Privacy Policy

Last Updated: 2026/01/27

Ehrlick Consulting Inc. (“the Company,” “we,” “us,” or “our”) is committed to safeguarding the privacy and confidentiality of personal information entrusted to us in the course of our business activities. This Privacy Policy explains how we collect, use, disclose, store, protect, and retain personal information in connection with our website, communications, and professional consulting services. This Privacy Policy applies to all visitors to our website, clients and prospective clients, professional contacts, and any individuals whose personal information may be provided to us in connection with the services we provide.

By accessing our website or engaging our services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy. If you do not agree with this Privacy Policy, you should refrain from using our website or providing personal information to us.

The Company provides Scientific Research and Experimental Development (SR&ED) consulting and related advisory services to businesses, including corporations owned or operated by physicians, clinicians, and clinician-researchers. The Company is not a healthcare provider, does not provide medical or clinical services, does not offer medical advice, diagnosis, or treatment, and does not act as a health information custodian or trustee. The Company does not operate or manage electronic medical record systems, patient databases, or clinical information systems.

Unless expressly agreed to in writing, the Company does not solicit, require, or intentionally collect identifiable personal health information or patient records. Any personal health information or sensitive clinical information that may be provided to the Company is provided solely at the discretion and responsibility of the client. The Company expressly disclaims any assumption of custodianship, fiduciary duty, or statutory responsibility with respect to patient or clinical data unless such responsibility is explicitly set out in a written agreement.

The Company may collect personal information that is voluntarily provided to us through our website, communications, or professional engagements. This may include names, professional titles, credentials, business contact information, corporate or practice-related details, billing and payment information, and correspondence. We may also collect information relating to the services requested or provided, including project documentation, technical descriptions, research summaries, financial or operational information, and other materials relevant to SR&ED advisory services.

When individuals visit our website, certain information may be collected automatically through standard technologies. This information may include IP addresses, browser type, device information, operating system, referring URLs, pages visited, and other metadata or log information. This information is used for purposes such as maintaining website security, monitoring performance, analyzing usage trends, and improving functionality. Such information is generally aggregated and does not, on its own, identify specific individuals.

In limited circumstances, clients may provide information that could be considered sensitive or health-related, such as de-identified research data, high-level descriptions of clinical workflows, or summaries of patient populations. The Company does not request identifiable personal health information and strongly discourages its submission. Clients are solely responsible for ensuring that any information provided to the Company has been lawfully collected, disclosed, and shared in compliance with applicable privacy, health, and professional regulations. Clients represent and warrant that they have the legal authority to disclose such information and that appropriate consents or legal bases have been obtained. The Company relies entirely on these representations and disclaims all liability arising from their breach.

The Company uses personal information solely for legitimate business purposes. These purposes include providing SR&ED consulting and advisory services, communicating with clients and prospective clients, administering contracts and engagements, managing billing and accounting functions, complying with legal and regulatory obligations, maintaining professional records, and operating and improving our website and business operations. The Company does not sell personal information and does not use personal information for purposes unrelated to its business activities.

Where required by applicable law, the Company processes personal information on the basis of consent, contractual necessity, compliance with legal obligations, or legitimate business interests, provided such interests do not override the rights and freedoms of individuals. Consent may be express or implied, depending on the nature of the information and the context in which it is collected.

The Company may disclose personal information to employees, contractors, and agents who require access to such information for the purpose of performing their duties, provided that such individuals are subject to confidentiality obligations. Personal information may also be disclosed to professional advisors such as legal counsel, accountants, or insurers, to third-party service providers who support our operations, or to regulatory authorities, courts, or law enforcement agencies where disclosure is required or permitted by law. In the event of a merger, acquisition, restructuring, or sale of assets, personal information may be disclosed as part of such a transaction, subject to applicable legal requirements.

The Company may use third-party service providers, including cloud-based platforms, communication tools, analytics providers, and document management systems, to support its operations. These service providers may process or store information on servers located outside Canada, including in jurisdictions with different privacy and data protection laws. By using our website or services, you acknowledge that personal information may be transferred to, stored in, or accessed from jurisdictions outside Canada and may be subject to lawful access by foreign authorities under applicable laws. While the Company takes reasonable steps to ensure that service providers implement appropriate safeguards, the Company does not control their internal security practices and disclaims responsibility for privacy failures beyond its legal obligations.

The Company implements commercially reasonable administrative, technical, and physical safeguards to protect personal information against loss, theft, unauthorized access, disclosure, or misuse. These safeguards may include access controls, authentication measures, secure storage systems, confidentiality agreements, and internal data minimization practices. However, no method of transmission or storage is completely secure, and the Company cannot guarantee absolute security. The Company expressly disclaims liability for unauthorized access or disclosure occurring despite reasonable safeguards.

In the event of a data breach or security incident involving personal information, the Company will take reasonable steps to assess the incident, mitigate potential harm, and comply with any applicable notification requirements under law. The Company disclaims liability for breaches resulting from third-party systems, client-supplied data or platforms, cyberattacks, force majeure events, or circumstances beyond its reasonable control.

Personal information is retained only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory requirements, and to maintain professional and business records. Information may be securely destroyed, anonymized, or archived once it is no longer required. The Company is under no obligation to retain information indefinitely.

Our website may use cookies, analytics tools, and similar tracking technologies to enhance functionality, analyze usage, and support security. Users may adjust browser settings to refuse cookies; however, doing so may affect website functionality. The Company does not control third-party analytics technologies and disclaims responsibility for their independent practices.

Our website may contain links to third-party websites for convenience or informational purposes. The Company does not control and is not responsible for the content, security, or privacy practices of external websites. Accessing third-party websites is done at the user’s own risk.

To the fullest extent permitted by law, the Company disclaims all liability for misuse, unauthorized access, loss, or disclosure of personal information beyond its reasonable control. The Company is not responsible for errors, omissions, or unlawful disclosures of information supplied by clients or third parties. Any liability relating to privacy matters is limited as set out in applicable service agreements or, where no such agreement exists, to the maximum extent permitted by law.

Subject to applicable law, individuals may request access to personal information held by the Company or request correction of inaccurate information. Such requests must be made in writing and may be subject to identity verification and legal limitations. The Company reserves the right to refuse requests where permitted by law.

The Company reserves the right to modify this Privacy Policy at any time without prior notice. Any changes will be posted on our website with an updated “Last Updated” date. Continued use of the website or services after such changes constitutes acceptance of the revised Privacy Policy.

This Privacy Policy is governed by the laws of the Province of Quebec and the applicable laws of Canada.