Privacy Policy
Last Updated: March 12, 2026
1. Introduction & Controller Identity
This Privacy Policy explains how Gao Invest Canada (“we”, “us”, “our”) collects, uses, and protects personal data when you visit this website and when you contact us about educational programs, workshops, learning resources, or organizational training delivered across Canada.
Data Controller: Gao Invest Canada Inc., 130 Adelaide St W, Toronto, ON M5H 3P5, Canada. Email: [email protected]. Phone: +1 416 786 2941.
Our programs and materials are educational and informational. This site is intended for audiences in Canada, and our privacy approach is designed to be consistent with applicable Canadian privacy principles. Where users access the site from other jurisdictions (including the EEA/UK), additional rights and consent requirements may apply as described below.
2. Personal Data We Collect
We collect personal data that you choose to provide and data that is generated automatically when you interact with the website. The exact data collected depends on how you use the site.
- Identity and contact details: name, email address, phone number, and organization name (if provided).
- Form content: messages, program selection, learning goals, scheduling preferences, and other details you include in a request.
- Technical data: IP address, browser type and version, device type, operating system, language settings, and approximate location inferred from IP.
- Usage data: pages viewed, time on page, click paths, referrer/landing source, and interactions with page elements.
- Cookies and identifiers: essential cookies that keep the site functioning and, if you consent, analytics and marketing identifiers described in Section 4.
- Conversion events: basic event signals such as a form submission completion (for measurement) when consent is provided.
We do not request special-category data (for example, health information, religious beliefs, political opinions), government identification numbers, or financial account credentials. Please do not submit sensitive personal information in message fields.
3. Why We Process Data & Legal Basis
We use your data for clear, limited purposes connected to operating this educational services website. Where the GDPR or UK GDPR applies, we rely on the legal bases below (Article 6). In Canada, processing is also guided by consent and reasonable purpose principles.
Responding to contact and enrollment requests
Purpose: to reply to inquiries, share program outlines, confirm cohort timing, and coordinate next steps for participation. Legal basis (GDPR/UK GDPR): Article 6(1)(b) performance of a contract or steps prior to entering a contract, and Article 6(1)(a) consent where you provide optional details.
Website security, abuse prevention, and reliability
Purpose: to protect the site and users, prevent spam and misuse, troubleshoot issues, and maintain service continuity. Legal basis (GDPR/UK GDPR): Article 6(1)(f) legitimate interests (security and fraud prevention).
Analytics (only if you consent)
Purpose: to understand how content is used (for example, which resources are most helpful) so we can improve clarity and site performance. Legal basis (GDPR/UK GDPR): Article 6(1)(a) consent.
Marketing and advertising measurement (only if you consent)
Purpose: to measure campaign performance, limit repetitive ads, and build audiences for relevant educational program information. Legal basis (GDPR/UK GDPR): Article 6(1)(a) consent.
Automated decision-making
We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals within the meaning of GDPR Article 22.
4. Cookies & Tracking
We use cookies and similar technologies to operate the site and, if you choose, to understand usage and measure advertising. Cookies are small text files stored on your device. Some site functions also use local storage or server-side logs. You can manage cookie preferences at any time using “Manage cookie preferences” in the footer.
Essential cookies (always active)
These cookies are required for the website to function, maintain session continuity, remember your cookie choice, and support basic security controls. Retention ranges from a session to 12 months depending on the cookie.
- _site_session: supports session continuity (session).
- cookie_consent: stores your cookie preference selection (12 months).
Analytics cookies (consent required)
If enabled, analytics cookies help us measure aggregate usage so we can improve content and navigation. We use Google Analytics 4 (GA4) with IP anonymization settings where available. Typical retention for analytics data is 14 months.
- _ga: GA4 user identifier (up to 2 years).
- _ga_XXXXXXXXXX: GA4 session state (up to 2 years).
Marketing cookies (consent required)
If enabled, marketing cookies help measure conversions and support relevant advertising about educational programs. These cookies may be set by Google Ads and Meta technologies when those tools are configured. Retention is typically 90 days per cookie, depending on the provider.
- _gcl_au: Google Ads conversion linker (90 days).
- _fbp: Meta Pixel browser identifier (90 days).
- _fbc: Meta click identifier when a click ID is present (90 days).
Beyond cookies, some measurement may rely on pixel tags and server-side event forwarding configured by us (for example, hashed identifiers derived from email only where legally permitted and only when consent has been obtained, if applicable). Device and browser information (such as IP and User-Agent) may be used to prevent abuse and to maintain security logs.
5. Consent (EEA/UK)
Users in the EEA and the UK receive a consent notice under GDPR/UK GDPR. Analytics and marketing cookies activate only after explicit, informed, freely given consent (Article 6(1)(a)). Consent is recorded in the cookie_consent cookie (typically 12 months). You may withdraw consent at any time using “Manage cookie preferences” in the footer or by clearing cookies in your browser.
Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. Essential cookies remain active because they are required for basic site operation.
6. Sharing With Advertising & Service Partners
We use service providers to operate and improve the site. Depending on your cookie preferences and configuration, the categories below may receive limited data (such as cookie identifiers, event data, or usage signals) as processors or service providers.
- Google LLC (Google Analytics 4, Google Ads, tag management, remarketing): usage data, cookie IDs, conversion events, and remarketing list membership where enabled and consented. Privacy information: policies.google.com/privacy.
- Meta Platforms (pixel measurement, custom/lookalike audiences, conversion attribution where enabled and consented): page views, conversions, audience membership, and hashed identifiers where applicable. Privacy information: facebook.com/privacy/policy.
- Cloudflare (CDN and security services where configured): IP-based threat detection and performance delivery. Privacy information: cloudflare.com/privacypolicy.
We do not sell personal data. We do not permit service providers to use site data for their own independent commercial purposes; they process data to provide services to us under their terms and applicable data protection obligations.
7. International Transfers
Some providers we use may process data outside Canada, including in the United States or other regions where they operate data centers. When GDPR/UK GDPR applies and data is transferred internationally, transfers may rely on adequacy mechanisms such as the EU–US Data Privacy Framework (and the UK Extension where applicable), and may also use Standard Contractual Clauses (EU 2021/914) and UK transfer mechanisms as a fallback.
We take reasonable steps to ensure transfers are protected through appropriate contractual and organizational safeguards consistent with the sensitivity of the information.
8. Retention
We keep personal data only as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law. Typical retention periods are:
- Contact and enrollment requests: up to 2 years from the last interaction to support follow-up and coordination.
- Analytics data: typically 14 months (subject to provider settings).
- Marketing cookies: per cookie lifetime (commonly 90 days), unless you withdraw consent sooner.
- Email correspondence: for the relationship duration plus up to 1 year, unless earlier deletion is requested and feasible.
- Security and server logs: typically up to 90 days, unless needed longer for investigation.
- Cookie consent records: up to 3 years for audit and compliance documentation.
- Legal and tax: where applicable, records may be retained for periods required by Canadian law (often 6–10 years depending on record type).
9. Your Rights (GDPR & UK GDPR)
If GDPR or UK GDPR applies to your data, you may have rights including: access (Article 15), rectification (16), erasure (17), restriction (18), data portability (20), objection (21), and the right to withdraw consent at any time (Article 7(3)). You may also lodge a complaint with a supervisory authority (Article 77).
To exercise rights, contact us at [email protected]. We aim to respond within 30 days. For complex requests, the response time may be extended by up to 60 additional days as permitted by law.
- EEA guidance: edpb.europa.eu
- UK ICO: ico.org.uk
10. Canadian Privacy Considerations
For users in Canada, we follow reasonable privacy practices consistent with Canadian principles such as identifying purposes, limiting collection, using appropriate safeguards, and retaining data only as long as necessary. Consent may be express (for example, when you submit a form or enable cookies) or implied where the purpose is obvious and the information is not sensitive.
Requests to access or correct personal information can be sent to [email protected]. We may ask for reasonable verification to protect against unauthorized disclosure.
11. Children
This website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that data from a child under 16 has been provided without appropriate authorization, we will delete it promptly.
12. Do Not Track
This website does not respond to “Do Not Track” (DNT) browser signals. Third-party providers may have their own handling of DNT and related preferences.
13. Account & Data Deletion Requests
This website does not provide user accounts. If you would like us to delete a contact request or other personal information you submitted, email [email protected] with the subject line “Data Deletion Request.” We may need to verify your identity to prevent unauthorized deletion. Where feasible, requests are completed within 30 days.
We may retain limited information where necessary to comply with legal obligations, resolve disputes, or maintain security records.
14. Business Transfers
If Gao Invest Canada Inc. is involved in a merger, acquisition, financing, reorganization, insolvency, or sale of assets, personal data may be transferred as part of that transaction. If a transfer materially changes how data is used, we will provide notice on the website.
15. California (CCPA/CPRA)
Although we are Canada-based, some visitors may reside in California. Over the past 12 months, we may have disclosed the following categories of information to service providers and advertising partners (when enabled and consented): identifiers (name, email, IP address, device identifiers), internet/network activity (pages viewed, interactions), and inferences (interests or preferences derived from site interaction).
We do not sell personal information as defined by CCPA. We may share information for cross-context behavioral advertising when marketing cookies are enabled; California residents can opt out using the cookie preferences panel.
California rights may include the right to know, delete, correct, opt out of sale/sharing, and non-discrimination. Requests can be submitted by emailing [email protected] with the subject “California Privacy Request.” Identity verification may be required. Authorized agents must provide written proof of authorization.
16. Virginia (VCDPA)
Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.
Submit requests by emailing [email protected] with the subject “Virginia Privacy Request.” If a request is denied, you may appeal by emailing with the subject “Appeal of Refusal — Privacy Request.” We aim to respond to appeals within 60 days.
17. Nevada
Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject “Nevada Do Not Sell Request.” We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.
18. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or legal requirements. If we make material changes, we will post a notice on the website at least 14 days before the change takes effect. The “Last Updated” date at the top of this page will be revised whenever the policy changes.
Contact
For privacy questions, requests, or concerns, contact:
- Gao Invest Canada Inc.
- 130 Adelaide St W, Toronto, ON M5H 3P5, Canada
- Email: [email protected]
- Phone: +1 416 786 2941