1) Introduction and scope
This policy applies to the Northline Digital Desk website, including pages and features that link to it. It covers data collected through web browsing, cookie preferences, analytics measurement, and any forms offered on the site such as optional newsletter style briefings. The policy also describes how we handle communications if you contact us by email.
If you access our site from outside Canada, your data may be processed in jurisdictions where our service providers operate. We explain international transfers below. If a local law provides additional rights, we will respect those rights where applicable.
Summary of key points
What we collect
Contact details you submit (such as email), and technical data such as IP address, device and browser information, and cookie preferences.
Why we collect it
To deliver the site, respond to requests, maintain security, and measure readership patterns in aggregate using analytics tools.
Your choices
You can accept or reject non-essential cookies via our cookie banner. You can unsubscribe from emails at any time.
No sale of personal data
We do not sell personal information. We share data only with service providers needed to operate the site and analytics.
For an overview of our editorial coverage, see About.
2) Personal data we collect
We limit collection to data that supports publication operations, reader communications, and site measurement. The exact fields depend on which features you use, but the categories below apply to typical visits.
We do not request sensitive data (such as health, precise geolocation, government identifiers, or payment details) through our on-site forms. If you choose to email us, please avoid including sensitive personal details that are not necessary for your question.
Contact data
- Email address (newsletter subscriptions or direct inquiries)
- Name (only if you include it in an email or optional message field)
- Phone number (only if you voluntarily provide it in an email; we do not ask for it on-site)
Device and network data
- IP address
- Browser type and version
- Device type and operating system
- Approximate location inferred from IP (city or region level)
Cookie and preference data
- Cookie consent choice (accept or reject)
- Session and security cookies required to load pages reliably
- Analytics identifiers if analytics cookies are accepted
Usage and interaction data
- Pages viewed and time spent (in aggregate)
- Referring page (for example, a search engine or a social network)
- On-site events such as clicks on navigation elements (if analytics is enabled)
Note on forms
If we offer a subscription form, we use the email address to send editorial updates. Each message includes an unsubscribe link. You can also request deletion by contacting [email protected].
3) How we collect data
We collect information in three main ways: data you provide directly, data collected automatically by the website and servers, and data provided by third-party tools used for measurement and operations. The methods below explain what typically occurs during a site visit.
Where a choice is required, such as optional analytics or marketing cookies, we rely on your explicit selection through the cookie banner. If you reject non-essential cookies, the site should still function, though some measurement features may be limited.
Collection methods
Web forms
When you submit a newsletter style subscription or send a message through a form, we collect the fields shown on that form. We do not hide additional fields. We also record the timestamp and basic technical details needed to protect against abuse.
Cookies and similar technologies
Cookies store small pieces of data in your browser. Some are necessary to store your cookie preference and to support essential site functions. If you accept analytics cookies, measurement identifiers may be stored to help us understand readership patterns.
Analytics tools and pixels
We may use Google Analytics 4 to analyze traffic trends and site performance. If enabled in a specific build, we may also use Meta Pixel to understand aggregated campaign performance for our own outreach. These tools are only intended for measurement and do not change what content you see.
Server logs
Like most websites, our hosting infrastructure records logs for security and troubleshooting. Logs may include IP address, request time, pages requested, and error diagnostics. We use this data to maintain reliability and detect misuse.
Email communications
If you email us, we receive the information in your message and email headers, which may include your email address, signature details, and any attachments you choose to send.
No automated decisions with significant effects
We do not use automated decision making, including profiling, that produces legal effects or similarly significant impacts on individuals. Analytics is used to understand readership in aggregate, not to determine eligibility for services.
4) Legal bases for processing (GDPR Art. 6)
While we are Canada-based, we use GDPR concepts to explain processing transparently for readers who may access the site from the EEA or who expect GDPR-style controls. When GDPR applies, we rely on the legal bases below depending on context. If another law applies, we follow that law’s requirements for consent and notice.
When consent is used, you can withdraw it at any time. Withdrawal does not affect processing that occurred before you withdrew consent.
If you want details on your cookie choice, see the cookie section below. For opt-out options for subscription emails, use the unsubscribe link included in each email or contact us directly.
5) Purposes of processing
We process personal data for limited, defined purposes. We do not use personal data to infer sensitive traits and we do not use it to make decisions that would materially change access to essential services. The primary uses are operational: delivering pages, maintaining security, responding to requests, and understanding what content is useful in aggregate.
Marketing communications are consent-based. If you subscribe, we send editorial updates and may include links to newly published explainers and reading lists. We do not send third-party marketing offers and we do not sell mailing lists.
Service delivery
Provide website pages, store essential preferences, and ensure the navigation and accessibility features work across devices. This includes basic operational processing required for the site to load and respond to requests.
Customer support
Respond to inquiries and privacy requests, confirm identity where necessary to protect your data, and maintain records of requests to meet compliance obligations.
Analytics and improvement
Measure aggregated trends such as popular topics and device types to help us maintain readability, speed, and section navigation. Analytics is not used to personalize sensitive content.
Fraud prevention and security
Detect suspicious traffic, protect against abuse, and preserve the integrity of site features such as forms. This may include rate limiting and reviewing server logs during incidents.
Legal compliance
We may process and retain limited records where needed to comply with applicable laws, respond to lawful requests, or establish, exercise, or defend legal claims. When we do so, we limit access and retention to what is required.
6) Retention periods
We keep personal data only as long as needed for the purpose for which it was collected, then delete or anonymize it. Retention can also be influenced by legal requirements and legitimate operational needs, such as keeping a record of an unsubscribe to respect your choice.
If you request deletion, we will remove personal data unless we need to keep it for compliance or to protect against fraud. When deletion is not possible, we will restrict processing and limit access.
Form submissions and inquiries
Retained for up to 2 years from the last interaction, unless a longer period is required to handle an ongoing request or for legal reasons.
Email list (newsletter style briefings)
Retained until you unsubscribe, then we keep a minimal suppression record for 30 days to process the request and help prevent accidental re-subscription.
Analytics data
Retained for 14 months in analytics systems where configurable. Aggregated reporting may be kept longer if it does not identify individuals.
Server logs
Typically retained for up to 90 days for security monitoring and troubleshooting, unless an incident requires longer retention for investigation and remediation.
Cookie consent record
Stored in your browser via local storage until you clear site data or you change your choice. If you clear site data, you may see the banner again.
If you want to request access or deletion, see “Your rights” below and contact [email protected].
7) Sharing and processors
We share personal data with service providers that help us operate the website, deliver email, and measure performance. These providers act as processors (or service providers) and are required to protect data and use it only for providing services to us. We do not sell personal data.
We may also share data if required by law, such as responding to a court order or lawful request. When possible, we aim to limit disclosures and to notify affected individuals if legally permitted.
Categories of recipients
Hosting and content delivery
Infrastructure providers that store and serve site files, handle network requests, and protect availability.
Analytics
Measurement providers such as Google Analytics 4 (GA4) that help us understand traffic trends and site performance.
Email delivery
Email service providers used to send subscription messages and manage unsubscribes. Access is limited to operational staff.
Security and abuse prevention
Tools that help detect automated traffic, limit abuse, and maintain the stability of the site and forms.
No sale of personal information
We do not sell personal information. We do not publish user-submitted personal data on the site. If we ever add a feature that changes this, we will update this policy and provide clear, separate notice.
8) International transfers
Our editorial operations are based in Canada. However, some service providers may process data in the United States, the European Economic Area, or other jurisdictions. Cross-border processing can occur when traffic is routed through global infrastructure or when analytics and email systems store event data.
Where GDPR applies and personal data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or an adequacy decision, depending on the provider and transfer route. We also assess whether supplementary technical and organizational measures are suitable for the type of data involved.
What this means in practice
Most data we transfer is limited to technical identifiers and aggregated usage data, plus email addresses for subscriptions. We work to minimize the amount of personal data involved and to restrict access. If you would like more information about our transfer safeguards for a specific tool, contact [email protected].
Data localization note
We may choose Canada-based hosting options where practical. Still, the internet’s routing and third-party systems can involve cross-border processing. This policy is intended to describe those realities clearly.
9) Your rights (GDPR-style)
Depending on where you live, you may have rights over your personal data. For EEA/UK visitors, GDPR rights include access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. We aim to support these rights for all readers where feasible and appropriate.
To protect privacy, we may need to verify identity before acting on a request. If you use an email address to contact us, we typically verify by replying to that address. We respond within a reasonable time, and where GDPR applies, within one month unless an extension is permitted.
How to exercise your rights
Right of access
You can ask what personal data we hold about you and request a copy. Email [email protected] with “Access Request” in the subject.
Right to rectification
If your email address or other details are incorrect, request a correction. For subscriptions, you can also unsubscribe and re-subscribe with a preferred address.
Right to erasure (deletion)
You can request deletion of personal data. We will delete or anonymize data unless retention is required for legal compliance, security, or to respect your unsubscribe choice.
Right to restriction and objection
You can request that we limit processing or object to processing based on legitimate interests. We will assess the request and stop processing unless there is a compelling legitimate ground.
Right to data portability
Where applicable, you can ask for your data in a structured, commonly used format. This most often applies to subscription details or communications you provided.
Right to withdraw consent
You can withdraw consent by rejecting non-essential cookies via your browser controls, clearing site data, or unsubscribing from email updates. Withdrawal does not affect processing that already occurred.
Right to complain
If you are in Canada, you can contact the Office of the Privacy Commissioner of Canada (OPC). If you are in the EEA, you may complain to your local supervisory authority. If you have concerns, we encourage contacting us first so we can address the issue promptly.
10) Cookie policy
Cookies help our site remember preferences and measure usage. Some cookies are strictly necessary. Others support analytics and, if used in a specific deployment, marketing measurement. We provide a cookie banner that allows you to accept or reject non-essential cookies. The banner is intended to be non-intrusive and not block access to the main content.
You can also manage cookies through your browser settings. If you block all cookies, the site may still be readable, but some features such as saved preferences may not work as intended.
Types of cookies we use
Strictly necessary cookies
These support essential site functions, such as security and saving your cookie preference. Duration varies by purpose; some last only for a session, and some persist until you clear site data.
Analytics cookies
If accepted, analytics cookies help us understand how readers navigate the site, which pages are most useful, and how the site performs on different devices. Typical durations may include session cookies and persistent cookies up to 14 months, depending on configuration.
Marketing measurement cookies
If implemented, marketing measurement cookies (such as a pixel) help us understand whether a campaign drove visits in aggregate. We do not use these cookies to show different content to different users on this site. Typical durations vary by provider and may be up to 90 days.
How to manage cookies
- Use the cookie banner to accept or reject non-essential cookies.
- Clear site data in your browser to remove stored preferences.
- Adjust browser settings to block or limit cookies.
- If you use privacy-focused browsing modes, cookies may be cleared automatically when you close the browser.
11) Children’s privacy
Our site is a general audience publication and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact [email protected] and we will take steps to delete the data.
If we later add features that could be used by minors, we will update this policy and implement age-appropriate notices and safeguards consistent with applicable law.
What happens if we discover minor data
If we become aware that personal data from a child under 16 was collected, we will (1) remove it from our active systems where feasible, (2) restrict access while deletion is processed, and (3) document the deletion request so we can confirm completion. We may request minimal information to locate the record, but we will avoid requesting additional personal data.
Parents or guardians may contact us to request access or deletion. We may ask for reasonable proof of authority to protect the child’s privacy.
12) Updates to this policy
We may update this policy to reflect changes to our site features, service providers, or legal requirements. When we make changes, we will update the “Last Updated” date at the top of this page. If a change is material, we will provide additional notice, such as a banner on the site or an email to subscribers when appropriate.
Continuing to use the site after an update means you have had the opportunity to review the revised policy. If you disagree with a change, you should stop using the site and adjust your cookie preferences or unsubscribe from emails as needed.
Version control
We keep internal records of significant updates to ensure consistency and to support responses to user inquiries. If you want to confirm which version applied to a specific time period, contact us and we will provide a summary of the relevant changes.
Related documents
Our Terms of Service describe the rules for using the site and are incorporated by reference. See Terms.
13) Contact and privacy officer
If you have questions about this policy, want to exercise your rights, or want to request deletion, contact our privacy team using the details below. For efficiency, include the page or feature involved, the email address you used (if applicable), and the type of request (access, deletion, correction, or objection).
We aim to respond promptly, and we will communicate clearly if we need additional information to process your request. We do not require you to create an account to make a privacy request.
Privacy contact details
Mailing address
Privacy Officer
Northline Digital Desk Media Ltd.
200 Bay Street, Suite 1800
Toronto, ON M5J 2J2
Canada
Operational contact
For non-privacy editorial questions, see About or email [email protected].
Unsubscribe and deletion options
Subscription emails include an unsubscribe link. You may also request deletion by emailing [email protected]. If you want to remove cookie data stored in your browser, clear site data in your browser settings.