CaelumOne Solutions Corporation Privacy Policy

Compliance with Privacy and Data Protection Laws

CaelumOne Solutions Corporation is committed to supporting compliance with applicable privacy and data protection legislation in the jurisdictions in which our clients operate. Depending on the deployment model, client requirements, and applicable legal framework, the CaelumOne DMS-ECM is designed to support compliance with regards to:

  • The EU General Data Protection Regulation (GDPR)

  • The UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018

  • The Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada

    • Quebec Law 25 respecting the protection of personal information in the private sector

    • The Personal Information Protection Acts (PIPA) of Alberta and British Columbia

  • The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)

  • The Cayman Islands Data Protection Act

  • The Bermuda Personal Information Protection Act 2016 (PIPA)

  • Other applicable privacy, records management, and information governance regulations relevant to client operations.

CaelumOne DMS-ECM provides configurable controls that assist organizations in meeting their privacy obligations, including access controls, encryption, audit trails, retention and disposition management, legal hold capabilities, records governance, and data residency options. Responsibility for determining the lawful basis for processing personal information and ensuring compliance with applicable legislation remains with the client organization acting as the Data Controller.

Data Residency and Sovereignty

CaelumOne ECM supports deployment models that enable organizations to maintain control over the geographic location of their information assets. Depending on client requirements, solutions may be deployed within client-owned infrastructure, approved private cloud environments, or regional sovereign cloud facilities.

Organizations may choose to retain information within specific jurisdictions to satisfy regulatory, contractual, or operational requirements. Backup, disaster recovery, administrative access, and support arrangements can be configured to align with applicable data residency and sovereignty obligations.

For the CaelumOne website, this broader language better reflects our positioning in Canada, Bermuda, Cayman, Barbados, the British Overseas Territories, the UK, and the European Union, CaelumOne DMS-ECM is a highly configurable platform "designed to support compliance" in the region we install it in.

Certainly. Below is a formal Data Privacy Statement tailored for CaelumOne ECM, aligned with best practices and regulatory frameworks such as the GDPR, PIPEDA, Quebec Law 25, PIPA Law of Alberta and British Columbia, CCPA, Bermuda PIPA and the Cayman Islands Data Protection Act.

CaelumOne ECM – Data Privacy Statement

Effective Date: June 10, 2026

At CaelumOne Solutions Corporation, we are committed to protecting the privacy, confidentiality, and security of all personal data processed through our Enterprise Content Management (ECM) platform, CaelumOne ECM. This Data Privacy Statement outlines our approach to data protection and the rights of individuals whose data we process, in compliance with applicable data protection laws and regulations noted above.

1. Scope

This Privacy Statement applies to all personal data processed by CaelumOne DMS-ECM in its capacity as a data processor or data controller, as applicable, including data collected, stored, transmitted, and accessed within the CaelumOne DMS-ECM environment, whether hosted on-premises or in a secure cloud environment.

2. Types of Data Collected

CaelumOne DMS-ECM may process the following categories of personal data, as determined by the system’s configuration and the client’s operational requirements:

  • Identifying Information (e.g., Name, ID Numbers)

  • Contact Details (e.g., Email, Phone)

  • Employment Records

  • Case Files or Documentation With Personal Identifiers

  • System Logs and Access Credentials

  • Metadata Associated With Document Activity

3. Purpose of Processing

CaelumOne DMS-ECM processes personal data solely for lawful and legitimate purposes, including:

  • Secure Document Storage and Lifecycle Management

  • Audit Logging, Version Control, and Access Tracking

  • Workflow Automation and Records Retention

  • Compliance With Legal and Regulatory Obligations

  • Enhancing Data Discoverability and Information Governance

4. Lawful Basis for Processing

All personal data processed within CaelumOne DMS-ECM is handled based on one or more lawful bases, including:

  • Consent of the Data Subject (Where Applicable)

  • Performance of a Contract

  • Compliance With Legal Obligations

  • Protection of Vital Interests

  • Legitimate Interests Pursued by the Client Organization

5. Data Security Measures

CaelumOne DMS-ECM incorporates robust, enterprise-grade security measures to ensure the confidentiality, integrity, and availability of data, including:

  • AES-256 Encryption At Rest and TLS 1.2+ Encryption In Transit

  • Role-Based Access Controls and Multifactor Authentication

  • Immutable Audit Trails and Digital Chain-Of-Custody

  • Secure Hosting Environments With Physical and Network Safeguards

6. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law, organizational policies, or regulatory mandates. CaelumOne DMS-ECM supports automated retention and disposition schedules aligned with clients’ records management rules.

7. Data Subject Rights

Individuals whose personal data is processed through CaelumOne DMS-ECM may have rights under applicable data protection laws, which may include:

  • Right to access and obtain a copy of their data

  • Right to rectification of inaccurate data

  • Right to erasure (right to be forgotten)

  • Right to restriction of processing

  • Right to data portability

  • Right to object to processing

  • Right to lodge a complaint with a supervisory authority

Requests for the exercise of these rights should be directed to the organization operating CaelumOne DMS-ECM, which acts as the data controller.

8. Third-Party Access and Data Transfers

CaelumOne ECM does not sell or share personal data with third parties for commercial gain. Any access granted to subcontractors or third-party service providers is governed by strict data processing agreements and is subject to confidentiality and data protection obligations. Where cross-border data transfers occur, appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms are implemented.

9. Compliance and Governance

CaelumOne Solutions Corporation conducts regular internal reviews, risk assessments, and staff training to ensure compliance with global data protection standards. We continuously monitor and enhance our platform to align with evolving regulatory and industry best practices.

10. Contact Information

For inquiries regarding this Data Privacy Statement or data protection practices related to CaelumOne ECM, please contact:

Data Protection Officer
CaelumOne Solutions Corporation
2425 Matheson Boulevard East, 8th Floor Mississauga, ON, Canada, L4W 5K4
Email: c1sales@caelumone.com
Phone: +1(705)293-3095
Website: www.caelumone.com