PRIVACY AND CONFIDENTIALITY POLICY 

    Version 1 (July 12th, 2023)

    1. Information générale

    a) Introduction

    The protection of privacy is important to Groupe Somavrac Inc. and its subsidiaries under common control in Quebec (hereinafter collectively referred to as the “Entity”, “We”, “Us”, “Our”). For this reason, We have implemented safeguards and practices for the sound management of your Personal Information in accordance with applicable laws in Quebec and Canada. 

     This privacy policy (the “Policy”), which should be read in conjunction with Our Legal Notice, describes our practices regarding the collection, use, processing, disclosure, and retention of Personal Information of our customers, visitors and users. It applies to the Entity as a whole. 

     By using our website https://www.groupesomavrac.com/ (the “Website”) or any of our services, You agree and confirm that we may collect, use, process, disclose and retain your Personal Information in accordance with the terms described herein. Otherwise, your information will not be collected, and you will not be able to access or use our Website. 

     This Policy does not apply to Personal Information of the Entity’s employees, representatives and consultants, or any other person affiliated with the Entity, or to any information that does not constitute Personal Information as defined by applicable laws in Quebec and Canada. 

    b) Privacy representatives

    Questions, comments and complaints regarding the Entity’s Privacy Policy and practices may be addressed to Our Privacy Representative at the following coordinates: 

     Telephone: 1-800-563-3313 

    E-mail: info@groupesomavrac.com 

    Address: 3450, Gene-H.-Kruger blvd, P.O. Box 294, Trois-Rivières (Québec) G9A 5G1 

    2- Definitions

    The following words and expressions, when appearing with a capitalized first letter in the Policy, have the meanings attributed to them hereinafter, unless otherwise implied or explicit in the text: 

     “Service Provider”: any individual or legal entity that processes Personal Information on behalf of the Entity. This includes third-party companies or individuals employed by the Entity to facilitate the Services, to provide the Services on behalf of the Entity, to perform services related to the Services or to assist the Entity in analyzing the use of the Services. 

     “Personal Information” means any information that relates to a natural person and allows that person to be identified, i.e., that directly or indirectly reveals something about the identity, characteristics (e.g., abilities, preferences, psychological tendencies, predispositions, mental abilities, character and behavior of the person concerned) or activities of that person, regardless of the nature of the medium and regardless of the form in which the information is accessible (written, graphic, sound, visual, computerized or other). 

     “Privacy representative”: the person who is responsible for the application of this Policy and whose contact information is identified in section 1 of this Policy. 

     “Services”: Services refers to the website and our pages on social networks and the services and products rendered to you. 

    3- Treatment of personal informations

    3.1 Collection of personal informations

    In the course of our business, We may process various types of Personal Information, including the information listed below: 

    • Contact information, such as your first and last name, address, e-mail address and telephone number; 
    • information relating to products or services, such as information concerning the Services we have rendered to you; 
    • information you choose to provide or transmit to Us, for example, when you fill in our forms, apply for one of our jobs offers (your cv) or contact one of our employees or representatives; 
    • information collected automatically when using the Website and our Services, including: 
      • login information and other information about your activities on the Website, such as your IP address, the pages you viewed, the time and date of your visits, the number of connections, the type of browser you use, your device’s operating system and other hardware and software information, as well as [●]; 
      • demographic and geolocation data, such as your IP address, a precise or approximate location determined from your IP address or your mobile device’s GPS (depending on your device’s settings). 

    In each case, this Personal Information is processed in accordance with the legitimate and necessary purposes listed in article 3.2 below. 

    3.2 Use of personal informations

    We may use your Personal Information for the legitimate purposes described below: 

     

    • to operate, maintain, supervise, develop, improve and offer all features of Our Website; 
    • to provide you with Services; 
    • to allow you to apply for job opportunities; 
    • perform our contractual obligations to you; 
    • develop, improve and offer new Services; 
    • to send you messages, updates and security alerts; 
    • for marketing and business development purposes, if you have previously consented to the processing of your Personal Information for these purposes; 
    • answer your questions and provide you with assistance as required; 
    • conduct research, analysis and statistics relating to Our business and Services; 
    • detect and prevent fraud, errors, spam, abuse, security incidents and other harmful activities; 
    • for any other purpose permitted or required by law. 

    3.3 Disclosure of personal information

    We may disclose your Personal Information to our employees (including human resources and information technology departments), contractors, consultants, agents, service providers and other trusted third parties (collectively, “Service Providers”), who require such information to assist Us in operating Our Website, conducting our business or servicing you, provided that such Service Providers have previously agreed in writing to maintain the confidentiality of your Personal Information in accordance with applicable laws and Our Information Governance Program. 

    We do not sell, trade or otherwise disclose your Personal Information to third parties. 

    3.3.1 Services providers and other third parties

    Although We try to avoid sharing your Personal Information with third parties, We may use Service Providers to perform various services on Our behalf, such as IT management and security, marketing, and data analysis, hosting and storage. We have defined below the cases in which such sharing may take place: 

    • We use the Google Analytics Cookie to analyze the website’s audience and compile statistics. For more information, please consult Google’s privacy policy and their table of cookies for advertising and measurement purposes; 
    • Please note that this Cookie may collect Personal Information that may identify You and may profile Your web activities (targeted advertising); 
    • We use Google Ads to analyze the audience for Our Services, for advertising campaigns, and to drive traffic to Our web pages. 
    • We use Meta services (including Meta Business Suite) to analyze audience interests, attempt to reach a target audience and encourage greater visibility and participation in Our content, compile statistics and converse with customers and prospects. Please consult their privacy policy; 
    • Please note that this Cookie may identify You and profile Your web activities in order to provide You with advertising that matches Your interests (targeted advertising) or to sell advertising products such as real-time auctions from third-party advertisers;
    • This Cookie communicates Personal Information to Meta for the purposes identified in Our Cookie Policy; 

    Before disclosing your Personal Information to Service Providers outside the province of Quebec, or depending on the nature of the Personal Information disclosed, We conduct a Privacy Impact Assessment. When we disclose your Personal Information to Service Providers, we enter into written contracts with them before disclosing your Personal Information to them, and we provide them with only the Personal Information they need to perform their mandate. As part of these contracts with our Service Providers, We undertake to ensure that the principles set out in this Policy are respected, and these Service Providers are required to use Personal Information confidentially, in accordance with Our instructions and solely for the purposes for which it was provided.  We provide sufficient guarantees that adequate safeguards have been implemented that are proportionate to the sensitivity of the Personal Information processed or disclosed.  

    When our Service Providers no longer need your Personal Information, we ask them to destroy this data in an appropriate manner. 

    3.3.2 Compliance with legislation, responding to legal requests, preventing harm and protecting our rights

    We may disclose your Personal Information when We believe that such disclosure is authorized, necessary or appropriate, including:

    • to respond to requests from public and governmental authorities, including public and governmental authorities outside your country of residence ; 
    • to protect our business; 
    • to comply with legal proceedings; 
    • to protect Our rights, Our privacy, Our security, Our property, yours or that of third parties; 
    • to enable Us to pursue available remedies or limit the damages We may suffer; 
    • and in accordance with applicable laws, including laws outside your country of residence. 

    3.3.3 Commercial transaction

    We may share, transfer, or communicate, in strict compliance with this Policy and the provisions of the Act respecting the protection of personal information in the private sector, RLRQ c P-39. 1 (the “Private Sector Act”) and the Act to modernize legislative provisions respecting the protection of personal information, LQ 2021, c 25 (the “Act 25”, assented to on September 22, 2021), your Personal Information in the event of a sale, transfer or assignment, in whole or in part, of the Entity or our assets (for example, as a result of a merger, consolidation, change of control, reorganization, bankruptcy, liquidation or any other business transaction, including in connection with the negotiation of such transactions). In such a case, We will inform you before Your Personal Information is transferred and is governed by another privacy policy. 

    3.4 Consent for personal information

    Wherever possible, the Entity obtains consent directly from the individual concerned for Us to collect, use and disclose his or her Personal Information. However, if you provide us with Personal Information about other persons, you must ensure that you have duly notified them that you are providing us with their information and that you have obtained their consent to such disclosure. 

    We will seek your express, overt, free, informed, and specific consent before using or disclosing your Personal Information for purposes other than those set out herein. We will also seek your express consent whenever sensitive Personal Information is involved in any of the Entity’s processing activities. We will ask for your consent for each specific purpose in clear and simple terms, separate from any other information that may be communicated to you. 

    BY USING OUR WEBSITES, BY TRANSMITTING YOUR PERSONAL INFORMATION BY E-MAIL, YOU CONSENT TO THIS PRIVACY POLICY AND TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THE PRIVACY POLICY. 

    If You do not consent, please discontinue use of the Websites. Except where otherwise provided by law, You may withdraw Your consent at any time upon reasonable notice. Please note that if You choose to withdraw your consent to the collection, use or disclosure of your Personal Information, certain features of our Website may no longer be available to You or we may no longer be able to offer You some of our services. 

    3.5 Retention of personal information

    Subject to applicable laws, We retain your Personal Information only for as long as is necessary to fulfill the purposes for which it was collected, unless you consent to Your Personal Information being used or processed for another purpose. As an indication, the duration of certain information may extend up to 7 years following the end of the Services rendered by the Entity to you. In addition, our retention periods may be modified from time to time in response to legitimate interests (for example, to ensure the security of Personal Information, to prevent abuse and breaches or to prosecute criminals). 

    For more information on the periods for which your Personal Information is retained, please contact our Privacy Representative using the contact details set out in section 1b) of this Policy. 

    4. Your rights

    As a data subject, you may exercise the rights set forth below by communicating in writing with Our Privacy Representative at the contact information provided in section 1b) of the Policy. Please note that We may ask you to verify your identity before responding to any of these requests.

    • You have the right to be informed of the Personal Information We hold about you, its use, disclosure, retention and destruction, subject to exceptions provided by applicable law; 
    • You have the right to access your Personal Information, to request a copy, including paper copies, of the documents containing your Personal Information, subject to the exceptions provided for by applicable law, and to obtain, where applicable, further details on how we use, disclose, retain and destroy it; 
    • You have the right to rectify, amend and update the Personal Information we hold about you if it is incomplete, ambiguous, out of date or inaccurate; 
    • You have the right to withdraw or change your consent to the Entity’s collection, use, disclosure or retention of your Personal Information at any time, subject to applicable legal and contractual restrictions; 

    In order to process your request, you may be asked to provide appropriate identification or to identify yourself in some other way. 

    4.1 Questions and complaints

    You may address any complaints regarding Our practices and policies for protecting Your Personal Information by contacting Our Privacy representative using the contact information identified in section 1b) – Privacy Representative. 

    You may also contact Our Privacy Representative with any questions regarding this Privacy Policy using the contact information identified in section 1b) – Privacy Representative. 

    In order to process Your request, You may be asked to provide appropriate identification or otherwise identify Yourself. 

    5. Cookies and similar technologies

    Cookies are small text files that are stored on Your device or browser. They make it possible to collect certain information when You visit the Website, including Your preferred language, the type and version of Your browser, the type of device You are using and Your device’s unique identifier. While some cookies are deleted after Your browser session ends, other cookies are retained on Your device or browser to enable Your browser to be recognized the next time You visit the Website.  We use cookies and other similar collection technologies such as Pixels (collectively “Cookies”) to help Us operate, protect, and optimize the Website and the Services We offer. 

    While some of the Cookies We use are deleted after the end of Your browser session, other Cookies are retained on Your device or browser to enable Us to recognize Your browser the next time You visit the Website. They enable Us to guarantee the operation of the Website, to improve the user’s browsing experience and to provide certain data that enables Us to better understand the traffic and interactions that take place on Our Website, as well as to detect certain types of fraud. Cookies do not damage Your device and cannot be used to retrieve Your Personal Information. 

    You can set Your browser to notify You when Cookies are set on Your visit to the Website, so that You can decide in each case whether to accept or reject the use of some or all Cookies. Please note that disabling Cookies on Your browser may adversely affect Your browsing experience on the Website and prevent You from using some of its features. 

    To learn more about how We use Cookies, You may consult Our “Cookie Policy”. 

     

    6. Security measures

    The Entity has implemented physical, technological and organizational security measures to adequately protect the confidentiality and security of your personal information against loss, theft or any unauthorized access, disclosure, reproduction, communication, use or modification. These measures include: 

    On the administrative side, the adoption of a series of policies and procedures as part of the implementation of our information governance program which include: 

    • govern the access, disclosure, retention, de-identification, anonymization and/or, where appropriate, destruction of Personal Information; 
    • determine the roles and responsibilities of our employees throughout the life cycle of Personal Information and documents; 
    • establish procedures for intervention and response in the event of a privacy incident; 
    • oversee the process for requests and complaints relating to the protection and handling of Personal Information. 

    On a technical level, the use of several means such as : 

    • the use of a secure server. All sensitive information provided is transmitted via Secure Socket Layer (SSL) technology, then encrypted in Our payment gateway providers’ database only to be accessible by authorized persons with special access rights to these systems, and are required to keep the information confidential; 
    • the use of backup systems, network monitoring software, etc. ; 
    • the use of encryption and segregation of duties systems, access controls and internal audits.

    Given the public nature of this Policy, we have not listed all the measures we implement. 

    Despite the measures described above, We cannot guarantee the absolute security of your Personal Information. If you have reason to believe that your Personal Information is no longer secure, please contact Our Privacy Representative immediately using the contact information provided in section 1b) above. 

    7. Changes to privacy policy

    We reserve the right to modify this Policy at any time in accordance with applicable law. In the event of a change, We will publish the revised version of the Privacy Policy and update the update date in the footer of the Privacy Policy. We will also notify you by e-mail at least thirty (30) days before the effective date of the new version of our Policy. If you do not agree to the new terms of the Privacy Policy, please do not continue to use Our Website and Services. If you continue to use Our Web Site or Services after the new version of our Policy becomes effective, your use of Our Web Site and Services will be governed by the new version of the Policy. 

    8. Links to third parties websites

    From time to time, We may include on Our Website references or links to Our Facebook page, websites, products or services provided by third parties (“Third Party Services”). These Third Party Services, which are not operated or controlled by the Entity, are governed by privacy policies entirely separate and independent from ours. We therefore assume no responsibility for the content and activities of these sites. This Policy applies only to the Website and the Services we offer. The Policy does not extend to third-party Services such as Our Facebook, LinkedIn and Twitter pages. 

    9. Individuals under the age of 14

    We do not knowingly collect or use Personal Information from individuals under the age of 14. If you are under 14 years of age, you must not provide us with your Personal Information without the consent of your parent or guardian. If you are a parent or guardian and become aware that your child has provided Personal Information to Us without consent, please contact Us using the contact information set forth in Section 1(b) above to request that We delete that childs Personal Information from our systems. 

    10. Governing laws

    The laws of Canada and Quebec, excluding its conflict of law rules, will govern this agreement and your use of the Web Site. Your use of the Web Site may also be subject to other local, provincial, national, or international laws.