Privacy Policy
The Privacy Policy was last amended on July 13, 2023.
The Privacy Policy was last amended on July 13, 2023.
BEFORE USING THE WEBSITE AND OUR APPLICATIONS, PLEASE READ OUR PRIVACY POLICY CAREFULLY (the “Policy“).
This Policy addresses the protection of Personal Information (hereinafter defined) by AGENDRIX INC., doing business as AGENDRIX (hereinafter referred to as “Agendrix” or “we“).
We take special care to protect your Personal Information (as defined below) collected through our website www.agendrix.com and our applications (hereinafter collectively referred to as “Applications“) and through the Agendrix Products (hereinafter collectively referred to as, with the Applications, the “Platform“).
However, this Policy applies, in its entirety, only to Personal Information of the Applications users (hereinafter: “you“). Its purpose is to explain how we collect, use and disclose your Personal Information.
If you are an Authorized User of a Customer, any section of this Policy is applicable to you only where it specifically provides that it applies to such users. Each Customer is responsible for complying with the legal obligations applicable to persons who collect Personal Information about others and, in this respect, is responsible for obtaining valid consent for its collection, disclosure and use. In addition, the Customer shall be responsible for establishing its own privacy policy, determining the safeguards applicable to Personal Information and providing the persons concerned by such information with the means to exercise their rights.
In addition, this Policy does not apply to Personal Information about our employees, and Personal Information about our Subprocessors (as those terms are defined in Section 6 of this Policy).
Lastly, this Policy aims to comply with Canadian and Quebec laws relating to the protection of Personal Information and, where applicable, the General Data Protection Regulation (“GDPR“).
For the purposes of this Policy, the following definitions shall apply:
We collect only the Personal Information about you that is necessary to establish, manage and maintain our relationship with you. This collection is limited, in most cases, to the following Personal Information:
We may collect Personal Information through the Applications, when you sign a contract or, more broadly, when you interact with one of our employees or representatives by email, telephone or in person.
Personal Information that is entered by Authorized Users in their User Profiles is the responsibility of their Organizations.
Your consent to the collection, use or disclosure of your Personal Information must be freely given, unambiguous, and informed. It must be given for specific purposes.
Our policies and contracts are written in plain language to make it easier for you to understand the nature, purposes and consequences of the collection, use and disclosure of your Personal Information.
Depending on the nature and sensitivity of your Personal Information, your consent may be explicit (such consent may be given verbally, in writing or electronically) or implied (when you voluntarily provide Personal Information, for instance).
Generally, we will seek your consent, except where otherwise required or permitted by law. If you are an Authorized User, our Terms and Conditions require your Organization to obtain your consent, and we presume that it is acting within the limits set by law. In the event that you witness or experience a breach in this regard, you may notify us using the contact information provided at the end of the Policy.
By using the Applications, you consent to the use of your Personal Information in accordance with this Policy.
Cybersecurity is a priority for us. As such, we have adopted policies and practices to guide our governance of Personal Information. These policies and practices provide for the following:
These policies and practices are as follows:
In addition to these administrative measures, we implemented physical and technological measures that are reasonable taking into consideration the sensitivity, use, quantity, distribution and media of the Personal Information.
We take all reasonable steps to minimize the risk of a confidentiality breach. For instance:
The provisions of this section apply to Personal Information held by us about both Applications users and Authorized Users of our Customers.
Personal Information of the Applications users and of the Authorized Users of our Customers is used only for the following purposes:
Each Agendrix employee who uses Personal Information is bound by confidentiality obligations and has received appropriate training. In addition, he or she may only access Personal Information that is necessary for the performance of his or her duties. In the event of a breach, our governance policies and practices (see Section 4) provide for sanctions.
We only use Personal Information for the purposes stated above except where we are permitted by law, in very limited circumstances, to do so without your consent. Our Customers have the right to access the Personal Information they collect about their Authorized Users. To learn more, please review our Terms and Conditions and Acceptable Use Policy, pursuant to which they are required to implement security measures.
This section applies to Personal Information that we hold about both Applications users and Authorized Users of our Customers.
To Whom?
We may disclose Personal Information to third parties in specific circumstances permitted by law. The following section summarizes these circumstances and the steps we take to protect such information.
Service providers, agents, Subprocessors (“Subprocessors”)
We may enter into contracts with Subprocessors to provide a service to our Customers, such as a Platform feature. These Subprocessors may also provide a service to you directly on our behalf.
We believe in transparency and maintain an up-to-date list of Subprocessors to whom Personal Information we hold is disclosed.
The contract requires Subprocessors to:
Another party in a Business Transaction
We may enter into a contract with a third party for the purpose of a Business Transaction. Such a transaction is defined as the disposition or lease of all or part of our business or its assets, a change in our legal structure by merger or otherwise, the obtaining of a loan or other form of financing or a security interest taken to secure any of our obligations (“Business Transaction”).
The contract requires the other party to:
Legitimate authorities
In order to comply with a court order or decision, including a valid search warrant, or an order or decision of a regulatory authority, we may be required to provide Personal Information.
These authorities are required by their governing laws to establish measures to respect and preserve the confidentiality of your Personal Information.
We inform Customers of any requests from legitimate authorities to access Personal Information about their Authorized Users, unless otherwise stated by said legitimate authorities or provided by law. We decline to provide access where the request is not legally binding.
Our legal counsel
In order to defend or enforce our rights, we may, in certain circumstances, disclose your Personal Information.
Both the law and the retainer agreements we sign require our lawyers to protect the confidentiality of all our communications with them.
Where?
In the course of providing our services, we may disclose Personal Information outside Quebec, including in the following regions:
Personal Information is securely stored at Amazon Web Services (AWS) on servers located in Canada or the European Union. All Personal Information is encrypted on storage media.
Before disclosing Personal Information outside of Quebec, we conduct a privacy impact assessment that considers the sensitivity of the information, the purpose for which it will be used, the safeguards that will be provided, and the applicable legislation in the jurisdiction where the Personal Information will be disclosed.
Such disclosures will only be made if the assessment demonstrates that the Personal Information will be adequately protected. In addition, such disclosure will be subject to a written agreement that is based on all the findings of the assessment.
This section applies to Personal Information that we hold about both Applications users and Authorized Users of our Customers.
We retain Personal Information about you only as long as necessary to fulfill the purpose for which it was collected, to comply with legal retention requirements, and as long as necessary to protect our legitimate business interests. We reserve the right to establish Personal Information destruction policies from time to time. If you request the destruction of your Personal Information, we will use reasonable efforts to comply with your request as soon as possible.
Your User Account is deleted within 90 days following your request, although for technical reasons, some traces of your use may remain in our systems, including in connection logs and in backup copies for 12 months.
In addition, we ensure that temporary files created during the collection, use, or disclosure of Personal Information are properly deleted as soon as they are no longer required.
Please note that concerning Authorized Users of our Customers, they may have the right to retain certain information despite your request to delete it. Please contact your Organization’s Privacy Officer for more information on this issue.
ALL REQUESTS FROM AUTHORIZED USERS SHOULD BE DIRECTED TO THE PRIVACY OFFICER OF THEIR ORGANIZATION. EXCEPT TO INFORM YOU OF THE SOURCE OF SUCH PERSONAL INFORMATION, WE DO NOT RESPOND TO SUCH REQUESTS AS WE LIMIT THEIR USE TO THAT WHICH IS NECESSARY TO FULFILL THE CONTRACT WITH OUR CUSTOMERS AND DELETE THEM AS INSTRUCTED BY THEM. YOU CAN DIRECTLY MAKE CHANGES TO YOUR USER PROFILE WHEN AUTHORIZED BY YOUR ORGANIZATION.
For Applications users who are not Authorized Users of an Organization, you have the following rights:
If we refuse to rectify your Personal Information, we will allow you to place comments in your file in respect of the Personal Information for which rectification has been refused. We will also retain the Personal Information that has been the subject of an access request for as long as necessary to allow you to exhaust any recourse provided by law.
Definition
A cookie is a small text sent by a server to your browser, which it will send back the next time it connects to servers sharing the same domain name.
If you wish, you can set your browser to notify you when you receive cookies or to refuse them. You do not need to accept cookies to visit our Applications. However, if you refuse them, you could be unable to use some of their features.
Types of cookies used by Agendrix
Technical cookies: Technical cookies are used throughout the browsing experience to facilitate the use of the Applications. For example: a technical cookie may be used to remember your username to facilitate your login or to remember your preferences or options you have chosen.
Analytical cookies: These cookies are anonymous and are used to collect statistics on the use of the Applications.
Advertising cookies: These cookies may be added by the Applications or by other sites serving advertisements. These cookies collect information anonymously and build up your visitor profile.
The Privacy Officer at Agendrix is Charles Vallières. This function corresponds to that of the Data Protection Officer (DPO) under the GDPR.
If you have any questions or requests regarding the Policy, you can send an email to the following address: [email protected].
Agendrix reserves the right to change the content of this Policy at any time. Any changes will be posted on our Platform and brought to your attention when you log in. We recommend that you print a copy of this Policy for your records and review this section of our Platform periodically.
Language
Unless you wish to refer specifically to the English version of this policy, please consult the French version available on the following web page: Politique de confidentialité.
The Privacy Policy was last amended on July 13, 2023.