Collection and use of personal information

We are committed to protecting the privacy and security of your personal data. We take great care in processing your personal data (including cookies) in compliance with the applicable Data Protection Laws, in particular the General Data Protection Regulation 2016/679 (“GDPR”) including the e-Privacy Directive. We only collect and process your personal data for the purposes described in this Privacy Policy and only to the extent necessary within the framework of applicable Data Protection Laws.

General warning

The access of our website implies the user’s full and unreserved acceptance of this Privacy Policy (hereinafter the “Policy”), as well as its general terms of use. As users, you acknowledge having read the information below and authorize us to process, in accordance with the provisions of the Policy, the personal data that you provide on the website. The Policy is valid for all pages hosted on our website. It is not valid for the pages hosted by third parties to which we may refer and whose privacy policies may differ. We cannot therefore be held responsible for any data processed on these websites or by them.

Who is responsible for the data processing?

In processing your personal data, we act as the Data Controller as per the GDPR. This means that we are responsible for deciding how we hold and use personal data about you. [email protected] 2100 St-Laurent, C.P. 310., Plessisville (Québec), Canada G6L 2Y8

Information about our website

Visiting our website

In general, you can visit our website without telling us who you are or submitting any personal information. However, we collect the IP (Internet protocol) addresses of all visitors to our website and other related information such as page requests, browser type, operating system, and average time spent on our website. We use this information to help us understand our website activity and to monitor and improve our website.

Cookies

Our website uses a technology called “cookies.” A cookie is a tiny element of data that our website sends to a user’s browser, which may then be stored on the user’s hard drive so that we can recognize the user’s computer or device when they return. You may set your browser to notify you when you receive a cookie or to not accept certain cookies. However, if you decide not to accept cookies from our website, you may not be able to take advantage of all of the website features. For further details, please visit our Cookie Policy.

Analytics

We may use a third party such as Google Analytics to help us gather and analyze information about the areas visited on the website (such as the pages most read, time spent, search terms, and other engagement data) in order to evaluate and improve the user experience and the website. These third parties may use cookies and other tracking technologies. For more information about Google Analytics or to prevent the storage and processing of this data (including your IP address) by Google, you can download and install the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout. You can also obtain additional information on Google Analytics’ data privacy and security at the following links:

• https://policies.google.com/technologies/partner-sites
• https://support.google.com/analytics/topic/2919631

Please see our Cookie Policy for further details about Citadelle’s cookie practices.

Third-Party Links

Our website may contain links to other websites that Citadelle does not own or operate. We provide links to third-party websites as a convenience to the user. These links are not intended as an endorsement of or referral to the linked websites. The linked websites have separate and independent privacy policies, notices, and terms of use. We do not have any control over such websites, and therefore we have no responsibility or liability for the manner in which the organizations that operate such linked websites may collect, use or disclose, secure and otherwise treat personal information. We encourage you to read the Privacy Policy of every website you visit.

Safeguards and retention

We have implemented reasonable administrative, technical, and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss, and unauthorized access, use, modification, and disclosure. We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfil their job requirements. We have personal information retention processes designed to retain personal information for no longer than necessary for the purposes of providing services to our customers or, with respect to the website, for the purposes set out in this Policy or to otherwise meet legal requirements. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.

For website and services’ improvement purposes, under what lawful basis and how long do we process your data?

Website and services improvement

Online identifiers such as Internet Protocol (IP) addresses. Purpose: We will process your Personal Data to improve the functionality or the content of our site including diagnose and debug issues; audit site visits; customize our services and activities; and identify users’ preferences or interests in accordance with our Cookie Policy. Legal ground: See our Cookie Policy. Retention: See our Cookie Policy.

What other purposes are we collecting personal information for?

Contact Us

When you contact us with a comment or question by mail, email, or phone or via our Get in Touch web-based form, you may be asked for information that identifies you, such as your name, address, and a phone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future.

Events

If you attend an event and get in touch with Citadelle’s representatives, we may collect business contact information such as your first and last name, company name, work email address, and phone number. We collect this information so that we can keep contact in the usual course of our business endeavours.

Careers

In connection with a job application or related inquiry, you may provide us with certain personal information about yourself (such as that contained in a resume, cover letter, or similar employment-related materials). We use this information for the purpose of processing and responding to your application for current and future career opportunities.

Who do we share your personal data with?

Service Providers

Your personal information will be transferred (or otherwise made available) to certain third parties that provide services on our behalf. We use service providers to provide services such as hosting our website, managing your cookies settings or analyzing our website traffic. Our service providers are only provided with the information they need to perform their designated functions and are not authorized to use or disclose personal information for their own marketing or other purposes. Citadelle may transfer your personal data to third parties whenever necessary for the purposes described in this Policy. Those third parties are the following:

• Google (Analytics)
• LinkedIn (Analytics)
• Zoho (Analytics)

Sharing your personal data as described above may involve transferring it to third countries whose data protection and privacy laws may not be equivalent to, or as protective as, those that exist in the country of your establishment. In that case, your personal data will be disclosed abroad only if appropriate safeguards are guaranteed pursuant to the GDPR, including the EU Commission’s Standard Contractual Clauses. We do not sell or disclose your personal information to third parties without your consent, except as set forth below or as required or permitted by law.

Legal and Compliance

We and our Canadian, U.S., and other foreign service providers may provide your personal information in response to a search warrant to other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable Canadian, U.S., or other law or legal process, which may include lawful access by U.S. or foreign courts, law enforcement, or other government authorities. Your personal information may also be disclosed where necessary for the establishment, exercise, or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property. Where a disclosure of our customers’ information is required by applicable law, we promptly notify our customer prior to complying with such requirements (to the extent we are not prohibited from doing so) and fully cooperate with our customer’s instructions with respect to our response.

Sale of Business

We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition, or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Citadelle or as part of a corporate reorganization or other change in corporate control.

Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a justification for doing so and we have prior notified you.

What security measures do we take to protect your personal data?

Citadelle takes appropriate technical and organizational security measures to protect your personal data in compliance with applicable data protection and privacy laws, which includes protection against accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure of your personal data.

What are your rights and how can you exercise them?

As foreseen in the GDPR, you have the following rights in relation to your personal data:

Right of access

You have the right to obtain information about the processing of your personal data and have access to it.

Right to rectification

You are entitled to ask us to rectify, by completing or correcting, all or certain information held about you which appears incorrect or inaccurate.

Right to erasure

You also have the right to ask us to delete or remove your personal data where there are no longer legitimate grounds to continue to process it.

Right to restriction

You have the right to restrict processing of data under certain specified circumstances.

Right to data portability

You can ask to receive a copy of your personal data in a commonly used format and/or ask that your personal data is transferred to another data controller.

Right to object

You have the right to object to the processing where we are relying on legitimate interest as a legal basis.

Right to withdraw your consent

When you have given your consent for the processing of your data, you can withdraw it at any time without justification as long as the processing is covered by the GDPR. To exercise your rights regarding your personal data, you may do so by contacting us at the contact details provided above (in the section entitled “Who is responsible for the data processing?”). If we do not fulfill your request, you will be provided with the reason(s) for such a decision. In the case you consider the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the data protection supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement. Please find all the EU Data Protection Authorities here: https://edpb.europa.eu/about-edpb/board/members_en

Updates to the Privacy Policy

We may update this Policy periodically to reflect changes to our privacy practices. We encourage you to periodically review this page to ensure you are familiar with those changes. We will indicate at the top of this Policy when it was most recently updated.