If you have any questions regarding the Processing of your Personal Information and after reading the Policy, you still have questions, you may contact our Privacy Officer, Mr. Samuel Nault, Director of Operations of the Company, at the following email address: email@example.com, and he will ensure that your questions are answered promptly.
The Company may, at its discretion, revise the Policy periodically. If the Policy is revised, you will be notified when you log into your account or by email, at the Company’s sole discretion, as appropriate. The Company requests its users to review the updated Policy before continuing to use its services. Your continued use of the services provided by the Company following the effective date of the revised Policy constitutes your consent to the Policy as amended.
Additionally, it is your responsibility to regularly review this Policy and any potential changes made to it.
In this Policy, the following terms shall have the following meanings:
- “Consent” means any express, free, specific, informed and unambiguous indication of your agreement, through a statement or clear affirmative action, that Personal Information concerning you is subject to Processing;
- “Personal Information” means any information that relates to an identified or identifiable natural person;
- “Processing” means any operation or set of operations which is performed on Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use or disclosure; and
- “Privacy Incident” means:
- the unauthorized access to Personal Information as defined by the Loi sur la protection des renseignements personnels dans le secteur privé;
- the unauthorized use of Personal Information as defined by the Loi sur la protection des renseignements personnels dans le secteur privé;
- the unauthorized disclosure of Personal Information as defined by the Loi sur la protection des renseignements personnels dans le secteur privé; or
- the loss of Personal Information or any other breach of the security safeguards for Personal Information as defined by the Loi sur la protection des renseignements personnels dans le secteur privé.
2. Collection of Personal Information from You
The Company does not process any Personal Information of an individual or legal entity unless such information is voluntarily provided. When you provide us with Personal Information, you agree to the way the Company processes such Personal Information as described in this Policy.
The Company processes your Personal Information when you:
- provide your Personal Information to the Company to create an account on the Website;
- click on an advertisement placed by the Company on a third-party website (e.g. Google, Facebook, etc.);
- complete a survey or participate in any promotion by the Company;
- use the features of the Company’s Website, such as creating a “worksite” on the Website, providing contact information for a “worksite,” or submitting an application; and
- contact us by email, phone, or any other means of communication.
Personal Information may include your name, address, email address, phone number, date of birth, payment method, and any other Personal Information you may provide to the Company.
3. Collection of Personal Information Automatically Collected by Our Website – Cookies
The Company collects Personal Information provided by cookies. Cookies are data files commonly stored on your device when using websites and online services. They are used for the efficient operation of websites and can provide information and help customize services.
When you visit the Website, the Company collects information from your browser. This may include your IP address, computer type and language, access times, the content of any cookies that your browser has accepted from the Company, and the addresses of websites from which you were redirected to the Website.
The Company uses standard Internet technology, such as web beacons and similar technologies, to track your use of the Website. For example, the Company inserts web beacons into promotional emails and newsletters to check if the messages are opened and if you respond to them. A web beacon is a small file placed on a web page that allows a website to perform certain tasks, such as counting users who visit the page or accessing cookies. The Company may also receive an anonymous identification number if you access the Website through an advertisement displayed on a third-party website. The information the Company collects in this way allows it to personalize the services it offers to visitors of the Website, distribute targeted advertising where applicable, and assess the overall effectiveness of the Company’s online advertising or other activities.
4. Processing of Personal Information
The Company processes your Personal Information to:
- respond to your requests or inquiries;
- improve the Website and its services or to examine your interests as a user of the Website. The Company may associate the information it obtains from you with information about you that it receives from third parties. The Company may also use your Personal Information to personalize your experience with it or display content based on your preferences;
- transmit to you, according to the choice you have expressed, advertising material or additional information about its services, surveys, promotions, for marketing purposes. However, you are free to choose not to receive advertising or commercial material at any time. The Company may present you with new features or services. These may be offers by the Company regarding its services or offers concerning products and services from third parties that the Company may think you will find interesting;
- conduct market research and performance studies to improve customer service and service quality on the Website;
- for the purpose of preventing and detecting fraud or evaluating and improving protection and security measures. The Company may use the information to protect its business, its customers or the Website; and
- contact you regarding your use of the Website or about this Policy.
Your consent to the processing and disclosure of your personal information is required, unless it is inappropriate (for example, for legal or security reasons, it may be impossible or impractical to obtain consent).
BY ACCEPTING TO USE THE SERVICES AVAILABLE ON THE WEBSITE, YOU GRANT THE COMPANY YOUR CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION BY THE COMPANY IN ACCORDANCE WITH THIS POLICY AND TO THE USE OF SUCH PERSONAL INFORMATION AS STATED HEREIN.
You also acknowledge that you are aware of the reasons why the Company processes and discloses such personal information and how the management of personal information will be carried out.
You may withdraw your consent at any time by contacting the Company at the email address provided, subject to legal or contractual restrictions and reasonable notice.
6. Disclosure of Personal Information
The Company wants you to understand with whom it shares the personal information it collects about you, your activities on the Website, or when you use the Company’s services. Therefore, the Company does not share your personal information except with your consent, which is expressly granted by your use of the Website as provided in Article 5 above, and in the following situations:
- Authorized service providers – The Company may share your personal information with service providers who perform operations on behalf of the Company. These service providers include customer service, marketing support, activity analysis, Website feature support, surveys, and support for other Website functions. These service providers may access your personal information solely for the purpose of fulfilling their functions. In this case, measures will be put in place to ensure the confidentiality of your personal information.
- Other cases – You also consent to the Company disclosing your personal information in the following circumstances:
- In response to a requirement by law, including a subpoena, court order, request from a law enforcement agency or other governmental agency, to exercise or defend our legal rights, and to oppose a legal claim;
7. Third-Party Websites
8. Access to your information
If you have opened a user account, you have the ability to access and update your Personal Information by contacting the Privacy Officer. In the event that you no longer do business with the Company, you may request the deletion of the user account by emailing the Privacy Officer, Mr. Samuel Nault, Director of Operations of the Company, at the following email address: firstname.lastname@example.org. If applicable, Personal Information associated with that account will be deleted.
9. Data Retention Policy
10. Security measures
1. General security measures
The Company takes appropriate security measures, including physical, electronic and procedural measures, to protect your personal information from unauthorized access and disclosure. For example, only authorized employees can access personal information, and they can only do so when access is necessary for authorized administrative functions, and we use firewalls.
Although the Company takes security measures required by law, no security device is infallible. Therefore, you understand and agree that:
- there are limits to the security and management of personal information that the Company collects that are beyond its control;
- the security, integrity, and management of all personal information and data exchanged between you and the Company through the Website cannot be guaranteed; and
- such personal information may be viewed or altered by a third party during transfer.
2. Data protection by design and default
In view of the state of knowledge, implementation costs, nature, scope, context, and purposes of the processing, as well as the risks, the degree of probability and severity of which varies, that the processing presents for the rights and freedoms of natural persons, the Company will implement appropriate technical and organizational measures both at the time of determining the means of processing and at the time of processing itself, which are intended to implement the principles relating to data protection, such as data minimization or anonymization, effectively to match the processing to what is necessary in processing to meet the requirements of applicable laws and regulations and protect your rights.
3. Data protection by default
The Company will implement appropriate technical and organizational measures to ensure that, by default, only personal information that is necessary for each specific purpose of the processing is processed. This applies to the amount of personal information collected, the extent of its processing, the duration of its storage, and its accessibility. Such measures ensure, in particular, that personal information will not be made accessible to an indefinite number of natural persons without your intervention by default.
4. Notice of a breach of personal information protection
If the Company has reason to believe that a privacy incident has occurred, it undertakes to take reasonable measures to reduce the risks of harm and prevent further incidents of the same nature.
The Company will keep a register of any privacy incident, indicating the facts concerning the violation of personal information, the personal information involved in the privacy incident, its effects, the persons concerned, and the measures taken to remedy it.
If the privacy incident poses a risk of serious harm, the Company will promptly notify the Commission d’accès à l’information (information access commission) established under the Loi sur l’accès aux documents des organismes publics et sur la protection des renseignements personnels (law on access to documents of public bodies and the protection of personal information) as well as any person whose personal information is affected by the privacy incident. The Company may also notify any person or organization that is likely to reduce this risk, communicating only the personal information necessary for this purpose. In this case, the person responsible for personal information protection must record the communication. Despite the above in this paragraph, a person whose personal information is affected by the privacy incident does not have to be notified if doing so would likely impede an investigation by a person or organization that, under the law, is responsible for preventing, detecting, or prosecuting crime or offenses.
For notice to the Commission d’accès à l’information, it will provide at least the following:
- a description of the nature of the privacy incident;
- a detailed account, if possible, of the categories and approximate number of individuals concerned and records of personal information affected;
- the name and contact details of the Company’s personal information protection officer or point of contact from whom further information can be obtained;
- a description of the likely consequences of the privacy incident; and
- A description of the measures taken or proposed by the Company to remedy the Privacy Incident, including, where applicable, measures to mitigate any potential negative consequences.
For any individuals affected by the Privacy Incident, the notice will include at least the information and measures referred to in points a, c, d, and e above.
When assessing the risk of harm to an individual whose Personal Information is involved in a Privacy Incident, the Company will consider, among other things, the sensitivity of the information, the potential consequences of its use, and the probability that it will be used for harmful purposes.
11. Duration of personal information retention
Your personal information will be retained indefinitely as long as required by law or as long as it is necessary to retain it for the purposes set out in this Policy.
In the event of any inconsistency between this Policy and the Private Sector Privacy Act, the provisions of the said Act shall prevail.