Last updated on: November 13, 2023
Your privacy is very important to us. For this reason, we are committed to doing everything we can to protect your personal information.
At Spritz, we strive to build reliable services and constantly improve your experience while rigorously implementing privacy and security practices. This policy details the types of personal data we may collect about you, the steps we take to keep it secure, and the rights you have regarding your personal information.
We encourage you to read this policy carefully and to familiarize yourself with our data practices. If you have any questions or concerns about this policy or your personal information, please contact us using the methods provided in the “Data Protection Officer” section of this policy.
Thank you for your trust and confidence in Spritz.
Our Commitment to Handling Your Personal Information
We have adopted a set of principles that guide our approach to how we handle the personal information of our customers and users.
Privacy as a design priority
We build privacy into the development and design of our services and products, ensuring that the protection of personal information is a fundamental consideration from the outset.
We are committed to being fully transparent about the nature of the data we collect, how we use it, and the circumstances in which it may be shared.
We are committed to actively informing our users about the use of their data in an understandable and accessible way, going beyond mere legal disclosure obligations.
Our data-processing decisions and practices are guided by a code of ethics that respects the spirit, and not just the letter, of privacy laws.
When introducing new technologies or practices, we carefully assess the potential impacts on privacy and work to minimize them before implementation.
Excellence in data protection
We strive to adopt industry best practices and continue to improve our processes to ensure the most robust protection of personal information.
Integrity and confidentiality
We are committed to ensuring the integrity and confidentiality of personal data by applying robust security measures that protect against unauthorized access, disclosure, alteration, and destruction.
We only work with partners who share our commitment to privacy and can demonstrate compliance with our high standards of confidentiality.
We respect the right of users to control their personal information, including access, correction, and deletion of their data.
Limitation of use
We only collect data that is strictly necessary to provide the services requested by our users—and nothing beyond that.
Data will not be collected, used, or disclosed without the clear and explicit consent of the user unless authorized or required by applicable law.
We are responsible for all personal information in our possession and take this responsibility seriously by maintaining privacy practices that comply with applicable laws.
Respect of your rights
We recognize and respect users’ rights regarding their personal information, in accordance with privacy legislation.
Update and maintenance
Response and communication
We are committed to responding within a reasonable time to any request or concern about the confidentiality and security of personal information.
We believe it is important for you to know what data we collect when you use our service and why. The types of data we collect are as follows:
Data provided by the user
This information is what you voluntarily provide to us when using our services, which may include:
● Full name and contact details (such as email address, telephone number).
● The content of any communications you send us (such as comments, questions, or information you provide in contact forms).
● Information about your professional experience when you send us your CV to apply for a job or internship.
Data collected automatically
Some data is automatically collected by our systems when you access our service, including:
● Browsing details such as your IP address, browser type, browser language, pages visited, and date and time of access.
● Device information such as operating system, unique device identifiers, and crash signals.
● Cookies and tracking technologies that collect information about your browsing habits and preferences.
Purposes of Data Collection
The data we collect is used to:
● First, to provide, manage, and maintain our services, and specifically our newsletter, our contact form, or our job and internship offers.
● Improve user experience and personalize your interaction with our service.
● Communicate with you, including sending you updates and service information, responding to your requests, and managing promotional communications.
● Reinforce the security of our service; detect and prevent fraud and unauthorized activity.
● Understand and analyze how you use our service in order to improve and develop new features and services.
● Comply with legal and regulatory requirements.
We will only collect, use, disclose, or process your personal information with your express consent or as required and permitted by law. When you use our service, we consider that you are giving us your consent to collect and use your personal information in accordance with this policy.
How to give your consent
Your consent may be given in a number of ways, including, but not limited to:
● By voluntarily providing personal information when using our site or service.
Withdrawing your consent
You have the right to withdraw your consent to the processing of your personal information at any time. If you decide to withdraw your consent, this may affect our ability to provide you with certain services or features of our site. To withdraw your consent, please contact us using the information provided in the “Data Protection Officer (DPO)” section of this policy.
Please note that the withdrawal of your consent does not apply to the processing of personal information that took place prior to your withdrawal, nor to the processing of personal information carried out on legal grounds other than consent.
Consent of minors
Cookies and Tracking Technologies
What is a cookie?
A cookie is a small text file stored on your device (computer, tablet, or smartphone) when you visit certain websites. Cookies are used to enable websites to function more efficiently, to improve user experience, and to provide information to site owners.
● Memorizing your preferences so you don’t have to re-enter them each time you visit.
● Collecting analytical information about how you use our site so that we can improve it.
● Tracking your browsing patterns to help us identify improvements to our information process.
Cookies can be “persistent” or “session”: persistent cookies remain on your personal computer or mobile device when you log out, while session cookies are deleted as soon as you close your web browser.
Types of cookies we use
● Required cookies: These cookies are essential to provide you with the services available on our website and to use some of its functionalities. For example, they allow you to connect to secure parts of our site and help the content of the pages you request to load quickly.
● Functional cookies: These cookies are used to recognize you when you return to our site. This allows us to personalize our content for you, greet you by name, and remember your preferences.
● Analytical cookies: These cookies enable us to recognize and count the number of visitors and to see how they move around our site when they use it. This helps us to improve the operation of our site, for example, by ensuring that users can easily find what they are looking for.
● Performance cookies: Performance cookies are used to understand and analyze the website’s key performance indicators, enabling us to provide visitors with a better user experience.
● Targeting/advertising cookies: Advertising cookies are used to provide visitors with personalized advertisements based on previously visited pages and to analyze the effectiveness of an advertising campaign.
● Uncategorized: Uncategorized cookies are those that are currently being analyzed and have not yet been categorized.
Your choice regarding cookies
You can personalize cookies by using our cookie manager.
You can also configure your browser so that it accepts all cookies, rejects all cookies, informs you when a cookie is issued, lets you know how long it is valid and what its content is, allows you to refuse to store a cookie on your device, and lets you delete your cookies periodically.
If you choose to block or delete cookies, this may affect certain features of our site and the quality of your user experience.
● Network Advertising Initiative: http://www.networkadvertising.org/choices/
● Digital Advertising Alliance: http://www.aboutads.info/choices/
Storage of Personal Information
We store your personal information only as long as necessary to fulfill the purposes for which it was collected, in accordance with our data storage policies and in compliance with legal and regulatory requirements.
How do we determine storage periods?
The storage periods for your personal information depend on a number of factors, including:
● Data type: Certain types of data may require a longer storage period due to their nature.
● Purpose of collection: We evaluate the length of time required to retain personal information based on the purpose for which it was collected and the need to keep a record of our interactions with you.
● Legal and regulatory obligations: In some cases, laws or regulations may require us to store certain information for a specific period of time.
● Contractual factors: If we have a contractual relationship with you, we may be required to store your personal information for the duration of that relationship and for a period after it has ended, in accordance with contractual provisions and legal obligations.
Once the storage periods have expired, we will securely delete or anonymize your personal information. If the data is no longer required for the purposes for which it was collected and there is no legal obligation to conserve it, we will take appropriate steps to delete it from our systems.
Updates to our storage policy
We regularly review our data retention policies to ensure that they remain compliant with applicable laws and reflect current best practices. This conservation policy may be updated from time to time, and we encourage you to review it regularly.
As part of our operations, we may transfer your personal information in different contexts and to different types of entities, including:
Transfers to subcontractors and freelancers
Transfers to technology platforms and cloud-based solutions
Web hosting and technology providers: To deliver our services, we rely on third-party platforms, such as website hosting providers, and technology providers such as Google Workspace or other cloud-based technology solutions. These suppliers may process your personal information on our behalf and are carefully selected for their commitment and ability to comply with data protection and security standards.
Commitment to security and confidentiality
We recognize that the protection of personal information is a fundamental right for all individuals. You may have the following rights regarding your personal information:
● Right of access: You have the right to request copies of your personal information held by us.
● Right of correction: If you believe that the information we have about you is inaccurate or incomplete, you have the right to ask us to correct that information.
● Right to deletion: In certain circumstances, you have the right to request the deletion of your personal information from our systems.
● Right to limit handling: You have the right to request that we limit how we use your personal information, in particular if you dispute the accuracy of the data or if you have objected to the use of your data.
● Right to object: You have the right to object at any time to the processing of your personal information for reasons related to your particular situation.
● Right not to be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legally binding effects on you or significantly affects you in a similar way.
● Right to withdraw consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.
● Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the data protection authority in your country if you believe that our processing of your personal information is in breach of data protection laws.
To exercise one of these rights, please contact us using the information provided in the “Data Protection Officer” section of this policy. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will do our best to respond within a reasonable time.
The security of your personal information is a top priority. We understand the importance of protecting your personal information and are committed to ensuring its security, confidentiality, and integrity.
To protect your personal information against unauthorized access, improper use, disclosure, accidental loss, alteration, or destruction, we have implemented appropriate and robust security measures. These measures include technical, organizational, and physical controls designed to safeguard your personal data. Here are some of the strategies we employ:
● Data encryption: We use encryption to protect information that we consider important, particularly when it is transferred or stored on our systems.
● Information security: Information security measures are in place to detect and prevent any attempt at theft or unauthorized loss of your data.
● Access control: Access to your personal data is strictly limited to our staff and third parties who need it to provide our services. They are all subject to strict confidentiality agreements.
● Safety awareness training: Our staff members receive regular training in security and data protection best practices.
● Safety audits and tests: We carry out regular security audits and tests to evaluate and reinforce our security measures.
In the event of a data breach, we have implemented procedures to react quickly to minimize the impact and to notify users and regulatory authorities, in accordance with applicable laws. See the “Data Incident Management” section of this policy.
Updates to our security measures
Information security is a constantly evolving field, and we are committed to adapting and improving our security measures as new threats emerge and new best practices are developed.
Data Incident Management
Commitment to safety
We take the security of your personal information very seriously and have implemented robust technical and organizational measures to protect your information from unauthorized access, modification, disclosure, or destruction. We are committed to maintaining the confidentiality and integrity of your data and to using industry-standard security practices.
In the unlikely event that we detect a security incident affecting the confidentiality, integrity, or availability of the personal information we process (a “Data Breach”), we will act promptly to identify the cause, limit the damage, secure your data, and take appropriate steps to prevent a recurrence.
To this end, we keep an incident register in accordance with current regulations.
In accordance with our legal and regulatory obligations, if we discover a security incident that is likely to represent a high risk to your rights and freedoms, we will inform you promptly and without undue delay of the nature of the incident, the data concerned, the possible consequences, the measures taken to remedy the situation, and provide you with advice on the steps you can take to protect your data.
We will also inform the relevant data regulatory authorities within the time limits prescribed by the applicable law.
Working with authorities
We will cooperate with the relevant data protection authorities and other law enforcement agencies to respond to the incident in accordance with our legal obligations.
Contact in the event of an incident
If you have reason to believe that a security incident affecting your personal information has occurred, please contact us immediately using the information provided in the “Data Protection Officer” section of this policy.
Links to Other Sites
Our website may contain links to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites and cannot accept responsibility for their respective privacy policies.
We strongly encourage you to read the privacy policies and terms and conditions of any third-party websites you visit. The presence of a link does not imply a recommendation on our part nor does it mean that we endorse the linked website or its content.
If we make material changes to this Policy, we will inform you by means of a notice on our website, or by any other means of communication we deem appropriate, including email, to give you an opportunity to review the changes before they take effect.
Should we make any changes that would reduce your data protection rights under this policy without your explicit consent, we will give you the opportunity to opt out of such changes before they are applied to your information.
Data Protection Officer (DPO)
We have appointed a Data Protection Officer, who can be reached by email at: [email protected].
Data Protection Authority
The data protection authority in Quebec is the Commission d’accès à l’information established by Section 103 of the Act respecting Access to documents held by public bodies and the Protection of personal information (Chapter A-2.1).
The commission’s website is https://www.cai.gouv.qc.ca.
To contact the commission, click here: https://www.cai.gouv.qc.ca/a-propos/nous-joindre.