Your Personal Data will only be used if there is a proper and relevant legal basis under current legislation. Thus, your Personal Data is processed either based on our legitimate interests and/or based on your explicit consent.

Our legitimate interests in processing your Personal Data are as follows:

– manage and improve the Website and Web Application,
– manage your requests for contact or technical support via the Website and Web Application,
– detect and prevent fraud and other offenses, and to manage risks on the Web Application.

When you agree to use the Web Application and a User Account is created for you, you explicitly consent to the collection of your data. The granting of your consent is contractual and/or regulatory in nature. If you do not consent to the use of your Personal Data, none of your Personal Data entered when the Licensee created your User Account will be kept and your User Account will be permanently deleted.

We need your explicit consent to process your Personal Data for :

– deposit Cookies on your terminal,
– ensure you have a good experience on the Web Application,
– inform you of changes to our programs (if any),
– carry out occasional clinical efficacy studies and/or program implementation evaluations, in partnership with Licensees (in which case your data will be anonymized).

By using the Website and the Web Application, you authorize us to use your information in Canada and in any other country in which we may operate

We expressly acknowledge that we will not use your Personal Data for any other purpose without your consent. Furthermore, we will only collect Personal Data to the extent necessary for the purposes stated above.

If we wish to use your Personal Data for a purpose other than those mentioned above, we will contact you via your e-mail address to obtain your consent. In addition, if we make any significant changes to the way we process your Personal Data and if we change this policy in any way, we will notify you through the Website, the Web Application or by email.

The issue and use of Cookies by third parties and the storage of your Personal Data by these third parties are subject to the privacy policies applied by these third parties. Cookies issued on the Website and/or Web Application by third parties because of integrated third-party applications are:

Required Cookies

These Cookies are necessary to enable the basic functions of the Website and Web Application to work, such as authentication.

Bubble
bubble.io
Bubble is a tool that lets you create web applications without using computer code.
Our Web Application was developed using this tool.
Privacy Policy

Twilio (SendGrid)
ahoy.twilio.com, assets.twilio.com, customers.twilio.com, interactive.twilio.com, investors.twilio.com, pages.twilio.com, reports.twilio.org, showcase.twilio.com, signal.twilio.com, static0.twilio.com, static1.twilio.com, status.twilio.com, support.twilio.com, transform.twilio.com, twilio.com, twilio.org, www.signal2022.com, www.twilio.com, www.twilio.org
Twilio is a digital communications company which enables users to create voice, VoIP and SMS applications via an application programming interface.
Privacy Policy

Functional Cookies

These Cookies enable us to analyze your use of the Website and Web Application to provide you with a better experience. For example, by remembering your login details or your browser language.

Amazon (Web Services)
s3.amazonaws.com, s3.us-east-1.amazonaws.com, twilio-cms-prod.s3.amazonaws.com
Amazon Web Services provides reliable, low-cost digital data storage infrastructure to hundreds of thousands of users in over 190 countries.
Privacy Policy
Service Terms

Vimeo
f.vimeocdn.com, i.vimeocdn.com, player.vimeo.com, vimeo.com
Vimeo is a video-sharing platform which allows users to upload, share and watch videos.
Privacy Policy

We are not responsible for the privacy practices of other sites you may click on while using our Web Application or when you browse our Website and encourage you to read their privacy policies.

You can view, limit or delete the data stored in cookies at any time by going to your browser settings. You can also configure your browser to block Cookies or to send an alert message before a Cookie is installed on your computer.

Limited Cookie management may result in limited access to all Website and Web Application functionalities. Thus, the above-mentioned required cookies will still be stored on your computer. This is part of our legitimate interests.

We store your Personal Data for as long as is necessary to fulfill the purposes for which it was collected or to comply with any legal or regulatory obligation, within the limits of:

– three (3) years from your last visit to the Website,
– two (2) years from the last connection to your User Account on the Web Application.

If your Personal Data is no longer required by us or upon the occurrence of these deadlines, it will be securely and permanently deleted, unless it is necessary to keep it for a longer period.

Personal Data of Website Users are stored on DomainePlus servers, located in Montreal, Canada and on Microsoft servers located in Quebec City, Canada (for contact form submissions).

Personnal Data of Web Application Users are stored on Amazon AWS servers, located in Oregon, United States of America.

• Right of access and rectification
  Following applicable laws on the protection of Personal Data, you have the right to ask us whether we hold any Personal Data about you and to obtain a copy of it, where appropriate and subject to any exceptions. You also have the right to rectify any Personal Data that is inaccurate, incomplete or equivocal, or if its collection, communication or retention is not in compliance with or authorized under the Act respecting the protection of personal information in the private sector, RLRQ, c. P-39,1.

• Withdrawal of consent
  Subject to any applicable law, you have the right to withdraw your consent to the collection of your Personal Information, in which case you will no longer have access to the Web Application and your User Account will be deleted.

• Right of deletion
  In certain circumstances, including if the collection of Personal Data is not authorized by any applicable law, if such Personal Data is out of date or not justified by the purpose of the collection, you have the right to have such Personal Data removed from our possession. We undertake to grant a right of access and rectification to persons concerned and wishing to consult, modify or delete information concerning them.

• Right to be forgotten
  You may ask us to stop issuing Personal Data about you, or to de-index any hyperlink attached to your name that allows you to access this information by technological means, if such dissemination contravenes the law or a court order. You may do the same, or request that the hyperlink providing access to this information be re-indexed, if the dissemination of this Personal Data causes you harm by violating your reputation or privacy.

• Right to data portability
  You have the right to ask us to communicate to you in a structured and commonly used technological format, in a written and intelligible form, any computerized Personal Data that we have collected from you. This communication may also, at your request, be made to a person or organization authorized to collect your Personal Data.

• Right to information on processing
  You also have the right to ask us for information about the processing of your Personal Data, including the type of Personal Data we hold and how we process it.

• Right to unsubscribe from our mailing list
  You have the right to ask us, at any time, to unsubscribe you from our mailing list if you have subscribed to it.

Where the collection and processing of your Personal Data is based on your consent, you have the right to revoke it. Thus, at any time, you may exercise your rights and make a request to consult, rectify or delete your Personal Data, ask any questions and raise any concerns about this Policy, or if you wish to file a complaint or have any doubts about a potential privacy incident relating to Personal Data, to the Organization’s Information Privacy Manager at the email address: privacy@api-enfance.ca or by mail at the following address:

Simon Marcoux
IT Manager
API-Enfance
1024, rue de Nouë
Québec (Qc)
G1W 4L3
Canada

We are committed to responding to your requests within thirty (30) days of receipt of your e-mail or letter.

Please note that a Licensee’s User Data can be permanently deleted via the Licensee’s “Organization” Role User Account on the Web Application (and, subject to permission, by certain User Accounts in the Licensee’s “Manager” Role).

Finally, you can also object to the continued collection and processing of your Data, based on our legitimate interests, by simply ceasing to use the Website and Web Application.

Best Modern Practices
We use industry-standard methods to protect the confidentiality, security, and integrity of Users’ Personal Data against unauthorized use, access, disclosure, alteration or loss, as well as unlawful or accidental destruction

Encryption of data in transit
All traffic between your web browser and our web server (or those of our service providers) is encrypted using HTTPS/TLS. This enables us to guarantee the confidentiality of data transmitted over the Internet.

Data storage
We ensure that all data on the Site and Web Application is retained or deleted only in accordance with this policy.

The data collected in the Web Application is stored on the servers of Amazon AWS, a company internationally recognized for its secure and certified data centres. All data circulating on the global AWS network interconnecting AWS data centres and regions is automatically encrypted at the physical layer.

IT security
We are committed to maintaining the security of our systems and services through regular updates. We make constant improvements and apply patches (also known as “fixes”) to ensure the efficiency, optimum performance and security of our systems. These updates may include modifications to enhance security, correct bugs or improve functionality. We reserve the right to make such updates without notice, while ensuring that this does not interfere with the User experience and that this policy is adhered to at all times. Each change or update is evaluated by a tool to detect potential security flaws.

We carry out periodic risk and vulnerability assessments, as well as compliance audits relating to data confidentiality and security.

We promptly rectify any security vulnerabilities that are identified. We have also adopted an IT Security Incident Response Policy, which provides for three-day notification to Users in the event of a security or privacy incident, and sets out best practices for responding to the compromise of Users’ Personal Data.

Use of third-party software and platforms
We declare that we monitor the use of third-party software and platforms to ensure that they are supported and up-to-date.

Event logging
We maintain accurate event logs that records the actions of Web Application Users within the system for security reasons. This practice enables us to identify, understand and respond appropriately to any unusual or suspicious behavior, as well as any possible breach of security.

Organizational measures
All employees use complex and unique passwords for authentication on company services. Double authentication on the Site and Web Application is required for employees with access to Users’ Personal Data.

We do not informally share with our employees the User Personal Data referred to in this policy. Only employees who need it to perform their duties may access it. In such cases, the principle of minimum access rights applies, i.e. each employee is granted the most restricted access possible to enable him or her to carry out his or her duties.

In addition, employees with access to Users’ Personal Data are trained in their responsibilities when processing the data, and in the various laws and policies applicable to security.

Security Rules
In the Web Application, security rules (called “Permissions” in the dashboard, and “Privacy Rules” at the level of the server) are used to restrict access to certain information and data for specific User Accounts. These rules are programmed by an expert programming firm located in Canada.

Thus, data collected on User Accounts associated with the Licensee can be accessed by the Licensee’s “Organization” Role User Account only, and by the Licensee’s higher Role User Accounts if and only if these User Accounts have been linked together.

Data collected on all User Accounts can also be accessed by the Organization’s “Admin” Role User Accounts belonging to specific employees and subcontractors (General Management, Web Project Manager, and Web Developer). They have all signed a confidentiality agreement, professional ethics and compliance with the Organization’s policies.

Maintaining the conditions for protecting your Personal Data
We undertake to maintain a level of security for your Personal Data equivalent to that presented in this policy throughout the duration of the service.

Limitation of liability
Although we are committed to implementing best practices with regard to the security of information and Users’ Personal Data, it is impossible for us to guarantee total security in this respect, since virus and hacking technologies are constantly evolving and there are other risk factors, such as unforeseeable hardware or software failures. Consequently, we cannot be held responsible for any loss or alteration of Users’ Personal Data. We will notify any User by e-mail of a security breach affecting them within three days of discovering the situation.

If you would like to know more, please consult our IT Security Incident Response Policy, or write to us at privacy@api-enfance.ca.

To support the provision, maintenance, protection and improvement of our services, we share some of your Personal Data with a small group of trusted partners and suppliers. These process it on our behalf and in accordance with our instructions, this policy and any legal privacy and security requirements. These companies only have access to the information required to provide the services provided by API-Enfance. These companies are :

– Wordpress (Website development),
– DomainePlus (Website hosting),
– Vision Synergie (web development of the Website and Web Application),
– Bubble (web development of the Web Application),
– Amazon Web Services (Web Application hosting),
– Vimeo (hosting videos of the Website and Web Application),
– Twilio (e-mail and SMS sending via the Web Application),
– SendGrid (sending email via the Web Application),
– FluskVault (securing the Web Application),
– Microsoft Office 365 (only for data collected via the Website’s contact form).

In addition, we may transfer some of your Personal Data to law enforcement officials, judicial or administrative authorities, our legal counsel or any administrative authority. We may, if necessary, transfer your Personal Data to another province, country or international organization that is subject to an adequacy decision issued by the Government of Quebec, for example the European Union.

If the province, third country or international organization is not the subject of an adequacy decision, we will only transfer your Personal Data on condition that proper guarantees are put in place concerning the security of your Personal Data and the effective exercise of your rights, under the conditions of the legislation in force.

Finally, under no circumstances will your Personal Data be sold, rented, made available or distributed in any way whatsoever.