top of page

Privacy Policy

INTRODUCTION

This Privacy Policy describes how Paragon Digital Consulting, Inc. ("Paragon," "we," "us," or "the Company") collects, uses, protects, and manages personal information in connection with our website, advisory services, consulting engagements, coaching programs, and Employer of Record (EOR) operations.

Paragon is committed to handling personal information with integrity, transparency, and accountability — values that are foundational to how we operate. This policy exists not merely to satisfy legal requirements, but because we believe the people who trust us with their information deserve to know exactly how it is used and protected.

This policy applies to Paragon Digital Consulting, Inc., any subsidiaries existing now or established in the future, and any person or organization providing services on our behalf. A copy of this policy is available at all times at www.paragondigitalconsulting.com and is provided to clients and candidates upon registration.

 

1. GOVERNING FRAMEWORK & JURISDICTION

Paragon operates as an international advisory firm headquartered in Calgary, Alberta, Canada. Accordingly, this policy is grounded in Alberta's Personal Information Protection Act (PIPA) and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) as the primary governing frameworks. Given the global nature of our client base and operations, we also align our practices with the following international data protection regulations:

  • GDPR — General Data Protection Regulation (European Union)

  • CPRA — California Privacy Rights Act (United States)

  • PDPA — Personal Data Protection Act (Singapore)

  • POPIA — Protection of Personal Information Act (South Africa)

Where the requirements of these frameworks differ, Paragon applies the standard most protective of the individual's rights, to the extent operationally practicable. Your specific rights under each framework are described in Section 8 of this policy.

 

2. WHO THIS POLICY APPLIES TO

This policy applies to all individuals whose personal information is collected, used, or managed by Paragon in the course of our operations, including:

  • Prospective Candidates — individuals who have submitted their information for consideration in connection with a role, project, or engagement opportunity facilitated by Paragon.

  • Associates and Bench Advisors — independent professionals who are part of Paragon's extended delivery network and who have provided their information for the purpose of project matching, engagement, or professional development.

  • Clients — organizational contacts and individuals representing companies that have engaged or are considering engaging Paragon's advisory, consulting, or coaching services.

  • EOR Employees — individuals employed through Paragon in its capacity as Employer of Record, for whom Paragon collects and processes personal and payroll-related information as required by law.

  • Site Visitors — any individual who accesses the Paragon website, regardless of whether they interact with our services directly. Data collected from site visitors is primarily addressed in our Cookie Policy, which should be read in conjunction with this document.

 

3. WHAT PERSONAL INFORMATION WE COLLECT

3.1 Prospective Candidates and Advisors

In order to evaluate suitability for opportunities and maintain an accurate professional profile, Paragon collects the following categories of personal information:

Contact details including full name, email address, phone number, and location. Professional history and qualifications to the extent reflected in a standard résumé or curriculum vitae, including employment history, education, certifications, and areas of expertise. A description of the type of work, engagement model, or opportunity the individual is seeking. Our proprietary assessment and interview notes, which are prepared by Paragon personnel and retained as part of the candidate's file. Reference information provided by the candidate with their express consent, including reference letters and notes from reference conversations. Upon successfully obtaining a contract or engagement through our EOR services, additional information required to administer payroll and benefits, including business name or Social Insurance Number (SIN), banking details, tax classification information, and vacation and benefit entitlements.

3.2 Clients

In order to understand engagement requirements and maintain an accurate client profile, Paragon collects the following categories of personal information from client contacts:

Full name, title, organizational email address, phone number, and business address. A description of the organization, the nature of the engagement or project, and the profile of candidates or advisors being sought. Strategic assessment notes and project documentation prepared in the course of our advisory work. Upon engagement, the billing and financial contact information required to produce legally compliant invoices and maintain accurate financial records.

3.3 EOR Employees

In our capacity as Employer of Record, Paragon collects all personal information required by applicable employment, payroll, and tax law in the relevant jurisdiction. This includes, but is not limited to, government-issued identification, Social Insurance Number or equivalent, banking information, tax classification, benefits enrolment, and any accommodation-related information provided voluntarily.

3.4 Site Visitors

Paragon's website collects certain information automatically when accessed, including device type, browser, geographic region, pages visited, and session duration. This information is collected through cookies and related tracking technologies and is addressed in detail in our Cookie Policy.

 

4. WHY WE COLLECT PERSONAL INFORMATION

4.1 Prospective Candidates and Advisors

Paragon collects personal information from candidates and advisors to understand individual qualifications, experience, and professional preferences; to identify and present suitable opportunities on their behalf; to fulfill client requests for candidate or advisor profiles; to conduct reference and background checks where authorized; to assess and continuously improve our matching and advisory services; and to administer payroll, tax withholding, benefits, and all other obligations arising from our role as Employer of Record.

In delivering these services, Paragon utilizes video conferencing and collaboration platforms, including Microsoft Teams, for virtual interviews, advisory sessions, and project coordination. Where sessions are recorded, participants are notified in advance and recording commences only with express consent. Participant names, email addresses, and where applicable, audio, video, and transcript data are retained for project documentation and service continuity.

4.2 Clients

Paragon collects personal information from client contacts to understand engagement requirements and organizational context; to identify and present the most suitable candidates or advisors; to manage active engagements and maintain service continuity; and to fulfill all financial, contractual, and regulatory obligations arising from our service agreements.

 

5. CONSENT 

Paragon requires consent before collecting, using, or disclosing personal information, except where otherwise permitted or required by law.

For individuals located in Canada, consent may be express or implied depending on the sensitivity of the information and the context in which it is collected. Implied consent is relied upon where the purpose of collection is reasonably obvious — for example, contacting references listed on a résumé submitted to Paragon. Express consent is obtained for sensitive information, background checks, and any use of personal information beyond the primary purpose of collection.

For individuals located in the European Union, consent is obtained in a manner consistent with GDPR requirements — meaning it is freely given, specific, informed, and unambiguous. Where Paragon relies on a legal basis other than consent for processing — such as contractual necessity or legitimate interest — this is identified at the point of collection.

For California residents, this policy serves as notice of your rights under the CPRA, including the right to opt out of the sharing of personal information for cross-context behavioural advertising. This right may be exercised through our Cookie Policy and the opt-out mechanisms provided therein.

For individuals located in Singapore and South Africa, consent is obtained in accordance with the PDPA and POPIA respectively, and your rights under those frameworks are described in Section 8.

You may withdraw consent at any time, subject to legal and contractual restrictions. Withdrawal of consent may affect our ability to provide services. To withdraw consent, please contact our Privacy Officer at the details provided in Section 14.

 

6. WHEN AND TO WHOM WE DISCLOSE PERSONAL INFORMATION

Paragon does not trade, sell, or lease personal information to external parties under any circumstances.

Personal information is disclosed only for Paragon's legitimate business purposes or as required to meet legal, regulatory, or judicial obligations — for example, to comply with a court order, tax audit, or regulatory investigation.

In the normal course of business, Paragon discloses candidate and advisor information to clients when a potential opportunity has been identified. Disclosure is limited to the information necessary to support an informed decision, such as a résumé and a summary of reference feedback. No disclosure is made without the candidate's prior knowledge and, where required, express consent.

Paragon may share personal information with third-party service providers engaged to support our operations. These providers are contractually bound to protect personal information and are prohibited from using it for any purpose beyond the specific service they are providing. Categories of third-party processors currently engaged by Paragon include payroll and financial administration systems, cloud storage and document management platforms, video conferencing and collaboration tools, and background screening organizations where required by a client and consented to by the candidate.

 

7. CROSS-BORDER DATA TRANSFERS

As an international advisory firm serving clients across North America, Europe, and globally, Paragon may transfer personal information across borders in the course of delivering its services. Where such transfers occur, Paragon takes all reasonable steps to ensure that the receiving jurisdiction provides an adequate level of protection, or that appropriate contractual safeguards are in place.

For transfers of personal information originating in the European Union, Paragon relies on Canada's recognition as an adequate jurisdiction under the GDPR framework where applicable, and implements Standard Contractual Clauses or equivalent mechanisms where required. For transfers involving individuals located in Singapore or South Africa, Paragon complies with the transfer limitation requirements of the PDPA and POPIA respectively, including ensuring contractual protections are in place with all receiving parties.

 

8. YOUR RIGHTS BY JURISDICTION

8.1 Canada (PIPEDA and Alberta PIPA)

Individuals in Canada have the right to request access to their personal information held by Paragon, to request correction of inaccurate or incomplete information, to withdraw consent to collection or use subject to legal and contractual limitations, and to file a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner of Alberta.

8.2 European Union (GDPR)

Individuals in the European Union have the right to access their personal data, to request rectification or erasure, to restrict or object to processing, to data portability, and to lodge a complaint with their relevant supervisory authority. Where Paragon relies on consent as the legal basis for processing, individuals have the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

8.3 California (CPRA)

California residents have the right to know what personal information is collected and how it is used, to delete personal information subject to certain exceptions, to correct inaccurate personal information, to opt out of the sale or sharing of personal information, to limit the use of sensitive personal information, and to non-discrimination for exercising these rights.

8.4 Singapore (PDPA)

Individuals in Singapore have the right to request access to and correction of their personal data held by Paragon, and to withdraw consent to the collection, use, or disclosure of their personal data subject to reasonable notice and legal limitations.

8.5 South Africa (POPIA)

Data subjects in South Africa have the right to be notified of the collection of their personal information, to access that information, to request correction or deletion, to object to processing, and to lodge a complaint with the Information Regulator of South Africa.

To exercise any of the rights described in this section, please contact our Privacy Officer using the details provided in Section 14.

 

9. HOW LONG WE RETAIN YOUR INFORMATION

Paragon retains personal information only for as long as necessary to fulfill the purpose for which it was collected, or as required by applicable law.

Payroll, tax, and EOR employment records are retained for a minimum of seven years in accordance with Canadian federal and provincial requirements, and for equivalent periods as required by the laws of other jurisdictions where employees are engaged.

Candidate and advisor profiles, assessment notes, and correspondence are retained as part of Paragon's active transaction history for as long as a professional relationship exists or is reasonably anticipated. Upon written request, a file may be designated as inactive, at which point it becomes inaccessible for operational purposes and is retained only to the extent required by law or regulatory obligation.

Client records, including engagement documentation and financial correspondence, are retained for a minimum of seven years following the conclusion of an engagement, consistent with audit and regulatory requirements.

Site visitor data collected through cookies and analytics tools is retained in accordance with the timeframes specified in our Cookie Policy.

Upon expiry of the applicable retention period, personal information is securely destroyed or anonymized in a manner that prevents reconstruction.

 

10. HOW WE KEEP YOUR INFORMATION SECURE

Paragon maintains administrative, technical, and physical safeguards appropriate to the sensitivity of the personal information we hold, and requires all personnel and contractors to uphold these standards as a condition of their engagement with the Company.

From an administrative standpoint, access to personal information — in both paper and electronic format — is granted strictly on a need-to-know basis, determined by job function and operational responsibility. Staff receive regular training on privacy obligations and the importance of information security, and all personnel are subject to confidentiality obligations that extend beyond the duration of their engagement with Paragon.

Physically, Paragon's premises are access-controlled, with entry restricted to authorized personnel and all visitors required to sign in and be escorted at all times. Paper records containing personal information are stored in locked filing cabinets and are accessible only to those with a legitimate operational requirement.

From a technical standpoint, electronic personal information is stored on password-protected, firewall-secured servers with access controls that limit visibility based on role and function. Password selection criteria and expiry requirements are enforced to reduce the risk of unauthorized access. Data transmitted through our website is protected using TLS (Transport Layer Security) encryption, which ensures that personal information entered through our site is encrypted in transit between your browser and our secured servers.

Where personal information is shared with us via unencrypted email, you should be aware that unencrypted email transmission carries inherent risks of interception that fall outside Paragon's control. Where possible, we encourage the use of our secure portal or direct encrypted communication channels for the transmission of sensitive information.

While Paragon takes all reasonable precautions to protect personal information, no system is entirely immune to risk. In the event of a security incident, Paragon will respond in accordance with the breach notification requirements described in Section 11.

 

 

11. DATA BREACH NOTIFICATION

In the event of a breach of security involving personal information that creates a real risk of significant harm, Paragon will notify affected individuals and the relevant regulatory authorities as required by applicable law. Under PIPEDA, notification is required as soon as feasible following a determination that a real risk of significant harm exists. Under GDPR, notification to the relevant supervisory authority is required within seventy-two hours of becoming aware of the breach, with individual notification to follow where required. Equivalent obligations under the CPRA, PDPA, and POPIA will be observed in accordance with their respective requirements.

Paragon maintains an internal breach response protocol to ensure that incidents are identified, contained, and reported in a timely and legally compliant manner.

 

12. HOW TO ACCESS OR CORRECT YOUR INFORMATION

Paragon relies on the accuracy of the information provided by individuals. You may at any time submit a written request to access or correct the personal information we hold about you. Requests will be processed within the timeframes required by applicable law — within 30 days under PIPEDA and Alberta PIPA, and within one month under GDPR, with extensions available in limited circumstances.

Access to personal information will be provided free of charge for individuals located in the European Union, California, Singapore, and South Africa, in accordance with the requirements of the GDPR, CPRA, PDPA, and POPIA respectively. For individuals located in Canada outside of these requirements, a reasonable administrative fee may apply, of which you will be notified in advance.

To submit an access or correction request, please contact our Privacy Officer using the details provided in Section 14.

 

13. CHANGES TO THIS POLICY

Paragon Digital Consulting, Inc. reserves the right to modify this Privacy Policy at any time to reflect changes in our operations, legal obligations, or regulatory environment. The date of the most recent revision is noted at the top of this document.

For changes that are administrative or minor in nature, the updated policy will be posted to our website and the revision date updated accordingly. For material changes that significantly alter how your personal information is used or your rights under this policy, Paragon will provide advance notice via a prominent notification on our website and, where an email address is on file, by direct communication to affected individuals. Your continued use of our services following the effective date of any revision constitutes your acceptance of the updated policy.

We encourage all individuals whose information we hold to review this policy periodically. If you do not agree with any material change, you have the right to withdraw your consent and request that your information be made inactive, subject to legal retention requirements.

14. CONTACT US

Paragon takes the privacy and security of your personal information seriously. If you have any questions about this policy, wish to exercise your rights, or believe that Paragon has not handled your personal information in accordance with this policy or applicable law, please contact our Privacy Officer:

Privacy Officer Paragon Digital Consulting, Inc.

Email: privacy@paragondigitalconsulting.com

We will acknowledge your inquiry promptly and respond within the timeframe required by the applicable law governing your request. If you are not satisfied with our response, you have the right to escalate your concern to the relevant regulatory authority in your jurisdiction, including the Office of the Information and Privacy Commissioner of Alberta, the Office of the Privacy Commissioner of Canada, or the supervisory authority applicable in your country of residence.

This Privacy Policy was last reviewed and updated in May 2026 and supersedes all prior versions. It will be reviewed no less than annually thereafter.

Last Reviewed: 03 May 2026

bottom of page