Your Data Rights
Your privacy rights under PIPEDA, Quebec Law 25, GDPR, CCPA, and other applicable regulations.
Last updated: February 28, 2026
1. Rights Under Canadian Privacy Law (PIPEDA & Law 25)
Under PIPEDA and Quebec's Law 25, you have the right to:
- Right to Access: Request a copy of the personal information we hold about you. We will respond within 30 days.
- Right to Correction: Request correction of inaccurate or incomplete personal information
- Right to Deletion: Request deletion of your personal information, subject to legal retention obligations
- Right to Withdraw Consent: Withdraw consent for non-essential processing at any time (may limit service availability)
- Right to Data Portability (Law 25): Quebec residents can request their information in a structured, commonly used, machine-readable format
- Right to Object: Object to certain uses of your personal information
- Right to De-indexation (Law 25): Request that your personal information be de-indexed from search results on the Platform
- Right to Lodge a Complaint: File a complaint with the Office of the Privacy Commissioner of Canada or Quebec's Commission d'accès à l'information
2. Rights Under GDPR (EU/EEA/UK/Switzerland)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have enhanced rights under the General Data Protection Regulation:
- Right to Access (Art. 15): Obtain confirmation of processing and a copy of your personal data
- Right to Rectification (Art. 16): Correct inaccurate or incomplete data
- Right to Erasure / Right to be Forgotten (Art. 17): Request deletion of your personal data when there is no compelling reason for continued processing
- Right to Restriction of Processing (Art. 18): Limit how we process your data in certain circumstances
- Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller
- Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes
- Right to Withdraw Consent (Art. 7): Withdraw consent at any time without affecting the lawfulness of prior processing
- Right Not to Be Subject to Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing, including profiling, that produce legal or significant effects
- Right to Lodge a Complaint: File complaints with your local EU/EEA supervisory authority
GDPR Contact: For GDPR-specific inquiries, contact gdpr@remote-works.io. We aim to respond to all GDPR requests within 30 days as required by the regulation.
3. Rights Under CCPA/CPRA (California)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and categories of third parties with whom we share it
- Right to Delete: Request deletion of your personal information, subject to legal exceptions
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: Opt out of the sale or sharing of your personal information for cross-context behavioral advertising. Remote-Works does not sell personal information.
- Right to Limit Use of Sensitive Information: Limit the use and disclosure of sensitive personal information to what is necessary to provide the services
- Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights
California Disclosure: Remote-Works does not sell your personal information. We may share personal information with service providers and business partners as described in our Data Collection & Usage policy, but this sharing does not constitute a "sale" under the CCPA/CPRA.
4. How to Exercise Your Rights
4.1 Submitting a Request
To exercise any of the rights described above, you may:
- Email us at privacy@remote-works.io
- Use the data export and deletion features in your account settings
- Contact our support team at support@remote-works.io
4.2 Verification
We may need to verify your identity before processing your request to prevent unauthorized access to personal information. Verification methods may include confirming your email address, account credentials, or other identifying information.
4.3 Response Timeframes
- PIPEDA / Law 25: 30 days from receipt of request
- GDPR: 30 days from receipt of request (extendable by 60 days for complex requests)
- CCPA/CPRA: 45 days from receipt of request (extendable by 45 days with notice)
4.4 Authorized Agents
You may designate an authorized agent to submit requests on your behalf. We may require proof of authorization (such as a power of attorney or signed written authorization) and may still verify your identity directly.
5. Limitations on Rights
Your data rights may be limited in the following circumstances:
- Legal obligations requiring data retention (tax, financial, regulatory compliance)
- Establishing, exercising, or defending legal claims
- Fraud prevention and security purposes
- Data already in aggregate or anonymized form
- Where fulfilling the request would adversely affect the rights of other individuals
- Requests that are manifestly unfounded, excessive, or repetitive
If we cannot fully comply with a request, we will explain the reasons and any available alternatives.