Privacy Policy

293 The Kingsway Privacy Policy

This policy describes how 293 The Kingsway handles personal information for residents, owners, renters, staff, visitors, and prospective customers using the StrataOS condo management platform. It is drafted to support GDPR-aligned privacy handling and CASL-aligned communications practices for North American SaaS operations.

Last updated: April 25, 2026

1. Who controls your information

293 The Kingsway is used by condo and strata communities to manage building operations for 293 The Kingsway. Depending on the context, StrataOS may act as a service provider / processor to the building or management company, while the building or management company acts as the controller for resident and visitor data collected in the platform.

Privacy questions may be directed to pm@293thekingsway.ca.

2. Information we process

  • Account details such as name, email address, phone number, role, unit association, and login preferences.
  • Operational records such as visitor registrations, parking permits, deliveries, amenity reservations, announcements, surveys, and service requests.
  • Security and audit data such as login timestamps, device/browser information, IP addresses, account lockouts, audit logs, and magic-token usage.
  • Uploaded documents and profile records that residents or administrators submit through the platform.
  • Communications records relating to service emails, support requests, and privacy complaints or data-rights requests.

3. Why we process personal information

  • To authenticate users and secure access to the platform.
  • To operate building-management workflows requested by the customer organization.
  • To send transactional and security-related communications, such as magic links, password resets, delivery notices, and service-request updates.
  • To maintain audit trails, prevent abuse, investigate incidents, and meet record-keeping obligations.
  • To respond to support requests, privacy requests, complaints, and legal obligations.

4. Lawful bases under GDPR

Where GDPR applies, processing may rely on one or more of the following lawful bases:

  • Performance of a contract or steps requested before entering a contract.
  • Legitimate interests in operating, securing, and improving the platform and fulfilling building-management functions.
  • Compliance with legal obligations, including records management, security, and incident handling.
  • Consent where a feature specifically relies on it, such as optional promotional communications.

5. CASL and electronic communications

StrataOS separates essential service communications from optional promotional communications. Security and transactional emails, including login links, password resets, verification codes, delivery notifications, and service-request updates, are treated as service-related messages. Optional promotional or marketing communications should only be sent where the sender has the required consent and should include unsubscribe handling.

6. Sharing and service providers

Information may be processed by infrastructure and service providers that support the platform, including cloud hosting, email delivery, file storage, and authentication/security services. We limit access to what is reasonably necessary for those services.

7. Retention

We retain data for as long as necessary to operate the service, satisfy customer instructions, preserve auditability, meet legal obligations, and resolve disputes. Specific retention periods may vary by record type and the customer organization's governance requirements.

8. Your privacy rights

Depending on your jurisdiction, you may have rights to:

  • request access to personal information,
  • request correction or rectification,
  • request deletion, restriction, or objection to certain processing,
  • request portability of applicable data,
  • withdraw consent where processing relies on consent, and
  • submit a complaint regarding privacy handling or electronic communications.

You can submit a request through the Privacy Request page or by emailing pm@293thekingsway.ca.

9. Security measures

StrataOS uses role-based access control, audit logging, token-based authentication flows, encrypted transport, and access-limited administrative controls. No system can guarantee absolute security, so users and customer organizations should also follow their own security practices.

10. Contact and complaints

Contact: pm@293thekingsway.ca

Address: 293 The Kingsway, Toronto, ON M9A 0E8

If you are unsatisfied with the response to a privacy request, you may escalate the matter using the same contact details or the public request form.