Privacy Policy

Last Updated: March 12, 2026

1. Introduction and Controller Identity

This Privacy Policy explains how NorthBridge Business Coaching ("NorthBridge", "we", "our", or "us") collects, uses, discloses, and safeguards personal information when individuals visit our website and use our services. It applies to information processed through this website and related communication channels used to deliver coaching and educational services to clients across Canada.

For the purposes of applicable data protection laws, the data controller is CIA ANONIMA SUMINISTRADORA DE INDUSTRIAS, operating as NorthBridge Business Coaching, with a registered address at Carrer Gran de Sant Andreu, 176, Sant Andreu, 08030 Barcelona, Spain. You can contact us at [email protected] for any privacy-related inquiries.

Our programs are delivered to clients throughout Canada through virtual formats. We strive to handle personal information in a way that is transparent, secure, and consistent with the educational nature of our services.

2. Personal Data We Collect

We collect only the information needed to respond to inquiries, deliver coaching programs, and operate our website. Categories may include:

• Identity and Contact Data: full name, email address, telephone number, organization, role or job title, and province/territory.
• Inquiry and Enrollment Data: program interests, goals, timelines, preferences for scheduling and format, and any information included in free‑text messages or discovery notes.
• Technical Data: IP address, browser type, device and operating system, language settings, pages viewed, time on page, and referring URLs, collected through cookies or similar technologies where consent applies.
• Usage Data: on‑site interactions such as clicks, form interactions, and navigation paths that help us understand content performance.
• Cookie Identifiers: session identifiers, consent preferences, analytics identifiers, and marketing identifiers (see Section 4).
• Communication Records: emails, scheduling messages, and notes required to coordinate sessions and follow‑ups.

We do not intentionally collect special‑category data (such as health data, political opinions, religious beliefs) or government ID numbers through the website. We do not request financial account numbers via online forms. If sensitive information is provided inadvertently, we will handle it securely and minimize retention.

3. Why We Process Personal Data and Legal Bases

We process personal data for specific, lawful purposes:

• Responding to inquiries and providing consultations: to evaluate goals, share program information, and coordinate next steps. Legal basis: performance of a contract or pre‑contract steps; consent where required.
• Delivering coaching programs: to schedule sessions, share materials, and manage participation. Legal basis: performance of a contract.
• Analytics and site improvement: to understand aggregate usage and optimize content. Legal basis: consent (where required) for analytics cookies and similar technologies.
• Advertising and remarketing: to reach interested audiences and measure campaign performance. Legal basis: consent (where required) for marketing cookies and identifiers.
• Security, fraud prevention, and service reliability: to protect systems and ensure availability. Legal basis: legitimate interests.
• Legal and compliance obligations: to comply with applicable laws and requests from competent authorities. Legal basis: legal obligation.

We do not engage in automated decision‑making or profiling that produces legal or similarly significant effects on individuals.

4. Cookies and Similar Technologies

We use cookies and similar technologies to operate our site, remember preferences, understand aggregate usage, and support advertising where permitted. Cookies are small text files stored on your device. Some cookies are essential to run the website, while others are optional and require your consent in certain jurisdictions. For detailed information, please see our Cookie Policy.

Cookie categories we use:

• Essential: required for basic site functions (e.g., session continuity and consent storage). Examples: _site_session (session), cookie_consent (12 months).
• Analytics (consent): helps us measure traffic and user flows with IP anonymization where available. Examples: _ga (2 years), _ga_XXXXXXXXXX (2 years).
• Marketing (consent): supports ads measurement and remarketing. Examples: _gcl_au (90 days), _fbp (90 days), _fbc (90 days when click ID is present).

Beyond cookies, we may use pixel tags and server‑side tools to record conversions or audience membership when consent permits. Your preferences can be changed at any time using the "Manage cookie preferences" link in our site footer or the cookie banner controls presented on first visit.

5. Consent and Withdrawal

In jurisdictions where consent is required (for example, the EEA and the UK), analytics and marketing technologies will activate only after you provide explicit consent through our cookie controls. Your choices are stored in a browser cookie for approximately 12 months. You can withdraw or modify your consent at any time by selecting "Manage cookie preferences" in the footer or by clearing your cookies in your browser settings. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

6. Sharing with Service and Advertising Partners

We do not sell personal information. We share limited data with service providers who assist us in operating the website and delivering our programs. Where analytics and marketing are enabled by consent, the following types of providers may receive data such as cookie identifiers, page URLs, events, and hashed contact data where applicable:

• Analytics and advertising platforms: Google Analytics 4, Google Ads, and Meta advertising tools for measurement and remarketing (subject to your consent where required).
• Infrastructure and security services: content delivery and security services supporting site availability and threat mitigation.
• Operational tools: email and scheduling services used to coordinate consultations and program delivery.

These providers act on our instructions and are contractually restricted from using personal information for their independent commercial purposes.

7. International Data Transfers

Because our website technology and service providers may process data in multiple countries, your personal information may be transferred outside your jurisdiction. Where required, we rely on appropriate safeguards such as adequacy decisions (including the EU‑US Data Privacy Framework and the UK Extension), Standard Contractual Clauses, or equivalent instruments under applicable law. We assess vendor practices and implement contractual protections to help ensure a level of protection consistent with applicable standards.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy or as required by law. Typical periods include:

• Inquiry and consultation records: up to 2 years from last interaction.
• Program coordination and correspondence: the duration of the engagement plus up to 1 year.
• Analytics data: typically 14 months at the provider level when enabled.
• Marketing identifiers: per cookie or tool lifetime noted in Section 4.
• Server logs: approximately 90 days for security and troubleshooting.
• Consent records: up to 3 years for audit purposes.

9. Your Rights

Depending on your location and applicable law, you may have rights over your personal information. These may include the right to access, rectify, erase, restrict processing, object to processing, and request data portability. Where processing is based on consent, you can withdraw consent at any time using our cookie controls or by contacting us. If you believe we have not resolved your concern, you may be entitled to lodge a complaint with a relevant supervisory authority in your jurisdiction.

To exercise your rights, please email [email protected] with a clear description of your request. We may take steps to verify your identity before responding. We aim to reply within 30 days, subject to permissible extensions for complex requests.

10. Children’s Privacy

Our website and services are intended for adults and business professionals. We do not knowingly collect personal information from individuals under the age of 16. If you believe a child has provided us with personal information without appropriate authorization, please contact us so we can take appropriate action.

11. Do Not Track

Some browsers send "Do Not Track" (DNT) signals. Our website does not respond to DNT signals. Analytics and marketing technologies respect the choices you make in our cookie preferences tools, which you can adjust at any time.

12. Data Security

We apply administrative, technical, and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include restricted access to systems, secure transmission over HTTPS, and periodic review of our operational practices. No method of transmission or storage is entirely secure; we continually work to maintain reasonable safeguards appropriate to the nature of the information we process.

13. Account and Data Deletion Requests

You may request deletion of personal information we hold about you by emailing [email protected] with the subject "Data Deletion Request". Once we verify your identity, we will delete the information unless retention is required by law or necessary to establish, exercise, or defend legal claims. Where complete deletion is not technically feasible, we will apply appropriate de‑identification or restriction measures.

14. Business Transfers

If we are involved in a merger, acquisition, reorganization, asset sale, financing, or insolvency event, personal information may be transferred to a successor or affiliate as part of the transaction. We will require the recipient to honor commitments materially consistent with this Policy and applicable law. Where changes materially affect how your data is used, we will provide a prominent notice on the website.

15. California (CCPA/CPRA) Disclosures

For California residents, the following categories of personal information may be collected and disclosed to service providers for the business purposes described in this Policy: identifiers (such as name, email, IP address, device identifiers), internet or network activity (such as browsing history on our site), and inferences about interests or preferences used for advertising where consent applies. We do not sell personal information as defined by CCPA. We may "share" personal information for cross‑context behavioral advertising; you can opt out by disabling marketing cookies in our cookie preferences panel.

California rights include: Know, Delete, Correct, Opt‑Out of sale/sharing, and Non‑Discrimination. To submit a request, contact [email protected]. We will verify identity and respond within the time frames required by law. Authorized agents may submit requests with valid written authorization.

16. Virginia (VCDPA) and Other U.S. State Laws

Where applicable, Virginia residents may request access, correction, deletion, portability, and the ability to opt out of targeted advertising. We do not process personal data for profiling that produces legal or similarly significant effects. To appeal a refusal of a privacy request, email us with the subject "Appeal of Refusal — Privacy Request". We will respond within 60 days as required.

17. Nevada

Nevada residents may submit a verified request to opt out of the sale of covered information by emailing us with the subject "Nevada Do Not Sell Request". We do not currently sell personal information as defined under Nevada law.

18. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When changes are material, we will post a notice on the website at least 14 days before the new terms take effect. The Last Updated date at the top of this page will always indicate the most recent revision.

19. Contact

For questions about this Privacy Policy, data requests, or concerns regarding your personal information, please contact:

• Legal Entity: CIA ANONIMA SUMINISTRADORA DE INDUSTRIAS (operating as NorthBridge Business Coaching)
• Postal Address: Carrer Gran de Sant Andreu, 176, Sant Andreu, 08030 Barcelona, Spain
• Email: [email protected]