SECURITY AND PRIVACY POLICY

Introduction

With the development of new communication tools, it is necessary to pay particular attention to the protection of privacy. For this reason, we are committed to respecting the confidentiality of the personal information we collect.

The purpose of this policy is to expose users of the services offered by Iceberg Management.

Person in charge:
Julie Marie

[email protected]

1. Applicable law

In the course of using its services, Iceberg Management may collect personal information and you may provide it. The collection, use, disclosure and retention of your personal information are subject to the Act respecting the protection of personal information in the private sector (CQLR, c. P-39.1), which was updated with Bill 25.

2.  Personal Information

2.1. What is it?

Any information that relates to a natural person and that allows that person to be identified is considered personal.

Your personal information may include, but is not limited to:

  • Name and surname,
  • Email address,
  • And all information corresponding to your company.
  • RESUME
  • Cover letter

However, personal information will not be considered personal information that relates to the performance of a function within a company, such as his or her name, title and position, as well as the address, e-mail address and telephone number of his or her place of work.

2.2. Engagement

Iceberg Management is committed to ensuring the protection of the confidential information you entrust to us. If you voluntarily provide personal or otherwise confidential information by email or through a form, we will only use the information required to enable Iceberg Management personnel to respond to your message or follow up on your request. Electronic correspondence is treated with the same confidentiality measures as other written documents.

2.3. Who this policy applies to

The rules described in this policy apply to you if we collect your personal information by technological means in the course of our business.

3. When we collect your personal information and how we can limit its collection.

We collect personal information by technological means in the following situations:

  • Contact Forms
  • When you are a customer
  • Application Form

3.1. When you complete one of our contact forms

When you use this system, we collect the following personal information:

  • Your name and email address and other relevant information, to allow us to communicate with you in order to fulfill your needs;

List of forms:

  • Simple contact form
  • Comprehensive contact form
  • Newsletter Subscription Form
  • Mini-diagnosis

3.2. When you are a customer

If you become a client of Iceberg Management or if you start using our services, we may collect various information, including financial situation, filing of documents of all kinds with the government, personal information about directors, in order to be able to provide the service for which we have been retained.

It is your responsibility to ensure that the individuals to whom such personal information relates have consented to the collection, use, disclosure and retention of their personal information in the manner described herein.

3.3. When you apply for a job

When you apply for a job or internship, we collect the personal information necessary to evaluate your application and to contact you as part of the process.

We collect the following personal information :

  • Your resume, cover letter, email address, and phone number, through the Site

4. Situations in which we use your personal data

We may use the personal information collected for the following purposes, among other things:

  • To provide the requested service;
  • To confirm your identity and respond to your requests for information;
  • To improve our service offering;
  • To operate and improve the Website and our solutions while understanding users’ usage patterns;
  • To provide any other ancillary services associated with the requested service;
  • To meet the requirements of laws and regulations;
  • To control the quality of customer service and prevent errors and fraud.

5. Use of cookies

The Iceberg Management website does not place permanent cookies on visitors’ computers. However, a session cookie is used to optimize certain features of the website.  They are used for the purpose of increasing your user experience through the recording of certain data. You can choose whether or not to accept the use of these cookies, in which case your user experience on our websites may be reduced.

5.1. Cookies We Use on Our Websites

We may use cookies for the following purposes:

  1. Technical or functional cookies: Some cookies ensure that certain parts of a website function correctly and that your preferences as a user are taken into account. By placing functional cookies, it makes it easier to visit our websites. For example, you may not need to repeatedly enter the same information when visiting our websites since this information is stored in a cookie.
  2. Statistical cookies: Statistical cookies are sometimes used to optimize the user experience on our websites. With these statistical cookies, we can obtain information about the use of our websites.
  3. Marketing/Tracking Cookies: Marketing/tracking cookies are cookies or any other form of local storage used to create user profiles in order to display advertising or track the individual on one or more of our websites for similar marketing purposes.

5.2. Cookies used by our service providers

In some situations, one of our services may be provided by one of our third-party vendors, who may use cookies that will be stored on your computer or mobile device.

5.3. Managing cookies

Your browser or device can be set to refuse cookies or to delete them after they have been saved. Please consult the “Help” section of your browser or device for instructions. Please note that deleting or refusing these cookies may adversely affect your user experience.

6. Respect for your consent

When we collect, use and disclose your personal information, we always do so for specific purposes. Your consent is valid for as long as necessary to achieve these purposes. We may then retain your personal information for as long as necessary to fulfill our retention obligations described in the law and in our retention schedule.

We always respect the purposes for which we collected your personal information. If we wish to use or disclose your personal information for other purposes, we will ask for your consent, except as permitted by law.

7. Impact assessment

A Privacy Impact Assessment (PIA) on the use of personal information by our services and/or systems is conducted before any personal information is collected by Iceberg Management. When transfers are made outside of Québec, the impact on such transfer will also be realized and you will be notified.

8. Individuals and organizations to whom we may share your personal information

We may share your personal information with other individuals or organizations, if necessary to fulfill the purposes described in this policy or if permitted by law. The type of information you share depends on your situation.

We may share your personal information with the following individuals and organizations:

  • IT Solution Provider
  • External provider for our website
  • Zoho One Platform
  • Microsoft Server

9. We may disclose personal information outside of Quebec

We may disclose personal information outside of Quebec. If this is the case, we have carried out an impact study and then inform you to outsource these give.

10. Disclosure

We may disclose your personal information to any of our staff, professional advisors, suppliers, or contractors to the extent reasonably necessary to provide the requested services and for the purposes set out in this policy. If this happens, it will follow your consent.

Your personal information will not be disclosed to third parties other than in accordance with this Privacy Policy, except as required or permitted by law, or as ordered by a court of competent jurisdiction.

We do not sell your personal information to third parties.

11. How We Protect Your Personal Information

11.1. Limiting Access to Your Personal Information

Only staff members who need to process your personal information to perform their duties may access it. These individuals only have access to the information necessary to perform their duties.

We have established the roles and responsibilities of staff members throughout the lifecycle of your personal information, from collection to destruction. These roles and responsibilities are outlined in our Privacy and Governance Policy. We review them regularly to update them.

11.2. Implement robust security measures

To ensure the security of your personal information, we use the following measures:

  • SSL protocol
  • Firewall
  • Computers that are uniformly secured by Azure AD
  • Services managed by our IT vendors
  • Endpoint protection by a BDU
  • Security Information and Event Management
  • Multi-factor authentication
  • Security audits
  • Cyber Security Training and Awareness

11.3. We destroy your personal information after we have fulfilled our obligations

We retain your information for as long as necessary to fulfill the purposes described in this policy. Even if you no longer have a relationship with us, we need to keep your personal information for a certain period of time to comply with our legal obligations. As long as we retain it, we continue to protect your personal information and keep it confidential.

We have a retention schedule in place to clearly establish the retention period for certain types of information. Once this period has passed, we will destroy your personal information permanently and securely.

12. Your rights

12.1. Withdraw your consent

You may request to withdraw your consent to the use, disclosure and retention of your personal information.

In all cases, we may need to retain certain personal information to comply with our legal obligations. Generally speaking, we respect a data lifecycle that begins with the consent agreement and ends with the consent end date that results in the deletion of the data.

12.2. Accessing and Correcting Your Personal Information

You have rights related to your personal information. You can ask us:

  • To access it;
  • To correct or update them.

Here are the steps to process an application:

  1. You must send a written request to the Access and Privacy Officer. You can find their contact information at the beginning of this policy;
  2. We will process your request within 10 days of receiving it;
  3. You will receive our response in writing;
  4. We make sure to send you the data in a format that is readable for you.

12.3. Availing yourself of the privacy complaint process

You may make a complaint if you believe that the management of your personal information is not in accordance with this policy or the law. Here are the steps to process an application:

  1. You must send a written request to the Access and Privacy Officer. You can find their contact information at the end of this policy;
  2. We will process your complaint within 30 days of receiving all the information necessary to process it;
  3. You will receive your response in writing.
Portrait of the author

Iceberg Management