1. Introduction & Scope
Slime Media Solutions Corp. (“Company,” “we,” “us,” “our”) is a digital agency headquartered in Surrey, British Columbia, Canada, providing software development, AI automation, marketing infrastructure, and growth systems (“Services”).
This Privacy Policy applies to our website (theslimemedia.com), our Services, products, and applications, and all processing of Personal Information under our control or direction.
This Policy does not apply to third-party websites or services linked from our site, or to information processed on behalf of clients as a Data Processor (governed by Data Processing Agreements).
We are committed to protecting your privacy, complying with applicable privacy laws, providing transparency, respecting your rights, and maintaining industry-leading security standards.
2. Definitions
“Personal Information” means any information that identifies, relates to, or could reasonably be linked with an identifiable individual, including identifiers (name, email, phone, address, IP), commercial information, biometric data, professional information, and inferred information.
“Processing” means any operation performed on Personal Information, including collection, storage, retrieval, use, transmission, erasure, or modification.
“Data Controller” means the entity (us) that determines the purposes and means of Processing.
“Data Processor” means the entity processing data on behalf of a Controller.
“Sensitive Data” includes racial/ethnic origin, political opinions, religious beliefs, genetic data, biometric data for identification, health data, or sex life data.
3. Legal Basis for Processing
3.1 Contractual Necessity
To fulfill agreements with you, establish and maintain client relationships, and process payments.
3.2 Legal Obligation
To comply with tax and accounting requirements, respond to lawful government requests, and prevent fraud or harm.
3.3 Legitimate Interests
To improve our Services, conduct analytics, send direct marketing (where permitted), enforce our agreements, and maintain business operations.
3.4 Consent
To send marketing communications, place non-essential cookies, and process Sensitive Data where applicable.
4. Information We Collect
4.1 Information You Provide Directly
- Contact Information: Full name, email, phone, address, company, job title, LinkedIn profile
- Transactional Information: Billing address, payment method details, invoice and receipt data, project scope and timelines
- Communication Content: Emails, messages, call recordings, video calls, project briefs, uploaded files
- Optional Information: Demographics, business preferences, survey responses, feedback
4.2 Information Collected Automatically
- Website & Service Usage: IP address, device identifiers, browser type, pages visited, time spent, referral source, geographic location
- Technical Data: Cookie identifiers, server logs, error messages, performance metrics, API calls
- Behavioral Data: Email opens, link clicks, form submissions, feature usage statistics
4.3 Information from Third Parties
- Information shared by partners, referrals, or affiliates
- Publicly available business information (company websites, LinkedIn)
- Data from integrated communication and analytics platforms
- Payment processor data (transaction status, verification results)
5. How We Use Your Information
5.1 Service Delivery & Support
To provide, maintain, and improve our Services; respond to inquiries; manage accounts; deliver project deliverables; and conduct quality assurance.
5.2 Business Operations
To process transactions, maintain business records, manage client relationships, comply with financial obligations, verify identity, and enforce our Terms of Service.
5.3 Marketing & Analytics
To send promotional communications (with consent), share insights and educational content, conduct A/B testing, measure campaign effectiveness, and identify product opportunities.
5.4 Legal & Security Purposes
To comply with laws and legal processes, detect and prevent fraud, monitor for unauthorized access, protect against cyberattacks, and enforce our policies.
6. Legitimate Interests Assessment
| Interest | Activity | Balancing Factor |
|---|---|---|
| Business Efficiency | Storing client data, automating communications | Data minimization, retention limits |
| Service Improvement | Usage analytics, A/B testing, UX optimization | Anonymization where possible |
| Security & Fraud Prevention | Monitoring suspicious activity, verifying identity | Necessary to protect users and platform |
| Marketing | Targeted communications, promotional content | Opt-out mechanisms, consent options |
| Legal Compliance | Record-keeping, audit trails, compliance reporting | Legal minimization standards |
| Business Continuity | Backup systems, disaster recovery, data archival | Restricted access, security controls |
When we rely on Legitimate Interests, you have the right to request our Legitimate Interests Assessment, object to specific processing activities, and request erasure or restriction of your data.
7. Data Recipients & Third-Party Disclosures
7.1 Service Providers & Vendors
We share Personal Information with third-party service providers under Data Processing Agreements, including cloud hosting providers, payment processors, email platforms, CRM systems, analytics platforms, voice communication services, and marketing automation tools.
7.2 No Sale of Personal Information
We do not sell, rent, lease, or trade your Personal Information to third parties for their direct marketing purposes.
We may share aggregated, anonymized data for analytics or business intelligence without identifying you.
7.3 Service Provider Obligations
All third-party service providers are contractually bound by Data Processing Agreements requiring PIPEDA/GDPR compliance, confidentiality, security requirements, and data deletion upon contract termination.
7.4 Legal Compliance & Business Transactions
We may disclose information to law enforcement pursuant to legal process, or to potential buyers/investors (under confidentiality) in the event of a business transaction.
8. International Data Transfers
Some of our service providers are located in the United States. US transfers comply with PIPEDA adequacy assessment and include Standard Contractual Clauses (SCCs). For EU/UK customers, we implement GDPR-compliant mechanisms including SCCs and transfer impact assessments.
By using our Services, you consent to transfer of your Personal Information outside Canada, subject to contractual safeguards and applicable privacy law protections.
9. Data Retention & Deletion
9.1 Retention Schedule
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Contact Information (Prospects) | 2 years from last engagement | Legitimate interests, CASL compliance |
| Client Account Data | Duration of relationship + 7 years | Legal/tax obligations, contract |
| Email Communications | 3 years from creation | Legal hold, audit trail, business records |
| Call Recordings & Transcripts | 1 year from creation | Service quality, dispute resolution |
| Payment & Billing Records | 7 years | CRA tax requirements |
| Website Analytics | 26 months | Service optimization |
| Website Server Logs | 30-90 days | Security, fraud prevention |
| Legal/Dispute Data | Duration of dispute + 7 years | Legal obligations, statute of limitations |
9.2 Deletion & Erasure
You may request deletion of your Personal Information (subject to legal holds). We will delete or anonymize data upon request where legally permitted, and provide evidence of deletion within 30 days.
Exceptions include data required by law, data within legal hold, and data in backup systems (deleted during next retention cycle).
10. Your Rights & Controls
10.1 Canadian Privacy Rights (PIPEDA)
- Right of Access: Request access to Personal Information we hold, including sources, uses, and recipients
- Right to Correction: Request correction of inaccurate data
- Right to Deletion: Request deletion subject to legal holds and retention requirements
- Right to Opt-Out: Opt-out of marketing communications, unsubscribe from newsletters, withdraw consent
- Right to Complaint: File a complaint with the Privacy Commissioner of Canada
10.2 CASL Compliance
All marketing emails include an unsubscribe option. Unsubscribe requests are honored within 10 business days. We maintain suppression lists and obtain express consent before commercial electronic messages.
11. Security & Data Protection
11.1 Technical Controls
- End-to-end encryption for sensitive data in transit (TLS 1.2+)
- Encryption at rest for stored Personal Information (AES-256)
- Multi-factor authentication, firewalls, intrusion detection systems
- Regular security patching and vulnerability management
- PCI-DSS compliant encryption and tokenization for payment data
11.2 Access Controls
Principle of Least Privilege: minimum access necessary for job functions. Role-Based Access Control (RBAC) with defined roles and permissions. All data access is tracked via audit logs.
11.3 Security Limitations
While we implement industry-standard security, no system is 100% secure. Report suspected breaches immediately to our Privacy Officer.
12. Cookies, Tracking & Automated Decision-Making
12.1 Cookie Categories
- Essential Cookies (no consent required): Session cookies, CSRF tokens, load balancing, cookie consent preferences - retained for session duration or 12 months
- Analytical Cookies (consent required): Usage analytics, user journey mapping, feature engagement metrics - retained 26 months
- Marketing Cookies (consent required): Retargeting, interest-based advertising, audience building - retained until opt-out
12.2 Cookie Management
A cookie consent banner is presented on first site visit with options to Accept All, Reject Non-Essential, or Customize. You may change preferences at any time. Withdrawal is effective upon confirmation.
12.3 Automated Decision-Making
We use automated processing for lead scoring, email segmentation, fraud detection, and content recommendations. You have the right to human review of automated decisions and to contest those decisions.
13. Children & Minors
Our Services are not intended for individuals under 18 years of age. We do not knowingly collect Personal Information from minors. If we become aware of data from minors, we delete it promptly. Parents and guardians may request access to, deletion of, or restrictions on their child's data by contacting our Privacy Officer.
14. California Privacy Rights (CCPA/CPRA)
California residents have the right to know, delete, opt-out of sale/sharing, correct, limit use of Sensitive Personal Information, and freedom from discrimination.
| Category | Our Handling |
|---|---|
| Sale | We do NOT sell personal information for money |
| Sharing | Limited sharing with marketing partners (opt-out available) |
| Sensitive Info | Limited processing of job title, professional info |
| Automated Decision-Making | Lead scoring only (human review available) |
To submit CCPA requests: email privacy@theslimemedia.com. Response timeline: 45 days.
15. European Union Data Subject Rights (GDPR)
EU data subjects have the following rights under GDPR (EU) 2016/679:
- Right of Access (Art. 15): Obtain confirmation and receive a copy of data in structured format
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data
- Right to Erasure (Art. 17): Request deletion where data is no longer necessary or consent is withdrawn
- Right to Restrict Processing (Art. 18): Request limitation on processing vs. outright deletion
- Right to Data Portability (Art. 20): Receive data in machine-readable format, request transfer to another controller
- Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing
- Rights Related to Automated Decision-Making (Art. 22): Request human review and explanation of automated decisions
- Right to Lodge Complaint (Art. 77): File complaint with your EU member state data protection authority
EU customer data is processed under Consent, Contract, Legal Obligation, Legitimate Interests, or other GDPR-compliant grounds. We use Standard Contractual Clauses for international transfers. EU customers may request a signed Data Processing Addendum at legal@theslimemedia.com.
16. United Kingdom Privacy Rights (UK DPA 2018)
UK residents have equivalent rights to GDPR (Section 15), including the right to lodge a complaint with the UK Information Commissioner's Office (ICO). We comply with the Data Protection Act 2018 and UK GDPR. International transfers from the UK use adequacy decisions and Standard Contractual Clauses as appropriate.
17. Breach Notification & Incident Response
A Personal Data breach means unauthorized or accidental destruction, loss, alteration, or unauthorized disclosure of or access to Personal Information.
Notification Timelines
- Canada (PIPEDA): Without unreasonable delay (typically 30-60 days). Notification to affected individuals and Privacy Commissioner if significant.
- EU/UK (GDPR/UK DPA): High-risk breaches reported to supervisory authority within 72 hours.
- California (CCPA): Without unreasonable delay; notification to California Attorney General if over 500 residents affected.
If you suspect a breach, contact our Privacy Officer immediately.
18. Data Processing Addendum
Clients or organizations that provide data to us for processing may request a separate Data Processing Addendum (DPA) that clarifies roles, defines processing scope, specifies security obligations, and incorporates Standard Contractual Clauses for international transfers. Request a DPA at legal@theslimemedia.com. We provide a signed DPA within 15 business days.
19. Privacy Officer & Contact Information
Slime Media Privacy Officer
Email: privacy@theslimemedia.com
Response time: 30 days for standard inquiries
We handle access requests, deletion requests, correction/update requests, opt-out and consent withdrawal, privacy complaint escalations, GDPR/CCPA/UK DPA rights requests, automated decision-making challenges, and data portability requests.
First request per year is free. Subsequent requests may incur a reasonable fee (maximum $25 USD equivalent). Manifest unfounded or excessive requests may be denied.
20. Policy Changes & Updates
We may update this Privacy Policy to reflect changes in our data practices, technological or regulatory changes, or expansions to new jurisdictions. For significant changes, we will provide email notification and 30-day advance notice. For minor changes, updates take effect immediately with notice on our website.
By continuing to use our Services after policy updates, you accept the revised terms.
| Version | Date | Changes |
|---|---|---|
| 1.0 | May 21, 2026 | Initial policy creation |