 3, and elaborated below:

Providing Services and Communication: Using your contact information (Name, Email, Phone) to respond to your inquiries, provide requested quotes or information about our steel fabrication, installation, and related services , and communicate with you regarding potential or ongoing projects.
Operating and Improving the Site: Analyzing Usage Data and information from cookies helps us understand how visitors interact with the Site, identify areas for improvement, enhance functionality, diagnose technical issues, and maintain website security. This includes using aggregated or de-identified data for statistical analysis.
Personalizing User Experience: We may use information collected through functionality cookies (if deployed) to remember your preferences (e.g., language settings) to provide a more tailored experience on subsequent visits.
Marketing Communications: We will only use your contact information (e.g., email address collected via the Site) to send you marketing communications (e.g., newsletters, promotional offers) if we have obtained your explicit, prior consent (opt-in) to receive such messages. This practice is necessary to comply with Canada’s Anti-Spam Legislation (CASL). Given that Norweld serves residential clients , any commercial electronic messages sent based on website data collection must adhere to CASL’s express consent requirements. Simply submitting a contact form for an inquiry does not constitute consent for marketing emails. (Note to Norweld: Confirm if marketing emails are sent based on website collections and ensure a CASL-compliant opt-in mechanism is used if they are.)
Legal and Security Purposes: We may use personal information as necessary to comply with applicable laws and regulations, respond to legal processes (like subpoenas or court orders), prevent fraudulent activity, enforce our terms of service, and protect the rights, property, and safety of Norweld, our employees, our clients, and the public.

Limiting Use: Norweld will not use your personal information for any purpose other than those for which it was originally collected, unless we obtain your fresh consent or the use is required or permitted by law.

6. Cookies and Tracking Technologies (Openness, Consent)

Explanation: The Site uses “cookies,” which are small text files placed on your device (computer, tablet, smartphone) when you visit a website. We may also use similar technologies like web beacons or pixels. These technologies help the Site function, improve user experience, and provide us with information about how the Site is used.

Purpose of Use: We use cookies and similar technologies for various purposes, including:

Ensuring the basic functionality and security of the Site.
Analyzing website traffic and performance to understand visitor behaviour and improve the Site (e.g., using Google Analytics).
Remembering your preferences to provide a more personalized experience (e.g., language settings, if applicable).
(Note to Norweld: Confirm if any cookies are used for targeting/advertising purposes. If so, this must be clearly stated, and explicit opt-in consent is required.)

Types of Cookies Used: (Note to Norweld: A cookie audit is required to confirm the specific cookies used. The following categories are common; the policy must be updated to reflect actual usage.)

Essential / Strictly Necessary Cookies: These are required for the core operation of the Site, such as enabling navigation and security features. They are typically session cookies (deleted when you close your browser) but can be persistent. These cookies cannot be disabled through our consent tool as the Site cannot function properly without them.
Analytics / Performance Cookies: These cookies allow us to collect information about how visitors use the Site, such as which pages are visited most often and if users encounter error messages. We use this aggregated information to improve how the Site works. We may use third-party services like Google Analytics for this purpose. These cookies collect information in a way that may not directly identify you but could be linked to a pseudonymous identifier.
Functionality Cookies: These cookies enable the Site to remember choices you make (such as language preference) and provide enhanced, more personal features.
Targeting / Advertising Cookies: (Note to Norweld: State if used) These cookies may be set through our site by advertising partners. They may be used by those companies to build a profile of your interests and show you relevant advertisements on other sites. Explicit consent is required for these.
Third-Party Cookies: Some cookies may be placed by third-party service providers, such as Google (for Analytics and reCAPTCHA). These third parties collect and use information according to their own privacy policies. We encourage you to review their policies.

Cookie Management and Consent: Upon your first visit to the Site, you will be presented with a cookie banner requesting your consent for the use of non-essential cookies (Analytics, Functionality, Targeting). Essential cookies do not require consent but are explained.

Meaningful Consent: We aim to obtain meaningful consent before placing any non-essential cookies on your device. The cookie banner provides clear information about the types of cookies used and their purposes.
Granular Control: You can choose to accept all non-essential cookies, reject all non-essential cookies, or customize your preferences by category through the cookie settings tool accessible via the banner or a persistent link/icon on the Site. We do not use pre-checked boxes for non-essential cookies.
Implied vs. Explicit Consent: While PIPEDA may allow for implied consent in some low-risk scenarios, current guidance from the Office of the Privacy Commissioner of Canada (OPC) emphasizes meaningful consent, particularly when data is shared with third parties like analytics providers who might use data for their own purposes. Therefore, Norweld seeks explicit opt-in consent for Analytics, Functionality, and any Targeting cookies. Continued browsing after seeing the banner does not constitute consent for these cookies.
Browser Settings: Most web browsers allow you to control cookies through their settings. You can typically set your browser to refuse all cookies or to indicate when a cookie is being sent. However, please note that disabling essential cookies may prevent you from using certain parts of the Site.
Opt-Out Tools: For specific third-party cookies, opt-out tools may be available, such as the Google Analytics Opt-out Browser Add-on.
Withdrawing Consent: You can withdraw your consent for non-essential cookies at any time by accessing the cookie settings tool (usually via a link in the website footer or the original banner mechanism) and adjusting your preferences.

Cookie Details Table: (Note to Norweld: This table should be populated based on the results of a specific cookie audit for Norweld.com. The content below is illustrative.)

Cookie Name / Provider	Type	Purpose	Duration	How to Opt-Out / Manage
sessionid (Example)	Essential	Maintains user session state across page requests.	Session	Cannot be disabled via consent tool; manage via browser.
_ga, _gid (Google Analytics)	Analytics	Distinguishes users for website traffic analysis.	Persistent (2 years)	Via Cookie Consent Tool or Google Analytics Opt-out Add-on.
lang_pref (Example)	Functionality	Remembers user’s selected language preference.	Persistent (1 year)	Via Cookie Consent Tool.
IDE (Google/DoubleClick)	Targeting	(If Used) Used for online advertising purposes.	Persistent (1 year)	Via Cookie Consent Tool or Ad Settings platforms.
NID (Google reCAPTCHA)	Essential	Used by Google reCAPTCHA for security/risk analysis.	Persistent (6 months)	Governed by Google’s policies; essential for form use.

Providing detailed information in a structured format like a table enhances transparency and helps users make informed decisions about their consent, aligning with PIPEDA’s Openness principle.

7. Consent

Norweld obtains your consent for the collection, use, and disclosure of your personal information, except in specific circumstances where permitted or required by law (e.g., legal investigations, emergencies).

Forms of Consent: Consent can be express or implied, depending on the circumstances and the sensitivity of the information.

Express Consent: Obtained explicitly, either verbally or in writing (e.g., checking a box, clicking an “Accept” button on a cookie banner for non-essential cookies, submitting a form after clear notice of purpose). We seek express consent for submitting information via the contact form and for deploying non-essential cookies. If marketing communications are offered, express opt-in consent will be required.
Implied Consent: May be inferred from your actions or inaction in certain contexts (e.g., providing information necessary for a requested service, continuing to browse the site after being informed about essential cookies). We rely on implied consent only where appropriate for non-sensitive information and clear purposes.

Meaningful Consent: For consent to be valid, it must be meaningful. This means you must be reasonably informed about what you are consenting to – the nature of the information collected, the purposes for its use and disclosure, and any potential risks. This policy, along with notices provided at points of collection (like the cookie banner), aims to provide this necessary information.
Withdrawal of Consent: You have the right to withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. The process for withdrawing consent must be straightforward. You can withdraw consent by:

Adjusting your preferences for non-essential cookies using our cookie management tool.
Clicking the “unsubscribe” link in any marketing emails you receive from us.
Contacting our Privacy Officer using the details in Section 15. Making withdrawal easy is crucial; if withdrawing consent is significantly harder than giving it, the initial consent may not be considered truly voluntary. Please note that withdrawing consent may affect our ability to provide certain information or services to you.

8. Disclosure of Personal Information (Limiting Disclosure)

Norweld does not sell your personal information to third parties. We will only disclose your personal information in the following circumstances, limited to what is necessary for the identified purpose :

Service Providers: We may share personal information with third-party companies or individuals who perform services on our behalf, such as website hosting, data storage, analytics providers (e.g., Google Analytics), IT support, and potentially payment processors if applicable. These service providers are typically contractually obligated to protect the confidentiality and security of the information and are restricted to using it only for the purposes for which it was disclosed to them (i.e., to provide services to Norweld). This aligns with PIPEDA’s concept of information being ‘used’ by a service provider under our direction. However, for services like Google Analytics or reCAPTCHA where the provider might also use data for their own purposes (e.g., improving their services), this sharing may be considered a ‘disclosure’ requiring greater transparency and potentially more explicit consent, as users need to be aware of the third party’s potential uses. We strive to ensure appropriate contractual safeguards are in place.
Affiliates: (Note to Norweld: Confirm if information is shared with any related Norweld entities and update accordingly.) We may share information with affiliated companies within the Norweld group, provided they adhere to privacy practices consistent with this policy.
Business Transactions: If Norweld is involved in a merger, acquisition, financing, asset sale, or other fundamental business transaction, personal information may be transferred as part of that transaction. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy, where feasible and legally required.
Legal Requirements and Protection: We may disclose personal information if required to do so by law, regulation, or legal process (such as a court order or subpoena), or in response to valid requests by public authorities (e.g., law enforcement agencies). We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of our users or others.

Disclosure is always limited to the specific information required for the stated purpose.

9. Data Retention (Limiting Retention)

Norweld retains personal information only for as long as it is necessary to fulfill the purposes for which it was collected, or as required to meet legal, regulatory, or legitimate business obligations.

Retention Criteria: The length of time we retain specific types of personal information is determined based on criteria such as:

The purpose for which the information was collected (e.g., information related to a specific inquiry may be kept until the inquiry is resolved and for a reasonable period after).
Legal and regulatory requirements (e.g., tax laws require retention of financial records for a specific period, typically six years from the end of the last tax year they relate to ).
Contractual obligations.
The need to resolve disputes, enforce agreements, or maintain audit trails.
Statutes of limitations for potential legal claims.

Specific Data Types: Usage Data collected automatically is generally retained for shorter periods than information provided directly, unless it is needed for security investigations, site improvement analysis, or legal compliance. Information related to business records or potential litigation may be kept longer according to legal advice and requirements.
Destruction/Anonymization: Once personal information is no longer required for its identified purposes or to meet legal obligations, it will be securely destroyed, erased, or anonymized in accordance with our internal data retention policies and procedures.

While detailed retention schedules are maintained internally , this public policy focuses on the principles governing retention to ensure transparency without creating undue rigidity, as specific timelines can frequently change based on evolving legal and business needs.

10. Security Safeguards

Norweld is committed to protecting the personal information in our custody or control from loss, theft, unauthorized access, disclosure, copying, use, or modification.

Implemented Measures: We employ reasonable administrative, technical, and physical security measures appropriate to the sensitivity of the information being protected. These measures may include:

Technical Safeguards: Use of secure servers, firewalls, access controls, potentially encryption for data transmission (e.g., HTTPS for the Site ) and storage where appropriate.
Administrative Safeguards: Internal policies and procedures governing data handling, access restrictions limiting access to personnel who need the information for their job duties , confidentiality agreements, and privacy training for relevant staff.
Physical Safeguards: Secure office premises and controls over physical access to systems storing personal information. Balancing the need to provide assurance with the need to avoid disclosing security vulnerabilities means we describe the types of controls rather than specific technical configurations.

Disclaimer: Despite our efforts to protect your personal information, it is important to acknowledge that no method of transmitting information over the Internet or storing data electronically is completely secure. While we take reasonable precautions, we cannot guarantee the absolute security of your personal information. You share information with us at your own risk.

11. Your Privacy Rights (Individual Access, Accuracy, Challenging Compliance)

Under PIPEDA, you have certain rights regarding your personal information. Norweld is committed to facilitating the exercise of these rights :

Right to Access: You have the right to request access to the personal information that Norweld holds about you. Upon written request, we will inform you of the existence, use, and disclosure of your personal information and provide you with access to that information, subject to certain legal exceptions.
Right to Correction (Accuracy): You have the right to challenge the accuracy and completeness of your personal information held by us and have it amended or corrected as appropriate. We rely on you to provide accurate information and to inform us of any changes.
Right to Withdraw Consent: As detailed in Section 7, you have the right to withdraw your consent to our collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions.
Right to Challenge Compliance: You have the right to address any concerns or complaints regarding Norweld’s compliance with PIPEDA and this Privacy Policy to our designated Privacy Officer.

How to Exercise Your Rights: To exercise any of these rights, please submit a written request to our Privacy Officer using the contact information provided in Section 15. Please include sufficient detail in your request to enable us to identify you and locate the relevant information. We will respond to access and correction requests within 30 days, as required by PIPEDA , unless specific circumstances necessitate an extension. We may require you to verify your identity before processing your request. Providing a clear process (e.g., contacting the designated Privacy Officer via email with a specific subject line) is essential for making these rights practical and actionable for users.

If you are not satisfied with our response to your complaint, you have the right to contact the Office of the Privacy Commissioner of Canada (OPC).

12. International Data Transfers

Personal information collected through the Site may be processed and stored in countries outside of Canada, including the United States, where our third-party service providers (such as Google for Analytics and reCAPTCHA) may operate.

It is important for you to be aware that when your information is processed or stored in a foreign jurisdiction, it may be subject to the laws of that jurisdiction. This means that foreign governments, courts, law enforcement, or regulatory agencies may be able to obtain disclosure of your information under the laws of that country. The OPC specifically requires organizations to be transparent about such transfers and the associated risks.

Norweld takes reasonable steps to ensure that any service providers outside of Canada are required to provide a comparable level of protection for your personal information through contractual agreements or other measures, where feasible. However, legal requirements in foreign jurisdictions may still apply.

13. Links to Other Websites

The Site may contain links to other websites that are not owned or controlled by Norweld. This Privacy Policy applies only to our Site. We are not responsible for the privacy practices or the content of these third-party websites. We encourage you to read the privacy policies of any external websites you visit, as their practices may differ from ours. This clarification helps manage user expectations and limits our liability for third-party actions.

14. Changes to This Privacy Policy (Openness)

Norweld reserves the right to modify or update this Privacy Policy at any time to reflect changes in our practices, services, or applicable laws.

We will notify users of any significant changes by posting the revised Privacy Policy on the Site and updating the “Last Updated” date at the top of this policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Site after any changes to this Privacy Policy constitutes your acceptance of the revised policy. Communicating updates clearly ensures ongoing transparency, a key aspect of PIPEDA’s Openness principle.

15. Contact Us (Accountability, Challenging Compliance)

If you have any questions, concerns, or complaints about this Privacy Policy or Norweld’s privacy practices, or if you wish to exercise your privacy rights (such as accessing or correcting your information, or withdrawing consent), please contact our designated Privacy Officer:

By Email: By Mail: Privacy Officer Nor-Weld Ltd. 449 West Street South Orillia, ON L3V 5H2 Canada

Providing a dedicated contact point ensures inquiries are handled efficiently by the responsible individuals , facilitating user rights and demonstrating accountability.

If your concerns are not resolved to your satisfaction, you may contact the Office of the Privacy Commissioner of Canada:

Office of the Privacy Commissioner of Canada 30 Victoria Street Gatineau, Quebec K1A 1H3 Toll-free: 1-800-282-1376 Website: www.priv.gc.ca

Ready to Start Your Project?

Get Started with Nor-Weld Ltd.