Privacy Policy

Privacy Policy

Cyvault™ Confidentiality Policy

Introduction

Cyvault™ places great importance on protecting your personal and confidential information in accordance with applicable laws, including Quebec’s Law 25. This policy aims to explain how we collect, use, disclose, and protect personal information.

Applicable Laws

This policy complies with Quebec’s Law 25, the Act respecting the protection of personal information in the private sector (RLRQ c. P-39.1), and other applicable data protection laws and regulations.

Collection of Personal Information

Cyvault™ may collect personal information such as your name, contact details (email address, phone number, address), and any other information necessary to provide our services. This information is collected directly from you during interactions with our website, services, or communications.

Use of Personal Information

We use your personal information to:

    • Provide the requested services.
    • Communicate with you regarding services, updates, and changes.
    • Ensure compliance with legal obligations.
    • Improve user experience on our platforms.

Consent and Rights

Your consent is required for the collection and use of your personal information, except in specific cases where legal exceptions apply (e.g., public safety). You can withdraw your consent at any time, subject to legal or contractual restrictions. Cyvault™ is committed to protecting your information and ensuring its confidentiality, as required by Quebec’s privacy law. You also have the right to request access to, correct, or delete your personal information, which will generally be processed within 30 days.

Disclosure of Personal Information

Personal information will not be disclosed to third parties without your consent unless required by law or to meet contractual obligations. If necessary, we share data with service providers who offer equivalent levels of data protection.

Security Measures

Cyvault™ implements strict security measures, including encryption, firewalls, and secure storage solutions to protect personal information from unauthorized access, loss, or theft. Regular audits and staff training reinforce our commitment to confidentiality.

Retention of Personal Information

Personal information is retained only for as long as necessary to fulfill the purposes described or to comply with legal obligations. Once these objectives are met, the information is securely destroyed or anonymized. All collected personal information will be securely destroyed according to definitive destruction methods accepted by Quebec’s Access to Information Commission (CAI). We ensure compliance with these standards to protect the confidentiality of personal data.

International Data Transfers

No personal information will be transferred internationally. All personal information is stored locally within our company in Quebec, in compliance with applicable data protection laws.

User Rights

You have the right to:

    • Access your personal information.
    • Request its correction or update.
    • Request deletion of your personal information in applicable cases (de-indexing).
    • Request your information in a technological format (portability).

Right to be forgotten or de-indexed

The right to ask search engines to remove links to web pages containing inaccurate, incomplete or out-of-date personal information, in particular if the dissemination of such information infringes your rights.

How to exercise this right?

Submit a request to the search engine operator, specifying the URLs to be deindexed and the reasons for the request.

Cyvault™ undertakes to respond to a request for de-indexing within 30 days of receipt.

At Cyvault™, there is no public indexing or online visibility regarding personal data. A de-indexing policy will be put in place in the event of a change to this effect.

Right to Request for access, withdrawal or correction

You may, subject to any regulatory or contractual restrictions, access, correct or destroy the personal information we hold about you.

We will provide you with such information within a maximum of 30 days from the date of receipt of the written request and in a structured, commonly used technological format.

Under certain circumstances, we may refuse to provide you with the requested information. Exceptions to your right of access include the fact that information cannot be disclosed for legal or security reasons. These limitations are described in Bill 64, sections 37 to 41 (An Act to modernize legislative provisions respecting the protection of personal information).

You may verify the accuracy and completeness of your personal information and, if necessary, request that it be amended. Any request for amendment will be processed within the framework of the Act.

Cyvault™ is required to respond within 30 days of the access request, with a possible extension of an additional 30 days if necessary.

Cyvault™ must make corrections within 30 days of receipt of the request.

How to exercise the right of access?

Submit a written request to Cyvault™’s Privacy Officer, specifying the information to which you wish to have access. Use the following form for your requests.

How to exercise the right of rectification?

Contact Cyvault™ specifying the inaccuracies and provide the correct information or documents to support the changes. Use the following form for your requests.

Right of Data Portability

You will have the right to receive the personal information you have provided to CyVault™, in a structured, commonly used format as specified by the Government of Quebec. You will have the right to transmit this personal information to a third party without CyVault™ impediment when the processing is based on your consent and the processing is carried out using automated processes.

This obligation of the right to data portability applies to sensitive data as defined in Loi modernisant des dispositions législatives en matière de protection des renseignements personnels.

Cyvault™ is obliged to respond within 30 days of the request, with a possible extension of a further 30 days if necessary.

How to exercise the right to portability?

Send a request to the Cyvault™ Privacy Officer to have your data provided in a portable format or transferred directly to another organization.

To better understand the distinction between the right of access to personal information and the right to portability please consult the following document, provided by the Secrétariat à la réforme des institutions démocratiques, à l’accès à l’information et à laïcité du Québec.

To exercise your rights effectively

    • Written requests: We recommend that you put your requests in writing and keep a copy.
    • Identification: Be prepared to provide proof of identity to prevent unauthorized access to your personal information.
    • Clarify your request: Clearly specify the information or action you are requesting to facilitate the process.
    • Follow-up: If you don’t receive a response within the allotted time, you can contact the Commission d’accès à l’information du Québec (CAI) for assistance.

Additional information :

    • Possible fees: Organizations are generally not authorized to charge fees for processing these requests, with the exception of reasonable fees in the case of excessive or repetitive requests. Please refer to the Fee Regulations for more information.
    • Refusal: If an organization refuses your request, it must give reasons for its refusal and inform you of your right to appeal to CAI.
    • Appeal: You have the right to appeal to the CAI if you are not satisfied with the organization’s response or lack of response: It is advisable to formulate your requests in writing and keep a copy.
            • * For more information on your individual rights, please consult the Commission de l’accès de l’information website.

Use of cookies

Our website uses cookies to enhance your experience. You can accept or decline the use of cookies via your browser settings.

Consenting to these technologies will allow us to process data such as browsing behavior or unique identifiers on this site. Failure to consent or withdrawal of consent may adversely affect certain features and functions.

  1. Technical or functional cookies: The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
  2. Anonymous Statistical Cookies: The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Contact information for the Privacy Officer

For any questions, concerns, exercise of personal rights or complaints regarding the protection of personal information, you may contact our Privacy Officer: Lama Raffoul

Privacy Officer, Cyvault™

  1. Email: protectionpr@cyvault.io
  2. Telephone: (514) 954-8833 EXT 122

Policy Update

Cyvault™ reserves the right to modify this policy at any time. Any changes will be posted on our website, and continued use of our services constitutes acceptance of such changes.

Complaints and remedies

If you have any concerns about our handling of your personal information, you may contact Cyvault™ at the above address (protectionpr@cyvault.io). If you are not satisfied with our response, you have the right to file a complaint with the Commission d’accès à l’information du Québec using the online complaint form. For further information on complaints and recourse, please consult the CAI website.

Confidentiality incidents involving personal information

In the event of a confidentiality incident compromising personal information, Cyvault™ undertakes to inform the persons concerned and the Commission d’accès à l’information. We will assess the risk of harm, take the necessary steps to mitigate the impact and report the incident within 72 hours of becoming aware of the incident.

In accordance with Law 25, we will keep a record of incidents and implement appropriate measures to prevent their recurrence, ensuring that all legal obligations relating to privacy and security are met.

For more information about this policy

If you have any questions about this policy, we invite you to contact us using one of the methods presented in the Contact Us section.