Contact Us
+1 780 952-8337
  • fab fa-facebook-f
  • fab fa-instagram
  • fab fa-youtube
  • fab fa-linkedin-in
  • fab fa-x-twitter
Contact Us
+1 780 952-8337
  • fab fa-facebook-f
  • fab fa-instagram
  • fab fa-youtube
  • fab fa-linkedin-in
  • fab fa-x-twitter
Book a Consultation

Privacy Policy

Last updated: May 19, 2025

Introduction and Our Commitment to Privacy

Novabridge Immigration Services Corp. (“Novabridge,” “we,” “us,” or “our”) is a Canadian immigration consultancy based in Alberta, operated by a licensed Regulated Canadian Immigration Consultant (RCIC) in good standing with the College of Immigration and Citizenship Consultants (CICC). We are authorized to provide immigration and citizenship consulting services under the College of Immigration and Citizenship Consultants Act, the Immigration and Refugee Protection Act (IRPA), and the Immigration and Refugee Protection Regulations (IRPR). As a regulated firm, we adhere to strict professional standards – including an obligation to keep client information confidential indefinitely, as required by the CICC Code of Professional Conduct.

Your trust is important to us. We are committed to protecting your privacy and safeguarding any personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website or services. It also outlines your rights regarding your information and how you can exercise those rights. We strive to write this policy in clear, friendly language while ensuring it remains legally sound and compliant with all applicable laws and regulations.

Compliance with Privacy Laws: Novabridge complies with Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA) and Alberta’s Personal Information Protection Act (PIPA), as well as substantially similar provincial privacy laws where applicable. We also follow the privacy and confidentiality requirements of the CICC’s Code of Professional Conduct, CICC By-Laws, and Regulations in all our client dealings. In practice, this means we apply the highest standards of privacy protection and transparency in handling your personal data.

Scope: This Privacy Policy applies to personal information collected through our website (including any contact forms, consultation booking tools, newsletter sign-ups, and other online services) and in the course of providing our immigration consulting services. It applies to all users of our services, whether you are in Canada (any province or territory) or accessing our services from abroad. By using our website or providing us with your personal information, you agree to the terms of this Privacy Policy.

Personal Information We Collect

What is Personal Information? In this Policy, “personal information” means any information about an identifiable individual. This includes obvious things like your name and contact details, but can also include less obvious information like an IP address or other online identifiers if they can be linked to you. We only collect personal information that is necessary for the purposes described in this policy.

Information You Provide to Us: We collect personal information that you voluntarily provide when interacting with Novabridge, such as:

  • Contact Information: When you fill out a contact or inquiry form, book a consultation, or email us, we may collect your name, email address, telephone number, mailing address, and other contact details so we can respond to you.

  • Inquiry Details: Any information you choose to share in your message or consultation request. For example, you might provide details about your immigration background, family situation, or the assistance you are seeking. We only ask for the information we need. Please avoid sending sensitive personal data (like Social Insurance Numbers or full ID numbers) through unsecured web forms.

  • Consultation Booking Information: If our website allows you to schedule a consultation, you may provide details such as preferred dates/times and any notes about your case. We might use a third-party scheduling service – if so, we will identify it and ensure it also protects your privacy.

  • Newsletter Subscription: If you subscribe to our newsletter or mailing list, we will collect your name and email address to send you updates. We will only add you to our mailing list with your explicit consent (for example, if you sign up via our website or ask us to add you).

  • Client Service Information: If you become a client, we will collect additional personal information as needed to provide immigration services. This could include personal details required for immigration applications (e.g. date of birth, nationality, family information, education and employment history, etc.) and copies of documents you choose to provide. Any such information will be collected and used strictly for the purpose of delivering our consulting services and fulfilling legal requirements, under the protection of client confidentiality. (Details on how we use and protect client information are further described below.)

Information Collected Automatically: When you visit our website, we may collect some information automatically to understand how our site is used and to improve your experience. This information may include:

  • Technical Data: We collect standard technical information from your web browser or device when you access our site. This includes your IP address, browser type and version, device type, operating system, and the date and time of your visit.

  • Usage Data: We also collect data about how you interact with our site, such as the pages or content you view, the website that referred you to us, and your navigation patterns. For example, our web server logs or analytics tools may note that a visitor from a certain IP address visited our homepage and then our “Services” page.

  • Cookies and Similar Technologies: Our site uses “cookies” and similar tracking technologies (such as web beacons or pixels) to enhance your browsing experience and gather analytics information. Cookies are small text files placed on your device that help our site remember your preferences and understand how you use our pages. For instance, cookies may track which pages you visit and how long you stay, which helps us know what content is most useful to visitors. You can set your browser to refuse some or all cookies, or to alert you when cookies are being used. However, note that if you disable cookies, some features of our site may not function properly.

Google Analytics: We use Google Analytics, a popular web analytics service provided by Google, to collect de-identifiedinformation about website traffic and usage. Google Analytics may set cookies to gather information such as your IP address, browser type, the pages you visit, and the time spent on our site. We have configured Google Analytics to anonymize IP addresses where possible to further protect your privacy (this means your full IP is not stored). The usage data collected helps us understand aggregate visitor behaviour and improve our website – for example, by seeing which blog posts are most read or how users navigate our pages. Importantly, this analytics data is not used to identify you personally, and we do not combine it with other personal information. Google, as our analytics provider, processes the information on our behalf and is bound by contractual and legal obligations to keep it confidential. (See the “Third-Party Services” section below for more on Google Analytics and your choices, including how you can opt out if you wish.)

We will not collect any more personal information than necessary for the purposes described, and we will not collect personal information without your consent (see “Consent and Your Choices” below for details). If we ever need to collect additional personal information or use your data for a new purpose not covered by this Policy, we will inform you and obtain your consent before doing so, in accordance with Canadian privacy laws.

How We Use Your Personal Information

Novabridge will use your personal information only for legitimate purposes related to our business and only as necessary to serve you. In general, we use the information we collect to:

  • Provide Immigration Consulting Services: We use the information you provide to assess your immigration needs, answer your inquiries, and provide advice or consultation. For example, if you contact us with a question about Canadian immigration, we will use your contact details to respond and may use details about your situation to give you accurate guidance. If you become a client, we will use your personal information to perform the services you have requested – such as preparing and submitting your immigration applications, representing you in communications with immigration authorities, and advising you throughout the process.

  • Communicate with You: We use your contact information (email, phone number, mailing address) to communicate with you for customer service and support. This includes sending you information you requested, responding to your questions or comments, confirming consultation appointments, and sending updates related to your case. We may also send you administrative emails as needed (for instance, about changes to our terms or this policy, or appointment reminders).

  • Email Newsletter and Updates: If you subscribed to our newsletter or expressly agreed to receive marketing communications, we will use your email to send you our newsletter, announcements, or other immigration updates we think may be of interest. These emails are sent only with your consent (opt-in), and you can unsubscribe at any time (every marketing email will include an “unsubscribe” link or instructions).

  • Website Improvement and Analytics: We use information about how visitors use our website (including data from cookies and Google Analytics) to better understand user behavior and preferences. This helps us improve our website design, content, and services. For example, knowing which pages are most visited or where users spend the most time helps us make those sections more accessible or informative. Analytics data is aggregated and de-personalized – we look at trends like “10% more visitors this month viewed the consultation page” rather than any one individual’s activity.

  • Service Delivery and Operations: We may use your information internally to ensure our services run smoothly. This includes activities like data analysis, testing out new website features, monitoring usage patterns to prevent technical issues, or measuring the effectiveness of our outreach (for example, seeing if people who receive our newsletter go on to use our services).

  • Legal and Regulatory Compliance: As an immigration consulting firm, we are subject to various legal obligations and professional regulations. We may use and retain your personal information as needed to fulfill our obligations under the law (e.g., record-keeping requirements, verifying your identity to prevent fraud, etc.) and to comply with requests from regulatory bodies or government authorities when legally required. For instance, we keep records of client engagements in accordance with CICC regulations and may need to provide information if the College (CICC) or a government agency audits our practice. We will also use personal information to the extent necessary to uphold our contracts with you (such as our client service agreement) and to exercise or defend legal claims if ever applicable.

  • Other Purposes with Consent: If we intend to use your information for a purpose outside of those listed above, we will explain the purpose to you and request your consent before doing so. We will never use your personal information for any purpose you wouldn’t reasonably expect from an immigration consultancy without your permission.

We want to emphasize that we do not sell or trade your personal information to any third parties. We use your data only for the purposes for which it was collected, as outlined here, or for purposes that are otherwise communicated to you and to which you consent. We follow the principle of limiting use, disclosure, and retention of personal information to only what is necessary to fulfill the identified purposes.

Consent and Your Choices

Consent to Collection and Use: By providing personal information to Novabridge (for example, by filling out a form on our site, sending us an email, or signing up for our services), you are consenting to our collection, use, and disclosure of that information in accordance with this Privacy Policy and applicable law. We will typically ask for your consent at the time of collection – for instance, our website forms may ask you to check a box indicating you agree to our terms and privacy policy when you submit your information. In other cases, your consent may be implied by your actions. For example, if you email us asking for assistance, it’s implied that we have your consent to use your email address and the information you provide in order to respond and help you.

We aim to ensure you understand why we are collecting your information and what we will do with it. If you have any questions about these purposes, you are encouraged to ask us. We will not require you to consent to the collection of information beyond what is necessary to provide our services to you.

Withdrawing Consent: You have the right to withdraw your consent to our continued use or retention of your personal information at any time, subject to legal or contractual restrictions. This means if you change your mind about receiving our services or communications, you can request that we stop using and/or delete your information. For example:

  • If you signed up for our newsletter but no longer wish to receive it, you can click the “unsubscribe” link in any email or contact us at any time to be removed from our mailing list. Once you unsubscribe, we will stop sending you promotional emails.

  • If you provided information through our website and you want to revoke your consent for us to hold or use that data, contact us (see the Contact Us section below) with your request. We will explain any implications of withdrawing consent (for instance, if you are an ongoing client, we may need certain information to continue providing services; or we may need to retain some information for a period of time to comply with legal requirements even if you withdraw consent for other uses).

  • If you are a client, you may withdraw your consent for us to continue representing you or to hold your personal information. We will advise you of any consequences of this decision (for example, that we would no longer be able to act on your behalf if we cannot use necessary information).

Withdrawing consent does not apply retroactively – it will not affect any use or sharing of information that has already occurred with your consent. Also, note that certain information may need to be retained if required by law or for legitimate business purposes (we will only retain what is necessary, as described in the Retention section). We will promptly honor your request to withdraw consent to the extent possible and will confirm with you when we have done so. There is no penalty or fee for withdrawing consent.

Managing Cookies and Analytics: As mentioned, you can control or disable cookies through your browser settings. If you do so, Google Analytics will have less data about your visit (it relies on cookies). Google also offers an Opt-Out Browser Add-on that you can install to prevent your data from being used by Google Analytics on any website. If you wish to use that, you can find it on Google’s site. Keep in mind, even if you opt out of analytics tracking, you will still have access to our website – it just means we won’t see information about your visit in our analytics reports.

Opting Out of Communications: If we send you any marketing communications (such as our newsletter or invitations to events), we will do so only with your consent, and we will always provide a clear way to opt out. As noted above, you can unsubscribe from emails via the link provided, or you can contact us to update your communication preferences. Even if you opt out of marketing emails, we may still need to send you certain transactional or informational messages regarding services you have requested (for example, emails about your case status or changes to our policies) – those are considered necessary communications, not marketing.

In summary, you have control over your personal information. We will respect the choices you make regarding your data. If at any point you have questions about your consent or wish to change your preferences, please let us know.

Disclosure of Personal Information

Novabridge will only disclose your personal information in limited circumstances, and always in accordance with privacy laws and professional confidentiality obligations. We do not sell, rent, or exchange your personal data with third-party companies for their independent marketing or other purposes. Any sharing of information is done either with your consent or as required/allowed by law, as detailed below.

With Your Consent or at Your Direction: We will share your personal information with third parties when you have given us explicit permission to do so. For example, if you ask us to refer you to another service provider or if you ask that we work in partnership with another consultant or lawyer on your case, we would share information as needed with your agreement. Additionally, if we ever want to use your testimonial or success story on our website, we would only do so with your consent (and we could anonymize it upon request).

Within Our Organization: Your information may be shared internally within Novabridge among our staff who need it to perform their duties (for instance, the RCIC consultant and any administrative assistants, if applicable). All personnel at Novabridge are bound by confidentiality agreements and the CICC Code’s confidentiality rules, so your information is treated with strict confidence internally.

Service Providers (Third-Party Processors): We use trusted third-party companies to help us operate our business and provide services to you. These third parties may process or store personal information on our behalf, but only for the purposes we specify and under our instructions. We ensure that any service provider we engage has privacy and security standards that meet or exceed our own. Key examples include:

  • Website Hosting and IT Providers: Our website may be hosted by a third-party hosting company, which means any information you submit through the site (contact form data, etc.) could be stored on their servers. We use reputable hosting providers with secure facilities. They are not allowed to access or use your data except to store it and make our website available.

  • Google Analytics: As noted, Google Analytics is a third-party service that provides us with website usage statistics. Google acts as our data processor for analytics data. The information (such as IP address, device info, pages visited) is collected and sent to Google’s servers (which may be outside Canada, e.g. in the United States). Google Analytics helps us understand website traffic but Google is not allowed to use the data for any purpose other than providing us with these analytics. We have configured Google Analytics to minimize privacy impact (e.g., IP anonymization). You can learn more about how Google handles data in Google’s own privacy policy. If you prefer not to be included in Google Analytics data, you can opt out as described in the Consent and Your Choices section.

  • Email Marketing (Mailchimp): We use Mailchimp (an email marketing service) to manage our email newsletter and mass communications. If you subscribe to our newsletter, your name and email address will be stored in our Mailchimp account. Mailchimp is a well-known service based in the United States, and it will hold our mailing list on its secure servers. This means your contact information may be transferred to or stored in the U.S. on Mailchimp’s systems. Mailchimp, as part of Intuit, is committed to privacy and does not sell personal data. They act as a data processor, only handling your information to send out our newsletters on our behalf. We have agreed to Mailchimp’s data processing addendum, which includes safeguards to protect personal information and standard contractual clauses for international data transfers. Rest assured, every email you receive via Mailchimp from us will contain an unsubscribe option, and you can also contact us to be removed from the list at any time.

  • Client Management and CRM: In order to efficiently manage our client relationships and communications, we may use a Customer Relationship Management (CRM) system or similar cloud-based software. This could include platforms for tracking inquiries, storing client contact details, scheduling appointments, and recording case notes. Any third-party CRM or cloud service we use will similarly be bound to keep your information confidential and secure. Data in a CRM may be stored on servers outside Canada (for example, some CRM providers host data in the U.S. or other countries), but we will ensure that any such provider has appropriate safeguards and complies with privacy requirements (see “International Data Transfers” below for more on how we protect information in such cases).

  • Payment Processors: (Note: If our website or services involve payments). At this time, we do not collect payment information through our website. If in the future we enable online payments for consultation fees or services, payments may be handled by a secure third-party payment processor (such as PayPal or Stripe). In that case, you would be directed to the processor’s platform which may collect your credit card details. Such payment processors would only share with us limited information needed to confirm your payment (like your name, email, and that the payment was successful). We would not see your full credit card number or banking details. Any payment processor we use will be compliant with PCI-DSS (payment card industry data security standards) and Canadian law.

In all cases, our service providers are given only the information necessary for them to perform the contracted service. They are not permitted to use your information for their own purposes, and they must protect it in accordance with our agreements and applicable privacy laws. We remain responsible for the handling of your personal information by any service providers acting on our behalf, and we supervise and contractually require them to safeguard your data (for example, through confidentiality agreements or data processing addenda).

Business Transactions: If Novabridge were ever to be involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of business assets, or transition of service to another provider, your personal information might be disclosed in connection with that transaction. This would only happen for the purpose of evaluating or completing the transaction and under appropriate confidentiality agreements. In the event personal information is transferred to a successor or purchaser, it would remain subject to the protections of this Privacy Policy (unless you consent otherwise or the law permits changes).

Legal Requirements and Protection: We may disclose personal information if we are required to do so by law or legal process, or if we have a good faith belief that such disclosure is necessary to:

  • Comply with applicable laws, regulations, or a court order, subpoena, or other legal demand for information.

  • Respond to a request from law enforcement or governmental authorities (in Canada or abroad) where disclosure is legally required or permitted.

  • Enforce our contractual rights (for example, to collect unpaid fees owed by a client, we might need to disclose basic information to a collection agency or in court proceedings, but we will limit information shared to what is strictly necessary).

  • Investigate or protect against suspected or actual illegal activities, fraud, or technical/security issues. For instance, if someone attempted to hack our systems or we detect a threat, we might share information with cybersecurity experts or law enforcement to address it.

  • Protect the rights, property, and safety of Novabridge, our clients, our website users, or others. This could include sharing information with our legal counsel or law enforcement to prevent harm or financial loss, or to report suspected criminal activity.

In any situation where we need to disclose information under an exception like the above, we will ensure we only disclose the minimum amount of information necessary and only what is lawfully allowed. We will document such disclosures as required by law. Whenever feasible and legally permissible, we will inform you if we must disclose your information due to legal obligations.

Government Immigration Authorities: As an immigration consultancy, a key part of our service is preparing and submitting applications or petitions to government bodies such as Immigration, Refugees and Citizenship Canada (IRCC), the Immigration and Refugee Board, Employment and Social Development Canada (ESDC), or provincial immigration programs. If you become a client, we will be disclosing your personal information to the relevant government authorities as necessary to carry out your immigration or citizenship applications (for example, submitting your biographical information, forms, and supporting documents to IRCC as part of a visa or permit application). This kind of disclosure is done with your consent and instruction, as part of the service we provide. We only share what is required for the specific process and in accordance with the rules of that program. Government bodies will use and protect your information according to their own privacy policies and laws (for example, IRCC is bound by Canada’s Privacy Act in how it handles applicant information). We treat all information shared with us for an immigration application as highly confidential and will not disclose it to any other third party besides the intended government recipients, unless required by law or with your further consent.

To summarize, Novabridge will not disclose your personal information to anyone except in the situations described above. Our default is to keep your information confidential and only accessible to us and our trusted service providers. If you have any specific concerns about our sharing of information or want more detail about which service providers might handle your data, please contact us – we’ll be happy to provide more information.

Third-Party Services and Cookies

Our website may include links or integrations with third-party services beyond those mentioned above. It’s important for you to understand how your information may be handled in those contexts:

External Links: Our site may contain links to third-party websites or resources (for example, links to government websites like IRCC, our social media pages, or articles of interest). If you click on a third-party link, you will be directed away from our site to that third party’s site. This Privacy Policy does not apply to external websites, and we cannot control the privacy practices of other organizations. We encourage you to read the privacy policies of any external sites you visit. We are not responsible for the content or privacy practices of sites that are not under our control.

Social Media: We may have profiles on social media platforms like Facebook, LinkedIn, or Twitter (X). If you interact with us on those platforms (for example, by sending us a direct message or commenting), those interactions are governed by the privacy policy of the respective platform. We will only use information you provide to us via social media in accordance with this policy (for example, if you contact us via Facebook asking for information, we might respond to you there or invite you to email us), but the platform itself may collect information about your interactions (see their privacy terms for details).

Cookies and Tracking Technologies: As noted in the collection section, our website uses cookies and similar technologies to function effectively and to gather analytics. Here is a bit more detail on your choices and on third-party cookies:

  • Types of Cookies: We use session cookies (which expire when you close your browser) and persistent cookies (which remain for a set period or until you delete them). Some cookies are essential for site functionality (for example, if we have a client login portal or a form that spans multiple pages, a cookie might keep you logged in or remember your progress). Other cookies are analytical, helping us count visits and understand usage patterns. We may also use cookies to remember your preferences (like language selection, if applicable).

  • Managing Cookies: On your first visit to our site, you might see a cookie notice or banner (if required by applicable law) letting you know that by continuing to use the site you consent to cookies. You can control cookies through your browser settings at any time – including blocking or deleting cookies. Each browser (Chrome, Firefox, Safari, etc.) has its own method for managing cookies in its settings or preferences menu. Note that disabling cookies might affect site performance; for example, videos might not load or certain options might not remember your preferences.

  • Do Not Track Signals: Some browsers offer a “Do Not Track” (DNT) feature that, when enabled, signals to websites that you do not want to be tracked across sites. Currently, there is no consistent industry standard for how websites should respond to DNT signals. However, we treat all visitors’ data in accordance with this Privacy Policy and will continue to monitor developments around DNT. If you have enabled DNT, our Google Analytics will still function as described (since it doesn’t collect personally identifying info), but we do not use the data to follow you across different sites.

Google Analytics (continued): We want to be transparent that Google Analytics involves transferring some data to Google. Data Location: The usage information collected via Google Analytics (which is de-identified) is transmitted to and stored on Google servers, which may be located in the United States or other countries. Data for analytics thus goes outside of Canada to the United States and may be subject to U.S. laws (such as the USA Patriot Act) while in that country. Google is part of the EU-US Data Privacy Framework and has commitments regarding data protection. Nonetheless, if you are concerned about this transfer, you can opt out of Google Analytics as described. We have taken steps (like IP anonymization) to reduce what is sent. Google also only provides us aggregate data (we cannot see individual user profiles). We use this third-party service strictly to improve our web services.

Mailchimp (continued): If you receive emails from us via Mailchimp, Mailchimp may use cookies or tracking pixels in those emails to tell us if you opened the email or clicked on links. This helps us gauge engagement (for instance, to see if our newsletters are being read). You can disable images in your email or avoid clicking the links if you do not want this tracking. Also, Mailchimp’s emails include an unsubscribe option which is tracked to fulfill opt-out requests. Mailchimp’s platform may also set cookies on our site if we use certain integrated forms or pop-ups for newsletter signup. We will let you know at the point of use if that’s the case. Mailchimp’s own privacy notice is available on their website, and they comply with anti-spam and data protection laws. As noted, your data on Mailchimp’s servers is protected by contract and by Mailchimp’s adherence to privacy frameworks. If you have any questions specifically about Mailchimp’s handling of your data, we can direct you to their resources or assist in obtaining answers.

In short, we do use some third-party services to enhance our website and communications, but we carefully select these providers and aim to be transparent about their involvement. We encourage you to review this section and the previous one (“Disclosure of Personal Information”) to fully understand when and why your information might be shared or stored with third parties. If any of this is unclear, please reach out to us for clarification.

International Data Transfers

Novabridge Immigration Services Corp. serves clients both within Canada and around the world. Regardless of where you live, we want you to understand how your personal information might be transferred or accessed internationally as part of our operations.

Data Location: We are based in Canada, and our primary business operations (and records) are in Canada. However, as described, we use certain cloud-based services and third-party providers (for example, Google, Mailchimp, possibly others) that are located outside of Canada. As a result, your personal information may be transferred to, stored in, or processed in a country other than Canada, including the United States. For instance, if you fill out a form on our website, the information might be stored on a server in the U.S. if our web hosting provider or CRM is U.S.-based; if you subscribe to our newsletter, your email is stored on Mailchimp’s U.S. servers; if you use our site, analytics data is sent to Google in the U.S.

Risks and Safeguards: When your information is in another country, it may be subject to the laws of that country and could be accessible to government, courts, or law enforcement agencies there under their laws (for example, data stored in the U.S. may be lawfully accessed by U.S. authorities for national security or law enforcement reasons). While this is a possibility, it is not something that occurs in the normal course of our business – it would typically require a legal order. We want to ensure you are aware of this aspect of international data transfers.

However, no matter where your personal information is located, our practices remain governed by this Privacy Policy, PIPEDA/PIPA, and related Canadian privacy principles. When we transfer personal data to service providers in other countries, we take steps to protect your privacy. These steps include:

  • Choosing reputable providers with strong privacy and security track records.

  • Having contractual agreements in place that require the provider to protect your data and use it only for the purposes we specify. For instance, our agreements with service providers include confidentiality clauses and may incorporate Standard Contractual Clauses or similar mechanisms for compliance with data protection laws, where appropriate.

  • Where applicable, ensuring providers certify under relevant privacy frameworks (e.g., EU-U.S. Data Privacy Framework, if dealing with EU data, or other certifications).

  • Limiting the personal data shared to the minimum necessary for the task.

International Clients: If you are located outside of Canada and provide personal information to us, please be aware that we will process it in Canada (and as noted, possibly in the U.S. via our service providers). By using our services or website, you consent to the transfer of your personal information to Canada and/or the United States. We value our international clients and will make sure that regardless of your home country, your data is handled securely and in line with the commitments of this Policy.

If you have questions about our use of service providers in other countries or the way we handle cross-border data, we will be glad to provide more specific information upon request. Our goal is to be transparent and ensure you are comfortable with how your information flows internationally as part of our services.

Retention and Disposal of Personal Information

We keep your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. This concept is known as limiting retention. Here’s how we approach data retention:

  • Active Use: For personal information that you provide to inquire about our services (but you do not become a client immediately), we will retain that information for a reasonable period in case you decide to proceed or have follow-up questions. For example, if you contact us for a consultation and then take some time to think about it, we may keep your inquiry details on file for a certain number of months so we can easily continue our discussion when you’re ready. We won’t keep it longer than necessary if it’s clear you do not wish to pursue services.

  • Client Records: If you become a client, we will create a client file with your information. We typically retain client files for a number of years after a file is closed. This retention period may be influenced by our professional obligations under CICC or by the limitation periods for potential legal claims. Keeping client files for a period (for example, seven (7) years after the conclusion of services – a common practice) helps us serve you if you return for future advice and allows us to have documentation in case of any issues or audits. We will not keep client personal information indefinitely unless there is a specific reason to (such as an ongoing duty to maintain records as required by a regulator). The CICC Code of Professional Conduct requires us to maintain confidentiality indefinitely, but not necessarily to retain data indefinitely. We periodically review the client data we hold and securely dispose of information that is no longer needed.

  • Legal Requirements: Certain information may need to be retained for statutory reasons. For example, tax laws might require us to keep records of payments and invoices for a set number of years. If we’ve had any communications regarding consent or privacy (like an opt-out request), privacy laws would expect us to keep a record of that request. We will adhere to any such requirements.

  • Newsletter Subscription Data: If you have subscribed to our newsletter, we will keep your email on our mailing list until you unsubscribe or until it’s clear the address is no longer active. If you unsubscribe, we may keep your email on a suppression list (to ensure we don’t accidentally send you emails again) but will not use it for any other purpose.

  • Web Analytics Data: Data collected via Google Analytics is retained for a period as determined by our Google Analytics settings (for instance, we might choose to retain aggregated analytics data for 26 months, which is a common default). This data is not identifiable to you personally. We mainly use year-over-year comparisons and similar analyses, and older raw data is automatically deleted by Google after the retention period we set.

When personal information is no longer necessary or relevant for the identified purposes or required by law, we will securely destroy, erase, or anonymize that information. We have guidelines and procedures in place to govern the destruction of personal data. For example:

  • Physical records (paper documents) that are no longer needed are shredded or incinerated through a secure destruction service.

  • Electronic records are deleted in a manner that ensures they cannot be easily recovered. Simply “deleting” a file sometimes leaves traces, so we use proper data wiping or destruction methods for sensitive data. If data is stored with a third-party service, we will follow their established procedures to delete the data from their systems as well.

  • Backup data: If personal information resides in system backups, we may allow those backups to eventually cycle out and be overwritten, or we will ensure that the same deletion request is applied when the backup is restored. There may be a slight lag between our live database deletion and the final removal from all backup copies, but we ensure full removal in a reasonable timeframe.

In cases where we anonymize data, we remove personal identifiers so that the data can no longer be associated with any individual. For instance, we might keep anonymized statistics about how many immigration cases of each type we handled, but that data would contain no personal client information.

Please note that due to technical and legal constraints, we might not be able to completely erase every historical record (for example, emails you sent us might reside in archived email backups). However, if you request deletion, we will do our utmost to remove your personal information from our active systems and additional repositories where feasible.

If you have specific questions about our retention periods for different types of data, we can provide you with more detail. And if you want your personal information deleted or returned to you, please let us know – we will accommodate requests as fully as possible, following the guidance of PIPEDA, PIPA, and our professional standards.

Security Measures to Protect Your Information

We understand that safeguarding your personal information is crucial. Novabridge employs a variety of security measures to protect your data against loss, theft, unauthorized access, disclosure, copying, use, or modification. We take security seriously and continuously strive to maintain industry-standard practices, as well as uphold our professional duty of confidentiality. Here are some key aspects of our security approach:

  • Physical Security: If we maintain physical records (paper files containing personal information, copies of documents, etc.), these are kept in a secure location. Our office has controlled access, and files are stored in locked cabinets or rooms when not in use. We restrict access to areas where personal information is stored, allowing only authorized personnel to enter.

  • Administrative Security: We limit access to personal information on a need-to-know basis. This means only those team members or service providers who require your information to perform their job (for example, our RCIC handling your case, or an assistant arranging your file) will have access to it. All staff and any contractors are subject to confidentiality obligations. We provide training and reminders about privacy best practices to ensure everyone understands the importance of protecting client data. Additionally, Novabridge has appointed a Privacy Officer (see Contact section) responsible for overseeing our data protection strategy and compliance. This ensures accountability within our organization for maintaining security.

  • Technical Security: Our website is secured with SSL/TLS encryption. You should see a padlock icon or “https://” in your browser address bar when interacting with our site, indicating that data transmitted between your browser and our website (such as information you enter into forms) is encrypted in transit. We also use firewalls and security software to protect our website and internal network from intrusions or malware. Our computers and devices are password-protected and use up-to-date antivirus/anti-malware tools. We apply security patches and updates to our software and systems regularly to address any vulnerabilities. If we use cloud services (like the CRM or cloud storage), we choose ones that offer strong security features (such as encryption at rest, two-factor authentication, etc.).

  • Data Separation and Anonymization: Where possible, we anonymize or pseudonymize personal data in our systems. For example, analytics data is de-personalized, and if we use test environments for software, we do not use real personal client data there. By minimizing the use of identifiable data, we reduce risk.

  • Backups and Recovery: We perform regular backups of important data to prevent loss in case of hardware failure or other issues. These backups are stored securely. If we use a cloud service, they typically handle backup and redundancy (which we consider as part of their security measures). We ensure that backups are as secure as our primary systems.

  • Monitoring and Testing: We monitor our systems for any signs of unauthorized access or unusual activity. If we detect something suspicious, we investigate it promptly. We also periodically review our security measures and may conduct tests (or work with security experts) to evaluate the strength of our protections. This helps us identify and fix potential weaknesses proactively.

  • Third-Party Security: As mentioned, we impose strict security requirements on third-party service providers who handle personal information on our behalf. We choose partners who use encryption and other robust security practices. For example, Mailchimp and our web host have security certifications and protocols in place. We review their security documentation to ensure they meet our standards.

  • Payment Security: (If applicable) If we ever handle payments, we will not store sensitive payment card information on our own systems. Instead, we rely on secure payment gateways that are PCI-compliant. This way, your financial information is protected by industry-approved methods.

  • Incident Response: Despite all precautions, no system is completely immune to incidents. We have an incident response plan in place. If a security breach or data leak were to occur, we will act quickly to contain and assess the issue, mitigate any harm, and notify affected individuals and authorities as required by law. PIPA and PIPEDA have breach notification requirements for significant breaches, and we are prepared to follow those. Our plan includes steps to investigate the cause, close any security gaps, and communicate transparently with those impacted.

It’s important to note that while we take all these measures, we cannot guarantee 100% security of information, especially in transit over the internet. However, we are continually improving and updating our security practices to meet evolving threats. You can help by using strong passwords for any accounts and by being cautious about the information you send via email or online (for instance, as Global Affairs Canada notes, email may not be secure for very sensitive data – if we need to exchange sensitive information, we can discuss secure methods like encrypted files or secure upload links).

If you have any questions about how we secure your information, or if you suspect any unauthorized access or have security concerns, please contact us immediately. We appreciate your trust and work hard every day to maintain the security and confidentiality of your personal information.

Your Rights and How to Exercise Them

As our client or user, you have a number of important rights regarding your personal information. Novabridge is committed to upholding these rights, and we have procedures in place to facilitate them. Here’s a summary of your key rights and how you can exercise them:

  • Right to Access Your Information: You have the right to request access to the personal information we hold about you and to obtain information about how that data is being used and disclosed. In practical terms, this means you can ask us to confirm whether we have personal information about you, and if so, request a copy of or access to that information. You can also ask us to explain the purposes for which we have your data, and get a list of any third parties with whom it has been shared. We will provide you with the information in a generally understandable format (explaining any abbreviations or codes). There are some exceptions under law – for example, we might not be able to give you access to information that contains personal data about other individuals, or information that is subject to legal privilege or security concerns. If any such exceptions apply, we will let you know the reason (unless prohibited by law from doing so). Access requests can be made by contacting us (see Contact Us below). We will respond to your request within a reasonable time, typically within 30 days as required by PIPEDA and PIPA, and there is no charge for reasonable requests. If for some reason we need more time or if there might be a cost (for example, if you need multiple copies or the request is complex), we will inform you in advance and explain.

  • Right to Correct or Update Information: We strive to keep your personal information accurate and up-to-date. If you believe that any information we have about you is incorrect, incomplete, or outdated, you have the right to request that we correct or update it. For instance, if you change your phone number or notice that we misspelled your name, just let us know and we will make the correction. If you dispute something like the outcome of an assessment, we can append a note to your file indicating your viewpoint. We will make the corrections as soon as possible and certainly within the timelines required by law. If any information we corrected had been disclosed to third parties (for example, if we submitted a form with an incorrect detail to a government agency), we will, where practical, send the corrected info to those third parties so they can update their records.

  • Right to Withdraw Consent: As discussed in the Consent and Your Choices section, you have the right to withdraw your consent for us to use your personal information, at any time, subject to legal or contractual restrictions. This is a fundamental right under PIPEDA/PIPA. You can withdraw consent for specific purposes (e.g., you might withdraw consent to receive the newsletter but still allow us to hold your data for service purposes) or altogether. We will act on your withdrawal request promptly. We will also inform you if withdrawing consent affects our ability to provide you with services (for example, if you withdraw consent for us to use your client data, we might have to close your file). Our goal is to make it as easy as possible for you to manage your consent – simply contact us with your request.

  • Right to Object to Certain Processing: In some jurisdictions (and under some modern privacy laws), individuals have the right to object to processing of their data for certain purposes (like direct marketing or profiling). Under Canadian law, this concept is essentially covered by withdrawing consent (since if you object, you can withdraw consent for that activity). Rest assured, we do not do any profiling or automated decision-making on your data. And for any secondary use (like marketing), we only proceed with consent. So while a formal “object” right might not be explicitly in PIPEDA, we voluntarily honor such preferences – just let us know if you have concerns.

  • Right to Data Portability: This right (to receive your data in a structured, commonly used format) is more a feature of laws like the EU’s GDPR and not explicitly required by Canadian law. However, if you need a copy of your information in a specific format (for example, CSV or PDF), we will do our best to accommodate, as part of the access right.

  • Right to Complain or Challenge Compliance: We take your privacy rights seriously, and we hope to resolve any concerns directly. If you are dissatisfied with how we have handled your personal information or any request you made, you have the right to complain to us and we must investigate and address your complaint. Please see the Complaints and Inquiries section below for how to escalate any privacy-related concerns. Additionally, PIPEDA gives you the right to challenge our compliance with the privacy principles by contacting the Office of the Privacy Commissioner of Canada, and Alberta’s PIPA gives you the right to lodge a complaint with the Office of the Information and Privacy Commissioner of Alberta (OIPC). These rights are described in the next section as well.

  • Right to Anonymity/Pseudonymity: When lawful and feasible, you have the right to request to remain anonymous or use a pseudonym when dealing with us. However, given the nature of immigration services, it is usually not feasible to provide significant assistance without knowing who you are (especially for legal representation). That said, if you just have a general inquiry, you are free to use only a first name or omit certain details until you formally engage our services.

  • Right related to Marketing Communications: We reiterate that you have the right to opt out of any marketing or promotional communications from us. We will not spam you and we follow Canada’s Anti-Spam Law (CASL) which requires consent for commercial emails. If you think you’re receiving communications you didn’t consent to, let us know and we will rectify that immediately.

To exercise any of your rights, simply reach out to us through the contact information provided below. We may need to verify your identity (to ensure we don’t give your information to someone else by mistake), especially for access or deletion requests – typically this might involve confirming some details we have on file or asking for ID for sensitive requests. We won’t make it onerous though; it’s usually as simple as confirming via the email we have on record or a quick phone verification.

We will treat all requests seriously and fairly. For access and correction, we aim to be as open as possible. If for some reason we cannot fulfill your request in whole or in part, we will explain why (e.g., if an exception applies) and let you know of any further options. Our goal is to ensure you feel confident and in control of your personal information.

Inquiries, Concerns, and Complaints

We encourage you to contact us if you have any questions or concerns about this Privacy Policy or about how your personal information is handled at Novabridge. Communication and transparency are key to trust, and we are happy to discuss any aspect of our privacy practices with you.

How to Contact Us: The section below (Contact Information and Data Controller) provides the details of our Privacy Officer and how to reach us. You can contact us by email, phone, or mail – whichever is most convenient for you. We will endeavor to respond promptly to any privacy-related inquiry.

Complaint Process: If you have a complaint about our privacy practices, please contact us first so that we have the opportunity to resolve the issue. For example, if you feel that we did not obtain proper consent, or you believe we have information about you that we shouldn’t, or that we’ve not fulfilled an access request properly – let us know. We will acknowledge your complaint, investigate it, and provide you with the results of our investigation and any steps we will take to address the issue. We strive to address complaints quickly and effectively. In many cases, a misunderstanding can be cleared up through discussion, or a minor error can be corrected to your satisfaction.

If you make a complaint, we will treat it seriously and handle any personal information involved in accordance with this Policy. Filing a complaint will not affect your access to our services; we will not refuse or retract services just because you raised a privacy concern. In fact, we appreciate the feedback as it helps us improve.

Escalation to Regulators: If you are not satisfied with our response to your privacy concern or complaint, you have the right to escalate the matter to the relevant privacy commissioner’s office:

  • Office of the Privacy Commissioner of Canada (OPC): The OPC is the federal body that oversees compliance with PIPEDA. You can contact the OPC to file a complaint or seek advice. The OPC’s website (priv.gc.ca) has information on how to make a privacy complaint. You can reach them by phone at 1-800-282-1376. The OPC will generally encourage you to try resolving with the organization first (which you’re doing by coming to us), but you can involve them at any time for guidance or to formally investigate if needed.

  • Office of the Information and Privacy Commissioner of Alberta (OIPC Alberta): Since we operate in Alberta, the OIPC Alberta is the regulator for Alberta’s PIPA. You can make a complaint to the OIPC if you believe we have contravened PIPA. Information on how to submit a complaint is on their website (oipc.ab.ca). Essentially, you’d send them a written complaint detailing the issue. They may mediate or investigate as appropriate. Similarly, if you’re in another province with its own private-sector privacy law (like British Columbia or Quebec), you could contact that province’s privacy commissioner. We mention Alberta specifically because that’s where we’re based, and OPC for federal matters.

  • College of Immigration and Citizenship Consultants (CICC): As a regulated entity, we are also accountable to our professional regulator (CICC) for ethical conduct, which includes handling of client information. If your concern is that we breached our professional obligations (for instance, improper confidentiality handling), you could also file a complaint with CICC. They have a process for complaints against RCICs. However, strictly privacy-related issues are usually better addressed by the privacy commissioners as noted above, unless it intersects with professional misconduct.

We certainly hope that no issue gets to the point where you feel it necessary to involve these bodies. Our aim is to resolve everything amicably and to your satisfaction. But it’s your right to know these avenues are available. We will cooperate fully with any investigation or inquiries by privacy regulators, and we will follow any recommendations they make to correct our practices if ever needed.

Remember: your privacy is protected by law. PIPEDA and PIPA give you enforceable rights, and organizations like ours have obligations to you. We are fully committed to meeting those obligations.

Contact Information and Data Controller

Data Controller: For the purposes of Canadian privacy law (and similar international laws), the “data controller” (the organization responsible for deciding why and how your personal information is collected and used) is Novabridge Immigration Services Corp., an Alberta corporation. In practical terms, this means Novabridge is accountable for the personal information under its control. We have appointed a Privacy Officer to oversee our privacy management program and ensure compliance with PIPEDA, PIPA, and other applicable regulations.

Privacy Officer Contact Details: If you have questions, requests, or concerns regarding your personal information or this Privacy Policy, you may contact our Privacy Officer (or the owner/manager fulfilling that role) as follows:

  • By Email: privacy@novabridgeimmigrationservices.com (Please use this email for the fastest response on privacy matters.)

  • By Phone: +1 780-952-8337 (during business hours, Mountain Time).

  • By Mail: Privacy Officer – Novabridge Immigration Services Corp., 655 Centre St S, Calgary, Alberta T2G 1S6, Canada.

Office Hours: Our normal business hours are Monday to Friday, 9:00 am to 5:00 pm Mountain Time. We will do our best to respond to any privacy inquiries within a few business days. If your matter is urgent, please indicate that in your communication and we will prioritize a response.

When contacting us with a privacy inquiry or request, please provide enough detail for us to understand your concern and contact you back. For example, if you are requesting access to your information, specifying the context (e.g., “I filled out a consultation form on your website on March 1”) helps us locate the data quickly. If you are making a complaint, describing the issue and date it occurred will help us investigate. We may ask you for verification information to ensure we are communicating with the right person.

We greatly value the trust you place in Novabridge with your personal information. Protecting that information and using it responsibly is central to our mission of helping people navigate immigration matters with confidence. Thank you for reading our Privacy Policy. If anything is unclear, don’t hesitate to reach out – we are here to help and to ensure you feel comfortable with how your personal data is handled.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, to keep up with legal requirements, or to incorporate feedback from clients and users. When we make changes, we will post the updated Privacy Policy on our website with a new “last updated” date at the top. If the changes are significant, we may also provide a more prominent notice (for example, a banner on our site or a direct email notification if appropriate).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after any changes to this Policy will be considered acceptance of those changes. Of course, if we were to materially change how we handle your personal information in a way that requires additional consent (under privacy laws), we would seek that consent from you.

In summary, this Privacy Policy is a living document. We will keep it up to date as privacy standards evolve and as our services change. We remain committed to the core principles of transparency, fairness, and respect for your privacy.

If you have any questions about changes to the Privacy Policy or want to obtain previous versions for reference, please contact us. We maintain an archive of past privacy policies and can provide a copy upon request (transparency extends to letting you see how our policy has evolved).

Thank you for taking the time to read our Privacy Policy. We truly appreciate your interest in how we protect your personal information. Your privacy is fundamental to our relationship with you, and we will continue working hard to earn and maintain your trust in Novabridge Immigration Services Corp.

Novabridge Immigration services
  • Address 655 Centre St S, Calgary, AB T2G 1S6
  • phone +1 780 952-8337

Let Us Help

Our Services

Resources

Disclaimer:

The information provided on this website is for general informational purposes only and does not constitute legal advice. For advice tailored to your specific circumstances, we encourage you to consult directly with our qualified professionals.