Skip to main content

LeadFilter™ — Privacy Policy

(GDPR / PIPEDA / CCPA / Canada + EU Compliant)

Last Updated: November 18, 2025

Website: leadfilter.ca

Legal Entity: VIGO ONLINE GROUP (Sole Proprietorship, BIN: 1000520463)

Address: 2 Robert Speck Pkwy Suite 750, Mississauga, ON L4Z 1H8

Email: support@leadfilter.ca

Phone: +1 437 886 3152

1. Who We Are and What This Policy Covers

1.1. This Privacy Policy (“Policy”) describes how VIGO ONLINE GROUP (“Company,” “we,” “us,” “our”), acting as the Merchant of Record, collects, uses, stores, and protects the personal data of individuals:

  • Who visit our website (including leadfilter.ca and related domains);
  • Who register an account and use the LeadFilter™ platform (“Partners”);
  • Who purchase access to or interact with our Partners’ quizzes (“Purchasers” or “Leads”).

1.2. This Policy is designed in consideration of the requirements of:

  • GDPR — Regulation (EU) 2016/679 on data protection (European Union / EEA);
  • UK GDPR and the UK Data Protection Act 2018;
  • PIPEDA — Canada’s Personal Information Protection and Electronic Documents Act;
  • CCPA/CPRA — The California Consumer Privacy Act, as applicable to us;
  • Applicable tax and consumer protection laws regarding the sale of digital goods.

1.3. By using our website and/or the Service, you acknowledge that you have read and understood this Policy.

1.4. If you do not agree with its provisions, you must cease using the Service.

2. Principles of Personal Data Processing

2.1. Lawfulness, Fairness, and Transparency. Data is processed only when a legal basis exists (consent, contract performance, legal obligation, legitimate interest).

2.2. Purpose Limitation. Data is collected only for specified, explicit, and legitimate purposes.

2.3. Data Minimization. We collect only the data necessary to fulfill the stated purpose.

2.4. Accuracy. We take reasonable steps to ensure data is accurate and up to date.

2.5. Storage Limitation. Data is stored no longer than necessary (see Data Retention).

2.6. Integrity and Confidentiality. We ensure data is protected from unauthorized or unlawful processing, and from accidental loss or destruction.

3. Roles in Data Processing (Controller vs. Processor)

To comply with our role as Merchant of Record, we distinguish between two types of data roles:

3.1. Company as Data Controller.

VIGO ONLINE GROUP acts as the Data Controller regarding:

  • Partner Account Data: Information needed to register partners and send payouts.
  • Purchaser Transaction Data: Billing information, email, and location of Leads who purchase content (required for tax and invoicing purposes).
  • Technical Data: Cookies, logs, and analytics on leadfilter.ca.

3.2. Partner as Data Controller.

The Partner (Quiz Creator) acts as the Data Controller regarding:

  • Quiz Content & Answers: Specific answers, choices, or sensitive data entered by Leads inside a Quiz. The Partner determines what questions to ask and how to use the answers.

3.3. Company as Data Processor.

Regarding Quiz Content & Answers, VIGO ONLINE GROUP acts solely as the Data Processor. We store and display this data strictly according to the Partner’s instructions and provide the technical infrastructure for the Partner to access it.

4. Data Categories and Purposes (VIGO as Controller)

We collect the following data where VIGO determines the purpose and means of processing:

Data Category Examples of Data Purpose of Collection Legal Basis
1. Account Identifiers (Partners) Name, email, password (hashed), ID. Registration, account management, payout verification. Contract Performance
2. Purchaser Billing Data (Leads) Name, email, billing address, country (for Tax calculation). Processing payments, issuing invoices, calculating VAT/Sales Tax, fraud prevention. Contract Performance & Legal Obligation (Tax)
3. Payment Details Last 4 digits of card, payment method ID (Full card numbers are processed directly by Stripe and not stored by VIGO). Processing sales and payouts. Contract Performance
4. Technical Data IP address, device type, browser, timestamps. Security, fraud detection, geolocation for tax purposes. Legitimate Interest
5. Communications Support tickets, emails. Customer support, dispute resolution. Legitimate Interest

5. Data Categories (Partner as Controller)

As a Processor, we host data that Partners collect via their Quizzes. The Partner is responsible for ensuring they have a legal basis to collect this info.

  • Lead Contact Info: Phone numbers, social handles (if requested by Partner).
  • Quiz Responses: Any input provided by the Lead (e.g., “My budget is…”, “My goals are…”).
  • Special Categories: Collection of sensitive data (health, race, political views) is prohibited unless the Partner has obtained explicit consent. VIGO encrypts this storage but does not access the content unless required by law.

6. How We Share Data (Recipients)

We share personal data only as required to operate as a Merchant of Record:

6.1. With the Partner (Creator).

If a Purchaser buys access to a Quiz, we share the Purchaser’s contact details and Quiz Answers with the Partner so they can fulfill the service (e.g., deliver the report).

6.2. With Payment & Tax Processors.

  • Stripe: Processes all payments and payouts.
  • Tax Authorities: We may report transaction data to the CRA (Canada), IRS (USA), or EU tax authorities to comply with VAT/Sales Tax obligations.
    6.3. Sub-Processors.
    We use trusted providers for hosting (e.g., AWS, Google Cloud) and email delivery.
    6.4. Legal Requirements.
    We may disclose data upon lawful request from a government, court, or police (e.g., fraud investigation).

7. Cross-Border Data Transfer

7.1. Storage Location. Data is stored on secure servers in Canada and/or the USA.

7.2. International Transfers.

  • EU/UK Residents: Data transfer outside the EEA is protected by Standard Contractual Clauses (SCCs) or the adequacy decision regarding Canada (PIPEDA).
  • Global Operations: As an international MoR, VIGO transfers data globally to process payments and deliver digital goods. We ensure all transfers comply with applicable security standards.

8. Your Rights as a Data Subject

Depending on your jurisdiction (GDPR, PIPEDA, CCPA), you have the right to:

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct inaccurate data.
  • Erasure (Right to be Forgotten): Request deletion of data.
  • Note: We cannot delete Transaction Data required for tax compliance (usually retained for 6-7 years by law).
  • Note: Requests to delete Quiz Answers will be forwarded to the Partner (Controller).
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interest.

9. Procedure for Exercising Rights

9.1. To exercise rights, email us at support@leadfilter.ca.

9.2. We verify all requests. We respond within 30 days (GDPR) or 45 days (CCPA).

9.3. If your request concerns Quiz Answers, we strictly act as a conduit and will notify the Partner to execute your request.

10. Data Security

We implement enterprise-grade security to protect transactions and privacy:

  • Encryption: TLS 1.3 for transit, AES-256 for storage.
  • PCI-DSS: We use Stripe for payments to ensure PCI-DSS compliance; VIGO never touches raw credit card numbers.
  • Access Control: Strict role-based access for employees.

11. Children’s Data Protection

11.1. The Service is not intended for children under 16.

11.2. We do not knowingly collect data from minors. If a Partner uses the platform to target minors, they bear full liability for compliance with COPPA/GDPR-K.

12. Changes to this Privacy Policy

12.1. We may update this Policy to reflect changes in tax laws or platform features.

12.2. The current version is available at leadfilter.ca/privacy.

12.3. Continued use of the Service after updates constitutes acceptance.

13. Contacts and Complaints

For privacy inquiries or to exercise your rights:

VIGO ONLINE GROUP

Privacy Officer

Email: support@leadfilter.ca

Address: 2 Robert Speck Pkwy Suite 750, Mississauga, ON L4Z 1H8

If you are in the EU/EEA or Canada, you also have the right to lodge a complaint with your local Data Protection Authority (e.g., OPC in Canada, ICO in the UK).

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None