Privacy policy

Effective Date: June 5th, 2023
Last Updated: March 3rd, 2025

Introduction

ConformIT (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with Quebec’s Act respecting the protection of personal information in the private sector (commonly known as “Law 25”) and other applicable privacy laws.

Who We Are

Company Name: ConformIT Inc.
Address: 2572 Bd Daniel-JohnsonLaval, QC H7T 2R3
Email: support@conformite.ca

Data Protection Officer Contact:
Email: privacy@conformite.ca

Scope of This Policy

This Privacy Policy applies to personal information collected through:

  • Our website(s)
  • Our mobile applications
  • Email and other electronic communications
  • Phone calls and written correspondence
  • In-person interactions
  • Third-party platforms and services we use

What Personal Information We Collect

We collect different types of personal information depending on how you interact with us:

Information You Provide Directly

Contact Information:

  • Full name
  • Email address
  • Phone number
  • Mailing address
  • Company name and position (for business clients)

Account Information:

  • Username and password
  • Security questions and answers
  • Account preferences and settings

Business Information:

  • Business practices and data collection methods
  • Website and application details
  • Employee training records
  • Compliance documentation

Payment Information:

  • Credit card or payment card information (processed by our payment processor)
  • Billing address
  • Transaction history

Communications:

  • Content of messages you send us
  • Customer service inquiries and responses
  • Feedback and survey responses

Information Collected Automatically

Technical Information:

  • IP address
  • Browser type and version
  • Device type and operating system
  • Referring website addresses
  • Pages visited and time spent on pages
  • Date and time of visits

Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies to collect information about your browsing activities. For more information, see our Cookie Policy.

Information from Third Parties

We may receive information about you from:

  • Payment processors
  • Marketing and analytics service providers
  • Social media platforms (if you connect your account)
  • Publicly available sources
  • Business partners and affiliates

Why We Collect Your Personal Information (Purposes)

We collect and use your personal information for the following purposes:

Service Delivery

  • To provide Law 25 compliance services
  • To act as your Data Protection Officer
  • To develop and deploy privacy policies
  • To manage data subject requests
  • To handle privacy complaints
  • To provide breach response support
  • To monitor regulatory changes and update your compliance program

Business Operations

  • To process payments and manage billing
  • To communicate with you about our services
  • To respond to your inquiries and requests
  • To provide customer support
  • To manage our relationship with you

Legal and Compliance

  • To comply with legal obligations
  • To establish, exercise, or defend legal claims
  • To prevent fraud and enhance security
  • To enforce our terms and conditions

Business Improvement

  • To improve our services and website
  • To understand how our services are used
  • To develop new features and services
  • To conduct internal analytics and research

Marketing (with your consent where required)

  • To send you information about our services
  • To provide you with promotional materials
  • To inform you about events and webinars

Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract Performance: Processing is necessary to provide services you have requested
  • Legal Obligation: Processing is required to comply with applicable laws
  • Legitimate Interest: Processing is necessary for our legitimate business interests, provided your rights do not override these interests
  • Consent: You have given us explicit consent for specific processing activities

How We Share Your Personal Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We share information with trusted third-party service providers who assist us in operating our business, including:

  • Cloud hosting providers
  • Payment processors
  • Email service providers
  • Analytics providers
  • Professional advisors (lawyers, accountants, auditors)

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements

We may disclose your information when required by law or in response to:

  • Court orders or legal processes
  • Requests from government authorities
  • Protection of our rights and property
  • Emergency situations involving safety

Business Transfers

If we are involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. You will be notified of any such change.

With Your Consent

We may share your information with other parties when you have given us explicit consent to do so.

International Data Transfers

Your personal information may be transferred to and processed in countries outside of Quebec and Canada, including countries that may not provide the same level of data protection as Quebec.

When we transfer your information internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses
  • Adequacy decisions
  • Your explicit consent

Countries Where Data May Be Processed:

  • United States (cloud hosting services)

You have the right to obtain information about the safeguards we use for international transfers.

How We Protect Your Personal Information

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction:

Technical Measures:

  • Encryption of data in transit and at rest
  • Secure socket layer (SSL) technology
  • Regular security assessments and penetration testing
  • Access controls and authentication
  • Firewall protection
  • Intrusion detection systems

Organizational Measures:

  • Employee confidentiality agreements
  • Regular privacy and security training
  • Access limited to authorized personnel only
  • Documented security policies and procedures
  • Incident response plan

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

How Long We Keep Your Information

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

Retention Periods:

  • Client account information: Duration of the business relationship plus 7 years
  • Service delivery records: Duration of service plus 7 years
  • Payment information: 7 years from transaction date (for tax purposes)
  • Communications: 3 years from last contact
  • Marketing consent records: Until consent is withdrawn plus 3 years
  • Legal documents: As required by applicable laws

After the retention period expires, we securely delete or anonymize your information.

Your Privacy Rights

Under Quebec Law 25 and other applicable privacy laws, you have the following rights:

Right of Access

You have the right to access your personal information we hold and receive a copy of it.

Right to Rectification

You have the right to correct inaccurate or incomplete personal information.

Right to Deletion (“Right to be Forgotten”)

You have the right to request deletion of your personal information in certain circumstances, such as:

  • The information is no longer necessary for the purposes for which it was collected
  • You withdraw consent (where processing was based on consent)
  • The information was unlawfully processed

Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and transmit it to another organization.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

Right to Restrict Processing

You have the right to request restriction of processing in certain circumstances.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Commission d’accès à l’information du Québec (CAI) if you believe your privacy rights have been violated.

Commission d’accès à l’information du Québec:

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days. In some cases, we may extend this period by an additional 30 days and will inform you of the extension and reasons.

We may need to verify your identity before processing your request to protect your personal information.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

Types of Cookies We Use:

  • Strictly Necessary Cookies: Required for website functionality
  • Performance Cookies: Help us understand how visitors use our website
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements (with your consent)

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

Children’s Privacy

Our services are not directed to children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will delete it immediately.

If you believe we have collected information from a child, please contact us immediately.

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

If our practices change, we will update this policy and provide you with appropriate information about your rights related to automated decision-making.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of significant changes by:

  • Posting the updated policy on our website with a new “Last Updated” date
  • Sending you an email notification (for significant changes)
  • Displaying a prominent notice on our website

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

General Privacy Inquiries: Email: privacy@conformite.ca
Phone: [Your Phone Number]
Mail: 2572 Bd Daniel-JohnsonLaval, QC H7T 2R3

Data Protection Officer: Email: dpo@conformite.ca

We aim to respond to all inquiries within 5 business days.