Privacy Policy

Privacy Policy and Protection of Personal Information

Date of publication: September 11, 2023

Thank you for choosing [ ZAA.CC ] Design web! Here we explain how we collect, use and process your information when we work on your visual identity, websites, software, applications, mailing lists and other features (hereinafter the “Services”).

This policy applies to our clients, members, partners and visitors (hereinafter the “Clients”).

The address of our website is: https://www.zaa.cc.

This privacy policy operates alongside the cookie policy and the governance framework.

Applicable Laws

This policy complies with the laws set out in the Personal Information Protection and Electronic Documents Act (PIPEDA).

For residents of Quebec, with Law 25, which modernizes legislative provisions respecting the protection of personal information.

For residents of EU countries, the General Data Protection Regulation (GDPR) governs all data protection policies, regardless of where the site is located. This privacy policy is intended to comply with the GDPR. If there are any inconsistencies between this policy and the GDPR, the GDPR will apply.

For residents of the State of California, this privacy policy is intended to comply with the California Consumer Privacy Act (CCPA). If there are any inconsistencies between this document and the CCPA, the state legislation will apply. If we identify any inconsistencies, we will amend our policy to comply with the relevant law.

Consent

Users agree that, by using our site or by accepting an estimate (work contract), they consent to:

  1. the terms set out in this privacy policy, and;
  2. the collection, use and retention of the data listed in this policy, and;
  3. the sharing of your data with trusted third parties that are part of our Information System, i.e. our human and material resources (hereinafter the “Information System”).

Where data is used for purposes other than the provision of Services, additional consent will be requested from you.

Privacy by Default

When we collect personal information by offering a technological product or service that has privacy settings, we ensure that, by default, these settings provide the highest level of confidentiality without any intervention by the person concerned.

In other words, the user should not have to change the settings to strengthen the protection of their personal information. Protection must be optimal as soon as the person begins to use the technological product or service.

Source: https://www.quebec.ca/gouvernement/travailler-gouvernement/travailler-fonction-publique/services-employes-etat/conformite/protection-des-renseignements-personnels/technologie-et-droit-a-la-protection-des-renseignements-personnels/protection-defaut

Data Collected and Reasons for This Collection

We collect and use the following information in order to provide, improve and protect the Services:

Account. We collect and associate with your account information such as your names, email addresses, telephone numbers, payment information, mailing address and access credentials (hosting, domain name, social networks, etc.).

Embedded content from other websites. Articles on this site may include embedded content (for example, videos, images, articles, fonts, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking and monitor your interaction with this embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

YouTube. Our website uses plugins from YouTube, operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages containing a YouTube plugin, a connection to YouTube’s servers is established. The YouTube server is informed of which pages you have visited. If you are logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to make our website appealing. This constitutes a justified interest within the meaning of Art. 6 (1) f) DSGVO. You will find further information on the processing of user data in YouTube’s data protection declaration at https://www.google.de/intl/de/policies/privacy.

Visit statistics. Through cookies, our website collects anonymous data about your browsing preferences, such as location, hardware and software details, the links a user clicks while using the site and the content the user views on our site.

The personal data collected on our site will be used only for the purposes specified in this policy or indicated on the relevant pages of our site. We do not use your data beyond what we disclose.

Sharing of Collected Data

We may share information as set out below, but we do not sell it to advertisers or other third parties.

Third parties working for [ ZAA.CC ] Design web. [ ZAA.CC ] Design web uses the services of trusted third-party companies that are part of our information system, i.e. our human and material resources. They help us provide, improve, protect and promote our Services. These third-party companies only have access to your information in order to carry out tasks on our behalf and in accordance with this Privacy Policy.

Public safety. We undertake not to sell or share your data with other third parties, except in the following cases :

  1. if required by law;
  2. if required for any legal proceedings;
  3. to prove or protect our legal rights or those of our Clients;
  4. to buyers or potential buyers of this company in the event that we seek to sell the company;
  5. to protect the property rights of [ ZAA.CC ] Design web.

If you follow hyperlinks from our site to another site, please note that we are not responsible for and have no control over their privacy policies and practices.

We attach great importance to the proper handling of your data. We comply with the following Principles for requests from authorities when we receive, review and respond to requests to access our Clients’ data:

  • Being transparent;
  • Resisting untargeted requests;
  • Protecting all clients;
  • Ensuring the security of the Services provided.

How We Protect Your Personal Data

Security. The data in your Account is encrypted. We implement practices to improve the security level of our Information System.

All data stored in our systems is well secured and is only accessible to members of our team. The members of our team are bound by strict confidentiality agreements, and a breach of this agreement would result in immediate termination of the contract.

While we take all reasonable precautions to ensure that user data is secure and that users are protected, there always remains a risk of harm. The internet as a whole can sometimes be unsafe, and therefore we are unable to guarantee the security of user data beyond what is reasonably practicable.

Retention, Deletion and Anonymization of Your Personal Data

We retain information for as long as is necessary for the proper functioning of the Services. Upon termination of Services, or if you so request, we delete this information. We retain this information for a maximum of 7 years after the termination of Services. Please note, however, the following: (1) deleting this information from our servers and backup storage systems may take some time; and (2) we may, if necessary, retain this information in order to comply with our legal obligations, resolve disputes and enforce our agreements.

Anonymization

Section 73 of the Act respecting access to documents is amended to provide that an organization may, once the purposes for which personal information was collected or used have been fulfilled, retain it by anonymizing it in order to use it for public-interest purposes. This is an option, not an obligation. If an organization does not perceive any benefit or added value in retaining anonymized personal information, it must simply destroy it.

Each year, between January and March, we delete and/or anonymize our clients’ personal data for statistical purposes. The visit statistics for our website are always anonymous. If we cannot anonymize data, we delete it.

Scope

Worldwide. In order to provide our Services, we may store, process and transmit information anywhere in the world, including outside your country. Data may also be stored locally on the devices you use to access the Services.

Minors

For EU residents, the GDPR specifies that persons under the age of 15 are considered minors for the purposes of data collection. Minors must have the consent of a legal representative for their data to be collected, processed and used.

Your Rights as a User

As a user, you have the right to access all the personal data we have collected. In addition, you have the right to update or correct any personal data in our possession, provided that this is permissible under the law.

You may choose to withdraw or modify your consent to the collection and use of data at any time, provided that it is legally permissible to do so and that you have informed us within a reasonable time.

Right to Information and Protection of Personal Information

How to Request, Modify, Delete or Challenge the Data Collected

If you would like a copy of the information we hold or if you would like your information to be deleted or modified in any way, please contact our privacy officer here:

Myriam-Zaa Normandin
400, rue Sainte-Catherine Est
Montréal (Québec) H2L 2C5
+1 514 723-2673

Your Rights

Your information will be provided to you in a structured, commonly used technological format to facilitate its reading (hereinafter the “Right to portability“).

The roles and responsibilities of the privacy officer are described on the Government of Quebec website.

We may disclose personal information during a bereavement process. For more information, see the Government of Quebec website.

We comply with the duty to assist incumbent on the person responsible for access to documents and the protection of personal information. For more information, see the Government of Quebec website.

Members of the Committee on Access to Information and Protection of Personal Information

  • Myriam-Zaa Normandin
  • Amélie Bérubé
  • Erick Frappier

Cookie Policy

A cookie is a small file, stored on a user’s hard drive by the website. Its purpose is to collect data relating to the user’s browsing habits.

There are so-called “third-party” cookies, which allow the profiling of a person, particularly for advertising targeting purposes. This type of cookie is disabled by default on our website.

You may choose to accept or disable different types of cookies on our website, but this may reduce the quality of your user experience.

See our Cookie Policy (CA)

In the Event of a Security Incident

When an incident presents a risk of serious harm to the persons concerned, we will promptly notify the Commission d’accès à l’information, the Royal Canadian Mounted Police or any other citizen-protection body. We will also notify the persons concerned by the incident, except where doing so is likely to hamper an investigation conducted by a person or body that, under the law, is responsible for preventing, detecting or repressing crime or offences under the law. As soon as informing them is no longer likely to hamper such an investigation, we will promptly notify the persons concerned.

Assessment of Harm

In the event of a confidentiality incident, we will assess whether it results in a risk of harm to a person whose personal information is concerned. We then consider several factors, including:

  • The sensitivity of the personal information, such as financial information or identity information;
  • The anticipated consequences of the use of this information, such as:
    • Identity theft;
    • Financial fraud;
    • A significant invasion of privacy.
  • The likelihood that this information could be used for harmful purposes.

Serious harm corresponds to an act or event likely to harm the person concerned or their property and to adversely affect their interests in a non-negligible manner. It may lead, for example, to:

  • Humiliation;
  • Damage to reputation;
  • Financial loss;
  • Identity theft;
  • Negative consequences for a credit record;
  • Loss of employment.

Keeping a Register             

We keep a register of all confidentiality incidents that we have been subject to, even those that do not present a risk of serious harm to individuals.

The Commission d’accès à l’information may consult the information compiled within this register, and a copy of it must be transmitted to it, upon request.

Procedure in the Event of a Confidentiality Incident

Here is the procedure to follow in order to meet the legal requirements (PDF 107 KB) provided for in sections 63.8 to 63.11 of the Act respecting access.

The following steps may be carried out simultaneously.

  1. Assess the situation. If we have reason to believe that a confidentiality incident involving personal information has occurred, we will:
    • Establish the circumstances of the incident;
    • Identify the personal information involved;
    • Identify the persons concerned;
    • Find the problem, whether it is an error, a vulnerability, etc.
  2. This assessment must continue until all the elements have been identified.
  3. Reduce the risks. We will promptly take the reasonable measures required to reduce the risks that harm, whether serious or not, will be caused and to prevent new incidents of the same nature from occurring, for example:
    • Cease the unauthorized practice;
    • Recover or require the destruction of the personal information involved;
    • Correct the IT shortcomings.
  4. Identify the nature of the harm. The objective is to determine whether the Commission d’accès à l’information and the persons concerned must be notified, as well as to establish the measures to be implemented to reduce the risks, in particular:
    • Enter a note in the records exposed to a risk of identity theft;
    • Require additional verifications.
  5. Record the incident in the register, whether or not the risk of harm is qualified as serious.
  6. If there is a risk of serious harm. We must:
    • Notify the Commission d’accès à l’information as soon as possible, even if we have not compiled all the information relating to the incident, and complete the declaration afterwards. We may thus notify the Commission d’accès à l’information of the incident and, later, confirm the number of persons concerned.
    • Notify any person whose personal information is concerned by the incident, unless such notice is likely to hamper an investigation. A delay may apply between the moment we become aware of the incident and the moment we notify the persons concerned. This delay may be necessary in order, for example, to identify the personal information involved, the persons concerned, the security breach and to seal it, or to avoid hampering an ongoing investigation.

These notices are mandatory.

  1. If there is a risk of serious harm: we will notify any person or body able to reduce this risk. To this end, we may only communicate the personal information that is necessary to pursue this objective. Obtaining the consent of the person concerned by the information transmitted is not required. However, the person responsible for the protection of personal information must record the communication in order to keep documentary records of it, such as:
    • To whom is this information communicated;
    • In what circumstances;
    • What information was transmitted;
    • What are the objectives of this process?

Changes

In the event of a reorganization, merger, acquisition or sale of our assets, your information may be transferred as part of that transaction. We will notify you (by sending a message to the email address associated with your account, for example) of such transactions and will indicate the options then available to you. We will carry out a privacy impact assessment, as described on the Government of Quebec website, to learn more.

This policy may be amended from time to time in order to maintain compliance with the law and to take account of any changes to our data collection process. We recommend that our users check our policy from time to time to ensure that they are informed of any updates. If necessary, we may inform users by email of changes made to this policy.

Contact Us

If you have any questions about [ ZAA.CC ] Design web, our Services and privacy, contact us at info@zaa.cc.