Legal
Privacy Policy
Last updated: May 1, 2026
1. Who We Are
This website is operated by the Jay Hayles Campaign for Ward 2, Ajax Town Council 2026 ("the Campaign"). We are committed to protecting the personal information of all visitors in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Ontario's privacy laws.
Contact for privacy inquiries:
Email: [email protected]
Subject line: "Privacy Request"
2. Information We Collect
We collect personal information only when you voluntarily provide it through our website:
| Form | Data Collected | Purpose |
|---|---|---|
| Contact Form | Name, email, postal code, subject, message | To respond to your inquiry |
| Volunteer Form | Name, email, postal code, phone (optional), volunteer interests | To coordinate volunteer activities |
| Email Updates | Email address | To send campaign updates (with consent) |
| Donations | Name, address, amount, payment method | Campaign finance compliance (Ontario Municipal Elections Act) |
We also collect hashed IP addresses (one-way hashed with a server-side secret) for spam prevention, rate-limiting, and aggregate visit analytics. We never store the raw IP address — the hash cannot be reversed to recover it. Authorized campaign personnel can view aggregated visit data per hashed IP (visit count, total time on site, pages viewed) inside an internal admin dashboard. This data is not shared with any third party.
Public disclosure of donations $100 or more: Per the Ontario Municipal Elections Act, contributions of $100 or more must be disclosed in the campaign's financial statement, which is publicly available at the Town of Ajax. The donor's name and full address (street, city, postal code) appear in this public record. By making a donation of $100 or more, you acknowledge that this information will be made public.
3. How We Use Your Information
- • To respond to your inquiries and messages
- • To coordinate volunteer activities you sign up for
- • To send campaign updates (only with your explicit CASL consent)
- • To comply with Ontario municipal election campaign finance reporting requirements
- • To prevent spam and abuse of our website forms
We will never sell, rent, or share your personal information with third parties for marketing purposes.
4. Consent & CASL Compliance
In accordance with Canada's Anti-Spam Legislation (CASL):
- • We only send commercial electronic messages with your explicit opt-in consent
- • Every email includes our campaign identification and contact information
- • Every email includes an unsubscribe mechanism
- • Unsubscribe requests are honoured within 10 business days
- • We record the date and method of your consent
5. Cookies & Analytics
We distinguish between essential cookies (required for the site to function — no consent needed) and non-essential analytics cookies (used only with your explicit consent via the cookie banner shown on your first visit).
Essential cookies (always active):
- • jaxx_consent — Stores your cookie preference (accept or decline). Required to remember your choice and stop showing the banner. Expires after 1 year.
Non-essential analytics cookies (only if you accept):
- • jaxx_vid — Pseudonymous visitor identifier. Lets us count returning vs. new visitors. Expires after 1 year.
- • jaxx_sid — Pseudonymous session identifier. Lets us measure session duration and bounce rate. Expires after 30 minutes of inactivity.
Data collected only when you accept analytics cookies:
- • Pages visited, time on page, and scroll depth
- • Referring website and UTM campaign parameters
- • Device type, browser, and operating system
- • Hashed IP address (server-side, irreversible) — used to count unique visitors and aggregate visit duration. Authorized campaign personnel may view this aggregate data in an internal dashboard.
No third-party analytics services (such as Google Analytics) are used. All analytics data is processed and stored on our own servers. No data is shared with any third party.
How to opt out: Click "Decline" on the cookie consent banner, or clear your browser cookies at any time. Analytics data is retained for 90 days after the campaign concludes, then deleted.
6. Data Storage, Security & Cross-Border Transfers
Important: Your personal information and analytics data are stored on secure servers located in Germany (provided by Hetzner Online GmbH), not in Canada. Under PIPEDA, we are required to inform you that your data may be subject to the laws of those jurisdictions, including potential access by foreign authorities under applicable legal processes.
Your data may be processed in the following jurisdictions:
- • Canada — primary jurisdiction, governed by PIPEDA
- • Germany / European Union — Hetzner server infrastructure, governed by GDPR
- • United States — Stripe payment processing, Cloudflare global edge network, Google Maps API
Hetzner is fully compliant with the European Union's General Data Protection Regulation (GDPR), which provides a high standard of data protection. We maintain contractual data processing agreements to ensure your information is protected.
- • All data is stored on secure, encrypted servers in Germany (Hetzner Online GmbH)
- • Database access is restricted to authorized campaign personnel only
- • All website traffic is encrypted via HTTPS/TLS
- • Form submissions are validated and sanitized to prevent injection attacks
- • IP addresses are hashed (anonymized) before storage
7. Data Retention
- • Donation records: Campaign financial records (donation receipts, donor names/addresses for contributions of $100 or more) are retained until November 15, 2030, as required by the Ontario Municipal Elections Act, 1996. After this date, records are securely destroyed unless required by ongoing legal proceedings.
- • Contact messages & Volunteer records: Non-financial data (contact form submissions, volunteer signups not linked to a donation) is retained for 18 months after the campaign concludes (i.e. until April 30, 2028) and then securely destroyed.
- • Subscriber emails: Retained until you unsubscribe or the campaign concludes, then securely destroyed.
8. Your Rights Under PIPEDA
You have the right to:
- • Access your personal information held by the Campaign
- • Correct any inaccurate personal information
- • Withdraw consent for future communications at any time
- • Request deletion of your personal information (subject to legal retention requirements)
- • File a complaint with the Office of the Privacy Commissioner of Canada
To exercise any of these rights, email [email protected] with "Privacy Request" in the subject line. We will respond within 30 days.
9. Third-Party Services
We use the following third-party services in operating this website. Each processes data under their own privacy policy:
- • Stripe Payments Canada Ltd.: Processes credit card donations. Stripe is PCI-DSS Level 1 compliant. Card data never touches our servers. Stripe privacy policy.
- • Cloudflare, Inc.: Provides DNS, CDN, DDoS protection, and bot mitigation (Turnstile). May process IP addresses and request metadata. Cloudflare privacy policy.
- • Google LLC (Google Maps Platform): Provides address autocomplete on the donation form. Address data typed in the form is sent to Google for suggestion lookup. Google privacy policy.
- • Hetzner Online GmbH: Hosts our servers in Falkenstein, Germany. Data is processed and stored under EU data protection law (GDPR) in addition to PIPEDA. Hetzner privacy policy.
- • Interac e-Transfer: Processed by your financial institution. We only receive the transfer and sender information provided by your bank.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the website after changes constitutes acceptance of the updated policy.
Questions? Contact us at [email protected] or visit our Contact page.