Privacy Policy

Last updated: April 1, 2026

Key principle: The Organization (your Gurudwara or Sikh Society) owns all data entered through this platform. Gurughar360.ca acts as a data processor on the Organization's behalf and does not claim ownership of any personal or organizational data.

This Privacy Policy describes how Gurughar360.ca ("we", "us", or "the Platform") collects, uses, and protects information in connection with the Gurughar Bookings platform. This Policy is designed to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA, S.C. 2000, c. 5) and Alberta's Personal Information Protection Act (PIPA, S.A. 2003, c. P-6.5).

1. Data Ownership and Our Role

Each registered Organization (Gurudwara, Sikh Society, or similar institute) that uses this platform is the owner and controller of all data associated with its use of the platform, including member information, booking records, event details, and all related content.

Gurughar360.ca acts solely as a data processor and technology service provider on behalf of each Organization. We process personal information only as directed by the Organization and in accordance with this Policy.

Data upon severance: If an Organization's relationship with Gurughar360.ca ends for any reason, all data belonging to that Organization will be made available for export and returned to the Organization in a standard, machine-readable format within a reasonable period (ordinarily 30 days of written request). Following confirmed export and written acknowledgment from the Organization, the data will be permanently deleted from our systems.

2. Information We Collect

We collect the minimum personal information necessary to provide the platform's services. This may include:

Account information: Name, email address, and (optionally) phone number, provided when you register or are invited by an Organization.
Authentication data: Credentials or OAuth tokens used to verify your identity (e.g., through Google Sign-In). We do not store your Google password.
Booking and event information: Details you provide when submitting booking requests or managing events, including dates, times, descriptions, and resource requirements.
Usage information: Basic technical information such as IP address and browser type, retained only in server logs for security and error-monitoring purposes.

We do not collect payment card information, government identification, or sensitive personal information as defined under PIPA and PIPEDA.

3. Purpose of Collection and Use

Personal information is collected and used for the following purposes, which are identified before or at the time of collection (PIPEDA Principle 3; PIPA s. 11):

To create and manage your user account.
To enable you to submit, track, and manage booking requests on behalf of an Organization.
To allow Organization administrators to manage events, schedules, and members.
To communicate with you about your bookings, account, or service notifications.
To maintain the security and integrity of the platform.
To comply with applicable legal obligations.

We do not use personal information for advertising, profiling, or any purpose beyond those listed above without obtaining fresh consent.

4. Legal Basis and Consent

We rely on the following bases for processing personal information:

Consent: By registering for the platform or submitting a booking request, you consent to the collection and use of your information as described in this Policy (PIPEDA Principle 3; PIPA s. 7).
Contractual necessity: Processing necessary to provide the services you or your Organization have requested.
Legal obligation: Processing required by applicable law.

You may withdraw consent at any time by contacting your Organization's administrator or emailing us at info@gurughar360.ca. Withdrawal may affect your ability to use the platform.

5. Disclosure and Sharing

We do not sell, rent, or trade personal information to any third party.

We may share information in the following limited circumstances:

Within your Organization: Administrators of the Organization you belong to can view your profile and booking history for administration purposes.
Service providers: We use carefully selected third-party infrastructure providers (e.g., cloud hosting, database services) who process data on our behalf under confidentiality agreements consistent with PIPEDA and PIPA requirements.
Legal requirements: We may disclose information if required to do so by law, court order, or competent government authority.
Transfer of Organization data: As described in Section 1, data is returned to the Organization upon severance of the service relationship.

6. Data Retention

Personal information is retained only as long as necessary to fulfil the purposes for which it was collected, or as required by law (PIPEDA Principle 5; PIPA s. 35).

Active account information is retained for the duration of your account.
Booking and event records are retained as directed by the Organization.
Server access logs are retained for up to 90 days for security purposes.
Upon account deletion or Organization severance, personal data is deleted within 30 days, except where retention is required by law.

7. Security Safeguards

We implement security measures appropriate to the sensitivity of the information, including (PIPEDA Principle 7; PIPA s. 34):

Encrypted data transmission (HTTPS/TLS) for all platform communications.
Hashed storage of passwords; we do not store plaintext credentials.
Role-based access controls limiting data access to authorized users.
Regular security monitoring and server patching.

No method of transmission or storage is 100% secure. In the event of a breach affecting your personal information, we will notify affected individuals and, where required, the Office of the Privacy Commissioner of Canada and/or the Office of the Information and Privacy Commissioner of Alberta, in accordance with mandatory breach-notification requirements.

8. Your Rights

Subject to applicable law, you have the following rights regarding your personal information (PIPEDA Principles 9 & 10; PIPA ss. 23–28):

Access: You may request access to the personal information we hold about you.
Correction: You may request correction of inaccurate or incomplete information.
Withdrawal of consent: You may withdraw consent to processing, subject to legal and contractual restrictions.
Complaint: You may file a complaint with the Office of the Privacy Commissioner of Canada (PIPEDA) or the Office of the Information and Privacy Commissioner of Alberta (PIPA) if you believe your rights have been violated.

To exercise any of these rights, contact us at info@gurughar360.ca. We will respond within 30 days.

9. Cross-Border Data Transfers

Our servers are located in Canada. If we transfer personal information outside Canada (for example, through a cloud service provider), we ensure equivalent privacy protections are in place, consistent with PIPEDA accountability principle requirements.

10. Children's Privacy

The platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or applicable law. We will update the "Last updated" date above. For material changes, we will provide notice through the platform. Continued use of the platform after such changes constitutes acceptance of the updated Policy.

12. Contact and Accountability

Gurughar360.ca is accountable for all personal information under its control (PIPEDA Principle 1; PIPA s. 6). Privacy-related inquiries, access requests, and complaints may be directed to:

Privacy Officer
Gurughar360.ca
Alberta, Canada
Email: info@gurughar360.ca