Effective August 31, 2023



This Privacy Statement lets you know how we collect, use, disclose, and protect the Personal Information you entrust to us.

When we refer to ‘Personal Information’ we mean information about an identifiable natural person. In other words, information about someone we can identify, directly or indirectly, using an identifier like a name, an identification number, location data, an online identifier, or someone we can identify using one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

We do not knowingly collect, process, or retain any:

  • special categories of personal information like personal information of children under the age of 16
  • personal health information, personal financial information, or any other special category of information.

Our services are not meant to capture any Sensitive Personal Information, or the information of children. If you’d like to learn more about what the European Union refers to as Sensitive Personal Information, you can click here:


What Personal Information Do We Collect?

When you contact us, purchase services from us, fill out a form on our website, sign up for our email list, visit our websites, or opt-in to receive marketing or sales communications from us, we collect the following personal information about you, and/or your organization:

Information Collected Purpose Legal Basis
Client Account Information
Such as your name, email
address, job title, sector and industry, and business contact information
This information is required to procure services from The Delphi Group. We may also use this information to notify you of any updates or other information related to your use of our services, such as revisions to this Privacy Statement. Consent;
Payment Information
Such as your name and contact information, purchase history, method of payment and other
similar information required for auditing and tax compliance
This information is required so that we may process and receive payment. Consent;
necessity; Our
Usage Data
We use Google Analytics to track visitors to our website, which includes your IP address, performance and use metrics on our websites.
This information helps us continually improve our websites, service offerings, and your user experience. For example, if we see through usage data that users are struggling with a certain function, we will be able to improve the service or functionality. Our legitimate
Information You Provide to us

This includes any information we need to assist you through our CRM sub-processor Zoho Inc., and any other Personal Information you submit to us in a form, email, phone call or contact form

You may provide this information to us, so we can assist in resolving any technical issues you have with the service, or connect you with an account executive to give you more information about Delphi. By providing this information to us, you have consented to our processing and use of it. We share this information with the Profoundry Group of Companies (as defined in “Sharing Personal Information” below) to assist in providing the services you have registered for and/or purchased (such as jointly hosted and managed events), and for joint marketing initiatives. Consent;

necessity; Our

Employment Data
This data includes your name, address, telephone number, date of birth, social insurance number, payroll information, benefit information, emergency contact information, resume, and/or reference details, as well as any other Personal Information we are required to process in order to interview, onboard and retain your talent.
We collect this information so that we may review your resume, interview you, onboard you, retain your talent, and provide you with benefits. We may also require your Personal Information to assess whether you are eligible to work in Canada. If you are an employee or a prospective employee and you have any questions about your Personal Information, please contact us at PrivacyOfficer@delphi.ca Consent;
necessity; Our
Compliance with our legal
Marketing Data
This includes your name, email address, phone number, summaries of any conversations we have had with you, your usage data, any information you have requested from us
This information is required to provide you with anything you have requested from us, such as blog posts or white papers that you have requested. We may also send you promotional messages if you have opted-in to receive them. We share marketing data with the Profoundry Group of Companies (as defined in “Sharing Personal Information” below) to assist in providing the services you have registered for and/or purchased (such as jointly hosted and managed events), and for joint marketing initiatives. Our legitimate interests
Website Data
If you browse our websites we may collect information about the pages you have visited and forms you have submitted to us
This information is required to answer any inquiries you may have and help better segment our marketing efforts. Our legitimate interests


Use of Website, Cookies, and Tracking Technology

When you visit our website (https://delphi.ca), or the Profoundry Group of Companies’ website that is owned, managed, and operated by The Delphi Group, we collect Personal Information from you through various cookies.

A cookie is a small text file that the website sends to your browser, which then stores the cookie on your hard drive to save you time, provide you with a more meaningful visit, and measure website activity. We use a pop-up window on our site to ask that you opt-in to our use of cookies in this way.

You can set up your browser to disable cookies at any time, but doing so may limit the functionality of our Website. For instructions on how to disable cookies, please visit the links below:

We use cookies for the following purposes:

  • For functionality. These cookies and other technologies are essential in order to use the Services to provide the feature you have requested, such as remembering if you have logged in or your language or search parameters. We use these cookies to make your use of the Services more tailored.
  • For performance and analytics. These cookies collect information on how you interact with our Services and help us improve how the Services operate. For example, we use Google Analytics cookies to help us understand how you browse our website. We use this information to identify areas for improvement such as navigation, user experience, and marketing campaigns.
  • Targeting Cookies or Advertising Cookies. These cookies collect information about your browsing habits in order to make advertising relevant to you and your interests.
  • Social media cookies. We use these cookies to track key metrics such as conversions when you engage with our content on the social media platform and later visit our site. This information may be also used for advertising activities.


Do Not Track

As there is not yet a common understanding of how to interpret Do Not Track (“DNT”) signals, Delphi does not currently respond to browser DNT signals.


Sharing of Personal Information

The Delphi Group shares information with service providers, affiliates, partners, and other third parties (as described below under Third Party Service Providers) to meet our contractual requirements with you, to provide our services, or for any other purposes described in this Privacy Statement. We may share, transfer, or grant access to the information that we collect or that you provide within the Profoundry Group of Companies (defined below) through our shared Customer Relationship Management tool, Zoho CRM. Each Group Company acts as either a distinct controller, or a joint controller with other Group Companies in connection with the sharing and processing of such Personal Information, and each Group Company has entered into a Data Processing Agreement with the other Group Companies, and Zoho Inc. that governs the processing and sharing of Personal Information between those entities. Each Group Company processes Personal Information for the purposes described in their respective Privacy Statements.

The Profoundry Group of Companies is comprised of five core related organizations that share common control (each, a “Group Company”), all of which are located in Canada: The Delphi Group, Accelerating Sustainability Events Management (doing business as GLOBE Series), Leading Change for Young Professionals, CBSR and its registered charity CBSR Education Foundation. We share the collected Personal Information among the Profoundry Group of Companies in order to provide our services, including hosting and managing events, for joint marketing initiatives, to connect members of the Profoundry Group of Companies with each other, and for our legitimate business interests.

We may share your Personal Information with certain third parties which help us provide you with Delphi services, or to run our business, for example to providers of data storage and backup services, as further described below.

Your Personal Information may also be shared with other organizations or individuals if we have obtained your consent to do so.


Sale of Information

Delphi does not sell any Personal Information we collect.


Other Links

Our website contains links to other websites. If you follow those links, like Twitter, LinkedIn, or other social media icons, you are accessing external websites operated by those entities. Delphi does not have any control over any information you provide to those third-party websites, and you are governed by those entities’ privacy policies, not this Delphi Privacy Statement.


Third Party Service Providers

From time to time we need to disclose your Personal Information to another company to provide you with our Services (“Third-Party Service Providers”). For example, our managed service provider Fully Managed by Telus Business may process some Personal Information if you require any assistance in using our Services. Third-Party Service Providers may be used for the following functions: sending communications, storing data, assessing compliance risks (such as our lawyers, accountants and auditors), analyzing data, providing marketing and sales assistance (including advertising and event management), conducting customer relationship management, and providing training. These Third-Party Service Providers have access to the minimum Personal Information needed to perform their functions, and may not use it for any other purposes. We ensure that international data transfers are compliant with applicable law. Our current Third-Party Service Providers that may process Personal Information are:

  • Zoho CRM, the Profoundry Group of Companies’ shared customer relations management tool for managing relevant contact information;
  • Zoho Campaigns for our digital marketing campaigns using your contact information;
  • Amazon AWS for hosting services;
  • Microsoft Azure for cloud services;
  • Fully Managed by Telus as our managed service provider; and
  • Sage50 for accounting purposes, which may process some financial information.


Sales and Marketing

We like to send you information about our products and services that we think might interest you using our digital marketing platform, Zoho Campaigns. We may send you this information if we have a business relationship with you, you have offered your contact information to us (i.e. business card), your contact information is publicly available, or as permitted under applicable anti-spam legislation. Otherwise, we will always ask for your consent to receive sales and marketing information before sending you any communications.

You can always opt-out of our sales and marketing communications. If you wish to opt-out of receiving sales and marketing communications, please contact PrivacyOfficer@delphi.ca or select the unsubscribe link in an email you receive. We will provide you with our response to that request in a timely fashion, and can make appropriate modifications to our information, up to and including deletion.


How Do We Store and Retain Data?

We retain information throughout the relationship between you and Delphi and as necessary for us to comply with our legal obligations. Once we no longer need the information for the purpose for which it was collected, we securely dispose of the Personal Information unless otherwise required by law or requested by you in writing under your rights (See: What Rights Do You Have?).


What Rights Do You Have?

You have the right to withdraw your consent for us to collect or process your Personal Information. We will endeavor to comply with the request and adjust our practices regarding your Personal Information within a reasonable time. If you do not want us to continue contacting you, we will add your contact information to a ‘do not send’ list to comply with your no-contact request. If you request to be placed on a ‘do not send’ list, your name and limited contact information will be kept on that list.

Depending on your jurisdiction, such as the European Union, you may have certain rights, such as:

  • Right to be Informed: You have the right to be informed about the collection and use of your Personal Information.
  • Right to Access: You have the right to view and request copies of your Personal Information.
  • Right to Rectification: You have the right to request inaccurate or outdated Personal Information be updated or corrected.
  • Right to be Forgotten: You have the right to request that your Personal Information be deleted, subject to our legal obligations and restrictions.
  • Right to Data Portability: You have the right to ask for your Personal Information to be transferred to a Controller.
  • Right to Restrict Processing: You have the right to request the restriction or suppression of your Personal Information.
  • Right to Withdraw Consent: You have the right to withdraw previously given consent to process your Personal Information.
  • Right to Object: You have the right to object to the processing of your Personal Information.
  • Right to Object to Automated Processing: You have the right to object to decisions being made using your Personal Information solely based on automated decision making or profiling.

To exercise any of these rights, please contact us at PrivacyOfficer@delphi.ca.


Protecting Personal Information

Delphi protects Personal Information using technical, physical, and administrative methods.
We ensure that all interactions between your computer and our servers for use of our system are encrypted, and we use a number of advanced security features built into our system and associated with our hosting infrastructure to ensure that your personal information remains protected at all times. The technical security features include:

  • Firewall
  • Virtual Private Network
  • Intrusion detection software
  • Multi-factor authentication
  • Data encryption in transit and at rest
  • Secure password protection

We implement physical security measures at our facility in Ottawa, Ontario, Canada, such as key-card access to our offices that uses radio-frequency identification and monitored alarms. The Delphi facility’s onsite server is located in a secure room only accessible to authorised personnel. Any Personal Information is kept under lock and key, and only accessed by trained employees with proper clearance on a need-to-know and limited basis. We limit the creation of printed materials to what is necessary to fulfill our functions to reduce the risk of a security breach, and we ensure that when storing or transporting information appropriate measures are taken such as using sealed envelopes, containers, locks, or equivalent devices.


Access to the backend of the system is restricted to only specific members of Senior Management and certain employees. As part of our administrative measures, our managed service provider, Fully Managed by Telus Business assists with reviews of our security practices from time-to-time to ensure that we maintain up-to-date and appropriate security practices.


The security provisions of Amazon Web Services (AWS) are described in security and compliance whitepapers published by AWS; they can be found here.


Contact us at ProfoundryIT@delphi.ca for more information on our security practices or user access management policies.


You acknowledge that no security system is impenetrable. By sharing Personal Information with us, the Personal Information may be at risk should an external party breach our systems. We will comply with our legal obligations to notify you where we are required to do so.



California residents may ask us to provide them with a list of the types of personal data that we have disclosed to third parties for direct marketing purposes, and the identity of those third parties. If you would like such a list, please contact us via the contact details at the bottom of this page. with subject field: “CCPA”. If you exercise your rights, we will not charge you different prices or provide different quality of services. We don’t sell personal data to third-parties.


Once we receive your request, we may verify it by requesting information sufficient to confirm your identity, including by asking you for additional information. If you would like to use an agent registered with the California Secretary of State to exercise your rights, we may request evidence that the agent has valid written authority to submit requests to exercise rights on your behalf.


Changes To Our Privacy Statement

We keep our Privacy Statement and privacy practices under regular review and will change this Privacy Statement from time to time. If we make any significant changes, we will notify you of the changes by posting them on our website or sending you an email, and we will change the last updated date at the bottom of this Privacy Statement.


Contact Information

If you have questions or concerns regarding data protection and privacy at Delphi, we encourage you to contact our Privacy Officer at:


163904 Canada Inc. (“The Delphi Group”)

434 Queen St, Suite 500

Ottawa, Ontario, Canada K1R 7V7

T: 613-562-2005

E: PrivacyOfficer@delphi.ca


Appropriate Authority

Should you wish to report a complaint, or if you feel that Delphi has not addressed your concerns in a satisfactory manner, you can contact the appropriate governmental authority in your jurisdiction. This would be a data protection authority, information commissioner’s office, or other supervisory authority.


Access our guide to learn everything you need to know about nature, the newest sustainability frontier