Privacy notice.

01 · Who we are

The controller.

The data controller is Goldberg Brokerage Inc., incorporated in Ontario, Canada, operating as Goldberg Consulting. For any question about this notice or your personal information, contact us at hello@goldbergconsulting.org or by post at 112 Duncan Ave S, Kirkland Lake, ON P2N 1Y3, Canada. That email is our published privacy contact.

02 · What we collect

The information we hold.

We collect information you provide through our forms and a limited amount of technical data your browser sends. We do not buy or rent contact lists.

• Identity and contact details you enter: name, email, and company.
• The answers you submit to our quizzes, audit, and intake, and the results we compute from them.
• Documents you request and calls you book, including booking times and status.
• Campaign attribution (UTM parameters) and the page you arrived from, where present.
• Technical data: your IP address (processed transiently for rate-limiting and bot defence), device and browser type, and — where you allow analytics — product-usage events and a masked session recording.

Where you allow analytics and then submit your email, your analytics activity is associated with a pseudonymous identifier — not your name or email — so we can understand the journey from your first visit to your enquiry. We attach only non-identifying details to it: the campaign and page you arrived from, and when we first saw you.

03 · Why we use it, and on what basis

A lawful basis for each purpose.

04 · Cookies & consent

What we set, and when we ask.

Strictly-necessary storage runs the site and your saved progress; analytics is governed by your choice. The full inventory is in our cookie & storage policy. In the EU and EEA, the UK, Singapore, the UAE, and where your region cannot be determined, we load nothing non-essential until you consent. Elsewhere, analytics runs under an opt-out model. A Global Privacy Control or Do-Not-Track signal is honoured everywhere and switches analytics and advertising off automatically.

05 · How we evaluate enquiries

Scoring is not a solely-automated decision.

We score the answers you give to prioritise our follow-up. This rests on legitimate interest. It is not a solely-automated decision producing a legal or similarly significant effect: a person reviews each enquiry and decides how to respond. You can object to profiling for marketing at any time, and one click on any unsubscribe link stops it.

06 · Session replay

Masked recordings, where you allow analytics.

As part of analytics we may record a masked session replay — a reconstruction of page interactions used to improve the site. All inputs are masked: we do not capture text you type into forms. Replay runs only after you consent in regions where we ask, and under an opt-out model elsewhere; a Global Privacy Control or Do-Not-Track signal switches it off everywhere. It is kept for the shortest viable period.

07 · Who processes your data

Our service providers.

We do not sell, rent, or trade your personal information. We share it only with the service providers that operate our systems — hosting and content delivery, database and file storage, email delivery, product analytics, call scheduling, and bot protection — each acting on our instruction under contract and only as needed to perform its function. These providers process data in the United States; a current list is available on request.

If we introduce cross-context advertising tools, their use may count as a “sale” or “share” under California law. You can opt out at any time through the “Your Privacy Choices” link in the footer, and we honour the Global Privacy Control signal as a valid opt-out.

08 · International transfers

Where your data goes.

We are based in Canada and our service providers process personal information in the United States. For transfers out of Canada we remain accountable for a comparable level of protection under PIPEDA through our contracts. For personal information from the EEA, the UK, or Switzerland, transfers are safeguarded by Standard Contractual Clauses, the UK International Data Transfer Addendum, and, where the provider participates, the EU-U.S. / UK / Swiss Data Privacy Framework. A copy of the relevant safeguard is available on request.

09 · How long we keep it

Retention.

• Lead, quiz, intake, and booking records — about 24 months after your last contact, then deleted.
• IP and rate-limiting records — pruned within about 30 days.
• Session replay — the shortest viable period.
• Email suppression entries — kept as long as needed to honour your opt-out, so we do not email you again.

10 · Your rights

The control you keep.

Subject to your region's law, you may ask us to give you access to the information we hold about you, correct it, delete it, or provide it in a portable form; you may object to processing based on legitimate interest (including marketing profiling); and you may withdraw any consent you have given.

To exercise any of these, use our data request form or email hello@goldbergconsulting.org. We verify identity by replying to the email on file and respond within the period your law requires — generally one month under the GDPR and UK GDPR, and 45 days under the California CPRA. You may also lodge a complaint with your local supervisory or data-protection authority.

11 · Security

How we protect it.

The site is served over HTTPS, we apply per-IP rate-limiting and bot protection to our forms, and access to our systems is restricted to the firm.

12 · Children

Not directed at children.

Our site and services are for business users and are not directed at children under 16. We do not knowingly collect personal information from children.

13 · Changes

Updates to this notice.

We may update this notice as our practices or the law change; where a change is material we will re-seek consent in the regions that require it. This notice is in effect from 21 June 2026.