PRIVACY POLICY
1. Why did we adopt this privacy policy?
The personal information (“information”) you may provide to us is essential to our business relationship with you. We understand its value and implement best practices to protect it. We have adopted this policy to describe our practices for safeguarding your information and privacy. Our goal is always transparency. This privacy policy applies to the use and communication of any collected information, as well as how we collect such information. Personal information refers to data that (either alone or in combination with other data) directly or indirectly identifies you (“Personal Information” or “Personal Data”). The data controller or business entity (“Controller”) is a party that defines the purposes and means of processing personal information. The data processor or service provider/contractor/third party (“Processor” or “Third Party”) is a party that processes personal information on behalf of the controller. Our Chief of Privacy and Data Protection is responsible for these practices. For any questions about this policy, you can contact her at:
Chief of Privacy and Data Protection
1706-3470 Stanley Street, Montreal, Quebec, H3A 1R9
2. What type of information may we collect, and from whom ?
The information we collect is largely metadata. Metadata refers to data about data, such as thedata’s author, creation date, or the name and type of the data column.
Other information we may collect includes:
- Reason for doing business with us
- Language and communication preferences
- Information for training, quality control, identification, and security purposes, or to maintain your consent for a transaction: history, recording, and transcription of phone calls, videoconferencing, chat history, and logs of visits and individual meetings.
We do not collect identifying information such as:
- Names
- Date of birth
- Marital status
- Contact details
- Email address
- Information on identity documents: driver’s license, passport, social security number
- Employment details
IMPORTANT : We limit the collection of your information to what is necessary to serve you well. We minimize the collection of information as much as possible.
3. From whom may we collect your information?
We may collect your information directly from you when you communicate or interact with us or when you update your preferences and settings online. Other information we collect is limited to the metadata previously mentioned, which exists within the companies’ tools you have authorized to collect your data.
4. How do we use your information?
We use your information to:
- Identify you, update your information, and verify the accuracy of the provided data
- Assess your eligibility for products and services, or ensure the suitability of advice, products, and services offered or purchased
- Establish, manage, administer, and maintain the requested products and services
- Conduct studies and data analysis to generate statistics, improve our products and services, and develop new ones, notably by analyzing information collected from our website
- Carry out our business activities and operations
- Use and communicate certain information where permitted by law (see Section 5).
5. To whom may we communicate your information?
Sharing your information with others for legitimate purposes is sometimes necessary. For example, this may include legal disclosures, fraud protection, participation in a program with a partner, or offering services on our behalf.
We are committed to limiting the information shared to what is strictly necessary and obtaining your consent where required. We ensure the integrity, security, and confidentiality of your information. We do not sell customer lists to third parties.
We may share your information with:
- Third parties if disclosure is required in legal proceedings
- A regulatory authority, government agency, or self-regulatory body
- A person authorized to receive the information under the law.
6. With which service providers may we work ?
We carefully select our partners and consultants, who fall into the following categories:
- Technology services (applications, data centers, data storage and backup, hosting services, maintenance, and support services)
- Professional services.
All suppliers with access to your information sign a confidentiality agreement with us and commit to using your information solely for the purposes outlined in the agreement, providing the same level of protection that we offer.
7. When must we obtain your consent ?
We only use your information with your consent or as permitted by law. We obtain your consent to collect, use, and share your information:
- When you request a new product or service
- When we need to use your information for a purpose other than those for which you have already given consent
- During certain specific interactions with us. However, we do not obtain your consent for every interaction.
Furthermore, we do not seek your consent in certain legally mandated situations, such as:
- Complying with a court order or any other binding request
- Investigating a breach of contract or law.
8. What are your rights, and how can you exercise them ?
8.1. Right to accept or refuse to provide your information
Your information belongs to you. Subject to legal or contractual requirements, you have the right to withdraw your consent to the collection, use, or sharing of your information. We will process your request as promptly as possible.
8.2. Right to refuse the use of your information for certain purposes
You can refuse the use of your information or withdraw your consent at any time by making a request online or contacting the Chief of Privacy and Data Protection. We will handle your request promptly.
8.3. Right to access your information
You can request access to the information we hold about you unless the law provides limitations on such requests. To access your information, submit a request to the Chief of Privacy and Data Protection mentioned on the first page. We will process your request within 30 days or a longer period if allowed by law.
8.4. Right to correct your information
You can correct inaccurate information about yourself. To provide you with quality service, your information must be accurate and complete. To submit a correction request, refer to the procedure outlined in Section 5.3 above.
8.5. Automated decisions
We may use your personal information to make automated decisions, such as responding to your requests. In such cases, you will be informed during the process or when the decision is communicated. For any questions, we invite you to contact the team responsible for the decision. Note that a decision is considered automated when no employee significantly intervenes in the decision-making process.
9. What are the terms for retaining your information
We retain your information, in physical or digital format, for as long as necessary for the purposes for which it was collected or as required by law. The retention period is determined by the purpose, nature, and sensitivity of the information. Certain exceptions may apply, such as in cases of disputes or claims requiring longer retention.
10. Can we modify this policy?
We reserve the right to amend this policy if necessary. We will inform you via a notice on our websites or by other appropriate means.
11. How can you contact us for a question, comment, or complaint?
Send an email to joane@graplix.io, Chief of Privacy and Data Protection.