Last updated: March 15, 2026
Scope and Accountability (Ontario and PIPEDA)
This Privacy Policy describes how Museum of Research (“MOR”, “we”, “us”, or “our”) collects, uses, and protects personal information in the course of commercial activities in Canada. We apply the Personal Information Protection and Electronic Documents Act (PIPEDA) as our baseline privacy framework, with Ontario-specific obligations addressed where applicable.
We are responsible for personal information under our control and have designated a Privacy Officer to oversee compliance, requests, and complaints.
Purposes and Consent
We collect personal information only for identified purposes, including:
- responding to inquiries and project requests;
- providing and managing our creative services;
- maintaining business records and invoices;
- improving website performance and user experience; and
- meeting legal and regulatory obligations.
By contacting us or using our services, you consent to collection, use, and disclosure for these purposes. You may withdraw consent, subject to legal or contractual restrictions and reasonable notice.
Limiting Collection, Use, Disclosure, and Retention
We limit personal information collection to what is reasonably necessary for identified purposes. We do not sell personal information. We use and disclose personal information only as permitted by law, with your consent, or as required to deliver services.
We retain personal information only as long as necessary for the purposes above and to satisfy legal, accounting, and contractual requirements. When no longer required, information is deleted, anonymized, or securely destroyed.
Service Providers and Cross-Border Processing
We may use third-party service providers (for example, hosting, analytics, communication, and operational tooling) that process personal information on our behalf under contractual safeguards.
Some service providers may process or store personal information outside Ontario or Canada. Where cross-border processing occurs, personal information may be accessible to courts, law enforcement, and national security authorities in those jurisdictions.
Safeguards
We use administrative, technical, and physical safeguards appropriate to the sensitivity of personal information, including access controls, least-privilege practices, and secure service platforms. No system is fully risk-free, but we continuously review safeguards to reduce risk.
Access and Correction Requests
You may request access to personal information we hold about you and request corrections if it is inaccurate or incomplete. We will respond within applicable legal timelines and may require identity verification before completing a request.
Privacy Breach Handling
If a breach involving personal information creates a real risk of significant harm, we will follow applicable breach response obligations, including containment, assessment, record-keeping, and required notifications to affected individuals and regulators.
Complaint Workflow (2 Steps)
- Contact our Privacy Officer first so we can investigate and resolve your concern directly.
- If your concern remains unresolved, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC): Report a concern.
Ontario PHIPA Note
If personal health information is involved in Ontario, the Personal Health Information Protection Act, 2004 (PHIPA) may apply in addition to PIPEDA, depending on the specific activity and role of the parties.
Privacy Officer Contact
Privacy Officer, Museum of Research
Email: [email protected]