Attestra’s Privacy Policy

NOTICE OF CONFIDENTIALITY REGARDING PERSONAL INFORMATION

Last update: November 2023

Introduction

Your privacy is important to us, and given the importance we attach to confidentiality and the protection of privacy and personal information, we recommend that you read this notice carefully.

This notice (“Notice”) describes our privacy practices, including what personal information we collect and process about you, how we use it and for what purposes.

You will also find in this document the various ways of contacting us in order to, among other things, exercise the rights provided for herein and how to obtain more information if necessary.

1. To whom does this privacy notice pertain and what laws apply?

This Notice applies to ATTESTRA, a non-profit organization whose head office is located at 555 Roland-Therrien Boulevard, Suite 50, Longueuil, Québec, J4H 4E8 (“ATTESTRA”, “we”, “us”, “our”).

We are committed to protecting your privacy and handling your personal information in an open and transparent manner.

This Notice tells you how we collect, use, store and protect your personal information (collectively referred to as “processing”) in the following situations:

  • When we provide you with services or manage programmes for government bodies;
  • When you visit “our website”;
  • When carrying out any other activity that is an integral part of the operation of our organization.

.

In this Notice, when we refer to “our website” or “this website”, we mean the specific web pages whose URL begins with “www.attestra.com”.

This Notice also contains information about when we disclose your personal information to third parties (for example, our service providers).

With regard to the protection of personal information, ATTESTRA is subject to the following laws in particular:

  • “Act respecting the protection of personal information in the private sector” (RLRQ, chapter P-39.1)
  • “Act respecting Access to documents held by public bodies and the Protection of personal information” (RLRQ, chapter A-2.1)
  • “Act to establish a legal framework for information technologies” (RLRQ, chapter C-1.1)
.

2. What is personal information?

Personal information is any information, taken alone or in combination with other information, that directly or indirectly identifies a natural person.

This includes, without limitation, first name, surname, telephone number, home address, email address, etc.

3. What kind of information do we collect?

We endeavour to limit the amount of personal information we collect to that which is necessary and appropriate for the purposes set out below.

As part of the services we provide to you or to government agencies and as part of conducting due diligence in relation to our services, we collect or obtain personal information about you. We may also collect personal information about you when you use our website or through your interactions with us.

We may collect or obtain this personal information by obtaining your consent (for example, if you fill in a form on our website), because others have provided it to us (for example, government bodies) or because of the public nature of the information.

The personal information that we collect or obtain about you may include, among other things:

  • Your first and last name, email address, home address, telephone number;
  • Your IP address, browser type and language, length of visits;
  • Details of your complaints or your requests;
  • Details of how you use our services, details of how you interact with us and any other such information.

.

When we receive personal information about you from third parties, we take steps to ensure that these third parties comply with the laws and regulations on the protection of personal information that apply to your data.

4. How do we use your personal information?

We use your personal information to provide services to you or to our clients. These clients are generally government agencies. In this respect, we may use your personal information for correspondence related to these services. Such correspondence may be with you, our customer and any third party designated by the customer to work with us in providing the services, our service providers or competent authorities. We may also use your personal information for due diligence purposes in connection with the services.

The personal information we collect about you is processed in Québec and we ensure that our safeguards/the safeguards put in place by our partners to protect your personal information comply with our legal obligations.

As part of the activities integral to the operation of our services, we may use your personal information for the following:

  • To enforce applicable legal and regulatory obligations;
  • To carry out or respond to requests for information and communications from competent authorities;
  • To open a customer account and for other administrative purposes;
  • For customer relations purposes, including communicating with you in order to:
    • To obtain your comments on our services;
    • To provide customer service and/or technical support;
    • To manage other customer relationship management processes;
  • To analyze data to better understand your interactions with us;
  • To improve existing traceability solutions;
  • To protect our rights and those of our customers and service providers.
.

5. To whom do we disclose your personal information?

We may disclose personal information about you for any of the purposes set out in the previous section:

  • To third parties who provide us with services;
  • To the competent authorities (in particular the courts);
  • To other third parties who reasonably require access to your personal information for any of the purposes set out in the How we use your personal information? section above.
.

In these cases, we enter into written contracts that include mandatory commitments to ensure the protection and confidentiality of your information, particularly with regard to principles, best practices, and appropriate privacy and security measures.

Category of third parties For what purpose?
Service providers
We may engage service providers to perform certain services on our behalf, such as payment service providers, equipment manufacturers, or specialized suppliers.
Business partners and/or government agencies
We may disclose your personal information to certain business partners or government agencies who, under law or regulation, require access to this personal information to fulfill their legal obligations.

6. How do we protect your personal information?

To help protect the confidentiality of data and personal information, we maintain physical, technical and administrative safeguards (firewalls, application firewalls, encryption of data in transit, use of certificates, IP address restrictions, access restricted by default and authorized as required, back-up copies, employee cybersecurity awareness, employee use policies and code of ethics, declaration of conflicts of interest, physical and software access controls).

We regularly update our security technology. We restrict access to your personal information to those employees who need to know this information in order to carry out their duties.

In addition, we regularly train our employees on our obligations with regard to the protection of personal information.

ATTESTRA uses procedural and technological security measures that are reasonably designed to help protect your information from loss, unauthorized access, disclosure, alteration or destruction.

ATTESTRA uses password protection, encryption and other security measures to prevent unauthorized access to your information.

However, no security measure can guarantee against compromise. We make every effort to protect personal information, but we cannot guarantee the security of the data we receive or transmit. You also have an important role to play in protecting your personal information. For example, you should not share your usernames, email addresses and passwords with anyone, and you should not re-use your passwords on more than one website.

7. How do we keep the personal information we collect?

We retain your personal information for as long as necessary to fulfill the purpose for which it was collected or as otherwise permitted by law. Once this purpose has been fulfilled and subject to any legal exceptions, we irrevocably destroy, erase or anonymize personal information in a secure manner that protects your privacy.

Your personal information is stored by ATTESTRA on secure servers with restricted access, based in Quebec, either on our own servers or on those of third-party service providers.

8. Responsibilities

All ATTESTRA employees who collect, retain or use personal information are required to ensure that the collection, use and disclosure of such information is conducted in accordance with this Notice and the relevant policies and procedures.

The General Manager is responsible for ensuring compliance with the law and for establishing procedures and guidelines for implementing our policies and this notice.

The Chief Privacy Officer is responsible for policies and practices relating to the management of personal information, and is the point of contact for complaints, comments and requests for information.

9. Use of external websites

By using our website, you can access, by means of hyperlinks, various other sites managed by other organizations (“external website”). These sites have been independently developed by third parties over whom ATTESTRA has no control. ATTESTRA does not verify the content of these sites. Accordingly, ATTESTRA makes no warranties as to their accuracy or maintenance. The inclusion of any information, material, content or links on this site shall not be construed as an express or implied endorsement of any third party’s opinions, products or services.

When you access an external website, you are subject to the conditions of that site, including the provisions of its confidentiality policy.

10. Your rights

You have various rights in relation to your personal information. The rights granted to you may vary depending on your geographical location and the applicable laws governing the processing of your personal information. To the extent prescribed by applicable law, you may have the right to carry out the following:

  • Obtain confirmation that we are processing your personal information and obtain a copy of the personal information we keep about you;
  • Ask us how we handle your personal information;
  • Ask us to update your personal information or to correct inaccurate or incomplete personal information;
  • Ask us to delete certain personal information we hold about you, or to limit the use we make of it;
  • Ask us to de-index or stop disseminating certain personal information that may be included on our websites;
  • Withdraw your consent for us to process your personal information (to the extent that such processing is subject to consent).
c

Please note that we may not be able to provide you with certain services if you withdraw or refuse to give us your consent to use your personal information.

To exercise your rights, or if you have any questions about how we handle your personal information, we invite you to contact our Chief Privacy Officer, whose contact details can be found in the Contact Us section below.

11. Handling complaints

If you are not satisfied with the way we have handled your personal information or a request for access to personal information, you may make a complaint to our Chief Privacy Officer, whose contact details can be found in the Contact Us section below.

You may also file a complaint with the data protection authority in your province or territory. If you wish to know the appropriate data protection authority, please contact us.

12. Contact Us

You may contact us at any time to find out about our confidentiality practices, the protection and storage of your personal information and to exercise your rights in this regard.

Our contact details are as follows:

Alexandre Beltrao

Chief Privacy Officer

Attestra
555, boulevard Roland-Therrien, Suite 50
Longueuil (Québec) Canada
J4H 4E8

      13. Modification of this privacy notice

We reserve the right to make changes to this notice from time to time. Such changes will be posted on the website and will be effective immediately upon posting.

Privacy laws change rapidly and, as a result, we may change this Notice from time to time, in our sole discretion and without any notice or obligation to you or any other person. The processing of your personal information will be governed by the version of the notice in effect at that time. The amended notice will be effective as of the revision date indicated at the top of this page.

We therefore strongly recommend that you re-read this Notice periodically to find out how we protect your information.