top of page

Privacy Policy

Effective Date: Sept. 15, 2025
Last Updated: Sept 15, 2025

1. Introduction

Northern Signal Ops (“we,” “our,” or “us”) is committed to protecting your privacy and handling personal information responsibly.

We comply with:

  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

  • The General Data Protection Regulation (GDPR) where applicable to EU data subjects.

  • Applicable U.S. defense data protection laws and standards, including ITAR (International Traffic in Arms Regulations), DFARS (Defense Federal Acquisition Regulation Supplement), and CMMC (Cybersecurity Maturity Model Certification) where required.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you interact with our website, projects, and defense innovation services.

2. Information We Collect

We may collect and process the following information:

  • Personal Identification Information: Name, email, phone number, job title, organization.

  • Business & Contractual Information: Data provided for defense R&D projects, collaborations, or procurement.

  • Technical Data: IP address, browser type, device ID, and site usage.

  • Sensitive or Regulated Information: Information related to defense projects, controlled technology, or security clearances, collected under strict compliance with applicable laws and agreements.

  • Cookies & Analytics: Usage data collected through cookies or tracking tools, subject to consent in GDPR jurisdictions.

3. Legal Basis for Processing (GDPR Compliance)

Where GDPR applies, we process personal data under one or more of the following legal bases:

  • Consent: When you voluntarily provide personal information.

  • Contractual Necessity: To fulfill defense research agreements or collaborations.

  • Legal Obligation: To comply with Canadian, EU, or U.S. defense regulations.

  • Legitimate Interests: For research, security, and operational improvements, balanced against your rights.

  • Public Interest / National Security: For defense-related obligations in partnership with governments.

4. How We Use Information

We use collected information for:

  • Conducting defense R&D activities.

  • Fulfilling legal, regulatory, and contractual obligations.

  • Managing collaborations and secure communications with government and industry partners.

  • Ensuring cybersecurity, compliance, and controlled access to sensitive information.

  • Analyzing site usage for performance and security monitoring.

5. Sharing & Disclosure

We do not sell personal data. We may disclose information in the following cases:

  • Authorized Defense Partners: For joint R&D projects, under confidentiality and compliance frameworks (ITAR, NATO, or similar).

  • Service Providers: For secure hosting, IT infrastructure, and cybersecurity services.

  • Government Authorities: To comply with Canadian, U.S., EU, or NATO defense requirements.

  • Legal Requirements: When disclosure is required by law or court order.

  • Business Transfers: In a merger, acquisition, or restructuring, subject to confidentiality obligations.

6. International Data Transfers

We may transfer information to jurisdictions outside Canada, including the U.S. and EU, subject to:

  • Adequacy Decisions (GDPR) where applicable.

  • Standard Contractual Clauses (SCCs) or equivalent safeguards.

  • Defense Security Agreements required under ITAR, DFARS, and NATO standards.

Where transfers involve Controlled Unclassified Information (CUI) or Export-Controlled Data, additional safeguards are applied, including encryption, access restrictions, and data handling protocols.

7. Data Security

Northern Signal Ops employs defense-grade security controls, including:

  • End-to-end encryption of sensitive data.

  • Zero-trust access control and role-based permissions.

  • Network segmentation and monitoring.

  • Regular penetration testing and vulnerability assessments.

  • Compliance with CMMC, NIST 800-171, and equivalent frameworks.

No system is 100% secure, but we continuously monitor and improve safeguards to meet evolving threats.

8. Data Retention

We retain information only as long as necessary to:

  • Fulfill defense contracts and research obligations.

  • Meet regulatory and security compliance requirements.

  • Ensure auditability and accountability in defense projects.

When no longer required, information is securely deleted, anonymized, or archived under defense security protocols.

9. Your Rights

Under PIPEDA (Canada):

  • Access your personal information.

  • Request corrections to inaccurate or incomplete information.

  • Withdraw consent, subject to legal/contractual restrictions.

Under GDPR (EU):

  • Right to access, rectify, erase, or restrict processing.

  • Right to data portability.

  • Right to object to processing, including profiling.

  • Right to lodge a complaint with your local supervisory authority.

To exercise your rights, contact us at privacy@northernsignalops.ca.

10. Children’s Privacy

Our website and services are not intended for individuals under the age of 13. We do not knowingly collect data from minors.

11. Updates to this Policy

We may revise this Privacy Policy periodically to reflect regulatory changes or security practices. Updates will include a new “Last Updated” date.

12. Contact Us

For privacy-related concerns, please contact:

Privacy Officer
Northern Signal Ops
Email: privacy@ns-ops.ca
 

If unresolved, you may escalate to:

  • Office of the Privacy Commissioner of Canada (OPC): https://www.priv.gc.ca

  • Your EU Data Protection Authority (for GDPR-covered individuals).

⚖️ Disclaimer: This Privacy Policy reflects compliance with PIPEDA, GDPR, and applicable U.S. defense data requirements (ITAR/DFARS/CMMC). However, defense R&D may require additional contract-specific clauses. Consult legal counsel to ensure compliance with specific agreements and international regulations.

bottom of page