Privacy Policy

Last updated: October 8, 2025
Applies to: Learn Ontario (https://learnontario.ca)

1) Who we are

Controller / Business: Learn Ontario (“we”, “us”, “our”)
Website: https://learnontario.ca
Email: thejuniorstoreca@gmail.com
EU/UK Representative (if required): Davinder (davindersekhon888@gmail.com)
Data Protection Officer (if appointed): Davinder (davindersekhon888@gmail.com)

If you are in the EEA/UK and interact with our site, we are the controller of your personal data for GDPR/UK GDPR purposes. If you are in California, we are a business for CPRA purposes.

2) What this policy covers

This policy describes what personal information we collect, how and why we use it, who we share it with, how long we keep it, and your privacy rights. It applies to this website, related subdomains, and any pages where this policy appears or is linked.

3) Definitions (plain-language)

Personal information / personal data: Any information that identifies or can reasonably be linked to a person.
Sensitive personal information (CPRA) / Special categories (GDPR): e.g., precise geolocation, health data, government IDs. We do not intentionally collect these on this site unless explicitly stated.
Sell / Share (CPRA): “Sell” means exchanging personal info for money or value. “Share” means cross-context behavioral advertising. See §12.
Processor / Service provider: A third party that processes data for us under a contract.

4) Categories of information we collect

We collect information from you, your device, and third parties:

Identifiers: IP address, unique cookies/IDs, device IDs, browser user-agent, referrer URLs, and contact details you submit (name, email).
Usage data: Pages viewed, links clicked, scroll depth, session duration, approximate location (from IP), and general device info.
Transactional/interaction data: Messages you send through forms or email, comments, support requests.
Advertising data: Ad impressions, click-throughs, frequency caps, and in some cases interests/segments (see §11–§12).
User-generated content: Comments, reviews, files you upload.

We do not knowingly collect sensitive personal information on this site and we do not process data for automated decisions that produce legal or similarly significant effects.

5) Sources of information

Directly from you (forms, comments, emails).
Automatically from your device via cookies, pixels, SDKs.
From service providers (e.g., analytics, ad networks, anti-spam, CDN) and publicly available sources.

6) Why we use your information (purposes + legal bases)

Under GDPR/UK GDPR (for EEA/UK visitors)

Essential site operations (Art. 6(1)(b)/(f)): load pages, security, fraud prevention, comment moderation.
Analytics / performance (Art. 6(1)(a) consent; or (f) legitimate interests, where permitted): understand traffic and improve content.
Advertising / monetization (Art. 6(1)(a) consent in EEA/UK): show non-personalized or personalized ads depending on your consent.
Communications (Art. 6(1)(b)/(f) or (a) where needed): respond to your inquiries; newsletters with your consent.
Legal compliance (Art. 6(1)(c)) and defense of claims (Art. 6(1)(f)).

Under CCPA/CPRA (for California residents)

Business purposes: auditing, security, debugging, short-term uses, performance of services (e.g., analytics, ads), internal R&D, quality/safety.
Sale/Share: We may engage in cross-context behavioral advertising via third-party cookies/pixels (see §12) unless you opt out.

7) Retention

We keep personal information only as long as necessary for the purposes above, unless a longer period is required by law. Typical retention:

Analytics event data: 2–26 months (configurable in Google Analytics).
Server logs & security: 30–365 days.
Contact form submissions: up to 24 months.
Ad data: per vendor policies and our contractual limits.

We periodically review and delete or de-identify data that is no longer needed.

8) How we share information

We share information with service providers under contracts that limit their use (processing instructions, confidentiality, security):

Hosting/CDN: [Host/CDN]
Analytics: Google Analytics (GA4)
Advertising/Monetization: Google AdSense/Ad Manager and other IAB-listed vendors you authorize.
Security/Anti-spam: [e.g., reCAPTCHA, Akismet]

We may also disclose information:

To comply with law or valid legal process.
To investigate or protect against malicious activities.
In connection with a merger, acquisition, or asset sale.

We do not sell your contact details for money. We may sell/share personal information (as defined by CPRA) via advertising cookies/pixels unless you opt out (see §12–§13).

9) International transfers

If you are in the EEA/UK, your data may be transferred outside your country. Where required, we use safeguards such as Standard Contractual Clauses (SCCs) and vendor commitments. You can request copies of relevant transfer safeguards via the contact in §20.

10) Cookies, pixels, and similar technologies

We use cookies and similar tools to run the site, measure traffic, and fund content with ads.

Strictly necessary: security, load balancing, consent storage.
Analytics: GA4 with optional IP anonymization and regional controls.
Advertising: frequency capping, fraud detection, and—if you consent in EEA/UK—personalization.

You can control cookies via our Consent banner and your browser settings. See §19 for opt-out links.

11) Google Analytics (GA4) specifics

We may use GA4 to analyze site usage.

Data may include pages visited, events, approximate geolocation (city level), device/OS, and referrers.
We honor consent preferences in the EEA/UK (Consent Mode v2). Where required, we use IP anonymization/regional controls.
You can opt out by using the Google Analytics Opt-out Browser Add-on and/or our consent banner.
Learn more: https://policies.google.com/privacy and https://tools.google.com/dlpage/gaoptout

12) Google AdSense / Ad Manager specifics

We monetize with Google AdSense/Ad Manager and may partner with additional vendors.

Third-party vendors, including Google, use cookies to serve ads based on prior visits to this and other websites.
Google’s use of advertising cookies enables it and its partners to serve ads based on your visits to this site and/or other sites on the Internet.
In the EEA/UK we obtain consent via a TCF-compliant CMP for personalized ads. If you don’t consent, you will receive non-personalized or limited ads.
In California, Google may be considered a service provider or a third party depending on your AdSense settings (Limited data processing, restricted data processing, etc.). You can opt out of sale/share (cross-context behavioral advertising) as explained below.
Vendor lists and purposes are available in our consent banner; Google ads policy: https://policies.google.com/technologies/ads
Manage ad personalization: https://adssettings.google.com

Publisher disclosures required by Google: Include a clear and conspicuous notice that third-party vendors may serve ads and that users can visit vendor sites for more information and opt-outs, including Ads Settings. This section satisfies that notice.

13) Your choices

Consent banner (EEA/UK): You can accept, reject, or customize categories at any time via the “Cookie settings” link in the footer.
Global Privacy Control (GPC): If your browser sends a GPC signal, we treat it as a request to opt out of sale/share for the associated browser.
California “Do Not Sell or Share”: Use the [Do Not Sell or Share My Personal Information] link in our footer or email us (see §20). We do not knowingly “sell” data of consumers under 16.
Analytics opt-out: Use the Google Analytics opt-out add-on and/or adjust consent in our banner.
Browser controls: Block or delete cookies via your browser.

14) Your rights

EEA/UK (GDPR/UK GDPR)

You have the right to access, rectify, erase, restrict, object (including to profiling for direct marketing), and data portability, and to withdraw consent at any time. You can also lodge a complaint with your local supervisory authority.

California (CCPA/CPRA)

Right to know/access categories and specific pieces of personal information.
Right to delete certain personal information.
Right to correct inaccurate personal information.
Right to opt out of sale/share (cross-context behavioral advertising).
Right to limit use and disclosure of sensitive personal information (we do not seek to collect SPI via this site).
Right to non-discrimination for exercising your rights.

To exercise rights, see §20.

Canada (PIPEDA)

You have rights to access and correct personal information and to challenge compliance. Contact us per §20.

Other US States

If you reside in CO/CT/VA/UT and similar jurisdictions, you may have similar rights, including a right to appeal a decision. Contact us per §20.

15) Children’s privacy

This site is intended for general audiences and is not directed to children under 13 (or the age required in your jurisdiction). We do not knowingly collect personal information from children.

16) Security

We use appropriate technical and organizational measures to protect personal information (HTTPS, access controls, need-to-know access, logging). No method of transmission or storage is 100% secure.

17) Links to other sites

Our content may link to third-party sites. Their privacy practices are governed by their own policies.

18) Changes to this policy

We may update this policy from time to time. The “Last updated” date reflects the latest version. Material changes will be posted on this page.

19) Opt-out tools and resources

Ads personalization (Google): https://adssettings.google.com
Google Ads policy & partners: https://policies.google.com/technologies/ads
Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

20) Contact & requests (DSAR)

To exercise your rights or submit a privacy request, contact us via:

Email: thejuniorstoreca@gmail.com
Address: Grand Valley, Canada

We may verify your identity before fulfilling requests. Authorized agents (California) may submit requests with proof of authorization and verification of the consumer’s identity.

21) California Notice at Collection (CPRA)

We provide this notice at or before the point of collection.

Category (CPRA)	Examples	Sources	Purposes	Disclosed for business purposes	Sold/Shared for advertising	Retention
Identifiers	IP, cookie IDs, device IDs, contact info you submit	You; device; vendors	Site operation, security, analytics, ads, communications	Yes (hosting, analytics, ads)	May be shared for cross-context advertising	2–26 months (analytics), logs 30–365 days, contact up to 24 months
Internet/Network Activity	Pages viewed, clicks, referrers	Device; analytics	Analytics, site improvement, ads	Yes	May be shared for advertising	Same as above
Approx. Geolocation	City/region from IP	Device; analytics	Content relevance, fraud prevention	Yes	No sale; sharing may occur via ad tech	Same as above
Inferences	Interest segments (if personalization enabled)	Ad/analytics vendors	Personalized ads (if consented)	Yes	Shared for advertising (opt-out available)	Vendor-dependent

We do not intentionally collect sensitive personal information via this site.

Your choices: Use our Cookie settings link, the Do Not Sell or Share link, or email us per §20. We honor GPC.

22) International & Canadian disclosures

PIPEDA (Canada): We process personal information consistent with fair information principles. Contact us for access/correction.
International transfers: See §9.

23) Data processing details (Annex)

A. Core vendors (illustrative)

Hosting/CDN: [Vendor], data center region [Region].
Analytics: Google Analytics (GA4). Controller/processor role varies by configuration.
Advertising: Google AdSense/Ad Manager and ATPs selected in your AdSense account or CMP.
Security/Anti-spam: [Vendor].

B. Cookie & tracker inventory (example format)

Name	Type	Purpose	Provider	Duration
_ga	Analytics	GA4 visitor measurement	Google	13 months (region dependent)
_gid	Analytics	GA4 session stats	Google	24 hours
IDE / ANID	Advertising	Ad delivery & fraud prevention	Google	up to 13 months
consent_storage	Necessary	Stores consent choices	[CMP]	As configured