Last updated: July 3, 2026
Twirling Umbrellas Ltd. respects your privacy and is committed to protecting personal information in a responsible, transparent, and reasonable way.
This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you visit our website, contact us, use our forms, subscribe to our communications, download resources, or otherwise interact with Twirling Umbrellas.
In this Policy, “Twirling Umbrellas,” “we,” “us,” and “our” mean Twirling Umbrellas Ltd. “You” and “your” mean any person whose personal information we collect, use, or disclose.
1. Who We Are
Twirling Umbrellas Ltd. is a digital agency based in Kelowna, British Columbia. We provide web strategy, design, development, WordPress, hosting support, maintenance, accessibility, privacy, security, content, and related digital services.
Our mailing address is:
Twirling Umbrellas Ltd.
Kelowna Innovation Centre
201-460 Doyle Avenue
Kelowna, BC V1Y 0C2
Canada
2. Scope of This Policy
This Policy applies to personal information we collect through:
- our website;
- website contact forms and inquiry forms;
- newsletter, resource, event, or marketing signups;
- email, phone, video call, social media, and other business communications;
- analytics, cookies, pixels, tags, logs, and similar website technologies;
- proposal, sales, and business development activities;
- client, prospect, supplier, partner, and contractor relationship management; and
- other interactions that refer or link to this Policy.
This Policy does not apply to websites, applications, platforms, portals, or digital services that we build, host, maintain, or support for clients, unless those services expressly link to this Policy as their applicable privacy policy.
When we process personal information on behalf of a client, we do so according to our agreement with that client and, where applicable, the client’s own privacy policy, instructions, and legal obligations.
This Policy also does not apply to third-party websites, platforms, or services that we do not own or control.
3. What Personal Information Means
“Personal information” generally means information about an identifiable individual.
Depending on the context, this may include your name, contact details, business role, inquiry details, online identifiers, device information, usage information, communication history, preferences, and other information that can identify you directly or indirectly.
Some privacy laws distinguish business contact information from other personal information. Even where business contact information is treated differently under applicable law, we still handle it responsibly and use it only for reasonable business purposes.
4. Personal Information We Collect
The personal information we collect depends on how you interact with us.
Information You Provide to Us
We may collect information that you choose to provide, such as:
- name;
- organization name;
- job title or role;
- business email address;
- business phone number;
- mailing address;
- website address;
- project details;
- budget, timeline, and service interests;
- messages, questions, feedback, or inquiry details;
- newsletter, resource, event, or marketing preferences;
- proposal, procurement, or RFP-related information;
- meeting details and communication history;
- files or materials you choose to send us;
- job application information, if you apply for a role with us; and
- any other information you choose to provide.
Please do not send us confidential, sensitive, regulated, proprietary, or highly private information through general website forms unless we have specifically asked you to do so or we have a written agreement in place that governs that information.
This includes passwords, access credentials, payment card details, health information, sensitive employment information, private client records, regulated data, or confidential business materials.
Information Collected Automatically
When you visit our website, we and our service providers may automatically collect technical and usage information, such as:
- IP address;
- browser type and version;
- device type;
- operating system;
- referring website or campaign source;
- pages viewed;
- links clicked;
- forms started or submitted;
- time and date of visits;
- approximate location based on IP address;
- interaction data, such as scrolling, clicks, and page engagement;
- cookie identifiers and similar online identifiers;
- error logs;
- server logs;
- security logs; and
- other information about how the website is accessed and used.
Some of this information may not identify you on its own, but it may be personal information if it can reasonably be connected to you.
Information From Third Parties
We may receive information about you from third parties, such as:
- someone in your organization who contacts us about a project;
- referral sources;
- business partners;
- publicly available sources;
- social media or professional networking platforms;
- event organizers;
- marketing, CRM, analytics, or advertising platforms; and
- service providers that help us operate our business.
When you provide us with information about another person, you are responsible for ensuring that you have the right to do so.
5. How We Use Personal Information
We use personal information for reasonable business purposes, including to:
- operate, maintain, secure, and improve our website;
- respond to inquiries and messages;
- evaluate whether we may be a good fit for a project or relationship;
- prepare proposals, estimates, recommendations, and related materials;
- communicate with prospects, clients, suppliers, partners, contractors, and other business contacts;
- provide guides, templates, downloads, event materials, or other resources you request;
- send newsletters, updates, invitations, and marketing communications where permitted by law;
- manage subscriptions, preferences, and unsubscribe requests;
- understand website usage, performance, and content effectiveness;
- improve our services, website, content, resources, and user experience;
- identify and fix website errors;
- monitor, prevent, and respond to security issues, spam, fraud, abuse, or unauthorized access;
- manage our CRM, records, operations, and internal administration;
- manage hiring and contractor inquiries, where applicable;
- enforce our Terms of Use and other agreements;
- comply with legal, accounting, tax, regulatory, insurance, and reporting obligations; and
- establish, exercise, or defend legal rights.
We do not sell personal information.
We do not knowingly collect personal information through the website for the purpose of selling it to unrelated third parties or allowing unrelated third parties to market their own products or services directly to you.
6. Consent
We collect, use, and disclose personal information with your consent, where consent is required by applicable law.
Consent may be express, such as when you subscribe to marketing communications, or implied, such as when you submit a contact form and we use the information you provided to respond to your inquiry.
You may withdraw consent at any time, subject to legal, contractual, and practical limits. For example, if you withdraw consent for us to use your contact information, we may no longer be able to respond to an inquiry, provide requested information, or maintain a business relationship with you.
You can unsubscribe from marketing communications using the unsubscribe mechanism in the communication or by contacting us.
7. Marketing Communications
We may send you marketing communications, newsletters, updates, event invitations, or resource notifications where permitted by Canadian anti-spam law and other applicable laws.
Commercial electronic messages in Canada generally require consent, sender identification, and an unsubscribe mechanism.
You can unsubscribe from marketing communications at any time. We may still send you non-marketing communications, such as responses to inquiries, project-related messages, service notices, transactional messages, or legally required notices.
8. Cookies and Similar Technologies
We use cookies and similar technologies to operate the website, understand how it is used, improve performance, support security, remember preferences, measure campaigns, and improve our content and services.
Cookies and similar technologies may collect information such as device details, browser details, IP address, pages visited, referral source, approximate location, and interactions with website content.
Some cookies are necessary for the website to function. Others support analytics, performance measurement, marketing, or user experience.
You can usually set your browser to block or delete cookies. Some website features may not function properly if cookies are disabled.
Please see our Cookie Policy for more information about the cookies and similar technologies we use.
9. Analytics, Heatmaps, and Website Improvement Tools
We may use analytics and website improvement tools to understand how visitors use our website. These tools may help us identify popular pages, user flows, technical issues, confusing interfaces, campaign performance, and opportunities to improve the website.
These tools may collect information such as page views, clicks, scrolling, device type, browser type, approximate location, referral source, and session information.
If we use tools that provide heatmaps, session recordings, or similar interaction analytics, we do not intentionally use those tools to collect passwords, payment card information, or sensitive form-field contents. Where the tools provide masking, suppression, or privacy controls, we aim to configure them to reduce unnecessary collection of personal information.
10. AI-Assisted Tools
We may use AI-assisted tools to support our internal business operations, such as organizing information, drafting internal notes, summarizing non-sensitive materials, improving workflows, assisting with code review, or supporting content and strategy work.
When we use AI-assisted tools, we take reasonable steps to limit the personal information shared with those tools to what is necessary for the relevant purpose. We also consider the nature of the information, the sensitivity of the information, the tool’s settings, and the contractual or technical safeguards available.
We do not intentionally submit highly sensitive personal information received through general website forms to AI-assisted tools unless there is a specific business need and appropriate safeguards are in place.
Client confidential information, regulated data, production credentials, and sensitive project materials should not be submitted through general website forms.
11. Service Providers and Third Parties
We may disclose personal information to service providers and other third parties that help us operate our website, communicate with you, deliver services, manage our business, and comply with legal obligations.
These may include:
- website hosting and infrastructure providers;
- website platform, CMS, plugin, and development tool providers;
- form, CRM, and marketing automation providers;
- email and business productivity providers;
- analytics, tag management, heatmap, and website performance providers;
- security, spam prevention, firewall, backup, logging, and monitoring providers;
- project management, file storage, and collaboration providers;
- scheduling and video conferencing providers;
- accounting, payment, invoicing, and bookkeeping providers;
- professional advisers, such as lawyers, accountants, insurers, and consultants;
- contractors and team members who support our work;
- prospective purchasers, successors, or advisers in connection with a business transaction; and
- regulators, courts, law enforcement, or other parties where required or permitted by law.
We require service providers to use personal information only for the purposes for which it was provided to them, subject to their own legal obligations and the terms of our arrangements with them.
12. Third-Party Tools We May Use
The specific tools we use may change over time. Depending on how our website and business systems are configured, we may use tools such as:
- WordPress;
- Google Analytics;
- Google Tag Manager;
- Google Search Console;
- HubSpot;
- Hotjar;
- website hosting and infrastructure providers;
- spam prevention and security tools;
- email and productivity tools;
- project management and file storage tools; and
- other tools that help us operate our website and business.
13. Embedded Content and Third-Party Links
Our website may include links to third-party websites, platforms, resources, social media pages, videos, maps, forms, or embedded content.
Embedded content from third-party websites may behave as though you visited that third-party website directly. Those third parties may collect information about you, use cookies, track your interaction with their content, and combine that information with other information they have about you.
We do not control third-party websites or services. Their privacy policies, cookie policies, terms, and practices apply to your use of those services.
14. International Processing and Storage
We are based in Canada, but some of our service providers may process or store personal information in Canada, the United States, the European Economic Area, the United Kingdom, or other jurisdictions.
When personal information is processed or stored outside your province, territory, or country, it may be subject to the laws of that jurisdiction, including lawful access by courts, regulators, law enforcement, or government authorities.
We use reasonable contractual, technical, and organizational measures to protect personal information handled by service providers.
15. Safeguards
We protect personal information using reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the information.
These safeguards may include access controls, secure hosting practices, encryption where appropriate, authentication controls, staff and contractor access restrictions, confidentiality obligations, backups, monitoring, logging, security tools, and internal procedures.
No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect personal information against unauthorized access, collection, use, disclosure, copying, modification, disposal, loss, and similar risks.
BC PIPA requires organizations to make reasonable security arrangements to protect personal information under their control.
16. Retention
We keep personal information only for as long as reasonably necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law, contract, accounting rules, tax rules, insurance requirements, dispute resolution, or legitimate business needs.
Retention periods depend on the type of information and the reason we collected it. For example:
- website logs may be kept for a limited period for security, troubleshooting, analytics, and operational purposes;
- inquiry and CRM records may be kept while we have an active or potential business relationship with you;
- proposal and project-related records may be kept for business, legal, accounting, and insurance purposes;
- marketing subscription records may be kept until you unsubscribe or ask us to delete them, subject to suppression-list and compliance needs;
- unsubscribe records may be kept so we can respect your communication preferences; and
- records connected to legal, contractual, tax, accounting, or dispute matters may be kept as long as reasonably necessary.
When personal information is no longer reasonably required, we will delete it, anonymize it, or securely retain it only as permitted by law.
17. Privacy Breaches
If we become aware of a privacy breach involving personal information under our control, we will assess the breach and take reasonable steps to contain it, investigate it, reduce the risk of harm, and prevent similar incidents where appropriate.
We will notify affected individuals, regulators, clients, service providers, or other parties where required by applicable law or where we determine that notification is appropriate in the circumstances.
For organizations subject to PIPEDA, breaches that pose a real risk of significant harm must be reported to the Office of the Privacy Commissioner of Canada, affected individuals must be notified, and records of all breaches of security safeguards must be kept.
18. Your Privacy Rights
Subject to applicable law, you may have the right to:
- request access to personal information we hold about you;
- ask how we use or disclose your personal information;
- request correction of inaccurate or incomplete personal information;
- withdraw consent for certain uses or disclosures;
- unsubscribe from marketing communications;
- ask questions about our privacy practices;
- make a complaint about how we handle personal information; and
- contact a privacy regulator if you are not satisfied with our response.
We may need to verify your identity before responding to a request. We may also ask for enough detail to help us locate the relevant information.
We will respond to access and correction requests within the time required by applicable law. BC PIPA gives individuals access and correction rights and generally requires organizations to respond within 30 days, subject to permitted extensions.
Access may be limited in certain circumstances, such as where disclosure would reveal personal information about another person, reveal confidential commercial information, interfere with an investigation, breach legal privilege, or create security, legal, or safety concerns.
19. Accuracy and Correction
We make reasonable efforts to keep personal information accurate and complete where it is likely to be used to make a decision about you or disclosed to another organization.
You can contact us to request correction of personal information that you believe is inaccurate, incomplete, or out of date.
If we do not agree to make a requested correction, we will annotate the information as required by applicable law.
20. Children and Youth
Our website and services are intended for business, professional, and organizational audiences. They are not directed at children.
We do not knowingly collect personal information from children under 13 through the website. If you believe a child has provided us with personal information, please contact us so we can review and address the issue.
21. Business Transfers
We may disclose or transfer personal information as part of a proposed or completed business transaction, such as a sale, merger, reorganization, financing, acquisition, or transfer of all or part of our business or assets.
Where required, we will use reasonable measures to protect personal information in connection with the transaction.
22. Changes to This Policy
We may update this Privacy Policy from time to time.
When we update it, we will revise the “Last updated” date at the top of the page. The updated Policy will take effect when posted unless a later effective date is stated.
If required by law, we will provide additional notice or request consent for material changes.
23. Contact Us
For questions, requests, or complaints about this Privacy Policy or our privacy practices, please contact:
Privacy Officer
Twirling Umbrellas Ltd.
Kelowna Innovation Centre
201-460 Doyle Avenue
Kelowna, BC V1Y 0C2
Canada
Email: [email protected]
24. Complaints to a Privacy Regulator
We encourage you to contact us first so we can try to resolve your concern.
If you are not satisfied with our response, you may contact the privacy regulator that applies to your concern, which may include:
Office of the Information and Privacy Commissioner for British Columbia
or
Office of the Privacy Commissioner of Canada
The applicable regulator may depend on the nature of the information, where it was collected, where it was processed, and which privacy law applies.