1. General information

1.1 Introduction

This privacy policy (the ” Policy “), which should be read in conjunction with the Website Terms and Conditions of Use and the Services agreements entered into with cVERT, describes our practices regarding the collection, use, processing, disclosure and retention of Personal Information of our customers, visitors and users.

Using our website https://cvert.ca (the ” Website “If you do not agree to abide by and be bound by this Policy, you may not visit, access or use our Website or Services, or share your Personal Information with us. If you do not agree to follow and be bound by this Policy, you may not visit, access or use our Website or Services, or share your Personal Information with us. This Policy is not intended to override the terms of any contract you may have with us or any rights you may have under other applicable laws regarding the privacy of Personal Information.

This Policy does not apply to Personal Information of employees, representatives and consultants of cVERT, or any other person affiliated with cVERT, as well as to any information that does not constitute personal information as defined by privacy legislation, including the Act to modernize legislative provisions respecting the protection of personal information (the “Applicable Legislation”). Applicable Act “).

1.2 Person responsible for the protection of personal information

Questions, comments and complaints regarding cVERT’s Privacy Policy and practices may be directed to our Privacy Officer at the following coordinates:

E-mail : [email protected]

Address: B01-7275 rue Saint-Urbain
Montreal (Quebec) H2R 2Y5
Canada

2. Definitions

The following words and expressions, when they appear with a capitalized first letter in the Policy, have the meanings attributed to them hereinafter, unless otherwise implied or explicit in the text:

“Processing activities : the process by which Personal Information is collected manually or automatically, is generated through the use of the Services or through another third party source or through another Processing Activity carried out by us or one of our subcontractors. For example, how many times the user has accessed the Website.

“Cookies”: A small amount of data generated by a Web site and stored by your Web browser. Their purpose is to store information about you, similar to a preference file created by a software application.

Service provider The term “third party” refers to any individual or legal entity that processes data on behalf of cVERT. These are third-party companies or individuals employed by cVERT to facilitate the Services, provide the Services on behalf of cVERT, perform services related to the Services or assist cVERT in analyzing the use of the Services.

Personal information Personal information” means any information that relates to a natural person and allows that person to be identified, i.e. that directly or indirectly reveals something about the identity, characteristics (e.g. abilities, preferences, psychological tendencies, predispositions, mental abilities, character and behaviour of the person concerned) or activities of that person, regardless of the nature of the medium or the form in which the information is accessible (written, graphic, sound, visual, computerized or other).

Privacy Officer “The person responsible for the application of this Policy, whose contact information is identified in section 1 of this Policy.

Services “: Services refers to the Website and all related services offered by cVERT, which include professional services and, where applicable, associated media, printed materials and “online” or electronic documentation.

3. Treatment of Personal Information

3.3 Collection of Personal Information

In the course of our activities, we may process various types of Personal Information, including the information listed below:

  • contact information, such as your first and last name, address, e-mail address and telephone number;
  • information about products or services, such as information about the services we have provided to you and your purchase history;
  • transaction and payment information, such as the payment method used, credit card information, date and time, payment amount, billing zip code, your address and other related information;
  • information you choose to provide or transmit to us, for example, when you fill out a form, respond to a survey or communicate with one of our employees or representatives;
  • information automatically collected through the use of the Website and our Services, including :
    • connection information and other information about your activities on the Website, such as your IP address, the pages you have visited, the time and date of your visits, the type of browser you are using, the operating system of your device and other hardware and software information;
    • geolocation data, such as your IP address, a precise or approximate location determined from your IP address or your mobile device’s GPS (depending on your device’s settings);

In each case, such personal information is processed in accordance with the legitimate and necessary purposes listed in article 3.2 below.

3.2. Use of Personal Information

We may use your Personal Information for the legitimate purposes described below:

  • operate, maintain, administer, supervise, develop, improve and offer all the functionalities of our Website;
  • provide you with Services;
  • improve our Web Site and Services and develop new Services;
  • send you messages, updates and security alerts;
  • for marketing and business development purposes, if you have previously consented to the processing of your personal information for these purposes;
  • answer your questions and provide assistance when needed;
  • administer a contest, promotion, survey or other feature of the Website or our Services;
  • gather opinions and comments on our Services;
  • conduct research and analysis related to our business and Services;
  • detect and prevent fraud, errors, spam, abuse, security incidents and other harmful activities;
  • send you communications in accordance with the law;
  • for any other purpose permitted or required by law.

Please note that we do not use the information we collect to draw any inferences or interpretations whatsoever.

3.3 Disclosure of Personal Information

We may disclose your Personal Information to our employees, contractors, consultants, agents, Service Providers and other trusted third parties who need to know that information to help us operate our Website, conduct and protect our business or serve you, provided that such Service Providers have previously agreed in writing to keep your Personal Information confidential in accordance with applicable laws and our Information Governance Program.

We do not sell, trade or otherwise disclose your personal information to third parties, subject to exceptions provided by law.

3.3.1. Service providers and other third parties

Although we try to avoid sharing your Personal Information with third parties, we may use Service Providers to perform various services on our behalf, such as IT management and security, marketing, and data analysis, hosting and storage. We have defined below the cases in which such sharing may take place:

  • Google – We use Google Analytics from Google to analyze website traffic. See the privacy policy of Google Analytics.
  • Facebook – We use Meta’s Facebook Pixel to analyze the website’s audience. See the Facebook Pixel privacy policy.
  • Stripe – We use Stripe as a platform for financial transactions carried out by our customers on our website and by telephone. See the Stripe privacy policy.
  • Sendgrid – We use the services of SendGrid to manage our e-mail deliveries. See the Sendgrid privacy policy.
  • Salesforce – We use Salesforce services to store our customers’ personal information and maintain processing records. Consult the Salesforce privacy policy.
  • Gexel – We use the services of Gexel to handle our customers’ requests concerning their Services, billing or any other customer service matter. Consult the Gexel privacy policy.
  • Mint digital performance – We use the services of mint digital performance to implement and monitor digital marketing initiatives. Consult the mint privacy policy.
  • Connect it Intelligent Solutions – We use Connect it Intelligent Solutions services to analyze our data. Read the privacy policy of Connect it Intelligent Solutions.
  • Kopel Inc – We use the services of Kopel Inc. to send postal mailings to our customers. Here is the contact information for person responsible for privacy at Kopel Inc..
  • Canada Post – We use the services of Canada Post to send postal mailings to our customers. Consult the privacy policy of Canada Post.

When we disclose your Personal Information to Service Providers, we enter into written contracts with them before disclosing your Personal Information to them, and we only provide them with the Personal Information necessary to perform their mandate. As part of these contracts with our Service Providers, we are committed to ensuring that the principles set out in this Policy are respected, and these Service Providers are required to use Personal Information in accordance with our instructions and only for the purposes for which it was provided. In addition, these Service Providers provide us with sufficient guarantees that they implement adequate safeguards that are proportionate to the sensitivity of the Personal Information processed or communicated. When our Service Providers no longer need your Personal Information, we ask them to destroy this data in an appropriate manner.

Please note that some of our Service Providers are located outside Quebec. It is therefore possible that some of your Personal Information may be disclosed outside Quebec. Before we disclose any Personal Information outside Quebec, we conduct a privacy impact assessment to evaluate the risks associated with such disclosure and to determine whether the Personal Information in question will benefit from adequate protection. We will proceed with the disclosure of the Personal Information concerned to the Service Provider concerned only after we have obtained positive conclusions from our assessment and confirmation that the privacy risks are minimal.

3.3.2. Compliance with legislation, responding to legal requests, preventing harm and protecting our rights

We may disclose your Personal Information when we believe such disclosure is authorized, necessary or appropriate, including:

  • to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
  • to protect our business ;
  • to comply with legal proceedings ;
  • to protect our rights, our privacy, our safety, our property, yours or that of third parties;
  • to enable us to pursue available remedies or limit the damages we may sustain, and in accordance with applicable laws, including laws outside your country of residence.

3.3.3. Commercial transaction

We may share, transfer or disclose, strictly in accordance with this Policy, your Personal Information in the event of a sale, transfer or assignment, in whole or in part, of cVERT or our assets (for example, as a result of a merger, consolidation, change of control, reorganization, bankruptcy, liquidation or other business transaction, including in connection with the negotiation of such transactions). In such a case, we will inform you before your Personal Information is transferred and is governed by another privacy policy.

3.3.4. Consent for Personal Information

We will only use your Personal Information for the purposes for which it was collected, in accordance with this Policy. We will seek your consent before using your Personal Information for purposes other than those set out in this Policy, subject to exceptions provided by law.

Wherever possible, cVERT obtains consent directly from the individual concerned for us to collect, use and disclose his or her Personal Information. However, if you provide us with Personal Information about other individuals, you must ensure that you have duly notified them that you are providing us with their information in addition to obtaining their consent to such disclosure.

3.3.5. Retention of Personal Information

Subject to applicable laws, we retain your Personal Information only for the time necessary to fulfill the purposes for which it was collected, unless you consent to your Personal Information being used or processed for another purpose. As an indication, the retention period for some information may be 180 days while for other information it may extend up to 7 years following the end of the Services rendered by cVERT to you. In addition, our retention periods may be modified from time to time due to legitimate interests (for example, to ensure the security of Personal Information, to prevent abuse and breaches or to prosecute criminals).

For more information on the periods during which your Personal Information is kept, please contact our Privacy Officer using the contact details provided in article 1.2 of this Policy.

We keep and store your Personal Information on our premises in Quebec or elsewhere with service providers who meet the highest technological standards in terms of information security.

cVERT does not collect or retain our customers’ credit card information used by them to make transactions and other purchases on our Website.

4. Your rights

As a data subject, you may exercise the rights set out below, subject to the exceptions provided by applicable law, by completing the form available here and sending it by e-mail or regular mail to the attention of our Privacy Officer at the address indicated in article 1.2 of the Policy:

  • You have the right to be informed of the Personal Information we hold about you and to request a paper copy of the documents containing your Personal Information;
  • You have the right to request a paper copy of the documents containing your Personal Information;
  • You have the right to have the Personal Information we hold about you rectified, amended and updated if it is incomplete, ambiguous, out of date or inaccurate;
  • You have the right to withdraw or change your consent to cVERT’s collection, use, disclosure or retention of your Personal Information at any time, subject to applicable legal and contractual restrictions;
  • You have the right to ask us to stop disseminating your Personal Information and to de-index any link attached to your name that gives access to this information if such dissemination contravenes the law or a court order;
  • You have the right to ask us to delete the Personal Information we hold about you;
  • You have the right to request that your Personal Information be communicated to you or transferred to another organization in a structured and commonly used technological format;
  • You have the right to lodge a complaint with the Commission d’accès à l’information.

In order to process your request, you may be asked to provide appropriate identification or to identify yourself in some other way. We will do our best to reply within one month of receiving your written request.

5. Cookies and other tracking and profiling technologies

We use cookies and other similar tracking or profiling technologies (collectively, ” cookies Cookies”) to help us operate, protect and optimize the Website and the services we offer. Cookies are small text files that are stored on your device or browser. They enable us to collect certain information when you visit the Website, including your preferred language, browser type and version, the type of device you are using and your device’s unique identifier. While some of the Cookies we use are deleted after your browser session ends, other Cookies are retained on your device or browser to enable us to recognize your browser the next time you visit the Website. The data collected through these Cookies is used to assign a unique number to each user, enabling you to be identified. In particular, they enable us to guarantee the functioning of the Website, to improve the user’s browsing experience, to provide certain data that enables us to better understand the traffic and interactions that take place on our Website, to detect certain types of fraud and to record all actions and operations carried out on the Website (page visited, time spent, action taken, etc.). Cookies do not cause any damage to your device and cannot be used to extract personal information.

5.1. Consent to the use of Cookies

We ask for your prior consent before placing Cookies on your browser or device. You can choose to consent to the use of Cookies by clicking on the appropriate button on the banner presented to you when you access the Website. You may also refuse or withdraw your consent to the use of Cookies at any time. In this case, you will need to delete and block or disable the use of Cookies via your browser settings.

Please note that disabling Cookies on your browser may adversely affect your browsing experience on the Website and prevent you from using some of its features.

5.2. Managing and deleting cookies

You can set your browser to notify you when you visit the Website, so that you can decide whether or not to accept some or all Cookies.

You can modify your browser’s Cookie settings, delete Cookies and activate additional privacy settings, including complete Cookie deactivation, by going to your browser’s “Options”, “Settings”, “Preferences” or “Help” menu, as appropriate. The following links may help you better understand how to manage Cookies depending on the browser you are using:

You can refuse all personalized advertising by activating your mobile device’s privacy features, such as “Limit Ad Tracking” and “App Tracking Transparency” (iOS) and “Opt Out of Ads Personalization” (Android) to block all Cookies.

You can prevent information about your activities on our website being shared with Google Analytics by installing the Google Analytics disabling browser add-on. This module prevents Google Analytics JavaScript code (ga.js, analytics.js and dc.js) inserted on websites from sharing information about your visits with Google Analytics.

You can opt-out of Facebook interest-based advertising by following Facebook’s Facebook instructions. For information on how Facebook interest-based advertising works, please click here. here.

You can also opt out of network advertising programs that track your activities on various websites in order to provide you with personalized advertising content. To learn more, please visit the following pages:

6. Safety measures

cVERT has implemented physical, technological and organizational security measures to adequately protect the confidentiality and security of your personal information against loss, theft or any unauthorized access, disclosure, reproduction, communication, use or modification. These measures include encryption, access control, segregation of duties, internal audit, firewalls, etc.

Despite the measures described above, we cannot guarantee the absolute security of your Personal Information. If you have reason to believe that your Personal Information is no longer secure, please contact our Privacy Officer immediately using the contact details provided in section 1.2 above.

7. Changes to this Privacy Policy

We reserve the right to modify this Policy at any time in accordance with applicable law. In the event of a change, we will publish the revised version of the Privacy Policy and update the update date in the footer of the Policy. We will also notify you by e-mail at least thirty (30) days before the effective date of the new version of our Policy. If you do not agree to the new terms of the Privacy Policy, please do not continue to use our Website and Services. If you continue to use our Web Site or Services after the new version of our Policy becomes effective, your use of our Web Site and Services will be governed by the new version of the Policy.

8. Links to third-party websites

From time to time, we may include on our Website references or links to websites, products or services provided by third parties (“Third Party Services”). Third-Party Services “). These third-party Services, which are not operated or controlled by cVERT, are governed by privacy policies entirely separate and independent from ours. We therefore assume no responsibility for the content and activities of these sites. This Policy applies only to the Website and the services we offer. The Policy does not extend to third-party Services.

9. Individuals under 14 years of age

We do not knowingly collect or use Personal Information from persons under the age of 14. If you are under 14 years of age, you must not provide us with your Personal Information without the consent of your parent or guardian. If you are a parent or guardian and you become aware that your child has provided us with Personal Information without your consent, please contact us using the contact information provided in section 1.2 above to request that we delete that child’s personal information from our systems.

10. Contact us

Any questions, comments, requests or concerns regarding this Privacy Policy should be directed to our Privacy Officer at the coordinates provided in section 1.2 of this Policy.