At Introspect Test Technology Inc. / Technologie Introspect Test Inc. (hereinafter referred to as “Introspect Technology”), we know that the security and confidentiality of your Personal Information are important to you. Keeping this objective in mind, we have drafted this Policy, which establishes responsible and transparent practices governing the collection, use, retention, disclosure, and protection of your Personal Information.
This Policy is based principally on the Personal Information Protection and Electronic Documents Act (S.C. 2000, c. 5). If you are from a EEA country where GDPR laws apply, please see the Privacy Notice for your region.
This Policy applies to your Personal Information that we collect, use, or disclose in the course of our business relationship with you.
We invite you to read this Policy attentively, and we also suggest that you refer to it regularly to keep updated.
For the purposes of this Policy and subject to any explicit derogation, the words and expressions set out hereinafter are defined as follows:
- Customer means a person who uses, has used, or requests to use Introspect Technology products or services.
- Credit Information means any Information pertaining to the credit of a current or prospective Customer, such as their names, date of birth, current and previous workplaces, estimated income, payment habits, amount of current debt, and cost of living obligations.
- Applicable Legislation or Law means all the rules applicable in Quebec and in any other province where Introspect Technology services, goods or products are provided, including federal legislation, including the Applicable Legislation relating to protection of Personal Information, consumer protection, e-commerce, and information technology.
- Personal Information or Information pertains to any information about an identifiable individual and, in particular, your name, your address, your telephone number, your email address, specific unique identifier (I.P. address, IMSI/IMEI, MAC address), your Credit Information, and information regarding your age, your sex, your family situation, your opinions, etc.
- Authorized Representative means any successor, assign, agent, tutor, advisor, curator, legal counsel, or other representative.
- Third Party means any natural or legal person who is not the Customer or the customer’s Authorized Representative and any organization that is not part of Introspect Technology.
- Carrier means any other third-party owner of a network through which Introspect Technology’s services are provided to you, as applicable.
Principle 1 – Accountability
1.1. Introspect Technology is responsible for Personal Information in its possession or custody, including Information that has been transferred to a Third Party for processing. Introspect Technology does not disclose its Customers’ Personal Information to Third Parties, unless they process this information on its behalf, according to its instructions and pursuant to service agreements. Introspect Technology undertakes to use contractual or other means to provide the Information disclosed to the Third Party with a comparable level of protection.
b) Establishing procedures to receive complaints and inquiries;
c) Training its employees and communicating information about Introspect Technology’s procedures to them; and
d) Developing information to explain the policies and procedures.
Principle 2 – Identifying Purposes
2. Introspect Technology identifies the purposes for which Personal Information is collected before collecting it.
2.1. Introspect Technology collects Personal Information for the following purposes, without limitation:
a) Creating, developing, and maintaining business relationships with its Customers;
b) Knowing the interests, needs, expectations, and preferences of its Customers in order to enhance its products and services and offer new products and services;
c) Detecting and preventing potential fraud or illegal, inadequate, or inappropriate use of Introspect Technology’s products and services by ensuring that it has efficient, reliable, and secure systems in place;
d) Providing the products and services requested by the Customer, billing for these products and services, and collecting payment of invoices;
e) Resolving technical issues related to our services, and sending you technical notices, updates, security alerts, and support and administrative messages;
f) Complying with laws and regulations.
2.2. Introspect Technology will ensure, by every means of communication, that the purposes of collecting Personal Information are specified to the Customer, prior to or concomitantly with such collection. Introspect Technology will provide details on the purposes of the collection to the Customer who requests it, or will refer the Customer to a person able to answer their questions.
Principle 3 – Consent
3. The knowledge and consent of any Customer are required for the collection, use, or disclosure of their Information, except where inappropriate or unnecessary.
3.1. In some situations, the Applicable Legislation allows Introspect Technology to collect, use, or disclose its Customers’ Personal Information without Introspect Technology having obtained the Customer’s prior consent, in particular:
a) If the Personal Information is required by Law or under an order of a court or a body with jurisdiction to compel disclosure;
b) If requesting the Customer’s consent could compromise the accuracy of the Personal Information that Introspect Technology must obtain in order to prevent fraud, to comply with the Law, or in connection with a breach of an agreement;
c) If the Personal Information is necessary to collect a debt;
d) If it is in the Customer’s interest for Introspect Technology to obtain this Personal Information and the Customer cannot give consent to Introspect Technology in a timely manner.
The form of the consent sought by Introspect Technology varies according to the sensitivity of the Personal Information and the Customer’s reasonable expectations. Consent may be express, when the Customer expresses his/her oral or written permission to provide his/her Personal Information to Introspect Technology. It may be implied, when the Customer performs (or does not perform) acts allowing Introspect Technology to determine reasonably that the Customer has given their consent to the collection, use, or disclosure of Personal Information.
3.3 The Customer may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Introspect Technology will inform the Customer of the implications of such withdrawal.
Principle 4 – Limiting Collection
4. The collection of Personal Information shall be limited to that which is necessary for the purposes identified by Introspect Technology and this Information shall be collected by fair and lawful means.
4.1. Introspect Technology collects Information mainly from its Customers. However, Introspect Technology may also collect this Information from credit rating agencies or Third Parties, including its trusted partners, with the Customer’s consent or when permitted by Law.
Principle 5 – Limiting Use, Disclosure, and Retention
5. Introspect Technology will not use or disclose Personal Information for purposes other than those for which it was collected, except with the Customer’s consent or if the Law so requires.
5.1. Unless express consent is given by the Customer or disclosure is permitted by Law or otherwise required by a court, all the Personal Information Introspect Technology holds about a Customer, except for the Personal Information already accessible to the public, is confidential, and Introspect Technology may not disclose it to anyone other than:
a) The Customer; b) A person who, in Introspect Technology’s reasonable opinion, is seeking this Information as your Authorized Representative.
Principle 6 – Accuracy
6. Personal Information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
6.1. The Personal Information used by Introspect Technology shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate Information may be used to make a decision about a Customer.
6.2. Introspect Technology will ensure that Personal Information is updated when it is necessary to do so to fulfill the purposes for which it was collected, or at the Customer’s request.
Principle 7 – Safeguards
7. Introspect Technology protects its Customers’ Information by security safeguards appropriate to its sensitivity.
7.1. Introspect Technology shall protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, and modification. For this purpose, Introspect Technology will implement physical, electronic, technological, organizational, contractual, and administrative measures in accordance with industry standards. These measures will be adapted to the media and the sensitivity of the Personal Information. Regardless of the efforts deployed, Introspect Technology reminds you that any disclosure of Personal Information involves risks that it will be intercepted by Third Parties whose intentions are unknown.
7.2. Introspect Technology will sign agreements with the Third Parties to whom Information might be disclosed so that such Third Parties undertake to maintain the confidentiality and security of its Customers’ Personal Information.
7.3. Introspect Technology will make its employees aware of the importance of maintaining the confidentiality of its Customers’ Personal Information. The persons who access Personal Information shall do so on a need-to-know basis.
Principle 8 – Openness
8. Introspect Technology makes readily available to individuals specific information about its policies and practices relating to the management of personal information.
8.1. Introspect Technology will ensure that any Customer can obtain information about its policies and practices concerning, without limitation:
b) The procedures for accessing the Personal Information Introspect Technology holds about the Customer;
c) The description of the type of Personal Information held by Introspect Technology, including a general account of its use.
Principle 9 – Individual Access
9. Upon request, Introspect Technology will inform any Customer of the existence, use, and disclosure of his or her Personal Information, and will give the Customer access to that Information. The Customer may challenge the accuracy and completeness of the Information and have it amended as appropriate.
9.1. Upon request made to the person in charge of access to and protection of Personal Information in Article 1 of this Policy, Introspect Technology will inform any Customer of the source of the Personal Information, and will give the Customer access to that Information, while indicating the use Introspect Technology is making or has made of the Personal Information and the Third Parties to which it has been or may have been disclosed. In the latter case, a list of the Third Parties may be sent.
9.2. The Personal Information requested by the Customer will be made available in an understandable form, within a reasonable time, and, if applicable, at minimal cost to the Customer.
9.3. Introspect Technology may require the Customer to provide it with enough Information so that it is possible to inform the Customer about the existence, use, and disclosure of the Personal Information. The Information thus provided shall be used only for this purpose.
9.4. Introspect Technology will make the necessary amendments, whether by correction, deletion, or addition, to a Customer’s Personal Information when the Customer successfully demonstrates the inaccuracy or incompleteness of his/her Personal Information to Introspect Technology. These amendments will be brought to the attention of the Third Parties who have access to the relevant information.
9.5. Moreover, any challenge that is not resolved to the Customer’s satisfaction shall be recorded in the Customer’s file and disclosed to the Third Parties who have access to the information in question.
9.6. In some cases, it may be impossible for Introspect Technology to provide the Customer with the Personal Information it holds about the Customer, and it will inform the Customer of the reasons why they are refused access to the Personal Information. These reasons may be, without limitation:
a) Accessing the Information would disclose confidential business information;
b) The Information is subject to solicitor-client privilege;
c) The Information relates to a litigious situation or has been obtained following a formal dispute resolution process;
d) The Information requested was obtained during an investigation of a contract dispute or of a violation of federal or provincial law;
e) Accessing the Information risks revealing Personal Information about another person or is likely to imperil another person’s life or safety;
f) The Information is prohibitively costly to provide;
g) Any other reason provided by Law.
Principle 10 – Challenging Compliance
10.1. Introspect Technology has put procedures in place to receive and respond to complaints and inquiries about its policies and practices relating to the handling of Personal Information.
10.2. Introspect Technology will inform the Customer who makes an inquiry or lodges a complaint with the person in charge of access to and protection of Personal Information (in Article 1 of this Policy) of the existence of relevant complaint procedures.
10.3. Introspect Technology will investigate each complaint and, if the complaint is found to be justified, Introspect Technology will take appropriate measures, including, if necessary, amending its policies and practices.