Privacy Policy
Approved by the API-Enfance Board of Directors on September 18, 2023.
Objective
The purpose of this policy is to inform Users of our Web Site and Web Application about the nature of their Personal Data that we collect, to explain how and for what purpose we process such Data and to recall the underlying legal framework.
Web Application about the nature of their Personal Data that we collect, to explain how and for what purpose we process such Data and to remind them of the underlying legal framework.
Definitions
Unless otherwise indicated in the text or inconsistent therewith, words and expressions beginning with a capital letter in this policy shall be interpreted as follows:
1) Organization
API-Enfance, a non-profit legal person incorporated under Part 3 of the Companies Act (RLRQ, c. C-38), having its head office at 1024, rue de Nouë, Québec, (Québec) G1W 4L3, registered in the Québec Enterprise Register under number 1175257550.
Contact details :
+1 (819) 200-0203
info@api-enfance.ca
2) Licensee
Refers to an establishment in the health and social services network, the education network, a daycare service, a community organization or an individual who has signed a Web Application license agreement with the Organization.
3) Website
Refers to the website created and developed by the Organization, accessible on the https://api-enfance.ca domain , and redirecting users to the Web Application.
4) Web Application
Refers to the application software hosted on a server and accessible via an Internet browser created and developed by the Organization and supporting in particular the Mots d'enfants™ program, including the Enhancements. Use of the Web Application does not require installation on physical computer hardware.
The Web Application includes, in particular, the following elements:
- the https://app.api-enfance.ca domain and all related applications,
- a User Management Module (Dashboard),
- Training Modules,
- a Technical Support Module.
5) User Account
Refers to an access created for a User wishing to access the Web Application.
6) Role
Refers to a set of permissions assigned on the Web Application to a User Account. The following Roles are available:
- Organization,
- Manager,
- Stakeholder,
- Parent.
7) User
Refers to the clientele served directly by the Licensee (children and their families or immediate guardians), as well as its officers, employees and contractors.
8) User
Means any User of the Licensee who is required to use the Web Application, or any person browsing the Site.
9) Personal data
Refers to any data that makes it possible to identify (directly or indirectly) a User, within the meaning of current legislation.
10) Cookies
Cookies are text files containing navigation data, created by websites when a user consults them. They enable websites to remember users' visits and preferences.
These files are automatically saved by the web browser on the user's device when they visit a website. The server of the website visited may keep a copy.
Cookies therefore contain personal information about users.
Policy
1) What Personal Data does the Organization collect?
About the Site
When you fill in a contact form, you agree to provide us with :
- a valid e-mail address,
- any personal data you choose to provide when you fill in the "Message" section of the contact form.
About the Web Application
When you agree to use the Web Application and a User Account is created for you, you agree to provide us with :
- your last name,
- your first name,
- a valid e-mail address,
- your choice of language for the Web Application.
You may provide the Organization with additional information such as :
- Your phone number,
- a profile photo.
When you log on to the Web Application, we automatically collect the following data:
- IP address used,
- Operating system,
- Internet browser used and version,
- Date and time of last visit,
- Clicks and interactions on the various pages:
o documents downloaded,
o videos viewed and viewing time,
o answers to questions, stimulus challenges and quizzes (multiple-choice questionnaires).
Some of the above data is collected in the form of a Cookie when you visit the Site and when you use the Web Application.
2) How does the Organization use my Personal Data?
Your Personal Data will only be used if there is an appropriate and relevant legal basis under current legislation. Thus, your Data will be processed either on the basis of our legitimate interests and/or on the basis of your explicit consent.
Our legitimate interests in processing your Data are as follows:
- manage and improve the Site and Web Application,
- manage your requests for contact or technical support via the Site and Web Application,
- detect and prevent fraud and other crimes, and manage risk on the Web Application.
When you agree to use the Web Application and a User Account is created for you, you explicitly consent to the collection of your Data. The provision of your consent is contractual and/or regulatory in nature. If you do not consent to the use of your Personal Data, none of your Personal Data entered when the Licensee created your User Account will be retained, and your User Account will be permanently deleted.
We need your explicit consent to process your Data for :
- deposit Cookies on your terminal,
- ensure you have a good experience on the Web Application,
- inform you of changes to our programs,
- conduct occasional clinical efficacy studies and/or program implementation
program implementation, in partnership with Licensees
(in which case your data will be anonymized).
By using the Site and Web Application, you authorize us to use your information in Canada and in any other country in which we may operate.
Should we wish to use your Personal Data for a purpose other than those mentioned above, we will contact you at your e-mail address to obtain your consent. In addition, if we make any material changes to the way in which we process your Personal Data and generally if we change this policy, we will notify you via the Site, the Web Application or by e-mail.
3) What cookies does the Organization use?
Your Personal Data will only be used if there is an appropriate and relevant legal basis under current legislation. Thus, your Data will be processed either on the basis of our legitimate interests and/or on the basis of your explicit consent.
Our legitimate interests in processing your Data are as follows:
- manage and improve the Site and Web Application,
- manage your requests for contact or technical support via the Site and Web Application,
- detect and prevent fraud and other crimes, and manage risk on the Web Application.
When you agree to use the Web Application and a User Account is created for you, you explicitly consent to the collection of your Data. The provision of your
consent is contractual and/or regulatory in nature. If you do not
consent to the use of your Personal Data, none of your Personal Data entered when the Licensee created your User Account will be retained, and your User Account will be permanently deleted.
We need your explicit consent to process your Data for :
- deposit Cookies on your terminal,
- ensure you have a good experience on the Web Application,
- inform you of changes to our programs,
- carry out occasional clinical efficacy studies and/or program implementation evaluations, in partnership with Licensees (in which case your data will be anonymized).
By using the Site and Web Application, you authorize us to use your information in Canada and in any other country in which we may operate.
Should we wish to use your Personal Data for a purpose other than those mentioned above, we will contact you at your e-mail address to obtain your consent. In addition, if we make any material changes to the way in which we process your Personal Data and generally if we change this policy, we will notify you via the Site, the Web Application or by e-mail.
4) How can I manage the cookies stored by my browser?
The issue and use of Cookies by third parties and the storage of your personal data by these third parties are subject to the privacy policies applied by these third parties. The Cookies issued on the Site and/or Web Application by third parties as a result of integrated third-party applications are :
Cookies required
These Cookies are necessary to enable the basic functionalities of the Site and Web Application to function, such as authentication.
Bubble
bubble.io
Bubble is a tool that lets you create web applications without using computer code.
Our Web Application was developed using this tool.
Privacy policy
Twilio (SendGrid)
ahoy.twilio.com, assets.twilio.com, customers.twilio.com, interactive.twilio.com, investors.twilio.com, pages.twilio.com, reports.twilio.org, showcase.twilio.com, signal.twilio.com, static0.twilio.com, static1.twilio.com, status.twilio.com, support.twilio.com, transform.twilio.com, twilio.com, twilio.org, www.signal2022.com, www.twilio.com, www.twilio.org
Twilio is a digital communications company that enables users to create voice, VoIP and SMS applications via an application programming interface.
Privacy policy
Functional cookies
These Cookies enable us to analyze your use of the Site and Web Application in order to provide you with a better experience. For example, by remembering your login details or browser language.
Amazon (Web Services)
s3.amazonaws.com, s3.us-east-1.amazonaws.com, twilio-cms-prod.s3.amazonaws.com
Amazon Web Services provides reliable, low-cost digital data storage to hundreds of thousands of users in over 190 countries.
Privacy Policy
Weglot
Weglot is an application that automatically translates websites and web applications into many languages. We use it for our website only.
Privacy policy
Vimeo
f.vimeocdn.com, i.vimeocdn.com, player.vimeo.com, vimeo.com
Vimeo is a video-sharing platform that allows users to upload, share and watch videos.
Privacy policy
5) How long does the Organization keep my personal data?
We retain your personal data for the time necessary to fulfil the purposes for which it was collected, within the limits :
- three (3) years from your last visit to the Site,
- two (2) years from the last connection to your User Account on the Web Application.
If your personal data is no longer required by us or upon the occurrence of these deadlines, it will be securely and permanently deleted, unless it is necessary to keep it for a longer period.
6) Where is my personal data stored?
Site user data is stored on DomainePlus servers, located in Montreal, Canada.
Web Application User data is stored on Amazon
AWS servers located in Oregon, United States of America.
7) Can I request the deletion of my personal data?
You have a number of rights under current legislation:
- right of access,
- rectification or deletion,
- to limit the processing of your personal data,
- a right of opposition,
- a right to the portability of your personal data.
Where the collection and processing of your data is based on your consent, you have the right to revoke it. Thus, at any time, you may exercise your rights and make a request for consultation, rectification or deletion of your personal data to the Organization's Privacy Officer at the following e-mail address confidentialite@api-enfance.ca or by post at the following address :
Hortense Massin
Assistant General Manager
API-Enfance
1024 de Nouë Street
Québec (Qc) G1W 4L3
Canada
We undertake to respond to your requests within thirty (30) days of receipt of your e-mail or letter.
Please note that a Licensee's User Data may be permanently deleted by the Licensee's "Organization" Role User Account under the Web Application (and, subject to permission, by some of the Licensee's "Manager" Role User Accounts).
Finally, you also have the option of objecting to the continued collection and processing of your Data, based on our legitimate interests, by simply ceasing to use the Site and Web Application.
8) How is my personal data protected?
We implement all modern best practices to protect your data.
Security rules
In the Web Application, security rules (called "Permissions" in the dashboard, and "Privacy Rules" at server level) are used to restrict access to certain information and data for specific User Accounts. These rules are programmed by an expert programming firm based in Canada.
Thus, data collected on User Accounts associated with the Licensee are accessible by the Licensee's "Organization" Role User Account only, and by the Licensee's higher Role User Accounts if and only if these User Accounts have been linked together.
The data collected on all User Accounts is also accessible by the Organization's "Admin" Role User Accounts belonging to specific employees and subcontractors (General Management, Web Project Manager, and Web Developer). The latter have all signed a commitment to confidentiality, respect for professional ethics and compliance with the Organization's policies.
Encryption of data in transit
All traffic between your web browser and our web server (or those of our service providers) is encrypted using HTTPS/TLS. This enables us to guarantee the confidentiality of data in transit over the Internet.
Data storage
The data collected in the Web Application is stored on the servers of Amazon AWS, a company internationally recognized for its secure, certified data centers. All data circulating on the global AWS network interconnecting AWS data centers and regions is automatically encrypted at the physical layer.
Organizational measures
All employees use complex, unique passwords for authentication on company services.
9) Who else can access my personal data?
We use the services of several technical service providers, each of whom may have access to some of your personal data. These service providers are :
- Wordpress (website development),
- DomainePlus (site hosting),
- Vision Synergie (web development of the Site and Web Application),
- Bubble (web development of the Web Application),
- Amazon Web Services (hosting of the Web Application),
- Vimeo (video hosting for the Site and Web Application),
- Twilio (sending text messages via the Web Application),
- SendGrid (sending e-mail via the Web Application),
- FluskVault (Web Application security),
- Microsoft Office 365 (only for data collected via the Site's contact form).
In addition, we may transfer some of your Personal Data to law enforcement officials, judicial or administrative authorities, our legal counsel or any administrative authority. We may, if necessary, transfer your Personal Data to another province, country or international organization subject to an adequacy decision issued by the Government of Quebec, such as the European Union.
In the event that the province, third country or international organization is not the subject of an adequacy decision, we will only transfer your Personal Data on condition that appropriate guarantees are put in place concerning the security of your Personal Data and the effective exercise of your rights, under the conditions of the legislation in force.
Finally, under no circumstances may your Personal Data be sold, rented, made available or distributed in any way whatsoever.
10) What is the current legislation?
The Organization is responsible for the protection of the personal information it holds within the meaning of section 3.1. SECTION I.1 of Quebec's Act respecting the protection of personal information in the private sector.
We also pay close attention to compliance with protective provisions relating to privacy and the processing of Personal Data, and in particular to European Regulation No. 2016/679 of April 26, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC or General Data Protection Regulation (GDPR), which finds its application in France within the law of January 6, 1978 known as " Informatique et libertés ".
If you have any questions or complaints about security and personal data, you can contact the Organization's Privacy Officer at the following e-mail address: confidentialite@api-enfance.ca or by post at the above address.
Users located in Quebec may lodge a complaint with the Commission d'accès à l'information (CAI). Users located in France may also lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL).