Privacy governance policy

01 - Objectives

  • This privacy governance policy describes how CO-ATTITUDE Inc. (collectively: « CO-ATTITUDE »(«we», «us», «our» or "our") ensures that your personal information is properly managed and protected.
  • At CO-ATTITUDE, The protection of your personal information is our priority. In order to meet your expectations, we take the necessary measures to protect personal information, manage data properly and ensure our employees' responsibility with regard to the protection of personal information.
  • Privacy means the effective protection and management of personal information by identifying, assessing, monitoring and mitigating privacy risks in the services and activities of CO-ATTITUDE that involve the collection, retention, use, disclosure and destruction of personal information.
  • The purpose of the Privacy Governance Policy (hereinafter referred to as the «Governance Framework» or the «Framework») is to articulate our vision, purpose and commitment to privacy, including the handling and protection of personal information, so that the privacy of our customers is respected. The Framework is intended as a reference document for visitors to our website and our customers (patients) (collectively: «Customers», «you», «your» or «yours»).
  • This Governance Framework does not apply to personal information that is public by law.

02 - Definitions

We define certain terms as follows:

Anonymization : Information concerning a person is anonymized when it is reasonable to conclude that it no longer allows that person to be identified directly or indirectly.

De-indexing personal information : Removing information to make it less visible, but still directly accessible.

Privacy governance :  it covers all the activities of CO-ATTITUDE to collect, use and disclose personal information in compliance with the law and regulatory guidelines; to protect personal information and manage the risks associated with the processing of such information.

Privacy incident :

Confidentiality incident:

a - Unauthorized access to personal information;

b - Unauthorized use of personal information;

c - Unauthorized communication of personal information;

d - The loss of personal information or any other breach of the protection of such information.

Personal information (this definition is specified in the Privacy Act) : information, regardless of form or medium, concerning an identifiable individual, in particular :

a - information relating to race, national or ethnic origin, color, religion, age or marital status;

b - information relating to his or her education, medical record, criminal record, employment history or financial transactions in which he or she has been involved;

c - any unique number, symbol or other identifier;

d - address, fingerprints or blood type;

e - his personal opinions or ideas, excluding those relating to another individual or to a proposal for a grant, award or prize to be granted to another individual by a federal institution or prescribed subdivision thereof;

f - any correspondence of an implicit or explicitly private or confidential nature sent by him to a federal institution, as well as the institution's replies insofar as they reveal the content of the sender's correspondence;

g - other people's ideas or opinions about him;

h - the ideas or opinions of another individual concerning a proposal for a grant, award or prize to be granted by an institution, or subdivision thereof, referred to in paragraph e), excluding the name of that other individual if that name is mentioned with the ideas or opinions;

i - his or her name when it is mentioned along with other personal information about him or her, or when disclosure of the name alone would reveal information about him or her;

Third parties : Any natural or legal person outside CO-ATTITUDE who is not a member of our organization or staff. The third party may include suppliers, distributors, subcontractors, other contractors, partners, consultants, other external bodies, etc.

Contact information for the person responsible for the protection of personal information
  1. The person responsible for the protection of personal information is Séverine Mazur, President-Secretary. She can be reached by telephone at 438-864-7646 or by e-mail at : info@coattitude.com.
  2. This person is responsible for :
  • Receive and process access and rectification requests in compliance with privacy and confidentiality requirements;
  • Dealing with confidentiality incidents;
  • Receive and handle complaints involving the protection of personal information;
  • Maintain a register of confidentiality incidents;
  • Maintain a filing list of documents to enable retrieval and inventory of personal information files.
  1. If you have any questions about the application of this Privacy Governance Framework, please contact the Privacy Officer.
Collection of confidential information
  1. CO-ATTITUDE collects personal information from customers, website visitors, subcontractors and employees.
  2. In general, CO-ATTITUDE collects personal information directly from the person concerned and with his or her consent, unless an exception is provided for by law.
  3. Consent may be implied in certain situations, for example, when the individual decides to voluntarily provide his or her personal information in the course of voluntary CO-ATTITUDE, This is the case when a new customer is hired, for example, or when a customer file is opened.
  4. In all cases, we will only collect personal information if we have a valid reason to do so. In addition, collection will be limited to the information we need to fulfill the purpose for which it is collected.
  5. Unless an exception is provided for by law, we will seek the consent of the person concerned before collecting personal information about him or her from a third party.
  6. Considering that we may also collect personal information by technological means, we have adopted a Privacy Policy available HERE (privacy policy above on the web page).
Information provided at the time of collection of personal information

When we collect personal information, we make sure to inform the person concerned, at the latest at the time of collection:

  1. The purposes for which the information is collected;
  2. The means by which information is collected;
  3. Whether the request is mandatory or optional;
  4. The consequences of refusing to respond or consent to the request;
  5. The rights of access and rectification provided by law;
  6. The possibility that personal information may be disclosed to third parties;
  7. Upon request, the person concerned is also informed of the personal information collected from him or her, and the categories of people who have access to it within the company. CO-ATTITUDE and how long this information will be kept.
Use of personal information
  1. CO-ATTITUDE undertakes to use the personal information in its possession solely for the purposes for which it was collected and for which it is authorized by law to use it. It may, however, collect, use or disclose such information without the consent of the individual concerned, where permitted or required by law.
  2. In certain special circumstances, CO-ATTITUDE may collect, use or disclose personal information without the knowledge or consent of the individual concerned. Such circumstances arise in particular when, for legal, medical or security reasons, it is impossible or unlikely to obtain consent, when such use is clearly for the benefit of the person concerned, when it is necessary to prevent or detect fraud, or for any other serious reason.
  3. CO-ATTITUDE  limits staff members' access to personal information and knowledge of a personal nature that is necessary for the performance of their duties.
GUIDING PRINCIPLES for the protection of personal information

Our guiding principles for the protection of personal information are as follows:

  1. We value and respect the customer data in our possession and provide our customers with a clear understanding of how it is used and for what purposes.
  2. We support our employees in understanding their data handling responsibilities, and we respond to Customer requests in a timely and helpful manner to provide a seamless and efficient experience.
  3. We place our customers at the heart of all changes and improvements by adopting innovative practices and integrating privacy principles into everything we do.
  4. We collaborate with employees and ensure effective and secure management of customer data in all our operations to build and maintain customer trust.
  5. We make decisions about how customer data is handled in compliance with legislative obligations, privacy best practices and based on ethical standards.
  6. We take proactive rather than reactive measures, preventive rather than corrective.
  7. We ensure that personal information is systematically protected in computer systems and internal practices, so that customers do not have to take any action.
  8. Privacy safeguards should not be an afterthought, but rather a fully integrated part of the system.
  9. Ensure data lifecycle security by storing data securely, then destroying it when it is no longer useful.
MEASURES to protect confidential information

To fulfill our commitment to the protection of personal information, we focus our efforts on the measures described below, which, when combined, provide a comprehensive set of mechanisms to protect your personal information. Responsibility for these mechanisms rests with the various managers of CO-ATTITUDE , The Privacy Officer is responsible for fulfilling his or her mandate and assisting CO-ATTITUDE to respect its commitment to the protection of personal information.

Program design and execution

We integrate our Privacy Guidelines and Privacy Principles into the development, operation and management of all programs, processes, solutions and technologies that involve personal information. We take into account the need for effective and timely service delivery and privacy protection to ensure the protection of the most sensitive information.

Privacy policy

We are responsive and transparent in our communications with you to ensure that you are aware of your privacy rights and how we use and manage your personal information, for example through our privacy policy.

Authentication

In order to protect your personal information, we validate the identity of our Customers using: portals or systems, telephone or in-person consultations, login processes or two-factor authentication.

Identity management

We also manage employee credentials to ensure that only authorized employees have access to personal information for authorized purposes.

Provision of information

  1. In principle, CO-ATTITUDE  cannot communicate the personal information it holds on a person without that person's consent.
  2. However, CO-ATTITUDE  may disclose personal information to a third party without the consent of the person concerned when the disclosure is required by law or regulation, or when permitted by law.
  3. When exchanging confidential information, we integrate privacy requirements into all communications to facilitate the proper handling and protection of personal information.
  4. The main approaches to protecting personal information are as follows:

Service providers and third-party partners

We incorporate security and privacy controls and requirements into all our interactions with third-party service providers.

Data anonymization

We take the necessary steps to anonymize all personal information before disclosing it in order to respect privacy.

Sharing information with authorized third parties

We strive to incorporate the appropriate level of privacy safeguards into all information exchanges with authorized third parties, such as financial institutions, payment systems, external databases and authorized representatives.

Internal and external controls

  1. CO-ATTITUDE takes the necessary precautions and measures to protect personal information against external and internal threats.
  2. The main approaches to protecting personal information are as follows:

External control

We protect customers' personal information against external threats, such as cyber attacks and phishing, by using firewalls and virus detection and intrusion prevention software, collecting threat intelligence to monitor and detect breaches, and validating multiple data points, such as setting up a password manager.  

Internal control

We protect personal information against insider threats by using automated solutions to detect, track and verify suspicious user transactions on our systems. CO-ATTITUDE. For information security purposes, we also implement the principles of minimal system access (employees only have access to the information they need to do their job), need-to-know (information is only accessible by those who need it to do their job) and segregation of duties.

Employee awareness

We support our employees in their understanding of privacy responsibilities and governance obligations to enhance our privacy culture.

Data and file management

We take steps to effectively manage the personal information in our possession so as to maintain its accuracy, ensure that it is used only in the course of our business, and retain it only as long as necessary and as required by applicable law.

Privacy Impact Assessments and Personal Information Banks

CO-ATTITUDE conducts a Privacy Impact Assessment (PIA) for all information system acquisition, development and redesign projects or electronic service delivery projects involving personal information. The privacy impact assessment carried out shall be proportionate to the sensitivity of the information concerned, the purpose for which it is to be used, its quantity, distribution and medium.

CO-ATTITUDE can use the guide developed by the Commission d'accès à l'information «Guide d'accompagnement - Réaliser une évaluation des facteurs relatifs à la vie privée (www.cai.gouv.qc.ca/documents/CAI_Guide_EFVP_FR.pdf)» to carry out the Privacy Impact Assessment, where applicable.

Verification and compliance testing

We confirm that personal information is handled in accordance with our privacy obligations and legislative requirements through ongoing audits and monitoring.

  1. Confidentiality incident management
  • When CO-ATTITUDE has reason to believe that a privacy incident involving personal information held by us has occurred, we take reasonable steps to reduce the risk of harm being caused and to prevent further incidents of a similar nature, which may include sanctioning the individuals involved.
  • When the incident presents a risk of serious harm to the people whose information is involved, CO-ATTITUDE  notify in writing :

The Commission d'accès à l'information via the prescribed notice form (https://www.cai.gouv.qc.ca/documents/CAI_FO_avis_incident_confidentialite.pdf);

The person(s) concerned. The notice must provide adequate information on the scope and consequences of the incident. The notice must contain :

  1. A description of the personal information involved in the incident. If this information is not available, the organization must provide the reason why this description cannot be provided.
  2. A brief description of the circumstances surrounding the incident;
  3. The date or period when the incident took place, or an approximation of this period if not known;
  4. A brief description of the measures taken or envisaged to reduce the risk of damage being caused as a result of the incident;
  5. Measures proposed to the person concerned to reduce the risk of harm being caused or to mitigate it;
  6. The contact details of a person or department that the person concerned can contact to obtain further information about the incident.
  7. CO-ATTITUDE keeps a register of confidentiality incidents, the content of which is determined by law. The information contained in the register of confidentiality incidents is kept up to date and retained for a minimum period of five (5) years after the date or period during which CO-ATTITUDE became aware of the incident.

Ransomware - Specific intervention

If the security incident is ransomware, the following steps will be performed:

  1. Immediately disconnect any devices affected by the ransomware from the network;
  2. Examine the ransomware and determine how it infected the device;
  3. Contact the authorities to report the incident;
  4. Once the ransomware has been removed, a full system scan will be performed using antivirus or other security software to confirm that it has been removed from the device;
  5. If the ransomware cannot be removed from the device, the device will be reset;
  6. Before proceeding with the reset, a check will be made to ensure that nothing is infected by malware;
  7. If the data is critical and needs to be restored, but cannot be recovered from unaffected backups, decryption tools will be used (e.g. those available from nomoreransom.org);
  8. CO-ATTITUDE's policy is not to pay the ransom, subject to the stakes involved;
  9. Protect systems from further infection by implementing patches to prevent new attacks.

Hacking - Specific intervention

If it has been confirmed that account hacking has occurred, the following steps will be taken:

  1. Notify customers, employees, subcontractors, suppliers, distributors and partners of CO-ATTITUDE that they may receive fraudulent e-mails from us, and specify not to respond or click on any links in such e-mails.
  2. Check whether CO-ATTITUDE still has access to the hacked account. If not, contact platform support to try to regain access.

Change the password used to connect to the hacked platform. If the password is reused elsewhere, it will be changed.

  1. Enable two-factor authentication for the platform.
  2. Delete non-legitimate connections and devices from the connection history.

Loss or theft of a device - Specific intervention

If it has been confirmed that a loss of equipment has occurred, the following steps will be taken:

  1. The theft or loss of an item such as a computer, laptop, tablet or mobile device will be reported immediately to the local police authorities;
  2. If the lost or stolen device contains sensitive data and is not encrypted, a sensitivity analysis of the type and volume of stolen data will be carried out;
  3. If possible, lock and/or deactivate lost or stolen mobile devices and perform remote data wiping.

Retention of personal information

  1. CO-ATTITUDE retains the personal information it holds for the time necessary to fulfill the purposes for which it collected it and in accordance with its retention schedule, unless otherwise required by applicable law or regulation. 
  2. CO-ATTITUDE ensures the quality of the personal information it holds. In this sense, personal information is kept up to date, accurate and complete in order to serve the purposes for which it was collected or used.  
  3. Personal information does not need to be kept up to date unless it is necessary for the purposes for which it was collected. However, if the information is to be used to make a decision, it must be up to date at the time the decision is made.
  4. Depending on the nature of the personal information, it may be held at the offices of CO-ATTITUDE, This information is stored in our various computer systems, in the systems of our service providers or in our storage facilities.
  5. CO-ATTITUDE implements security measures to ensure that personal information remains strictly confidential and is protected against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
  6. These security measures may include organizational measures such as restricting access to what is necessary; backing up and archiving data using an external system; technological measures such as the use of passwords and encryption (for example, frequent password changes and the use of firewalls).

Request for access to personal information

  1. Any person who so requests has a right of access to personal information about him or her held by CO-ATTITUDE, subject to the exceptions provided by law.
  2. A request for access can only be considered if it is made in writing by a natural person who can prove his or her identity as the person concerned or as an authorized representative.
  3. This request must be addressed to the person responsible for the protection of personal information as indicated in our privacy policy. The request must provide sufficiently precise information to enable him/her to process it. If the request is not sufficiently precise, or if an individual so requests, the person in charge shall assist in identifying the information sought.
  4. The Privacy Officer must respond in writing to the request for access with diligence and no later than thirty (30) days from receipt of the request. Failure to respond within thirty (30) days of receipt of the request shall be deemed to constitute refusal to grant access.  
  5. Access to personal information is free of charge. However, a reasonable fee may be charged for the transcription, reproduction or transmission of such information. If we intend to charge a fee under the law or under this clause, we will inform the requester of the approximate amount payable before transcribing, reproducing or transmitting the information.
  6. The Privacy Officer shall give reasons for any refusal to grant a request and indicate the provision of the Act on which the refusal is based, the remedies available to the applicant under this Act and the time limit within which they may be exercised. He must also assist the applicant in understanding the refusal.
  7. We must refuse to give an individual access to personal information concerning him or her when its disclosure would likely reveal personal information about a third party or the existence of personal information about a third party and such disclosure would be likely to seriously harm the third party, unless the third party consents to its disclosure or in the case of an emergency endangering the life, health or safety of the person concerned.
  8. We may disclose to the spouse or close relative of a deceased person any personal information we hold about that person, if knowledge of the information is likely to help the applicant in his or her grieving process and the deceased person has not recorded in writing his or her refusal to grant this right of access.
  9. Subject to the preceding clause, we must refuse to disclose personal information to the liquidator of the estate, the beneficiary of life insurance or death benefit, the heir or successor of the person to whom the information relates, unless disclosure would jeopardize the interests and rights of the person requesting the information as liquidator, beneficiary, heir or successor.
  10. Any interested person may submit to the Commission d'accès à l'information a request for review of a disagreement relating to the application of a provision concerning access to personal information.
  11. We may ask the Commission d'accès à l'information to authorize us to disregard requests that are manifestly abusive in terms of their number, repetitive or systematic nature, or requests that, in the Commission's opinion, do not comply with the purpose of the law. We can also ask the Commission to narrow down the applicant's request or to extend the time limit within which we must respond.

Rectification request

  1. Any person who receives confirmation of the existence of personal information concerning him or her may, if the information is inaccurate, incomplete or ambiguous, or if its collection, communication or retention is not authorized by law, demand that the information be rectified.
  2. A natural person who proves his or her identity as the person concerned or as an authorized representative may submit a written request for rectification to the person responsible for the protection of personal information, providing sufficiently specific information to enable the person to process the request.
  3. When granting a request for rectification, CO-ATTITUDE  issues, free of charge, to the person who made the request, a copy of any personal information that has been modified or added, or, as the case may be, an attestation of the removal of personal information.
  4. Any interested person may submit to the Commission d'accès à l'information a request for review of a disagreement relating to the application of a provision concerning the rectification of personal information.

Destruction of personal information

  1. As a general rule, once the purposes for which personal information was collected or used have been fulfilled, we irreversibly destroy or anonymize it and use it for other purposes. 
  2. Original documents containing personal or confidential information are destroyed in a secure manner. When we destroy documents containing personal information, we take the necessary precautions to ensure their confidentiality. CO-ATTITUDE  determines the destruction method to be used according to the sensitivity of the information, the purpose for which it is to be used, its quantity, distribution and medium.
  3. In the event that CO-ATTITUDE wishes to destroy the original documents following their digitization, it will respect the following conditions: (1) the information contained in the digitized documents has not been altered and has been maintained in its entirety; (2) the digitization as well as the medium used to preserve the digitized documents must ensure the stability and durability of the documents. CO-ATTITUDE chooses a medium or technology on which to store its documents that enables it to meet these conditions.

The following is a list of techniques that can be used for the final destruction of documents:

  1. Document support
  2. Destruction methods
  3. Paper
  4. Shredder
  5. Digital media to be reused or recycled
  6. (Example: flash memory card (SD card, XD card, etc.), USB stick, computer hard drive, etc.).
  7. Formatting, rewriting, digital shredding (software that performs a secure deletion and writes random information to the location of the deleted file)
  8. Non-reusable digital media
  9. (Example: CDs, DVDs, flash memory cards, USB sticks and hard disks that will no longer be used)
  10. Physical destruction (shredding, crushing, surface grinding, disintegration, drilling, etc.).
  11. Most shredders are capable of destroying CDs and DVDs.
  12. Demagnetizer for hard disks.
  13. Machines with hard disks
  14. (Example: photocopier, fax machine, scanner, printer, etc.)
  15. Overwriting of information on the hard disk, or hard disk removed and destroyed when machines are replaced.

Scanning procedures

The person responsible for digitization :

  1. Physically prepares documents for scanning (removes paper clips and staples);
  2. Scans documents and remains present throughout the process to protect the integrity of scanned data;

Carries out an exhaustive verification of digitized documents to ensure the quantity, quality and integrity of the documents reproduced. It verifies that :

  1. Digitized documents are consistent with the source documents;
  2. The data is legible and of good quality;
  3. Duplexing has been carried out correctly, if necessary; if the duplexing option has left any blank pages, it eliminates them;
  4. Documents or pages have been scanned in the right direction.
  • Checks that the number of documents or pages is correct (if pages are missing, it resumes the entire scan);
  • Renames PDF files according to established naming convention;
  • Save the PDF file(s) in the appropriate software.

Process for handling complaints related to the protection of personal information

  1. Any person concerned by the application of this Governance Framework may lodge a complaint concerning the application of this Governance Framework or, more generally, concerning the protection of his or her personal information by CO-ATTITUDE .

Receipt of complaint

  1. Any person wishing to make a complaint concerning the application of this Framework or, more generally, the protection of his or her personal information by CO-ATTITUDE  must do so in writing to the person responsible for the protection of personal information identified in clause 16 hereof.
  2. The individual must provide his or her name, contact information, including a telephone number, as well as the subject of the complaint and the reasons for it, in sufficient detail to enable the person responsible to assess the complaint. If the complaint is not sufficiently precise, the person responsible for the protection of personal information may request any additional information he or she deems necessary to assess the complaint.

Complaint handling

  1. CO-ATTITUDE undertakes to treat all complaints received confidentially.
  2. Complaints are processed within a reasonable time. The person responsible for the protection of personal information shall evaluate the complaint and formulate a reasoned written response to the complainant.
  3. Complaints that are frivolous, defamatory or without obvious foundation may be rejected. In such cases, a justification will be provided to the complainant.
  4. Within 30 days following receipt of the complaint or following receipt of all additional information deemed necessary and required by the person responsible for the protection of personal information in order to process it, the latter must evaluate it and formulate a reasoned response in writing by e-mail to the complainant.
  5. The purpose of this assessment will be to determine whether CO-ATTITUDE's handling of personal information complies with the Framework in place within the organization and with applicable legislation or regulations.  
  6. If the complaint cannot be processed within this timeframe, the complainant must be informed of the reasons for the extension, the progress made in processing the complaint and the reasonable time required to provide a definitive response.
  7. The person responsible for the protection of personal information will propose appropriate solutions to resolve the complaint as soon as possible. Solutions may include corrective measures, financial compensation or any other action necessary to satisfactorily resolve the complaint.
  8. Once the complaint has been resolved, the Privacy Officer will provide a written response to the complainant summarizing the measures taken and the proposed solutions.
  9. You may also file a complaint with the Commission d'accès à l'information du Québec or any other privacy oversight body responsible for the application of the law concerned by the subject of the complaint.  

Complaint file

CO-ATTITUDE shall maintain a separate file for each complaint submitted to it under this complaint handling procedure. Each file contains the complaint, the analysis and documentation supporting its evaluation, as well as the written response sent to the complainant.

De-indexing personal information

  1. The purpose of this procedure is to provide a structured mechanism for managing requests to de-index personal information in order to limit their visibility.
  2. This procedure covers all information published on our online platforms, including our website, mobile applications, databases or any other digital medium used by CO-ATTITUDE.

Procedure

  1. Any person may submit his or her de-indexation request through specific channels such as the online form available on CO-ATTITUDE's website, the dedicated e-mail address or the telephone number.
  2. Before processing the request, the identity of the individual will be verified in a reasonable manner. This verification may be carried out in particular, but not exclusively, by requesting additional information or by verifying the individual's identity through the transmission of identity documents. If the applicant's identity cannot be satisfactorily verified, CO-ATTITUDE may refuse to comply with the de-indexation request.
  3. CO-ATTITUDE will carefully examine the requests and personal information concerned to determine their eligibility for de-indexation.
  4. There are also perfectly valid reasons why CO-ATTITUDE might refuse to de-index personal information, for example:
  • To continue providing goods and services to this person;
  • For legislative or regulatory reasons;
  • For legal reasons in the event of a dispute.
  1. CO-ATTITUDE will take the necessary steps to de-index personal information in accordance with requests for de-indexation deemed admissible.
  2. Any delays or problems encountered in processing applications will be communicated to the applicant.
  3. All requests for de-indexation of personal information, and the actions taken in response, will be recorded in a dedicated tracking system. This system will show details of de-indexation requests, dates of requests, decisions made, actions taken and results.

Entry into force and revision

  1. This Governance Framework is approved by the Privacy Officer.  
  2. It is complementary to our Privacy Policy. The Framework takes effect on the date of its approval. It remains in effect until it is repealed, amended or replaced by another Governance Framework.
  3. This Governance Framework may be updated periodically to reflect changes in our privacy practices and measures. It is your responsibility to periodically consult our Governance Framework to keep informed of our current practices.
  4. The revised Governance Framework will be posted on our website and the date of the last update is indicated at the bottom of this document. Changes will take effect as soon as they are posted on our website.

(Last version of this Governance Framework: dated September 26, 2023)

CoAttitude Inc. privacy and cookie use policy: reviewed by CoAttitude's lawyer, Jennifer Guay.

This Privacy Policy describes how CO-ATTITUDE Inc (collectively «CO-ATTITUDE», «we», «us» or «our») collects, uses and shares your personal information.

CO-ATTITUDE wishes to protect your identity and the personal information you share with us. This privacy policy applies to the personal information you provide while browsing our website.

Collection and use of personal information

You can browse our website without providing us with any personal information. However, we do collect personal information in the following cases:

  1. You book one or more services online;
  2. You request to be added to our mailing list or to receive other commercial communications;
  3. You register on our website as a user or member;
  4. You participate in one of our contests or promotions, answer a survey or provide a testimonial;
  5. Send us your comments or questions using the contact form on our website.

When you subscribe to our mailing list to receive our newsletter or other promotional or commercial communications, we may collect personal information such as :

  • your name and e-mail address. We will only contact you if you wish to be contacted. You are free to choose, at any time, not to receive our promotional communications by clicking on the «Unsubscribe» button that appears at the bottom of our electronic mailings.
  • To take advantage of some of the features on our Web site, you may need to register as a user or member. When you register, we ask you to provide your name and e-mail address. When you register online, we may ask for your consent to receive future marketing information. To withdraw your consent to such communications, please contact us.
  • When you enter a contest, participate in a promotion or respond to one of our surveys, we may collect your name, address, telephone number and e-mail address. We use this information to administer your participation in the contest or promotion and, in the case of surveys, to understand our customers and improve our products, services and promotions. When you register for one of our contests, promotions or surveys, we may ask for your consent to receive marketing information. To withdraw your consent to these communications, please contact us.
  • When you submit a comment or question via our contact form, we may collect personal information such as your name, phone number and e-mail address in order to respond to your comment or question. We also collect various types of information that you provide to us so that we can respond to your question.

Disclosure of personal information

  • Except as otherwise provided herein, we will not disclose, rent, sell, assign or trade personal information about our customers to third parties without their prior consent.
  • We may share your personal information with third parties who provide services on our behalf, such as processing payments, hosting our Web site, sending e-mail or other communications on our behalf, running contests and promotions, or analyzing the effectiveness of our advertising strategy. These service providers are not authorized to use or disclose personal information for any purpose other than to perform services on our behalf or as otherwise required by applicable law.
  • We and our service providers may be required to disclose your personal information in response to a search warrant, statutory investigation or order, contravention of law, or otherwise under applicable law or court order.
  • We may transfer the information we have about you in connection with a merger or sale in whole or in part, or in connection with a corporate reorganization, stock acquisition or other change of control, as this information may then be considered an asset.

Website information

  • When you visit our Web site, we collect information such as the browser you use, the time spent on our Web site, Web site usage patterns, and the domain name of the Web site from which you linked to our site. We collect this information to help us evaluate your experience on our Web site and improve it.

Indicators and pixels

  • Our Web site uses «cookies». A cookie is an element of data that our site can send to your browser, which may then be stored on your hard drive so we can recognize you when you return. We use cookies on pages of our Web site where you are prompted to log in or that are customizable. If you have registered with our Web site, these cookies help us identify you and may be necessary to provide you with the products or services you request. You can always set your browser to notify you when you receive a cookie.
  • Our website may also use «pixels». This technology enables us to see which pages of our website you visit. These «pixels» are used to help us optimize our website for you and future visitors, and to analyze our data in order to review our web and marketing strategies.

Google Analytics

  • Our website uses various technological tools, such as Google Analytics, to analyze visits to our website.
  • Using cookies, Google Analytics collects information about your browsing habits, such as the pages you visit, the date and time of your visit and the links you click. It also collects information about your computer's operating system, your browser language, the name of your Internet service provider and your geographical location. The data collected and your anonymized IP address are stored by Google on its servers. Google will only use this information to generate statistics and reports on your use of our website.
  • Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. You can install this browser add-on to disable Google Analytics : https://tools.google.com/dlpage/gaoptout?hl=fr. This module prevents Google Analytics from recording data about your visits to our website.

Use of Facebook and Instagram social plugins 

  • The Facebook social network plugin and the Instagram plugin are integrated into the pages of our website. The Instagram and Facebook Service is one of Meta's products. You can recognize the Facebook plugin on our website by the Facebook logo and the Instagram plugin by the Instagram logo. When you visit our website, the plugin establishes a direct connection between our browser and Facebook's servers. Facebook is thus informed that you have visited our website via your IP address. 
  • As the provider of the pages, we have no knowledge of the content of the data transmitted or their use by Facebook. You are solely responsible for the general use of Facebook. Further information can be found in Facebook's privacy policy., and it is your responsibility to read them: https://www.facebook.com/privacy/policy.
  • If you do not want Facebook to associate your visit to our website with your Facebook account, simply log out of your Facebook account.

Using the linkedin social plugin

Unsubscribe

  • If you no longer wish to receive our e-mails, please note that each time we send you an e-mail, we give you the opportunity to unsubscribe or remove your name from our mailing list.

Here's how to deactivate your member or user account:

Contact us via our contact form to unsubscribe or delete your account.

Security of personal information

  1. Access to personal information is permitted only to our employees, subcontractors and authorized service providers who require such information for the purposes described in this policy.
  2. It is your responsibility, in order to maintain a high level of security, to protect online access to your account with a password of your choice. We strongly recommend that you do not divulge your password to anyone.
  3. Notwithstanding the foregoing, you should be aware that no data transmission over the Internet can be considered absolutely safe and secure. Accordingly, we do not guarantee in any way that personal information will not be lost, misused or altered, and we assume no responsibility for personal information you transmit to us, nor for the use or misuse of personal information by you or third parties.
  4. It is your responsibility to take steps to ensure that the online payment of your appointment is secure. For example, if you're using a public computer, remember to log off when you're finished, and never share your passwords.

If we have reason to believe that a privacy incident involving personal information has occurred, we will take reasonable steps to minimize the risk of harm and to prevent similar incidents from occurring. If the incident involves serious harm, we undertake to notify the Commission d'accès à l'information and any person whose personal information is affected by the incident. Confidentiality incidents are recorded in a register. Confidentiality incident« means

  1. Unauthorized access to personal information;
  2. Unauthorized use of personal information;
  3. Unauthorized disclosure of personal information;
  4. The loss of personal information or any other breach in the protection of such information.

You may, free of charge, ask us for the personal information we hold about you, ask us to confirm its existence and ask us to give you access to this information by sending you a copy. The copy will be provided in a structured, commonly used technological format.

You may, free of charge, consult and have rectified the file we hold on you, if such a file exists, either to make a decision on it or to inform a third party. You may also have it reproduced for a reasonable fee, which you agree to pay on request. We cannot deny you access to the information contained in your file, if any, unless we have a serious and legitimate interest in doing so, or if such information is likely to seriously harm a third party.

You may ask us to correct inaccurate, incomplete or ambiguous information in a file concerning you, if such a file exists. You can also ask us to delete out-of-date information or information that is not relevant to the purpose of the file, if applicable, or make written comments and have them added to your file.

If you are concerned by confidential information we hold about you, you may ask us to stop distributing your information or to de-index any hyperlink attached to your name giving access to your information if such distribution causes you harm or contravenes the law or a court order.

Links to other sites

  • Our Web site may contain links to other Web sites or Internet resources, including those owned by our sponsors, partners or collaborators. When you click on one of these links, you are contacting another Web site or Internet resource that may collect information about you voluntarily or through the use of cookies or other technologies. We are not responsible for the privacy practices or the content of any sites owned and operated by third parties. As these other sites may collect and process the information they collect differently, we encourage you to carefully review and read the privacy policy of each site you visit.

Communications

  • At CO-ATTITUDE, The person responsible for protecting personal information is Séverine Mazur, President-Secretary. Please contact her: info@coattitude.com.
  • If you have any questions about our privacy practices or if you wish to access or correct your personal information, you can contact us by e-mail at the following address: info@coattitude.com.
  • Your right to access your personal information is subject to applicable legal restrictions. We may take appropriate steps to verify your identity before granting you access to such information. If we need to contact you regarding any event involving your personal information, we may do so by e-mail or telephone. 

Changes to this policy

  1. This Privacy Policy may be updated periodically to reflect changes in our privacy practices. It is your responsibility to periodically review our Privacy Policy to ensure that you are aware of our current practices.
  2. The revised privacy policy will be posted on our website and the date of the last update is indicated at the bottom of the policy. Changes will be effective upon posting on our website.

(Last version of this policy: dated September 26, 2023)

CONTACT