SORC Defence
Legal & Privacy

Privacy

Policy

SORC Defence is committed to protecting the privacy and confidentiality of all personal information collected in the course of our defence consultancy and brokerage operations.

Effective Date
1 January 2024
Last Reviewed
1 July 2026
Jurisdiction
Governed by the laws of Saskatchewan, Canada

Scope of This Policy

This Privacy Policy applies to all personal information collected, used, disclosed, or retained by SORC Defence ("SORC", "we", "us", or "our") through our website, enquiry forms, procurement processes, and direct client engagements. It covers our obligations under the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), the European Union General Data Protection Regulation (GDPR) where applicable to EU data subjects, and applicable provincial privacy legislation.

1. Information We Collect

We collect personal information only to the extent necessary for legitimate defence consultancy and procurement purposes. Categories of information collected include: full name and professional title; organisational affiliation and government ministry or force designation; business email address and secure communications identifiers (Signal, Threema, Wickr); country of operation and jurisdiction; nature of procurement or consultancy requirement; urgency classification and project reference data; and any additional information voluntarily provided in enquiry submissions. We do not collect sensitive personal information such as biometric data, financial account details, or health information through this website.

2. Legal Basis for Processing (GDPR)

For individuals located in the European Economic Area (EEA) or United Kingdom, our legal bases for processing personal data are: (a) Legitimate Interests — processing is necessary for our legitimate interests in operating a defence consultancy and brokerage, including responding to procurement enquiries, conducting due diligence, and maintaining client records, provided those interests are not overridden by your rights; (b) Contract Performance — processing is necessary to take steps at your request prior to entering a contract or to perform a contract to which you are party; (c) Legal Obligation — processing is required to comply with applicable export control laws, anti-money laundering obligations, and sanctions screening requirements including ITAR, EAR, and Canadian Export Control Act obligations; and (d) Consent — where we have obtained your explicit consent for a specific processing activity.

3. How We Use Your Information

Personal information collected is used exclusively for the following purposes: responding to and processing defence procurement enquiries; conducting mandatory restricted party screening and end-use certification verification; performing client due diligence in accordance with ITAR, EAR, and Canadian export control requirements; maintaining records of transactions and engagements as required by applicable law; communicating with clients and prospective clients regarding active or potential engagements; and improving the security and functionality of our website and communications infrastructure. We do not use personal information for marketing to third parties, sell or rent personal data, or engage in automated decision-making that produces legal or similarly significant effects.

4. Disclosure of Personal Information

SORC does not sell, trade, or otherwise transfer personal information to outside parties except as described herein. We may disclose personal information to: regulatory authorities and government agencies where required by law, including export licensing authorities in Canada, the United States, and applicable allied jurisdictions; legal counsel and compliance advisors engaged to support specific transactions; vetted supply chain partners and logistics providers strictly on a need-to-know basis and subject to confidentiality obligations; and successor entities in the event of a corporate restructuring, subject to equivalent privacy protections. All third-party disclosures are governed by written confidentiality agreements and are limited to the minimum information necessary.

5. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, to comply with legal and regulatory obligations, and to resolve disputes or enforce agreements. Enquiry records are retained for a minimum of seven (7) years to satisfy export control record-keeping requirements under ITAR (22 CFR Part 122) and the Canadian Export and Import Permits Act. Client engagement records are retained for the duration of the engagement plus ten (10) years. Website contact submissions not resulting in an engagement are retained for two (2) years. Upon expiry of applicable retention periods, personal information is securely destroyed or anonymised.

6. Data Security

SORC implements technical and organisational measures appropriate to the sensitivity of the information and the nature of our operations. Security measures include: encrypted communications via Signal, Threema, and Wickr for all sensitive client exchanges; TLS encryption for all data transmitted through this website; access controls limiting personal data access to authorised personnel on a need-to-know basis; regular review of third-party service providers for security compliance; and physical security controls at our office locations. No method of electronic transmission or storage is completely secure. In the event of a data breach that poses a real risk of significant harm, we will notify affected individuals and applicable regulators in accordance with PIPEDA breach notification requirements and, where applicable, GDPR Article 33/34 obligations.

7. International Data Transfers

SORC operates from offices in Saskatchewan, Canada, Dubai, UAE, and Islamabad, Pakistan. Personal information may be transferred between these jurisdictions in the course of our operations. For transfers involving EEA personal data, we rely on adequacy decisions, standard contractual clauses, or other appropriate safeguards as required by GDPR Chapter V. Transfers to the United States, where they occur in connection with export licensing or procurement activities, are conducted in compliance with applicable data transfer frameworks and export control regulations.

8. Your Rights

Subject to applicable law and legitimate restrictions arising from our export control and national security obligations, you have the following rights regarding your personal information: Right of Access — you may request confirmation of whether we hold personal information about you and a copy of that information; Right of Rectification — you may request correction of inaccurate or incomplete personal information; Right of Erasure — you may request deletion of personal information where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations; Right to Restrict Processing — you may request that we limit processing of your personal information in certain circumstances; Right to Data Portability — where processing is based on consent or contract and carried out by automated means, you may request a copy of your data in a structured, machine-readable format; Right to Object — you may object to processing based on legitimate interests; and Right to Withdraw Consent — where processing is based on consent, you may withdraw that consent at any time. To exercise any of these rights, contact us using the secure channels listed below. We will respond within thirty (30) days. Note that certain rights may be limited where compliance would conflict with our legal obligations under export control law or endanger national security.

9. Cookies and Website Analytics

Our website uses strictly necessary cookies required for basic functionality and security. We do not deploy third-party advertising cookies or behavioural tracking technologies. Any analytics data collected is aggregated and anonymised and is not linked to individual identities. You may configure your browser to refuse cookies; however, certain website functions may be affected.

10. Children's Privacy

Our services are directed exclusively to government entities, defence ministries, and professional procurement organisations. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that personal information has been collected from a minor, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or operational circumstances. Material changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically. Continued engagement with SORC following notification of changes constitutes acceptance of the revised policy.

12. Contact & Complaints

For privacy enquiries, access requests, or complaints, contact our Privacy Officer through the secure channels listed on our Contact page. If you are located in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority. Canadian residents may also contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca.

Privacy Enquiries

For access requests, corrections, or privacy complaints, contact our Privacy Officer through our secure channels.

Contact Privacy Officer