6. How do we protect your personal information?
To help protect the confidentiality of data and personal information, we maintain physical, technical and administrative safeguards (firewalls, application firewalls, encryption of data in transit, use of certificates, IP address restrictions, access restricted by default and authorized as required, back-up copies, employee cybersecurity awareness, employee use policies and code of ethics, declaration of conflicts of interest, physical and software access controls).
We regularly update our security technology. We restrict access to your personal information to those employees who need to know this information in order to carry out their duties.
In addition, we regularly train our employees on our obligations with regard to the protection of personal information.
ATTESTRA uses procedural and technological security measures that are reasonably designed to help protect your information from loss, unauthorized access, disclosure, alteration or destruction.
ATTESTRA uses password protection, encryption and other security measures to prevent unauthorized access to your information.
However, no security measure can guarantee against compromise. We make every effort to protect personal information, but we cannot guarantee the security of the data we receive or transmit. You also have an important role to play in protecting your personal information. For example, you should not share your usernames, email addresses and passwords with anyone, and you should not re-use your passwords on more than one website.
7. How do we keep the personal information we collect?
We retain your personal information for as long as necessary to fulfill the purpose for which it was collected or as otherwise permitted by law. Once this purpose has been fulfilled and subject to any legal exceptions, we irrevocably destroy, erase or anonymize personal information in a secure manner that protects your privacy.
Your personal information is stored by ATTESTRA on secure servers with restricted access, based in Quebec, either on our own servers or on those of third-party service providers.
8. Responsibilities
All ATTESTRA employees who collect, retain or use personal information are required to ensure that the collection, use and disclosure of such information is conducted in accordance with this Notice and the relevant policies and procedures.
The General Manager is responsible for ensuring compliance with the law and for establishing procedures and guidelines for implementing our policies and this notice.
The Chief Privacy Officer is responsible for policies and practices relating to the management of personal information, and is the point of contact for complaints, comments and requests for information.
9. Use of external websites
By using our website, you can access, by means of hyperlinks, various other sites managed by other organizations (“external website”). These sites have been independently developed by third parties over whom ATTESTRA has no control. ATTESTRA does not verify the content of these sites. Accordingly, ATTESTRA makes no warranties as to their accuracy or maintenance. The inclusion of any information, material, content or links on this site shall not be construed as an express or implied endorsement of any third party’s opinions, products or services.
When you access an external website, you are subject to the conditions of that site, including the provisions of its confidentiality policy.
10. Your rights
You have various rights in relation to your personal information. The rights granted to you may vary depending on your geographical location and the applicable laws governing the processing of your personal information. To the extent prescribed by applicable law, you may have the right to carry out the following:
- Obtain confirmation that we are processing your personal information and obtain a copy of the personal information we keep about you;
- Ask us how we handle your personal information;
- Ask us to update your personal information or to correct inaccurate or incomplete personal information;
- Ask us to delete certain personal information we hold about you, or to limit the use we make of it;
- Ask us to de-index or stop disseminating certain personal information that may be included on our websites;
- Withdraw your consent for us to process your personal information (to the extent that such processing is subject to consent).
c
Please note that we may not be able to provide you with certain services if you withdraw or refuse to give us your consent to use your personal information.
To exercise your rights, or if you have any questions about how we handle your personal information, we invite you to contact our Chief Privacy Officer, whose contact details can be found in the Contact Us section below.
11. Handling complaints
If you are not satisfied with the way we have handled your personal information or a request for access to personal information, you may make a complaint to our Chief Privacy Officer, whose contact details can be found in the Contact Us section below.
You may also file a complaint with the data protection authority in your province or territory. If you wish to know the appropriate data protection authority, please contact us.
12. Contact Us
You may contact us at any time to find out about our confidentiality practices, the protection and storage of your personal information and to exercise your rights in this regard.
Our contact details are as follows:
Alexandre Beltrao
Chief Privacy Officer
Attestra
555, boulevard Roland-Therrien, Suite 50
Longueuil (Québec) Canada
J4H 4E8