top of page

Privacy Policy

1. Who We Are

​

Avalon Consulting (“Avalon,” “we,” “our,” or “us”) provides outsourced accounting, bookkeeping, audit-support, and related advisory services. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit www.avalonconsulting.ca (the “Site”) or interact with us in the course of business.

​

2. Information We Collect

​

We gather three broad categories of data. First, contact information—your name, company, job title, email address and phone number—arrives when you complete web forms, exchange emails with us or join a discovery call. Second, business records such as invoices, ledgers, payroll files, bank statements and tax returns are offered through channels (e.g., encrypted email, SFTP or a client-preferred portal) so we can deliver our accounting and advisory services. Third, site-usage data—including IP address, browser type, pages visited, time spent on each page and cookie identifiers—is collected automatically via standard analytics tools to help us improve website performance.

​

3. How We Use Your Information

​

  1. Service delivery – to perform contracted accounting or advisory services.

  2. Client communication – to schedule calls, issue reports, and provide support.

  3. Site improvement – to analyze traffic patterns and enhance user experience.

  4. Legal & compliance – to satisfy record-keeping obligations and enforce agreements.

  5. Marketing (minimal) – to send occasional newsletters or event invitations (opt-out anytime).

​

4. Legal Bases for Processing

​

When required by law (e.g., under the EU GDPR), we rely on one or more of these grounds:

  • Performance of a contract – processing necessary to deliver our services.

  • Legitimate interests – e.g., improving the Site, preventing fraud.

  • Consent – for optional marketing communications.

  • Legal obligation – where retention is mandated (tax, audit, or regulatory rules).

 

5. How We Share Information

​

We limit disclosure of your data to parties that genuinely need it. Internally, only authorized Avalon employees and vetted contractors—each bound by confidentiality obligations and least-privilege access—can view client files. Externally, we may share limited information with our professional advisers, such as attorneys or auditors, when legal or compliance questions arise; these advisers are likewise under strict nondisclosure duties. To keep the Site and our workflows running, we also engage reputable cloud and IT service providers for email, hosting, analytics and secure storage; all such vendors operate under data-processing agreements that require encryption in transit and at rest. Finally, if a court order, subpoena or applicable law compels disclosure, we will provide only the information strictly necessary to satisfy that legal requirement. We do not sell or rent your personal information to any third party under any circumstances.

​

6. Cookies & Tracking

​

The Site uses first-party and limited third-party cookies for:

  • Essential functionality (session management)

  • Anonymous analytics (site performance metrics)

You can disable cookies in your browser; the Site will remain usable, but certain features may be limited.

​

7. Data Security

​

  • Encrypted email with password sent via a separate channel is the default file-exchange method.

  • Multi-factor authentication and role-based permissions protect all client repositories.

  • Regular access reviews and off-site backups guard against unauthorized access or loss.

  • We are prepared to adopt client-preferred portals or VPN/SFTP solutions to meet specific security frameworks.

  • ​

8. Data Retention

​

We keep client records for the duration of the engagement plus the period required under applicable tax, audit, or professional regulations (typically seven years), unless a longer retention is necessary for litigation or regulatory inquiries. Non-client website enquiries are held no longer than 24 months.

​

9. International Transfers

​

Avalon operates from Pakistan but serves clients in the United States, United Kingdom, Canada and elsewhere. Where data moves across borders, we use approved safeguards such as Standard Contractual Clauses or comparable contractual protections to ensure adequate protection under GDPR, PIPEDA, and other relevant laws.

​

10. Your Rights

​

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete personal data we hold about you

  • Restrict or object to certain processing

  • Receive a portable copy of your data

  • Withdraw consent for marketing at any time

Please email us with your request. We will respond within the timeframe required by law (30 days in most cases).

​

11. Third-Party Links

​

The Site may link to external websites (e.g., cloud portals, social media). We do not control and are not responsible for the privacy practices of those sites. Review their policies before submitting data.

​

12. Children’s Privacy

​

Our services target business professionals and are not directed at children under 16. We do not knowingly collect personal information from minors.

​

13. Changes to This Policy

​

We may update this Privacy Policy from time to time. Any material changes will be posted on this page. Continued use of the Site after such changes constitutes acceptance.

bottom of page