Privacy policy

1. Accountability

DeepLearnLab Institute Inc. ("DeepLearnLab," "we," "us," or "our") is responsible for personal information under our control. We have designated a privacy contact to oversee compliance with PIPEDA's ten fair information principles and to respond to access requests and complaints.

Privacy contact:
DeepLearnLab Institute Inc.
620 Fort Street, Suite 500
Victoria, BC V8W 1G6
Email: [email protected]
Telephone: +1 (250) 555-0191

2. Scope

This policy applies to personal information collected through deeplearnlab.one, enrolment and contact forms, email and telephone communications, in-person registration at our Victoria studio, corporate training contracts, and mentoring engagements. It does not apply to third-party websites linked from our pages; those sites maintain independent privacy practices.

DeepLearnLab provides technical deep learning training only. We do not collect health diagnoses, therapy notes, or wellness programme data because we do not offer those services. If you voluntarily disclose sensitive information in a free-text message, we will retain it only as long as necessary to respond and will not use it for unrelated purposes.

3. What personal information we collect

3.1 Information you provide directly

• Contact and identity data: name, email address, telephone number, mailing address, employer name (if supplied).
• Enrolment data: programme selection, programming experience self-assessment, scheduling preferences, payment and billing details processed through our invoicing system.
• Corporate engagement data: job title, team size, technical stack descriptions, confidentiality requirements for custom lab days.
• Communications: message content submitted via contact forms, email threads, and written feedback you send to mentors.
• Consent records: timestamps and method of consent for marketing communications and cookie preferences where applicable.

3.2 Information collected automatically

• Website usage data: IP address, browser type, device category, referring URL, pages viewed, and approximate geographic region derived from IP (city/province level).
• Cookie and local storage data: essential session identifiers and, if you opt in, analytics identifiers as described in our Cookie Policy.
• Server logs: timestamps, HTTP status codes, and security events for fraud prevention.

3.3 Information from third parties

We may receive limited information from employers sponsoring your seat (name, work email, purchase order number) or from payment processors confirming transaction status. We do not purchase marketing lists.

4. Why we collect personal information

We identify purposes before or at the time of collection and limit use to those purposes or compatible extensions permitted by PIPEDA:

• Responding to enquiries about lab cohorts, capstone mentoring, corporate lab days, and general technical questions.
• Processing enrolments, issuing GST/HST-compliant invoices, and administering refunds per our Terms of Service.
• Delivering training, distributing lab manuals, scheduling mentor reviews, and operating GPU workstations securely.
• Improving website usability through aggregated analytics when you consent to non-essential cookies.
• Meeting legal obligations: tax record retention, responding to lawful requests from authorities, and enforcing our agreements.
• Protecting our rights and the safety of staff and participants through access control and incident logging.

We will not use your personal information for wellness profiling, psychological assessment, or unrelated direct marketing without a separate, explicit opt-in.

5. Consent

PIPEDA requires meaningful consent for collection, use, and disclosure. We obtain consent as follows:

• Contact form: submitting the form with the consent checkbox checked constitutes express consent to use your details to respond to the enquiry.
• Enrolment: completing registration and payment constitutes consent to use information necessary to deliver the purchased programme.
• Analytics cookies: non-essential cookies are disabled until you accept or customise preferences via our cookie banner.
• Marketing emails: alumni announcements are sent only if you opt in during enrolment or subsequently subscribe; each message includes an unsubscribe mechanism.

You may withdraw consent for optional processing (e.g., marketing, analytics) at any time, subject to legal or contractual restrictions. Withdrawal may limit certain services — for example, we cannot deliver training without retaining your name and contact details for the cohort roster.

For individuals under the age of majority in British Columbia (19), we require verifiable parental or guardian consent before enrolment. Our programmes are designed for adult learners; we do not knowingly market to minors.

6. Limiting collection, use, and disclosure

We collect only information reasonably necessary for identified purposes. Free-text fields should not include passwords, full payment card numbers, or unrelated sensitive data. Mentors are instructed to redact accidental disclosures from feedback logs when feasible.

We do not sell or rent personal information. Disclosure is limited to:

• Service providers: hosting providers, email delivery services, payment processors, and accounting software vendors bound by contractual confidentiality and data-processing terms consistent with PIPEDA.
• Professional advisers: lawyers or accountants under privilege when required.
• Legal compliance: government agencies when compelled by valid Canadian legal process.
• Corporate sponsors: if your employer paid for your seat, we may confirm attendance and programme completion — not your notebook contents unless you authorize sharing.

Cross-border processing: some service providers may store data in the United States or other jurisdictions. When information leaves Canada, it may be subject to foreign lawful access regimes. We evaluate providers for contractual safeguards and notify you in this policy of the possibility of foreign storage.

7. Retention

We retain personal information only as long as necessary to fulfil the purposes described or as required by law:

• Contact form submissions: up to twenty-four months unless an enrolment relationship continues.
• Enrolment and billing records: seven years from the end of the fiscal year per Canada Revenue Agency guidance.
• Lab repositories and mentor feedback: until twelve months after programme completion, then archived or deleted unless you request earlier deletion compatible with academic integrity reviews.
• Server logs: ninety days unless implicated in a security investigation.
• Marketing consents: until withdrawal plus a minimal suppression record to honour unsubscribe requests.

When retention periods expire, we securely delete or anonymize information so it can no longer identify you.

8. Accuracy

You are responsible for providing accurate enrolment details. You may request correction of outdated information — for example, a new work email — by contacting our privacy contact. We will amend records promptly and, where appropriate, notify service providers who received the outdated data.

9. Safeguards

We implement administrative, technical, and physical safeguards proportionate to the sensitivity of information:

• Role-based access to enrolment databases limited to operations and mentoring staff with legitimate need.
• TLS encryption for website traffic and encrypted connections to cloud providers where supported.
• Workstation lock policies in the Victoria lab; guests may not install unapproved software on shared GPU machines.
• Contractual confidentiality obligations for mentors reviewing capstone notebooks containing your intellectual property.
• Incident response procedures including containment, assessment, notification to affected individuals and the Office of the Privacy Commissioner of Canada when required by PIPEDA breach reporting guidance.

No method of transmission or storage is perfectly secure. We encourage strong passwords on your personal GitLab accounts and caution against sharing credentials in contact messages.

10. Openness and access

This policy is published at deeplearnlab.one/privacy.php. Material changes will be posted with an updated "Last updated" date. Significant changes affecting prior consent may prompt renewed consent requests.

You may request access to personal information we hold about you, subject to limited exceptions under PIPEDA (e.g., legal privilege, confidential commercial information). Submit requests in writing to our privacy contact with sufficient detail to verify identity. We respond within thirty days unless an extension is permitted, and we will explain any refusal with reference to applicable exceptions.

You may also challenge our compliance with PIPEDA. We will investigate complaints internally first. If unresolved, you may contact:

Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, QC K1A 1H3
Toll-free: 1-800-282-1376
Website: priv.gc.ca

11. Individual access and deletion requests

To exercise access, correction, or deletion rights, email [email protected] with the subject line "Privacy request." We may ask for government-issued identification or enrolment confirmation to prevent unauthorized disclosure. Deletion requests are honoured when no overriding legal retention obligation exists; tax invoices, for example, must be retained regardless of deletion requests.

12. Automated decision-making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals. Mentor feedback and programme placement suggestions involve human review.

13. Changes to this policy

We may update this policy to reflect operational changes, new programmes, or legislative developments. Continued use of the website after posting constitutes notice of the update; enrolment agreements may incorporate the policy version effective at purchase date.

14. Contact summary

DeepLearnLab Institute Inc., 620 Fort Street, Suite 500, Victoria, BC V8W 1G6. BN 812345678 RC0001. Privacy enquiries: [email protected].

15. Provincial privacy legislation

While PIPEDA applies to our commercial activities across Canada, British Columbia's Personal Information Protection Act (PIPA) may also apply to employee personal information and certain business contact details held about BC residents. We align internal policies with the stricter applicable standard when statutes overlap. Organizations enrolling teams from Quebec should note that Law 25 (formerly Bill 64) may impose additional obligations on the organization as employer; our Privacy Policy describes our role as service provider processing participant data on behalf of instructional delivery.

16. Data breach notification

In the event of a breach of security safeguards involving personal information under our control that creates a real risk of significant harm, we will notify affected individuals and report to the Office of the Privacy Commissioner of Canada as required under PIPEDA breach notification provisions. Notifications will describe the circumstances, categories of information involved, steps we have taken, and recommended protective actions you may take. We maintain an internal incident register and conduct post-incident reviews to strengthen safeguards.