Collection and use of personal information
We are committed to protecting the privacy and security of your personal data. We take great care in processing your personal data (including cookies) in compliance with the applicable Data Protection Laws, in particular the General Data Protection Regulation 2016/679 (“GDPR”) including the e-Privacy Directive.
As users, you acknowledge having read the information below and authorize us to process, in accordance with the provisions of the Policy, the personal data that you provide on the website.
The Policy is valid for all pages hosted on our website. It is not valid for the pages hosted by third parties to which we may refer and whose privacy policies may differ. We cannot therefore be held responsible for any data processed on these websites or by them.
Who is responsible for the data processing?
In processing your personal data, we act as the Data Controller as per the GDPR. This means that we are responsible for deciding how we hold and use personal data about you.
2100 St-Laurent, C.P. 310., Plessisville (Québec), Canada G6L 2Y8
Information about our website
Visiting our website
In general, you can visit our website without telling us who you are or submitting any personal information. However, we collect the IP (Internet protocol) addresses of all visitors to our website and other related information such as page requests, browser type, operating system, and average time spent on our website. We use this information to help us understand our website activity and to monitor and improve our website.
. You can also obtain additional information on Google Analytics’ data privacy and security at the following links:
for further details about Citadelle’s cookie practices.
Safeguards and retention
We have implemented reasonable administrative, technical, and physical measures in an effort to safeguard the personal information in our custody and control against theft, loss, and unauthorized access, use, modification, and disclosure. We restrict access to personal information on a need-to-know basis to employees and authorized service providers who require access to fulfil their job requirements.
We have personal information retention processes designed to retain personal information for no longer than necessary for the purposes of providing services to our customers or, with respect to the website, for the purposes set out in this Policy or to otherwise meet legal requirements.
We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
For website and services’ improvement purposes, under what lawful basis and how long do we process your data?
Website and services improvement
Online identifiers such as Internet Protocol (IP) addresses.
What other purposes are we collecting personal information for?
When you contact us with a comment or question by mail, email, or phone or via our Get in Touch web-based form, you may be asked for information that identifies you, such as your name, address, and a phone number, along with additional information we need to help us promptly answer your question or respond to your comment. We may retain this information to assist you in the future.
If you attend an event and get in touch with Citadelle’s representatives, we may collect business contact information such as your first and last name, company name, work email address, and phone number. We collect this information so that we can keep contact in the usual course of our business endeavours.
In connection with a job application or related inquiry, you may provide us with certain personal information about yourself (such as that contained in a resume, cover letter, or similar employment-related materials). We use this information for the purpose of processing and responding to your application for current and future career opportunities.
Who do we share your personal data with?
Your personal information will be transferred (or otherwise made available) to certain third parties that provide services on our behalf. We use service providers to provide services such as hosting our website, managing your cookies settings or analyzing our website traffic. Our service providers are only provided with the information they need to perform their designated functions and are not authorized to use or disclose personal information for their own marketing or other purposes. Citadelle may transfer your personal data to third parties whenever necessary for the purposes described in this Policy. Those third parties are the following:
- Google (Analytics)
- LinkedIn (Analytics)
- Zoho (Analytics)
Sharing your personal data as described above may involve transferring it to third countries whose data protection and privacy laws may not be equivalent to, or as protective as, those that exist in the country of your establishment. In that case, your personal data will be disclosed abroad only if appropriate safeguards are guaranteed pursuant to the GDPR, including the EU Commission’s Standard Contractual Clauses. We do not sell or disclose your personal information to third parties without your consent, except as set forth below or as required or permitted by law.
Legal and Compliance
We and our Canadian, U.S., and other foreign service providers may provide your personal information in response to a search warrant to other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable Canadian, U.S., or other law or legal process, which may include lawful access by U.S. or foreign courts, law enforcement, or other government authorities. Your personal information may also be disclosed where necessary for the establishment, exercise, or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property. Where a disclosure of our customers’ information is required by applicable law, we promptly notify our customer prior to complying with such requirements (to the extent we are not prohibited from doing so) and fully cooperate with our customer’s instructions with respect to our response.
Sale of Business
We may transfer any information we have about you as an asset in connection with a proposed or completed merger, acquisition, or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Citadelle or as part of a corporate reorganization or other change in corporate control.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a justification for doing so and we have prior notified you.
What security measures do we take to protect your personal data?
Citadelle takes appropriate technical and organizational security measures to protect your personal data in compliance with applicable data protection and privacy laws, which includes protection against accidental or unlawful destruction, loss, alteration, unauthorized access to, or disclosure of your personal data.
What are your rights and how can you exercise them?
As foreseen in the GDPR, you have the following rights in relation to your personal data:
Right of access
You have the right to obtain information about the processing of your personal data and have access to it.
Right to rectification
You are entitled to ask us to rectify, by completing or correcting, all or certain information held about you which appears incorrect or inaccurate.
Right to erasure
You also have the right to ask us to delete or remove your personal data where there are no longer legitimate grounds to continue to process it.
Right to restriction
You have the right to restrict processing of data under certain specified circumstances.
Right to data portability
You can ask to receive a copy of your personal data in a commonly used format and/or ask that your personal data is transferred to another data controller.
Right to object
You have the right to object to the processing where we are relying on legitimate interest as a legal basis.
Right to withdraw your consent
When you have given your consent for the processing of your data, you can withdraw it at any time without justification as long as the processing is covered by the GDPR.
To exercise your rights regarding your personal data, you may do so by contacting us at the contact details provided above (in the section entitled “Who is responsible for the data processing?”). If we do not fulfill your request, you will be provided with the reason(s) for such a decision.
In the case you consider the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the data protection supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement.
Please find all the EU Data Protection Authorities here: https://edpb.europa.eu/about-edpb/board/members_en
We may update this Policy periodically to reflect changes to our privacy practices. We encourage you to periodically review this page to ensure you are familiar with those changes. We will indicate at the top of this Policy when it was most recently updated.