Privacy Policy for Trimark Security
Our commitment as a cybersecurity firm. At Trimark Security, privacy is not a checkbox — it is a practice. We apply the same principles we advise our clients to follow: data minimization, purpose limitation, vendor due diligence, and access controls. We collect only what we need, retain it only as long as necessary, and protect it with administrative and technical safeguards appropriate to the sensitivity of the information.
1. Introduction and scope
This Privacy Policy explains how Trimark Security (“we,” “us,” or “our”) collects, uses, stores, and protects personal information provided by visitors to our website and prospective or current clients who contact us. It applies to all personal information we handle in connection with operating our website and delivering our cybersecurity consulting services.
Trimark Security operates as an independent consulting business. Depending on your location, different privacy laws may apply to how we handle your personal information. We have designed this policy to meet the requirements of:
- United States — applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA) where applicable, CAN-SPAM, and sector-specific regulations.
- Canada — the Personal Information Protection and Electronic Documents Act (PIPEDA) and Canada’s Anti-Spam Legislation (CASL).
- European Union / EEA — the General Data Protection Regulation (GDPR) and applicable national implementing legislation.
If you have questions or wish to exercise your rights, please contact us at info@TrimarkSecurity.com.
2. Information we collect
We collect personal information only to the extent necessary for the purposes described in this policy.
Information you provide voluntarily
When you fill out a contact or inquiry form on our website, we may collect your name, email address, phone number, company name, job title, and the content of your message. This information is provided at your discretion and is used solely to respond to your inquiry and to provide information about our services.
Technical and usage data
We may automatically collect certain technical data when you visit our website, including your IP address, browser type and version, device type, referring URL, and pages accessed with timestamps. This data is collected through server logs and, where applicable, cookies or similar technologies. It is used to maintain the security and performance of our website and to understand aggregate usage patterns.
What we do not collect
We do not collect payment card information, government identification numbers, health information, biometric data, or other sensitive personal data through our website. We do not offer file upload functionality and do not solicit the submission of confidential client documents through public web forms. Under GDPR, we do not intentionally collect any special category data (Article 9) through our website.
3. Legal basis for processing (GDPR — EU/EEA visitors)
If you are located in the EU or EEA, we are required to identify a lawful basis for each processing activity under GDPR Article 6. The table below sets out our legal bases:
| Processing activity | Legal basis (GDPR Art. 6) |
|---|---|
| Responding to a contact form inquiry | Art. 6(1)(b) — necessary for steps prior to entering a contract, or Art. 6(1)(f) — legitimate interests (responding to a direct inquiry) |
| Sending marketing communications | Art. 6(1)(a) — consent (you may withdraw at any time) |
| Website security and server logs | Art. 6(1)(f) — legitimate interests (maintaining site security) |
| Analytics (if applicable) | Art. 6(1)(a) — consent via cookie banner |
| Compliance with legal obligations | Art. 6(1)(c) — legal obligation |
For Canadian residents, we rely on knowledge and consent under PIPEDA. For US residents, we rely on the legitimate business purposes described in this policy and, where applicable, CCPA/CPRA rights are addressed in Section 10.
4. Cookies and tracking technologies
Functional cookies
Our website may use first-party session cookies that are strictly necessary for the site to function. These cookies expire when you close your browser or within a short defined period and do not track you across sessions or websites.
Optional preference cookies
If you opt in to saving your contact details for convenience when submitting a form, a preference cookie may be stored in your browser for up to one year. You can clear this at any time through your browser settings.
Analytics
[INSERT: Name your analytics platform here — e.g. “We use Google Analytics to understand aggregate site usage. Google Analytics sets cookies to collect anonymized data about pages visited and session duration. EU/EEA visitors will be asked for consent before analytics cookies are set.” OR: “We do not use analytics tracking on this website.”]
Cookie consent — EU/EEA visitors
If you are visiting from the EU or EEA, non-essential cookies (including analytics cookies) will only be set with your prior consent, in accordance with GDPR and the ePrivacy Directive. You may withdraw consent or change your cookie preferences at any time through your browser settings or our cookie preference tool.
Do Not Track
Some browsers transmit “Do Not Track” signals. Our website does not currently respond to Do Not Track signals, but we do not use cookies for advertising or cross-site tracking.
5. How we use your information
We use the personal information we collect for the following purposes:
- To respond to your inquiries and provide information about our cybersecurity consulting services.
- To assess your needs and prepare service proposals or scoping documents where you have requested this.
- To send marketing communications about our services — only with your express consent (required under CASL for Canadian recipients and GDPR for EU/EEA recipients). Each marketing communication will include a clear and functional unsubscribe mechanism, consistent with CAN-SPAM, CASL, and GDPR requirements.
- To maintain the security and performance of our website.
- To comply with applicable legal obligations across all jurisdictions in which we operate.
We do not use your personal information for automated decision-making or profiling, and we do not sell, rent, or disclose your personal information to third parties for their own marketing purposes. California residents: we do not “sell” or “share” personal information as defined under CCPA/CPRA.
6. Who we share your data with
Service providers (subprocessors)
We may share your personal information with trusted third-party service providers who help us operate our website and deliver our services. These include our website hosting provider, our customer relationship management platform, and our email service provider. Each provider is contractually obligated to maintain the confidentiality and security of your information and to process it only on our instructions. EU/EEA residents: where subprocessors are located outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.
Cross-border data transfers
Trimark Security operates primarily in North America. Some of our service providers store or process data on servers located in the United States. If you are located in Canada or the EU/EEA, your information may be transferred to and processed in the United States, which may have different privacy protections than your home jurisdiction. We take steps to ensure such transfers are subject to appropriate contractual safeguards. For EU/EEA transfers, we rely on Standard Contractual Clauses or other approved transfer mechanisms under GDPR Chapter V where required.
Legal disclosures
We may disclose your personal information when required by law or valid legal process, or where we have a good-faith belief that disclosure is necessary to protect the rights, property, or safety of Trimark Security, our clients, or others.
7. Data security
We implement administrative, technical, and physical controls appropriate to the sensitivity of the personal information we hold. These controls are consistent with recognized cybersecurity practices and the nature of our business as a security consulting firm. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee the absolute security of information transmitted to or from our website.
In the event of a confirmed personal data breach that creates a real risk of harm to individuals, we will: (a) notify affected individuals without undue delay; (b) report to relevant regulatory authorities within the timeframes required by applicable law — 72 hours under GDPR (Article 33), and as promptly as practicable under PIPEDA’s breach reporting obligations.
8. How long we retain your data
We retain personal information submitted through contact and inquiry forms for a maximum of 24 months from the date of initial contact, unless an ongoing client relationship exists that requires longer retention for legitimate business or legal purposes. When personal information is no longer required, it is securely deleted or anonymized.
Technical log data (IP addresses, access records) is retained for up to 12 months for security monitoring and troubleshooting purposes.
EU/EEA residents: retention periods are set in accordance with the GDPR principle of storage limitation (Article 5(1)(e)). You may request earlier deletion of your data — see Section 9 below.
9. Your rights
Depending on your location, you have the following rights regarding your personal information. To exercise any of these rights, contact us at info@TrimarkSecurity.com. We will respond within the timeframes required by applicable law — 30 days under PIPEDA, 30 days (extendable by two months for complexity) under GDPR, and 45 days (extendable once) under CCPA/CPRA.
| Right | US (CCPA/CPRA) | Canada (PIPEDA) | EU/EEA (GDPR) |
|---|---|---|---|
| Know / Access what data we hold | ✓ | ✓ | ✓ |
| Correct inaccurate data | ✓ | ✓ | ✓ |
| Delete / Erasure (“right to be forgotten”) | ✓ | ✓ (with exceptions) | ✓ (Art. 17) |
| Opt out of sale / sharing of personal data | ✓ (we do not sell or share) | N/A | N/A |
| Restrict or object to processing | Limited | ✓ | ✓ (Arts. 18–21) |
| Data portability | ✓ | Limited | ✓ (Art. 20) |
| Withdraw consent | ✓ | ✓ | ✓ |
| Lodge a complaint with a supervisory authority | ✓ (FTC / State AG) | ✓ (OPC) | ✓ (lead DPA) |
| Non-discrimination for exercising rights | ✓ (CCPA) | Implied | ✓ |
We will not discriminate against you for exercising any of these rights. We do not charge a fee to process rights requests unless they are manifestly unfounded or excessive.
10. Additional disclosures for California residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you specific rights in addition to those listed above.
Categories of personal information collected in the past 12 months: identifiers (name, email, IP address); professional or employment-related information (company name, job title); internet or other electronic network activity (pages visited, browser type).
Business or commercial purpose for collection: responding to inquiries, delivering services, maintaining website security, and complying with legal obligations — as described in Section 5.
Sale or sharing of personal information: We do not sell personal information and do not share personal information for cross-context behavioral advertising as defined under CPRA.
Sensitive personal information: We do not collect sensitive personal information as defined under CPRA.
To submit a verifiable consumer request or designate an authorized agent to act on your behalf, contact us at info@TrimarkSecurity.com.
11. Embedded and third-party content
Our website may contain links to third-party websites or embed content hosted by external services such as videos or articles. Content embedded from other websites behaves as though you had visited those websites directly — those services may collect data about you, use cookies, and monitor your interactions with their content, including if you are logged into those services. Trimark Security is not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any external sites you visit.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. All updates will be posted on this page with a revised “Last updated” date and version number. For material changes — those that significantly affect how we use your personal information or your rights — we will provide additional notice, such as a prominent banner on our website or direct communication where we hold your contact details. Continued use of our website after non-material updates constitutes acknowledgment of the revised policy.
13. Contact us and supervisory authorities
For questions, concerns, or rights requests relating to this Privacy Policy, contact our privacy contact:
- Email: info@TrimarkSecurity.com
- Organization: Trimark Security
- Primary operating location: North America
If you are not satisfied with our response, you may lodge a complaint with the relevant supervisory authority for your jurisdiction:
- Canada: Office of the Privacy Commissioner of Canada (OPC)
- United States: Federal Trade Commission (FTC) or your state Attorney General’s office
- EU/EEA: The data protection authority (DPA) in your EU member state of residence or establishment