Transparency by Default

Global Privacy Rights Privacy Policy 
'Transparent by Default'
Global Privacy Rights publishes full accountability information before any identification is demanded. Verify who is responsible, what data may be collected, and how to exercise your rights — openly and immediately.
Visit Our Website
Exercise Your Rights
Who Is Accountable
Every privacy notice must identify the organisation responsible for your data. Below is the complete controller identification for Global Privacy Rights, published transparently and without condition.
Controller Name
Global Privacy Rights
Business Number (BN)
78344 5505
Jurisdiction
Ontario, Canada
Representative
Mark Lizar
Controller Address
18 King St East, Suite 1400
Toronto, Ontario M5C 1C4
Canada
Contact Points
Website: globalprivacyrights.org
Rights contact: [email protected]
Machine-Readable Transparency Endpoints
These canonical endpoints allow automated systems, regulators, and researchers to verify accountability records programmatically — without relying solely on human-readable pages. All endpoints are publicly accessible and reproducible.
Controller Identification Record (CIR)
unknown link
The canonical machine-readable record identifying the data controller and their obligations.
notice.txt (Canonical)
unknown link
The primary machine-readable privacy notice, served from the standard transparency path.
notice.txt (Fallback)
unknown link
A secondary fallback endpoint ensuring the notice remains accessible under alternate well-known paths.
All endpoints follow the .well-known URI convention for standardised discovery by automated agents and privacy compliance tools.
Your Rights Access Point
Human-readable instructions for exercising your privacy rights under Ontario and Canadian law are available at a dedicated access point. You do not need to identify yourself to find out how to submit a request.
Rights Portal
All rights requests — including access, correction, deletion, and objection — are handled through the following page:
unknown link
Alternatively, you may submit a request directly to the rights contact email: [email protected]
Response SLA
Acknowledgement: Within 7 days of receipt.
Substantive response: Within 30 days, or with a written explanation of any extension required.
Access Rights Portal
What Identifiers May Be Collected
The following service bundles describe, in plain language, which personal identifiers (PII-i) may be collected, for what purpose, on what legal basis, and by which service provider. This rendering reflects the current active bundles.
Each bundle is scoped to a specific, limited purpose. Identifiers collected in one bundle are not combined with those from another without a separate disclosed basis.
Bundle 1
Necessary Cookie — Runtime Continuity
Purpose
Maintain site session and runtime continuity. This cookie is essential for the website to function correctly and cannot be disabled without disrupting core functionality.
Legal Basis
Legitimate interest — no consent prompt is displayed, as this processing is strictly necessary for service delivery.
Identifier Collected
cookie_id
Session token assigned at runtime
Service Provider
Notion Sites runtime
Bundle 2
Analytics — Site Measurement
Purpose
Measure site performance and improve content quality. Analytics data helps identify which pages are useful, how visitors navigate the site, and where improvements can be made — all in aggregate.
Legal Basis
Consent — this processing only occurs where you have actively provided consent. You may withdraw consent at any time through the rights access point.
Identifiers That May Be Collected
ip_address
cookie_id
device_id
(potential)
Service Providers
Cloudflare (web analytics) + Notion Sites
Bundle 3
Contact Form & Petition Signatures
Two closely related bundles cover voluntary interactions: submitting a contact enquiry and signing a petition. Both rely on consent as their legal basis and collect a similar set of identifiers.
Contact Form
Purpose: Respond to enquiries and provide requested information.
PII-i collected: name, email_address, message_content, ip_address (platform logs), timestamp
Legal basis: Consent
Service: Notion database form
Petition Signatures
Purpose: Record a signature and optionally list signatories publicly (opt-in only).
PII-i collected: name, email_address, message_content (optional), ip_address (platform logs), timestamp
Legal basis: Consent
Service: Notion database form
Public listing of petition signatories is strictly opt-in. Your name will not appear publicly unless you explicitly choose that option at the point of signing.
Bundle 4
Payments — Sponsorship & Donation Checkout
Purpose
Process payments and administer sponsorship or donation transactions. Data is collected to complete the financial transaction and maintain associated records.
Legal Basis
Contract — processing is necessary to fulfil the payment transaction you have initiated.
Service Providers
Ghost + Stripe
Identifiers Collected
email_address
Transaction receipt and communication
payment_token
Secure tokenised payment reference
billing_details
Held processor-side by Stripe
ip_address & device_id
Fraud signal detection
Consent, Withdrawal & Objection
Where consent is the stated legal basis for any processing purpose, you retain the right to withdraw that consent at any time. Withdrawal must be made as simple and accessible as giving consent in the first place — this is a core principle of Canadian privacy law.
Giving Consent
Consent is requested clearly and specifically at the point of each data collection interaction — analytics, contact forms, and petition signatures each have a distinct consent moment.
Withdrawing Consent
You may withdraw consent for any consent-based purpose at any time. The process is no more complex than the original consent action. Submit a withdrawal request via the rights access point.
Right to Object
Where objection is available as a right (for example, against legitimate interest processing), requests may be submitted through the unknown link or directly to [email protected].
Integrity & Verification
The following SHA-256 hash values are computed over served bytes — meaning you can independently verify that the notice and controller identification record you receive are identical to the published versions. Reproduce using curl and sha256sum on any standard system.
notice.txt — SHA-256
88b25c04665dc6da6c6b0c6e177dc4634d4bce8f2eeecb42f05fa634f2a0b98c
Verify against: unknown link
cir.json — SHA-256
3f9ef681bfd7206944dc0c5b9257fc341d3a2b10cfeb8634bd07063d6aa5cf48
Verify against: unknown link
If the hash you compute locally does not match the value published here, the served content may have been modified. Please contact [email protected] immediately to report a discrepancy.
A Privacy Notice Built on Trust
Global Privacy Rights is committed to demonstrating that privacy transparency is not a compliance checkbox — it is a foundation for trust. By publishing accountability information unconditionally, providing machine-readable endpoints, and offering a clear rights access point, this notice is designed to be verified, not just read.
Verify Accountability
Controller identity and business number published openly
Understand Collection
Plain-language bundles for every data processing purpose
Exercise Rights
Clear access point with a committed response SLA
Confirm Integrity
Cryptographic hashes to independently verify served content
globalprivacyrights.org
[email protected]