Back to Home

GDPR Policy

Last Updated: January 15, 2025

Table of Contents

  1. Introduction
  2. Data Controller
  3. Legal Basis for Processing
  4. Data We Collect
  5. Your GDPR Rights
  6. Consent and How to Withdraw
  7. Managing Cookies
  8. International Data Transfers
  9. Data Retention
  10. Data Breach Procedures
  11. Data Protection Contact
  12. Complaints

1. Introduction

FreshRoute Delivery is committed to protecting the privacy and personal data of all individuals, including those protected under the European Union's General Data Protection Regulation (GDPR).

This GDPR Policy explains how we handle personal data in compliance with GDPR requirements. It supplements our Privacy Policy and provides additional details about your rights under GDPR.

This policy applies to all personal data we process, regardless of where you are located. We treat all personal data with the same high standard of care.

2. Data Controller

The data controller for personal information collected through mainsource-ca.com is:

  • Company: FreshRoute Delivery
  • Address: 32 Oakridge Boulevard, Peterborough, ON K9J 3T8, Canada
  • Email: support@mainsource-ca.com
  • Website: mainsource-ca.com

The data controller is responsible for deciding how and why personal data is processed. If you have any questions about data processing, contact us using the details above.

3. Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

  • Consent (Article 6(1)(a)): When you fill out our contact form, subscribe to services, or accept cookies, you give us explicit consent to process your data for those purposes.
  • Legitimate Interest (Article 6(1)(f)): We process certain data to improve our website, prevent fraud, and ensure security. We balance our interests against your rights and freedoms.
  • Legal Obligation (Article 6(1)(c)): We may process data to comply with laws and regulations.

4. Data We Collect

We collect the following categories of personal data:

  • Identity data: Name
  • Contact data: Email address, phone number
  • Technical data: IP address, browser type, device information
  • Usage data: Pages viewed, time on site, click patterns
  • Cookie data: Preferences and tracking information (with consent)

We do not collect sensitive personal data (also known as special category data) such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

5. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within 30 days of your request.

Right to Correction (Article 16)

If any personal data we hold about you is incorrect or incomplete, you have the right to ask us to correct it. We will make corrections without undue delay.

Right to Deletion / Right to Be Forgotten (Article 17)

You can ask us to delete your personal data when it is no longer needed for the purpose it was collected, when you withdraw consent, or when there is no legal reason for us to keep it.

Right to Restriction of Processing (Article 18)

You can ask us to limit how we use your data. This applies when you dispute the accuracy of your data, when processing is unlawful, or when we no longer need the data but you need it for legal claims.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON). You can also ask us to transfer this data directly to another controller where technically possible.

Right to Object (Article 21)

You can object to our processing of your personal data when we process it based on legitimate interests. You can also object to processing for direct marketing purposes at any time.

How to exercise your rights: Send an email to support@mainsource-ca.com with the subject line "GDPR Request" and describe which right you want to exercise. We will verify your identity and respond within 30 days.

Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawing consent does not affect the lawfulness of processing done before the withdrawal.

How to withdraw consent:

  • Contact form data: Email us at support@mainsource-ca.com and ask us to delete your information.
  • Cookie consent: Clear your browser cookies and revisit our site. The cookie consent banner will appear again, and you can change your preferences.
  • Marketing communications: Click the unsubscribe link in any email we send, or email us to opt out.

7. Managing Cookies

Our website uses cookies with your consent. You can manage cookies in several ways:

Through our website

When you first visit our site, a cookie consent banner appears. You can choose to accept all cookies, accept only necessary cookies, or customize your preferences. To change your choice later, clear your browser cookies and the banner will appear again on your next visit.

Through your browser

Most browsers let you control cookies through their settings. You can:

  • View and delete existing cookies
  • Block all cookies or only third-party cookies
  • Set your browser to notify you when a cookie is set

Note: Blocking all cookies may affect how our website works.

Cookie types we use

  • Necessary cookies: Required for the site to function. Cannot be disabled. They store your cookie consent preferences.
  • Analytics cookies: Help us understand site usage. Only set with your consent. Expire after 12 months.
  • Marketing cookies: Used for ad targeting and measurement. Only set with your consent. Expire after 12 months.

8. International Data Transfers

Our servers are located in Canada. If you access our website from outside Canada, your data may be transferred to and processed in Canada.

Canada has been recognized by the European Commission as providing an adequate level of data protection (Commission Decision 2002/2/EC). This means your data receives similar protection when transferred to Canada.

If we use any service providers outside Canada or the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

9. Data Retention

We retain personal data only for as long as necessary:

  • Contact form submissions: 24 months after your last interaction
  • Cookie consent records: 12 months
  • Analytics data: 26 months (aggregated, non-identifying)
  • Server logs: 90 days

After the retention period, data is securely deleted or anonymized so it can no longer identify you.

10. Data Breach Procedures

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  1. Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  2. Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights
  3. Document the breach, its effects, and the steps taken to address it
  4. Take immediate steps to contain the breach and prevent further data loss

11. Data Protection Contact

For all questions related to data protection and GDPR compliance, contact us:

  • Email: support@mainsource-ca.com
  • Subject line: "GDPR Inquiry"
  • Address: FreshRoute Delivery, Data Protection, 32 Oakridge Boulevard, Peterborough, ON K9J 3T8, Canada

We aim to respond to all GDPR-related inquiries within 30 days.

12. Complaints

If you believe we have not handled your personal data properly, you have the right to file a complaint with:

  • Your local data protection authority in the EU/EEA country where you live or work
  • The Office of the Privacy Commissioner of Canada at www.priv.gc.ca

We encourage you to contact us first so we can try to resolve your concern directly. We take all complaints seriously and will work to address them promptly.