Last updated: November 14, 2023
This policy records the measures and practices that West Island Carpet Cleaning Inc (the “Company” or “we” or “us” or “our”) has in place to govern its management of personal information and to safeguard the personal data of its clients. The latter are defined as individuals whose personal information the Company collects through direct or indirect interaction with an authorized representative of the Company or through the https://westislandcarpetcleaning.com/ website, (the Website) (the Clients or you). The objectives of this policy are explained in Section 4 below.
In this document, the term personal information refers to any data collected by the Company that allows, alone or in combination with other data, to directly or indirectly identify a Client.
The main purpose of this policy is to inform customers:
- the methods used by the Company to obtain personal information;
- what types of personal information are collected by the Company and for what purpose that collection is made;
- how the Company may use the personal information and to whom it may disclose it;
- the rights you have in relation to the personal information collected by the Company, such as access to your personal information or to request rectification of inaccurate personal information, if applicable;
- the various security arrangements established for the Company to maintain the confidentiality of personal information;
- regarding the retention, destruction and/or anonymization of personal data, as well as how to contact the Company to ask questions, share comments or file a complaint in connection with this policy.
By providing personal information to the Company through direct or indirect interaction with an authorized representative of the Company or through your use of the website, you agree that the Company may collect, use, disclose and retain such information in accordance with the terms set forth in this policy.
The Company reserves the right to change the terms, conditions and conditions of this policy at any time in its sole discretion. By using the Services (as defined in Section 4 below) after receiving this version, you expressly accept all changes made.
This current Policy and any amended version are subject to the law in force in the province of Quebec.
- How does the Company collect personal information?
The Company collects personal information in the following ways: (i) when individuals voluntarily provide such information to an employee or authorized representative of the Company in writing, by email or verbally, (ii) the information we collect from other companies and public bodies (including companies with which the Company is affiliated) during your use of the Website.
Personal information provided when using the Website may be transmitted either directly (e.g. via an online form or email) or automatically (see the list of personal information collected automatically in Section 3).
- What personal information does the Company collect?
The personal information that the Company may collect is as follows:
- Your surname, first name and contact details (postal address, e-mail address, telephone number);
- Your date of birth, gender and preferred language;
- Personal information that you provide to us in the course of performing the Services (as defined in Section 4 below) that could be considered sensitive data, including:
- financial information needed to conduct credit checks and collect deposits and payments (credit card number, mortgage approval, tax slips, credit inquiry report, etc.);
- Interactions and communication history with us, including call recordings, chat sessions, and instant messaging conversations, including through our social media platforms;
- Personal information you create while using our services (complaints, inquiries, reviews, comments, and survey responses);
- Personal information provided when applying for employment or recruitment with the Company (such as curriculum vitae, details of education, work experience, and professional affiliations);
- Personal data that you are required to provide or are asked to provide to the Company due to your relationship with the Company (for example, if you are a director or employee of the Company: social insurance number for employees and financial information for employees, photos of employees for publication on the website, and identification documents for each director of the Company in accordance with the law mainly aimed at improving corporate transparency);
- Personal data collected automatically during your use of the Website (see section 3).
- To ensure the proper functioning of the website and to achieve the purposes related to the personal information listed below, the Company must automatically collect or via cookies the personal information of customers visiting the website:
- The domain of their Internet Service Provider;
- Their IP address;
- Their browser (Explorer, Firefox, Safari, etc.) and operating system (Windows, Mac OS, etc.);
- The date and time of their visit;
- Their country of origin;
- The pages viewed and the duration of the visit;
- The address of the referring site; and
- Crash data.
As soon as a customer logs in to the website, all this data is collected automatically. Some of this personal information is obtained by placing cookies or temporary web beacons. These files or tags are also used to improve the performance of the website and some of its features.
- Why does the Company collect personal information?
The Company collects your personal information for the purpose of:
- To provide support, information, recommendations and resources related to the transactions you would like us to carry out (collectively referred to as the Services);
- Comply with applicable laws and regulations;
- When using the Services, the Company sends notifications and alerts to provide you with specific information. To do this, it uses profiling technology that must be activated by the customer on the website.
- Generally, we want to get in touch with you to provide you with various information about our services and offer you products or services that may be of interest to you;
- Conduct regular check-ins to ensure your satisfaction with the provision of the Services;
- Promote the development, improvement and promotion of the Services by producing and disseminating anonymized statistical data based on the personal information of various customers;
- Measure the impact of the Company’s strategies to attract traffic to the Website;
- Determine the data provided by the Company and the actions taken that captivate the attention of visitors to its website;
- Determine what actions taken by our partner sites have led to visitor acquisition;
- Optimize the effectiveness of the Website in attracting and retaining visitors;
- Determine the legislation governing the protection of visitors’ personal information; and
- If necessary, the Company will review your application for employment or employment.
Unless otherwise provided by law, the Company will seek your consent before using your personal information for purposes other than those listed above.
- With whom might the Company share your personal information?
As a general rule, the Company uses its clients’ personal information only for internal purposes. However, it may share this information with the following persons or entities:
- Employees and delegates who require access to personal information to fulfill the purposes set out in Section 4 above;
- To external service providers with whom the Company has signed a contractual agreement obliging the relevant external service provider to implement appropriate measures:
- Ensure the confidentiality of the personal information shared;
- Ensure that the personal information shared is used exclusively in the course of providing the services it is responsible for performing on behalf of the Company;
- Ensure that the personal information shared is not retained beyond the conclusion of the contract mentioned;
- Immediately notify the Company of any breach or attempted breach by an individual of any obligation related to the confidentiality of the personal information transmitted, and
- Authorize the Company to conduct any verification regarding the confidentiality of personal information shared. For example, the service provider responsible for hosting and maintaining the website may access personal information in the specific context of performing its services under a contractual agreement with the Company;
- to any other person or entity, in accordance with the requirements or authorizations of applicable law, or with the consent of the relevant Customer.
In order to fulfil the purposes set out above, the Company may share your personal information outside of Quebec. However, this will only be done after a Privacy Impact Assessment confirms that the receiving party can ensure adequate protection of the information, consistent with generally accepted principles of privacy. In such situations, the Company enters into a contract with the entity receiving your personal information, obliging it to comply with various conditions ensuring the protection of your data, including, but not limited to, all the conditions set out in Section 5 previously mentioned.
- What measures does the Company take to ensure the confidentiality of your personal information?
The Company implements adequate physical, technological, and administrative safeguards to secure your personal information and reduce the risk of unauthorized and/or unlawful access, use, disclosure, and destruction.
Without limiting the scope of the above, the Company will:
- Checks the identity and criminal records of all its employees and representatives;
- asks each of them who has access to personal information to sign a confidentiality agreement;
- implements access control restricting access to personal information to only those employees and authorized representatives who have a need to know; stores personal information on physical media held in locked premises accessible only by authorized Company personnel; and
- Stores personal information on a secure technological medium, namely the information system provided by the Electronic Document Management Providers.
This system is equipped with an identification and authentication system designed to restrict access to your personal information to authorized individuals who require such access to fulfill the purposes listed in Section 4 above.
In addition, specific security mechanisms are built into the Website to ensure the protection of your personal information, including:
- All communication between servers and users’ devices is encrypted;
- All user passwords are encrypted;
- Every communication between servers and users’ devices is encrypted. Similarly, users’ passwords are also subject to encryption. The Company’s IT service provider is obliged to comply with various security obligations, such as periodic assessments of security practices and processes, as well as constant monitoring of the software components of the Website and their updates.
- How does the Company respond in the event of a confidentiality incident?
The Company maintains a register of confidentiality incidents in accordance with applicable legislation. If an incident poses a serious risk of harm, the Company will take the necessary steps to inform you, in accordance with the legislation. The risk assessment takes into account the sensitivity of the information in question, the anticipated consequences of its use, and the likelihood of harmful use.
- How long is your personal information retained?
The Company retains your personal information for as long as necessary to fulfill the purposes for which it was collected listed in Section 4, and in accordance with applicable legal requirements. Once this period has elapsed, your information is disposed of in a secure manner.
The Company reserves the right to close a client’s file once the agreed work completed, or in the case of employees, after a continuous period of at least seven (7) years from the end of employment, subject to statutory obligations providing for different retention periods. The closure of a file results in the complete and permanent destruction of the personal information it contains, or its anonymization for serious and legitimate purposes. For files of clients who are not employees or representatives of the Company, the destruction or anonymization of personal information generally occurs after six (6) years from the date of closure of the file, in accordance with legislated retention periods.
In this Policy, the term “anonymization” refers to the process by which personal information becomes irreversibly unable to directly or indirectly identify the customer with whom it is associated.
- How can you verify, correct, update and/or obtain a copy of your personal information?
The Company acknowledges the right of its Clients to access, correct, update, and obtain a copy of their personal information by submitting a written request to the Company using the contact information provided in Section 13 below. In the event of such a written request being sent to the Company, the Company must, in accordance with the Act, verify your identity and respond in writing within a maximum period of thirty (30) days from receipt of the said request. Any request that is not processed within this period shall be deemed to have been refused.
A request to rectify personal information will be granted in certain circumstances, including:
- The personal data is inaccurate;
- Personal data is outdated;
- Personal data is ambiguous;
- Personal data is incomplete; or
- The personal data was collected in an unjustified manner.
If the Company accepts a client’s request for a copy of the computerized personal information, it will ensure that the copy is provided in a structured and commonly used technological format, either directly to the client or to any person or body authorized by law to receive such information. However, this provision does not apply if disclosure in this format poses serious practical difficulties, or with respect to computerized personal information created or inferred from other personal information.
If the Company refuses to respond to a request for access, rectification or update made by a client, it must explain the reasons for this refusal and inform the Client of the remedies available as well as the time limit for exercising them. If requested by the Client, the Company shall also provide assistance to assist the Client in understanding the reasons for the refusal.
If a client sends a written request to the Company to this effect, the Company may stop disseminating personal information about him or her and/or remove or re-establish the hyperlinks associated with his or her name, depending on the criteria established by the legislation in force at the time.
In theory, there should be no charge for a customer’s use of a right set out in this section. However, a reasonable fee may be charged to the relevant customer to cover the costs of transcribing, reproducing or transmitting their personal information. In this case, the customer will be informed of the amount of the fee before their request is processed.
- How can you withdraw your consent to the use or disclosure of your personal information?
Provided that you comply with your contractual obligations towards the Company and applicable law, you have the option to revoke or modify your consent to the use or disclosure of your personal data. To do so, please submit a written request to the Company, the contact information provided in section 13 below.
Please take into consideration that withdrawing or changing your consent may affect the Company’s ability to effectively use the personal information collected in accordance with Section 4 of the current Policy, and thus impact our services to you.
- How do I file a complaint?
Please feel free to submit any concerns you may have about our privacy practices, practices and policies by sending a letter to our Privacy Officer, whose contact information is set out in Section 13 of this Policy.
Any report will be handled directly by our Data Protection Officer. A response will be sent to you within 30 days of receipt of the report. If the report is accepted, you will be provided with a brief summary of the actions taken in response to it.
If you are not satisfied with the processing of your complaint, you can also contact the Commission d’accès à l’information du Québec. You can file a written complaint with the Commission at the following link: https://www.cai.gouv.qc.ca/diffusion-de-linformation/services-et-formulaires/.
- The Company is not responsible for, and has no obligation to, any Third-Party Products.
- How do I contact the Company’s Privacy Officer?
We take care of the management of your personal information. For example, we have appointed a data protection officer within our Company. If you wish to exercise any of your rights, ask questions, make comments or make a complaint about our policy or the processing of your personal data, please contact that person using the contact details provided.
It is important to note that the Company must first verify your identity before processing any requests, questions, comments, or complaints addressed to its Privacy Officer:
PERSONAL DATA SECURITY OFFICER:
David Jones 514-772-2073