Reinventy Solutions — Global Privacy Notice
(Effective 1 May 2025 | Replaces all previous versions)
1 · Scope of This Notice
This Privacy Notice explains how Reinventy Solutions Corp. (head office: Vancouver, British Columbia, Canada) and its wholly‑owned subsidiaries (collectively “Reinventy”, “we”, “our”, “us”) collect, use, disclose, transfer and otherwise process Personal Information of:
-
visitors to our websites, portals and social‑media pages;
-
customers and suppliers of AeroMag™ motors, Mag‑FOC™ controllers and related demo kits;
-
beta‑program participants using Reinventy cloud APIs or telemetry services; and
-
prospective employees, contractors and investors.
This Notice is designed to satisfy multiple legal frameworks, including (but not limited to):
| Region | Core Statutes Covered |
|---|---|
| Canada | Personal Information Protection and Electronic Documents Act (PIPEDA) & Québec Act 25 |
| European Union/EEA | General Data Protection Regulation (GDPR, 2016/679) |
| United Kingdom | UK GDPR & Data Protection Act 2018 |
| United States | California Consumer Privacy Act / Privacy Rights Act (CCPA/CPRA), Virginia CDPA, Colorado CPA, FTC Act §5 |
| Asia‑Pacific | Japan Act on the Protection of Personal Information (APPI), China Personal Information Protection Law (PIPL), Singapore PDPA |
If local law affords you stronger mandatory protections, those rights override any conflicting term herein.
2 · What Personal Information We Collect
We define “Personal Information” (“PI”) as any data relating to an identified or identifiable person. Depending on how you interact with us, we may process:
| Category | Examples | Purpose |
| Contact & Identity Data | name, company, e‑mail, phone, shipping address, government ID (for export control) | fulfil orders, support, KYC/AML compliance |
| Device & Usage Data | IP address, browser type, cookies, log files, telemetry headers, Mag‑FOC™ ECU serial | website analytics, debug, intrusion detection |
| Transactional Data | purchase history, invoices, payment tokens | accounting, tax, warranty management |
| Telemetry & Operational Data | motor current, temperature, vibration, GPS (if enabled) | predictive maintenance, product improvement |
| Recruitment Data | CV, education, references, interview notes | hiring decisions |
| Compliance Data | sanctions‑screening results, export licences, NDA records | legal obligation, trade‑control compliance |
We do not intentionally collect sensitive PI (e.g. race, religion, union membership) unless required by law (e.g. background checks for export licences).
3 · Legal Bases for Processing
We rely on at least one of the following grounds (Article 6 GDPR, PIPEDA s.5) per activity:
| Legal Basis | Typical Activities |
| Contractual necessity | processing orders, providing support, fulfilling RMA |
| Legitimate interests | cybersecurity, R&D analytics, B2B marketing within CAN‑SPAM & PECR limits |
| Consent | optional newsletters, beta‑programme telemetry, cookies beyond strictly necessary |
| Legal obligation | tax records, bookkeeping, product‑safety recalls, export controls |
| Vital interests | safety alerts that may prevent serious harm |
Where consent is the basis, you may withdraw it at any time (GDPR Art 7(3); CPRA §1798.120). Withdrawal does not affect prior lawful processing.
4 · How We Use Personal Information
-
Provision of goods & services — create and manage accounts, ship hardware, arrange training.
-
Product telemetry — analyse Mag‑FOC™ logs to improve firmware, predict failures, issue OTA updates.
-
Marketing & events — send technical newsletters, invite to webinars or trade‑shows (opt‑out any time).
-
Security & fraud prevention — log IPs, detect intrusion, enforce export‑control embargo lists.
-
Regulatory compliance — audit trails for ISO 9001/14001, CS‑23/Part 33 certification evidence.
We never sell PI to third parties. We may share PI with service providers under strict data‑processing agreements (DPAs) for cloud hosting, logistics, payment acquirers and analytics. Service providers may be located in Canada, the U.S., EU, UK, Singapore or Japan — each bound by contractual SCCs or equivalent safeguards.
5 · International Transfers
Where PI is transferred outside its origin jurisdiction, we implement:
-
Standard Contractual Clauses (EU/UK modules 1‑4) or UK ICO Addendum;
-
PIPEDA Schedule 1 cl.4.1.3 onward for onward transfer obligations;
-
Participation in the APEC CBPR/PRP system (awaiting certification Q3 2025);
-
Supplemental encryption at rest (AES‑256) and in transit (TLS 1.3) plus zero‑trust network access.
Where Chinese PI is transferred abroad, we conduct a PIPL security assessment and sign an Outbound Data Transfer Agreement as required by CAC regulations (2022).
6 · Retention
We retain PI only as long as necessary for the purpose collected plus applicable limitation periods:
-
Order & warranty data — up to 7 years (tax) or length of warranty + 1 year.
-
Telemetry logs — max 3 years anonymised; raw device IDs purged after 12 months.
-
Recruitment data — 2 years unless local law requires earlier deletion.
-
Cookie logs — 13 months (per CNIL guidance) unless shorter under local law.
7 · Security Measures
-
ISO/IEC 27001‑aligned ISMS, SOC 2 Type II in progress (audit Q4 2025).
-
Hardware‑root‑of‑trust (STM32 TrustZone), signed firmware, AES‑GCM OTA.
-
Annual penetration tests, quarterly OWASP ASVS scanning.
-
Role‑based access; MFA mandatory; off‑site encrypted backups.
8 · Your Rights
Depending on jurisdiction, you may have the right to:
| Right | CA | EU/UK | US‑CA | JP | CN |
| Access / portability | ✓ | ✓ | ✓ | ✓ | ✓ |
| Rectification | ✓ | ✓ | ✓ | ✓ | ✓ |
| Erasure (“Right to be forgotten”) | ✓ (with limits) | ✓ | (opt‑out delete) | — | ✓ |
| Restrict / object | ✓ | ✓ | ✓ (limit use) | — | ✓ |
| Automated decisions | — | ✓ | — | — | ✓ |
| Withdraw consent | ✓ | ✓ | ✓ | ✓ | ✓ |
Submit a request via privacy@reinventy‑solutions.ca or +1 778 404 0050. We will verify identity and respond within statutory deadlines (30 days in Canada, 1 month in EU/UK, 45 days under CPRA).
If you believe we have infringed your rights, you may lodge a complaint with your local supervisory authority (e.g., OPC Canada, EDPB member DPA, ICO UK, California AG, PPC Japan, CAC China).
9 · Cookies & Similar Technologies
We use first‑party cookies for session management and analytics (Matomo on‑prem). Third‑party cookies (YouTube embeds, LinkedIn Insight Tag) load only after consent. Full cookie list & retention is available at /cookies.
10 · Children’s Data
Our sites and products are not directed to children under 16. We do not knowingly collect PI from minors. If you believe a minor has provided us PI, contact us; we will delete it promptly.
11 · Changes to This Notice
We may update this Notice to reflect legal changes or new processing activities. Material changes will be highlighted on this page and, where required by law, we will seek renewed consent. The “Last revised” date at the top indicates the latest version.
12 · Contact & Data Protection Officer
Data Protection Officer (Interim): Dr. Elaine Cheng, CIPP/E, CIPM
Email: dpo@reinventy‑solutions.ca
Postal: Reinventy Solutions Corp., 3300–555 West Hastings St, Vancouver, BC V6B 4N6, Canada
Tel: +1 778 404 0050
© 2025 Reinventy Solutions Corp. — All rights reserved.
